From 098ea8cd489b9724b4642b854161eb1039c1b816 Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Mon, 30 Sep 2024 09:52:46 +0200 Subject: [PATCH] Enable Network Policies and upgrade to Keycloak to v23.0.7 --- class/defaults.yml | 4 +-- .../pages/how-tos/upgrade-15.x-to-16.x.adoc | 34 +++++++++++++++++++ docs/modules/ROOT/partials/nav.adoc | 1 + .../keycloakx/templates/ingress.yaml | 2 +- .../keycloakx/templates/networkpolicy.yaml | 2 +- .../keycloakx/templates/prometheusrule.yaml | 2 +- .../keycloakx/templates/service-headless.yaml | 2 +- .../keycloakx/templates/service-http.yaml | 2 +- .../keycloakx/templates/serviceaccount.yaml | 2 +- .../keycloakx/templates/servicemonitor.yaml | 2 +- .../keycloakx/templates/statefulset.yaml | 4 +-- 11 files changed, 46 insertions(+), 11 deletions(-) create mode 100644 docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc diff --git a/class/defaults.yml b/class/defaults.yml index 3ad0c150..6df509db 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -43,7 +43,7 @@ parameters: keycloak: registry: quay.io repository: keycloak/keycloak - tag: 22.0.5 + tag: 23.0.7 busybox: registry: docker.io repository: busybox @@ -261,7 +261,7 @@ parameters: host: ${keycloak:fqdn} networkPolicy: # Note: Do not enable when using ingress controller with hostNetwork=true. - enabled: false + enabled: true # Note: On Syn-managed OpenShift4 clusters there should be already NetworkPolicies that allow traffic from Ingress controller out-of-the-box. extraFrom: - podSelector: diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc new file mode 100644 index 00000000..78d262ea --- /dev/null +++ b/docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc @@ -0,0 +1,34 @@ += Upgrade from v15 to v16 + +This guide describes the steps to perform an upgrade of the component from version v15 to v16. + +== Breaking Changes + +* Network Policies are now enabled by default + +== Changes + +* The component requires Kubernetes v1.25 or newer. +* Keycloak version is v23.0.7 by default. + +== Parameter changes + +* None + +== Step-by-step guide + +When upgrading the component, the following actions are required if the built-in database is used: + +. Do a backup of the built-in database. ++ +[source,bash] +---- +instance=keycloak +namespace=syn-${instance} + +kubectl -n "${namespace}" exec -ti keycloak-postgresql-0 -c postgresql -- sh -c 'PGDATABASE="$POSTGRES_DATABASE" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' > keycloak-postgresql-$(date +%F-%H-%M-%S).sql +---- + +. Apply the parameter changes. + +. Compile and push the cluster catalog. diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc index 52a48c6e..fd367106 100644 --- a/docs/modules/ROOT/partials/nav.adoc +++ b/docs/modules/ROOT/partials/nav.adoc @@ -27,6 +27,7 @@ * xref:how-tos/upgrade-12.x-to-13.x.adoc[Upgrade 12.x to 13.x] * xref:how-tos/upgrade-13.x-to-14.x.adoc[Upgrade 13.x to 14.x] * xref:how-tos/upgrade-14.x-to-15.x.adoc[Upgrade 14.x to 15.x] +* xref:how-tos/upgrade-14.x-to-15.x.adoc[Upgrade 15.x to 16.x] * xref:how-tos/openshift-4.adoc[Install on OpenShift 4] * xref:how-tos/pin-versions.adoc[Pin versions] diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index cfa72a19..d9dc460c 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml index d01956f6..ff2a5bef 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index c3f0173b..e313d4fb 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index 6831ccd7..5868ccf5 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-headless namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index ac372ac3..88eca6fa 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-http namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index 99a3c46a..117e9584 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index 9615ed2e..21a4f812 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 579b377f..edf290f1 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin @@ -97,7 +97,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:22.0.5 + image: quay.io/keycloak/keycloak:23.0.7 imagePullPolicy: IfNotPresent livenessProbe: httpGet: