[keycloak-operator] Chart Update

[mvprowess]

Version path: 26.0.6 → 26.1.0 → 26.2.0 → 26.4.0 → 26.5.7

• 26.1.0 — NetworkPolicy support added to Keycloak CR spec
• 26.2.0 — Scheduling fields and management port added to Keycloak CR spec; rolling update strategy introduced
• 26.4.0 — spec.ingress.tlsSecret added; automatic ServiceMonitor provisioning; multi-AZ topology spread by default
• 26.5.7 — latest CRD tag in keycloak-k8s-resources

⚠️ CRD upgrade: Older CRDs are not forward-compatible with CRs using new fields. Update CRDs before or alongside the operator image. All three files must come from the same keycloak-k8s-resources tag.

⚠️ Selector label bug: Upstream kubernetes.yml includes app.kubernetes.io/version in spec.selector.matchLabels, making in-place kubectl apply upgrades fail (selector is immutable). The chart's Deployment template must not include the version label in the selector.

Changes required (chronological):

• Fetch updated CRDs from keycloak-k8s-resources tag 26.5.7: keycloaks.k8s.keycloak.org-v1.yml, keycloakrealmimports.k8s.keycloak.org-v1.yml, kubernetes.yml
• When updating kubernetes.yml, strip app.kubernetes.io/version from spec.selector.matchLabels in the operator Deployment if present
• 26.1.0 — Add networkPolicy section to values: enabled, http.from, https.from, management.from
• 26.2.0 — Add scheduling section to values: affinity, tolerations, topologySpreadConstraints, priorityClassName
• 26.2.0 — Add httpManagement.port to values
• 26.4.0 — Add ingress.tlsSecret to values
• 26.4.0 — Add note to README: ServiceMonitor is auto-provisioned when monitoring.coreos.com/v1 CRD is present and metrics are enabled
• Document in README: KeycloakRealmImport is create-only — the realm import Job runs once; CR changes after creation are not reconciled
• Document in README: proxy=passthrough is no longer the operator default since 26.0
• Bump appVersion and image tag to 26.5.7
• Bump chart version to 1.0.0