[bitnami/keycloak] Add support for PEM certificates (#9039)

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

bitnami/keycloak/Chart.yaml

@@ -26,4 +26,4 @@ name: keycloak
 sources:
   - https://github.com/bitnami/bitnami-docker-keycloak
   - https://github.com/keycloak/keycloak
-version: 6.1.6
+version: 6.2.0

bitnami/keycloak/templates/configmap-env-vars.yaml

@@ -34,10 +34,4 @@ data:
   KEYCLOAK_HTTPS_PORT: {{ .Values.containerPorts.https | quote }}
   KEYCLOAK_TLS_KEYSTORE_FILE: "/opt/bitnami/keycloak/certs/keycloak.keystore.jks"
   KEYCLOAK_TLS_TRUSTSTORE_FILE: "/opt/bitnami/keycloak/certs/keycloak.truststore.jks"
-  KEYCLOAK_TLS_CREATE_KEYSTORE: {{ ternary "true" "false" .Values.auth.tls.autoGenerated | quote }}
-  {{- if .Values.auth.tls.autoGenerated }}
-  KEYCLOAK_TLS_NODE_CERT_FILE: "/opt/bitnami/keycloak/certs/keycloak.crt"
-  KEYCLOAK_TLS_NODE_KEY_FILE: "/opt/bitnami/keycloak/certs/keycloak.key"
-  KEYCLOAK_TLS_CA_CERT_FILE: "/opt/bitnami/keycloak/certs/ca.crt"
-  {{- end }}
   {{- end }}

bitnami/keycloak/templates/secrets.yaml

@@ -28,10 +28,10 @@ data:
   postgresql-password: {{ .Values.externalDatabase.password | b64enc | quote }}
   {{- end }}
   {{- if .Values.auth.tls.enabled }}
-  {{- if or .Values.auth.tls.keystorePassword .Values.auth.tls.autoGenerated }}
+  {{- if or .Values.auth.tls.keystorePassword .Values.auth.tls.autoGenerated .Values.auth.tls.usePem }}
   tls-keystore-password: {{ (.Values.auth.tls.keystorePassword | default (randAlphaNum 10)) | b64enc | quote }}
   {{- end }}
-  {{- if or .Values.auth.tls.truststorePassword .Values.auth.tls.autoGenerated }}
+  {{- if or .Values.auth.tls.truststorePassword .Values.auth.tls.autoGenerated .Values.auth.tls.usePem }}
   tls-truestore-password: {{ (.Values.auth.tls.truststorePassword | default (randAlphaNum 10)) | b64enc | quote }}
   {{- end }}
   {{- end }}

bitnami/keycloak/templates/statefulset.yaml

@@ -80,7 +80,7 @@ spec:
           - -ec
           - |-
             ID="${MY_POD_NAME#"{{ $fullname }}-"}"
-            {{- if .Values.auth.tls.autoGenerated }}
+            {{- if or .Values.auth.tls.autoGenerated .Values.auth.tls.usePem }}
             if [[ -f "/certs/keycloak-${ID}.key" ]] && [[ -f "/certs/keycloak-${ID}.crt" ]] && [[ -f "/certs/ca.crt" ]]; then
               openssl pkcs12 -export -in "/certs/keycloak-${ID}.crt" \
                   -passout pass:"${KEYCLOAK_TLS_KEYSTORE_PASSWORD}" \

bitnami/keycloak/values.yaml

@@ -146,6 +146,11 @@ auth:
     ##       kubectl create secret generic SECRET_NAME --from-file=./keycloak.truststore.jks --from-file=./keycloak-0.keystore.jks --from-file=./keycloak-1.keystore.jks ...
     ##
     existingSecret: ""
+    ## @param auth.tls.usePem Use PEM certificates as input instead of PKS12/JKS stores
+    ## If "true", the Keycloak chart will look for the files ca.crt, keycloak-X.key and keycloak-X.crt inside the secret provided with 'existingSecret'.
+    ## If keystorePassword and truststorePassword are not provided, they will be autogenerated.
+    ##
+    usePem: false
     ## @param auth.tls.truststoreFilename Truststore specific filename inside the existing secret
     ## Note: Setting up this value, you will use the same trustore file in all the replicas
     ##