[keycloak, cozy-lib] Calculate Java heap params (#1157)

## What this PR does

This patch passes Java heap parameters to Keycloak to prevent OOM errors
when the JVM lacks compatibility with cgroups v2 and fails to recognize
container memory requests and limits. A new function is introduced in
cozy-lib to calculate the heap parameters from requests and limits,
setting Xmx to 75% of the memory limit and Xms to the lesser of the
memory request or 25% of the memory limits.

## Release note

```release-note
[keycloak] Calculate and pass Java heap parameters explicitly to prevent OOM errors.
[cozy-lib] Introduce helper function to calculate Java heap params based on memory requests and limits.
```

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added automatic calculation and injection of Java heap size settings
for the Keycloak container, based on resource requests and limits.
* **Improvements**
* Enhanced resource handling to ensure all resource values are
consistently formatted and sanitized.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

packages/library/cozy-lib/templates/_resources.tpl

@@ -98,17 +98,17 @@
 {{-       $vcpuRequestF64 := (include "cozy-lib.resources.toFloat" $v) | float64 }}
 {{-       $cpuRequestF64 := divf $vcpuRequestF64 $cpuAllocationRatio }}
 {{-       $_ := set $output.requests $k ($cpuRequestF64 | toString) }}
-{{-       $_ := set $output.limits $k $v }}
+{{-       $_ := set $output.limits $k ($v | toString) }}
 {{-     else if eq $k "memory" }}
 {{-       $vMemoryRequestF64 := (include "cozy-lib.resources.toFloat" $v) | float64 }}
 {{-       $memoryRequestF64 := divf $vMemoryRequestF64 $memoryAllocationRatio }}
-{{-       $_ := set $output.requests $k ($memoryRequestF64 | int) }}
-{{-       $_ := set $output.limits $k $v }}
+{{-       $_ := set $output.requests $k ($memoryRequestF64 | int | toString ) }}
+{{-       $_ := set $output.limits $k ($v | toString) }}
 {{-     else if eq $k "ephemeral-storage" }}
 {{-       $vEphemeralStorageRequestF64 := (include "cozy-lib.resources.toFloat" $v) | float64 }}
 {{-       $ephemeralStorageRequestF64 := divf $vEphemeralStorageRequestF64 $ephemeralStorageAllocationRatio }}
-{{-       $_ := set $output.requests $k ($ephemeralStorageRequestF64 | int) }}
-{{-       $_ := set $output.limits $k $v }}
+{{-       $_ := set $output.requests $k ($ephemeralStorageRequestF64 | int | toString) }}
+{{-       $_ := set $output.limits $k ($v | toString) }}
 {{-     else }}
 {{-       $_ := set $output.requests $k $v }}
 {{-       $_ := set $output.limits $k $v }}
@@ -157,3 +157,18 @@
 {{-   $mergedMap := deepCopy $resources | mergeOverwrite $presetMap }}
 {{-   include "cozy-lib.resources.sanitize" (list $mergedMap $global) }}
 {{- end }}
+
+{{- /*
+    javaHeap takes a .Values.resources and returns Java heap settings based on
+    memory requests and limits. -Xmx is set to 75% of memory limits, -Xms is
+    set to the lesser of requests or 25% of limits. Accepts only sanitized
+    resource maps.
+*/}}
+{{- define "cozy-lib.resources.javaHeap" }}
+{{-   $memoryRequestInt := include "cozy-lib.resources.toFloat" .requests.memory | float64 | int64 }}
+{{-   $memoryLimitInt := include "cozy-lib.resources.toFloat" .limits.memory | float64 | int64 }}
+{{- /* 4194304 is 4Mi */}}
+{{-   $xmxMi := div (mul $memoryLimitInt 3) 4194304 }}
+{{-   $xmsMi := min (div $memoryLimitInt 4194304) (div $memoryRequestInt 1048576) }}
+{{-   printf `-Xms%dm -Xmx%dm` $xmsMi $xmxMi }}
+{{- end }}

packages/system/keycloak/charts/cozy-lib

@@ -0,0 +1 @@
+../../../library/cozy-lib/

packages/system/keycloak/templates/sts.yaml

@@ -68,6 +68,12 @@ spec:
           args:
             - start
           env:
+            {{- with (fromYaml (include "cozy-lib.resources.defaultingSanitize" (list "small" (default dict .Values.resources.limits) $))) }}
+            {{- with (mergeOverwrite . $.Values.resources ) }}
+            - name: JAVA_OPTS_KC_HEAP
+              value: {{ include "cozy-lib.resources.javaHeap" . }}
+            {{- end }}
+            {{- end }}
             - name: KC_METRICS_ENABLED
               value: "true"
             - name: KC_LOG_LEVEL