From 9adcd48c448aed9b0b235b689d9ea0bd79b9fa4e Mon Sep 17 00:00:00 2001
From: Timofei Larkin <lllamnyp@gmail.com>
Date: Thu, 3 Jul 2025 22:14:58 +0300
Subject: [PATCH] [keycloak, cozy-lib] Calculate Java heap params

This patch passes Java heap parameters to Keycloak to prevent OOM errors
when the JVM lacks compatibility with cgroups v2 and fails to recognize
container memory requests and limits. A new function is introduced in
cozy-lib to calculate the heap parameters from requests and limits,
setting Xmx to 75% of the memory limit and Xms to the lesser of the
memory request or 25% of the memory limits.

Change log:
[keycloak] Calculate and pass Java heap parameters explicitly to prevent
OOM errors.
[cozy-lib] Introduce helper function to calculate Java heap params based
on memory requests and limits.

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
---
 .../library/cozy-lib/templates/_resources.tpl | 25 +++++++++++++++----
 packages/system/keycloak/charts/cozy-lib      |  1 +
 packages/system/keycloak/templates/sts.yaml   |  6 +++++
 3 files changed, 27 insertions(+), 5 deletions(-)
 create mode 120000 packages/system/keycloak/charts/cozy-lib

diff --git a/packages/library/cozy-lib/templates/_resources.tpl b/packages/library/cozy-lib/templates/_resources.tpl
index 20a27fad..ee0fb732 100644
--- a/packages/library/cozy-lib/templates/_resources.tpl
+++ b/packages/library/cozy-lib/templates/_resources.tpl
@@ -98,17 +98,17 @@
 {{-       $vcpuRequestF64 := (include "cozy-lib.resources.toFloat" $v) | float64 }}
 {{-       $cpuRequestF64 := divf $vcpuRequestF64 $cpuAllocationRatio }}
 {{-       $_ := set $output.requests $k ($cpuRequestF64 | toString) }}
-{{-       $_ := set $output.limits $k $v }}
+{{-       $_ := set $output.limits $k ($v | toString) }}
 {{-     else if eq $k "memory" }}
 {{-       $vMemoryRequestF64 := (include "cozy-lib.resources.toFloat" $v) | float64 }}
 {{-       $memoryRequestF64 := divf $vMemoryRequestF64 $memoryAllocationRatio }}
-{{-       $_ := set $output.requests $k ($memoryRequestF64 | int) }}
-{{-       $_ := set $output.limits $k $v }}
+{{-       $_ := set $output.requests $k ($memoryRequestF64 | int | toString ) }}
+{{-       $_ := set $output.limits $k ($v | toString) }}
 {{-     else if eq $k "ephemeral-storage" }}
 {{-       $vEphemeralStorageRequestF64 := (include "cozy-lib.resources.toFloat" $v) | float64 }}
 {{-       $ephemeralStorageRequestF64 := divf $vEphemeralStorageRequestF64 $ephemeralStorageAllocationRatio }}
-{{-       $_ := set $output.requests $k ($ephemeralStorageRequestF64 | int) }}
-{{-       $_ := set $output.limits $k $v }}
+{{-       $_ := set $output.requests $k ($ephemeralStorageRequestF64 | int | toString) }}
+{{-       $_ := set $output.limits $k ($v | toString) }}
 {{-     else }}
 {{-       $_ := set $output.requests $k $v }}
 {{-       $_ := set $output.limits $k $v }}
@@ -157,3 +157,18 @@
 {{-   $mergedMap := deepCopy $resources | mergeOverwrite $presetMap }}
 {{-   include "cozy-lib.resources.sanitize" (list $mergedMap $global) }}
 {{- end }}
+
+{{- /*
+    javaHeap takes a .Values.resources and returns Java heap settings based on
+    memory requests and limits. -Xmx is set to 75% of memory limits, -Xms is
+    set to the lesser of requests or 25% of limits. Accepts only sanitized
+    resource maps.
+*/}}
+{{- define "cozy-lib.resources.javaHeap" }}
+{{-   $memoryRequestInt := include "cozy-lib.resources.toFloat" .requests.memory | float64 | int64 }}
+{{-   $memoryLimitInt := include "cozy-lib.resources.toFloat" .limits.memory | float64 | int64 }}
+{{- /* 4194304 is 4Mi */}}
+{{-   $xmxMi := div (mul $memoryLimitInt 3) 4194304 }}
+{{-   $xmsMi := min (div $memoryLimitInt 4194304) (div $memoryRequestInt 1048576) }}
+{{-   printf `-Xms%dm -Xmx%dm` $xmsMi $xmxMi }}
+{{- end }}
diff --git a/packages/system/keycloak/charts/cozy-lib b/packages/system/keycloak/charts/cozy-lib
new file mode 120000
index 00000000..9e1a28cc
--- /dev/null
+++ b/packages/system/keycloak/charts/cozy-lib
@@ -0,0 +1 @@
+../../../library/cozy-lib/
\ No newline at end of file
diff --git a/packages/system/keycloak/templates/sts.yaml b/packages/system/keycloak/templates/sts.yaml
index f00a923c..8994e3f1 100644
--- a/packages/system/keycloak/templates/sts.yaml
+++ b/packages/system/keycloak/templates/sts.yaml
@@ -68,6 +68,12 @@ spec:
           args:
             - start
           env:
+            {{- with (fromYaml (include "cozy-lib.resources.defaultingSanitize" (list "small" (default dict .Values.resources.limits) $))) }}
+            {{- with (mergeOverwrite . $.Values.resources ) }}
+            - name: JAVA_OPTS_KC_HEAP
+              value: {{ include "cozy-lib.resources.javaHeap" . }}
+            {{- end }}
+            {{- end }}
             - name: KC_METRICS_ENABLED
               value: "true"
             - name: KC_LOG_LEVEL