Merge branch 'main' into 'staging'

Pin Bitnami Keycloak chart version to pre container image security assessment feature

Closes #19

See merge request observability-bd-projects/one-observability-demo!179

Author: rapgaws

PetAdoptions/cdk/pet_stack/resources/load_balancer/iam_policy.json

@@ -18,6 +18,7 @@
                 "elasticloadbalancing:DescribeLoadBalancers",
                 "elasticloadbalancing:DescribeLoadBalancerAttributes",
                 "elasticloadbalancing:DescribeListeners",
+                "elasticloadbalancing:DescribeListenerAttributes",
                 "elasticloadbalancing:DescribeListenerCertificates",
                 "elasticloadbalancing:DescribeSSLPolicies",
                 "elasticloadbalancing:DescribeRules",

PetAdoptions/keycloak-setup.sh

@@ -594,6 +594,12 @@ function install_keycloak() {
   echo "Application 'keycloak' will be installed."
 
   echo "Generating keycloak chart values..."
+  # UPDATE: Disable resource presets and explicitly set container resources to avoid below warning.
+  #
+  # WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
+  # 
+  #   * resources +info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+  #
   KEYCLOAK_HELM_VALUES=$(cat <<EOF
 global:
   storageClass: "ebs-sc"
@@ -615,12 +621,26 @@ service:
     enabled: true
   ports:
     http: 80
+resourcesPreset: none
+resources:
+  requests:
+    cpu: "500m"
+    memory: "512Mi"
+    ephemeral-storage: "50Mi"
+  limits:
+    cpu: "750m"
+    memory: "768Mi"
+    ephemeral-storage: "2Gi"
 EOF
 )
 
   echo "Executing helm install keycloak..."
   echo "---------------------------------------------------------------------------------------------"
+  # UPDATE: Pin chart version to avoid error due to container security assessments feature
+  # causing installation failure.
+  # https://github.com/bitnami/charts/issues/30850
   echo "$KEYCLOAK_HELM_VALUES" | helm install keycloak bitnami/keycloak \
+    --version 24.2.3 \
     --namespace $KEYCLOAK_NAMESPACE \
     -f -
   CMD_RESULT=$?
@@ -956,4 +976,4 @@ echo ""
 echo "**Note:** Retrieve saved workspace editor user password from AWS Secrets Manager by running following command."
 echo "aws secretsmanager get-secret-value --secret-id $SECRET_NAME --query \"SecretString\" --output text | jq -r '.[\"user-editor-password\"]'"
 echo ""
-echo "Setup done."
+echo "Setup done."