Update Helm release postgresql to v16

Signed-off-by: Renovate Bot <tech+renovate@vshn.ch>

Author: vshn-renovate

class/defaults.yml

@@ -62,7 +62,7 @@ parameters:
         version: v2.3.0
       postgresql:
         source: https://charts.bitnami.com/bitnami
-        version: 12.12.10
+        version: 16.0.5
     # FQDN should be overwritten on the cluster level
     fqdn: keycloak.example.com
     # Default path since Quarkus is "/" rather than "/auth"

tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml

@@ -6,21 +6,21 @@ metadata:
     app.kubernetes.io/instance: keycloak
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: postgresql
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
-  name: keycloak-postgresql-ingress
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
+  name: keycloak-postgresql
   namespace: syn-builtin
 spec:
+  egress:
+    - {}
   ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/instance: keycloakx
-              app.kubernetes.io/name: keycloakx
-      ports:
+    - ports:
         - port: 5432
   podSelector:
     matchLabels:
       app.kubernetes.io/component: primary
       app.kubernetes.io/instance: keycloak
       app.kubernetes.io/name: postgresql
+  policyTypes:
+    - Ingress
+    - Egress

tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml

@@ -0,0 +1,19 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: builtin
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
+  name: keycloak-postgresql
+  namespace: syn-builtin
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: primary
+      app.kubernetes.io/instance: keycloak
+      app.kubernetes.io/name: postgresql

tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml

@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/instance: builtin
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
   name: keycloak-postgresql
   namespace: syn-builtin
 spec:
@@ -29,8 +29,8 @@ spec:
         app.kubernetes.io/instance: keycloak
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: postgresql
-        app.kubernetes.io/version: 15.4.0
-        helm.sh/chart: postgresql-12.12.10
+        app.kubernetes.io/version: 17.0.0
+        helm.sh/chart: postgresql-16.0.5
       name: keycloak-postgresql
     spec:
       affinity:
@@ -46,6 +46,7 @@ spec:
                     app.kubernetes.io/name: postgresql
                 topologyKey: kubernetes.io/hostname
               weight: 1
+      automountServiceAccountToken: false
       containers:
         - env:
             - name: BITNAMI_DEBUG
@@ -125,20 +126,36 @@ spec:
             successThreshold: 1
             timeoutSeconds: 5
           resources:
-            limits: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
             requests:
-              cpu: 250m
-              memory: 256Mi
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
               drop:
                 - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
             runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
             seccompProfile:
               type: RuntimeDefault
           volumeMounts:
+            - mountPath: /tmp
+              name: empty-dir
+              subPath: tmp-dir
+            - mountPath: /opt/bitnami/postgresql/conf
+              name: empty-dir
+              subPath: app-conf-dir
+            - mountPath: /opt/bitnami/postgresql/tmp
+              name: empty-dir
+              subPath: app-tmp-dir
             - mountPath: /opt/bitnami/postgresql/certs
               name: postgresql-certificates
               readOnly: true
@@ -166,15 +183,25 @@ spec:
           imagePullPolicy: IfNotPresent
           name: init-chmod-data
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           securityContext:
             runAsGroup: 0
             runAsNonRoot: false
             runAsUser: 0
+            seLinuxOptions: {}
             seccompProfile:
               type: RuntimeDefault
           volumeMounts:
+            - mountPath: /tmp
+              name: empty-dir
+              subPath: tmp-dir
             - mountPath: /bitnami/postgresql
               name: data
             - mountPath: /dev/shm
@@ -185,8 +212,13 @@ spec:
               name: postgresql-certificates
       securityContext:
         fsGroup: 1001
-      serviceAccountName: default
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: keycloak-postgresql
       volumes:
+        - emptyDir: {}
+          name: empty-dir
         - name: raw-certificates
           secret:
             secretName: keycloak-postgresql-tls

tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml

@@ -1,15 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  annotations:
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+  annotations: null
   labels:
     app.kubernetes.io/component: primary
     app.kubernetes.io/instance: keycloak
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: postgresql
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
   name: keycloak-postgresql-hl
   namespace: syn-builtin
 spec:

tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml

@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/instance: keycloak
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: postgresql
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
   name: keycloak-postgresql
   namespace: syn-builtin
 spec:

tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+automountServiceAccountToken: false
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: keycloak
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
+  name: keycloak-postgresql
+  namespace: syn-builtin

tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+automountServiceAccountToken: false
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: keycloak
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
+  name: keycloak-postgresql
+  namespace: syn-external

tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml

@@ -6,21 +6,21 @@ metadata:
     app.kubernetes.io/instance: keycloak
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: postgresql
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
-  name: keycloak-postgresql-ingress
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
+  name: keycloak-postgresql
   namespace: syn-openshift-postgres
 spec:
+  egress:
+    - {}
   ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/instance: keycloakx
-              app.kubernetes.io/name: keycloakx
-      ports:
+    - ports:
         - port: 5432
   podSelector:
     matchLabels:
       app.kubernetes.io/component: primary
       app.kubernetes.io/instance: keycloak
       app.kubernetes.io/name: postgresql
+  policyTypes:
+    - Ingress
+    - Egress

tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml

@@ -0,0 +1,19 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: openshift-postgres
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
+  name: keycloak-postgresql
+  namespace: syn-openshift-postgres
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: primary
+      app.kubernetes.io/instance: keycloak
+      app.kubernetes.io/name: postgresql

tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml

@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/instance: openshift-postgres
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
+    app.kubernetes.io/version: 17.0.0
+    helm.sh/chart: postgresql-16.0.5
   name: keycloak-postgresql
   namespace: syn-openshift-postgres
 spec:
@@ -29,8 +29,8 @@ spec:
         app.kubernetes.io/instance: keycloak
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: postgresql
-        app.kubernetes.io/version: 15.4.0
-        helm.sh/chart: postgresql-12.12.10
+        app.kubernetes.io/version: 17.0.0
+        helm.sh/chart: postgresql-16.0.5
       name: keycloak-postgresql
     spec:
       affinity:
@@ -46,6 +46,7 @@ spec:
                     app.kubernetes.io/name: postgresql
                 topologyKey: kubernetes.io/hostname
               weight: 1
+      automountServiceAccountToken: false
       containers:
         - env:
             - name: BITNAMI_DEBUG
@@ -125,19 +126,35 @@ spec:
             successThreshold: 1
             timeoutSeconds: 5
           resources:
-            limits: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
             requests:
-              cpu: 250m
-              memory: 256Mi
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
               drop:
                 - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
             runAsNonRoot: true
+            seLinuxOptions: {}
             seccompProfile:
               type: RuntimeDefault
           volumeMounts:
+            - mountPath: /tmp
+              name: empty-dir
+              subPath: tmp-dir
+            - mountPath: /opt/bitnami/postgresql/conf
+              name: empty-dir
+              subPath: app-conf-dir
+            - mountPath: /opt/bitnami/postgresql/tmp
+              name: empty-dir
+              subPath: app-tmp-dir
             - mountPath: /opt/bitnami/postgresql/certs
               name: postgresql-certificates
               readOnly: true
@@ -156,28 +173,43 @@ spec:
           imagePullPolicy: IfNotPresent
           name: copy-certs
           resources:
-            limits: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
             requests:
-              cpu: 250m
-              memory: 256Mi
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
               drop:
                 - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
             runAsNonRoot: true
+            seLinuxOptions: {}
             seccompProfile:
               type: RuntimeDefault
           volumeMounts:
+            - mountPath: /tmp
+              name: empty-dir
+              subPath: tmp-dir
             - mountPath: /tmp/certs
               name: raw-certificates
             - mountPath: /opt/bitnami/postgresql/certs
               name: postgresql-certificates
       securityContext:
+        fsGroupChangePolicy: Always
         seccompProfile:
           type: RuntimeDefault
-      serviceAccountName: default
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: keycloak-postgresql
       volumes:
+        - emptyDir: {}
+          name: empty-dir
         - name: raw-certificates
           secret:
             secretName: keycloak-postgresql-tls