Migration to 1.29+

Certificate handling has been changed in the 1.29 release. The environment variables JAVA_SERVER_KEY_PASS, JAVA_SERVER_CERT_FILE, and JAVA_SERVER_KEY_FILE were removed and are no longer supported. The environment variable USE_SYSTEM_CA_CERTS replaces the previous certificate handling.

If USE_SYSTEM_CA_CERTS is set to true, all default Ubuntu CA certificates and any custom certificates mounted under /certificates are imported into the trust store upon starting the image. All custom certificates mounted under /certificates must be in the PEM format and have a .crt extension.

If you have previously used the environment variables JAVA_SERVER_KEY_PASS, JAVA_SERVER_CERT_FILE, and JAVA_SERVER_KEY_FILE, you will need to update your deployment and mount paths to use the new USE_SYSTEM_CA_CERTS environment variable and /certificates directory.

The helm chart has been updated to reflect these changes. If you are using the helm chart, you can simply upgrade to the latest version and the changes will be applied.

The environment variable KEYCLOAK_MIGRATIONS_TIMEOUT_SECONDS was renamed to NEXEED_MACMA_KEYCLOAK_MIGRATIONS_TIMEOUT_SECONDS; it can also be configured using the helm chart property .Values.local.keycloak.macmaMigrationsTimeoutSeconds.

Added new environment variable NEXEED_MACMA_KEYCLOAK_QUARKUS_DEFAULT_TRANSACTION_TIMEOUT for setting the timeout that applies to all Keycloak transactions managed by the transaction manager; it can also be configured using the helm chart property .Values.local.keycloak.quarkus.transactionManager.defaultTransactionTimeout.