From 081d8e5a01aa84e04236a8de7adb573dd5c6cc0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20=C5=81askawiec?=
 <sebastian.laskawiec@defenseunicorns.com>
Date: Sat, 22 Nov 2025 12:56:09 +0100
Subject: [PATCH] Move Kubernetes IdP to preview
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #42947

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
---
 common/src/main/java/org/keycloak/common/Profile.java  |  2 +-
 .../topics/identity-broker/kubernetes.adoc             | 10 +++-------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java
index 82e9c757abd..56506a76961 100755
--- a/common/src/main/java/org/keycloak/common/Profile.java
+++ b/common/src/main/java/org/keycloak/common/Profile.java
@@ -100,7 +100,7 @@ public class Profile {
 
         SPIFFE("SPIFFE trust relationship provider", Type.PREVIEW),
 
-        KUBERNETES_SERVICE_ACCOUNTS("Kubernetes service accounts trust relationship provider", Type.EXPERIMENTAL),
+        KUBERNETES_SERVICE_ACCOUNTS("Kubernetes service accounts trust relationship provider", Type.PREVIEW),
 
         // Check if kerberos is available in underlying JVM and auto-detect if feature should be enabled or disabled by default based on that
         KERBEROS("Kerberos", Type.DEFAULT, 1, () -> KerberosJdkProvider.getProvider().isKerberosAvailable()),
diff --git a/docs/documentation/server_admin/topics/identity-broker/kubernetes.adoc b/docs/documentation/server_admin/topics/identity-broker/kubernetes.adoc
index 1ae205b5e34..55e2b0e4317 100644
--- a/docs/documentation/server_admin/topics/identity-broker/kubernetes.adoc
+++ b/docs/documentation/server_admin/topics/identity-broker/kubernetes.adoc
@@ -3,13 +3,9 @@ ifeval::[{project_community}==true]
 [[_identity_broker_kubernetes]]
 === Kubernetes identity providers
 
-[NOTE]
-====
-Kubernetes service accounts trust relationship provider is *Experimental* and is not fully supported.
-This feature is disabled by default.
-
-To enable start the server with `--features=kubernetes`
-====
+:tech_feature_name: Kubernetes service accounts trust relationship provider
+:tech_feature_id: kubernetes
+include::../../topics/templates/techpreview.adoc[]
 
 :tech_feature_name: Authenticate clients based on assertions issued by an identity provider
 :tech_feature_id: client-auth-federated