chore(security-apps): Fail deprecated gangway installations

charts/keycloak-operator/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: keycloak-operator
 description: Deploy Keycloak Operator and Keycloak
 type: application
-version: 1.4.4
-appVersion: "26.0.7"
+version: 1.5.0
+appVersion: "26.1.0"
 icon: https://www.keycloak.org/resources/images/logo-stacked.svg
 home: https://www.keycloak.org
 sources:
@@ -16,4 +16,15 @@ maintainers:
 annotations:
   artifacthub.io/changes: |
     - kind: fixed
-      description: "fix: don't quote value for poolMinSize as the upstream type is integer"
+      description: |
+        feat: Update Keycloak from 26.0.7 to 26.1.0
+
+        The first Keycloak release in 2025 contains several features:
+        * default to jdbc-ping for cluster discovery
+        * otel tracing support
+        * networkpolicy preview
+        * dark mode
+        * plus many additional features
+      links:
+        name: Release Notes
+        url: https://www.keycloak.org/docs/26.1.0/release_notes/index.html

charts/keycloak-operator/tests/__snapshot__/default_test.yaml.snap

@@ -8,8 +8,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: keycloakcontroller-cluster-role
     rules:
       - apiGroups:
@@ -35,8 +35,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: keycloakrealmimportcontroller-cluster-role
     rules:
       - apiGroups:
@@ -62,8 +62,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: RELEASE-NAME-keycloak-operator-operator
     spec:
       replicas: 1
@@ -86,8 +86,8 @@ should match snapshot:
                     fieldRef:
                       fieldPath: metadata.namespace
                 - name: KC_OPERATOR_KEYCLOAK_IMAGE
-                  value: quay.io/keycloak/keycloak:26.0.7
-              image: quay.io/keycloak/keycloak-operator:26.0.7
+                  value: quay.io/keycloak/keycloak:26.1.0
+              image: quay.io/keycloak/keycloak-operator:26.1.0
               imagePullPolicy: IfNotPresent
               livenessProbe:
                 failureThreshold: 3
@@ -127,8 +127,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: keycloak-operator-role-binding
     roleRef:
       apiGroup: rbac.authorization.k8s.io
@@ -146,8 +146,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: keycloak-operator-view
     roleRef:
       apiGroup: rbac.authorization.k8s.io
@@ -165,8 +165,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: keycloakcontroller-role-binding
     roleRef:
       apiGroup: rbac.authorization.k8s.io
@@ -184,8 +184,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: keycloakrealmimportcontroller-role-binding
     roleRef:
       apiGroup: rbac.authorization.k8s.io
@@ -203,8 +203,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: keycloak-operator-role
     rules:
       - apiGroups:
@@ -266,8 +266,8 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: RELEASE-NAME-keycloak-operator-operator
     spec:
       ports:
@@ -289,6 +289,6 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak-operator
-        app.kubernetes.io/version: 26.0.7
-        helm.sh/chart: keycloak-operator-1.4.4
+        app.kubernetes.io/version: 26.1.0
+        helm.sh/chart: keycloak-operator-1.5.0
       name: RELEASE-NAME-keycloak-operator

charts/security-apps/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: security-apps
 description: Argo CD app-of-apps config for security applications
 type: application
-version: 0.89.0
+version: 0.90.0
 home: https://github.com/adfinis/helm-charts/tree/main/charts/security-apps
 sources:
   - https://github.com/adfinis/helm-charts
@@ -15,10 +15,6 @@ dependencies:
     version: 0.9.1
     repository: https://charts.adfinis.com
 annotations:
-  artifacthub.io/containsSecurityUpdates: "true"
   artifacthub.io/changes: |
     - kind: changed
-      description: "chore: update oauth2-proxy from 6.10.1 to 7.8.2"
-      links:
-        - name: OAuth-Proxy 7.8.2 Release
-          url: https://github.com/oauth2-proxy/manifests/releases/tag/oauth2-proxy-7.8.2
+      description: "Fail installations of deprecated gangway component"

charts/security-apps/ci/default-values.yaml

@@ -2,10 +2,6 @@ dex:
   enabled: true
   values: {}
 
-gangway:
-  enabled: true
-  values: {}
-
 vault:
   enabled: true
   values: {}

charts/security-apps/templates/gangway.yaml

@@ -1,33 +1,3 @@
 {{ if .Values.gangway.enabled }}
-{{ template "argoconfig.application" (list . "security-apps.gangway") }}
+{{ fail "gangway is DEPRECATED, use dexK8sAuthenticator instead" }}
 {{ end }}
-
-{{- define "security-apps.gangway" -}}{{- $app := unset .Values.gangway "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}}
-metadata:
-  name: {{ template "common.fullname" . }}-{{ $name }}
-spec:
-  {{- if $app.project }}
-  project: {{ $app.project | quote }}
-  {{- end }}
-  source:
-    repoURL: {{ $app.repoURL | quote }}
-    chart: {{ $app.chart | quote }}
-    targetRevision: {{ $app.targetRevision | quote }}
-    helm:
-      releaseName: {{ $name | quote }}
-      values: |-
-        nameOverride: {{ $name | quote }}
-        {{- $app.values | toYaml | nindent 8 }}
-  {{- if $app.destination }}
-  destination:
-    {{ $app.destination | toYaml | nindent 4 }}
-  {{- end }}
-  {{- if $app.syncPolicy }}
-  syncPolicy:
-    {{ $app.syncPolicy | toYaml | nindent 4 }}
-  {{- end }}
-  {{- if $app.ignoreDifferences }}
-  ignoreDifferences:
-    {{ $app.ignoreDifferences | toYaml | nindent 4 }}
-  {{- end }}
-{{- end -}}