Skip to content

Commit

Permalink
Merge pull request #119 from projectsyn/upgrade-v7
Browse files Browse the repository at this point in the history 
Update Helm chart to 17.0.2 and keycloak from v15.0.2 to v16.1.1
  • Loading branch information
@mhutter
mhutter authored Apr 8, 2022
2 parents c7df42d + 7fb3935 commit 65cc46b
Show file tree
Hide file tree
Showing 36 changed files with 171 additions and 81 deletions.
10 changes: 5 additions & 5 deletions class/defaults.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ parameters:
namespace: syn-${_instance}
name: keycloak
charts:
keycloak: "10.3.1"
keycloak: "17.0.2"
# FQDN should be overwritten on the cluster level
fqdn: keycloak.example.com
# Namespace labels
Expand Down Expand Up @@ -156,7 +156,6 @@ parameters:
helm_values:
image:
repository: quay.io/keycloak/keycloak
tag: '15.0.2'
replicas: ${keycloak:replicas}
statefulsetLabels: ${keycloak:labels}
resources: ${keycloak:resources}
Expand Down Expand Up @@ -216,7 +215,9 @@ parameters:
servicePort: https
rules:
- host: ${keycloak:fqdn}
paths: ["/"]
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- ${keycloak:fqdn}
Expand Down Expand Up @@ -253,8 +254,7 @@ parameters:
existingSecret: ${keycloak:database:secretname}
image:
registry: quay.io
# TODO: Rename master to primary when upgrading to Postgres 11 https://github.com/bitnami/charts/commit/7eabc85fd4fae43127228a22829c7ce3fe85c389
master:
primary:
podAnnotations:
# Annotations to support both K8up v1 and v2
k8up.syn.tools/backupcommand: sh -c 'PGDATABASE="$POSTGRES_DB" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean'
Expand Down
2 changes: 2 additions & 0 deletions component/main.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ local admin_secret = kube.Secret(params.admin.secretname) {

local connection_secrets = {
builtin: {
// PostgreSQL admin password
'postgresql-postgres-password': params.database.password,
// this secret is shared between Keycloak and PostgreSQL
'postgresql-password': params.database.password,
[if params.database.jdbcParams != '' then 'JDBC_PARAMS']: params.database.jdbcParams,
Expand Down
46 changes: 46 additions & 0 deletions docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
= Upgrade from v6 to v7

This guide describes the steps to perform an upgrade of the component from version v6 to v7.

== Parameter changes

* `charts.keycloak` changed from `10.3.1` to `17.0.2`, that includes the `bitnami/postgresql` chart update from `9.1.1` to `10.3.13`.
* `helm_values.image.tag` version pin removed from the defaults, which means a Keycloak upgrade from `v15.0.2` to `v16.1.1`.
* `helm_values.ingress.path[0]` changed from `/` (string array) to `{"path": "/", "pathType": "Prefix"}` (object array).
* `helm_values.postgres.master` renamed to `helm_values.postgres.primary`.
* If built-in database is used, PostgreSQL is going to be upgraded from `11.8.0-debian-10-r61` to `11.11.0-debian-10-r31`.

If you've configured custom values for any of those parameters, make sure to adjust your configurations when upgrading from component version v6 to v7.

== Step-by-step guide

When upgrading the component, the following actions are required if the built-in database is used:

. Make a backup of the built-in database.
+
[source,bash]
----
instance=keycloak
namespace=syn-${instance}
kubectl -n "${namespace}" exec -ti keycloak-postgresql-0 -c keycloak-postgresql -- sh -c 'PGDATABASE="$POSTGRES_DB" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' > keycloak-postgresql-$(date +%F-%H-%M-%S).sql
----

. Apply the parameter changes.

. Compile and push the cluster catalog.

. If you use the built-in database, you need to delete its StatefulSet to allow ArgoCD to apply the new version.
+
[source,bash]
----
kubectl -n syn-keycloak delete sts keycloak-postgresql
----
+
[NOTE]
====
This step is necessary since the upgrade changes immutable properties in the Postgres StatefulSet if using the built-in database.
This won't delete the PVC `data-keycloak-postgresql-0`.
====

. Verify that ArgoCD can sync all resources.
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/index.adoc
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
= keycloak: A Commodore component to manage Keycloak

This component provides a set of tuned defaults and a simplified interface to
deploy the https://artifacthub.io/packages/helm/codecentric/keycloak/9.9.1[Keycloak helm
deploy the https://artifacthub.io/packages/helm/codecentric/keycloak/17.0.2[Keycloak helm
chart] on a Syn-enabled cluster.

The component defaults to provisioning a Bitnami Postgres database via the
Expand Down
4 changes: 2 additions & 2 deletions docs/modules/ROOT/pages/references/parameters.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Usually there is just one deployment and therefore no change is required.

[horizontal]
type:: helm chart version
default:: `10.3.1`
default:: `17.0.2`

A specific chart version. See the https://kapitan.dev/external_dependencies/#helm-type[kapitan documentation] for more information.

Expand Down Expand Up @@ -724,6 +724,6 @@ type:: dict
default:: see `defaults.yml`

All helm_values are passed to the helm chart.
This allows to configure all https://github.com/codecentric/helm-charts/tree/keycloak-10.3.1/charts/keycloak#configuration[keycloak helm chart values].
This allows to configure all https://github.com/codecentric/helm-charts/tree/keycloak-17.0.2/charts/keycloak#configuration[keycloak helm chart values].

Note that it's your own liability to make sure you don't break stuff by overwriting values here!
1 change: 1 addition & 0 deletions docs/modules/ROOT/partials/nav.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
* xref:how-tos/upgrade-3.x-to-4.x.adoc[Upgrade 3.x to 4.x]
* xref:how-tos/upgrade-4.x-to-5.x.adoc[Upgrade 4.x to 5.x]
* xref:how-tos/upgrade-5.x-to-6.x.adoc[Upgrade 5.x to 6.x]
* xref:how-tos/upgrade-6.x-to-7.x.adoc[Upgrade 6.x to 7.x]
* xref:how-tos/openshift-4.adoc[Install on OpenShift 4]
* xref:how-tos/pin-versions.adoc[Pin versions]
Expand Down
6 changes: 4 additions & 2 deletions tests/builtin/secrets_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ func Test_Database_Secret_DefaultParameters(t *testing.T) {
require.NotEmpty(t, subject.StringData)

data := subject.StringData
assert.Len(t, data, 2)
assert.Equal(t, "t-silent-test-1234/c-green-test-1234/builtin/db-password", data["postgresql-password"])
expected := "t-silent-test-1234/c-green-test-1234/builtin/db-password"
assert.Len(t, data, 3)
assert.Equal(t, expected, data["postgresql-password"])
assert.Equal(t, expected, data["postgresql-postgres-password"])
}
5 changes: 2 additions & 3 deletions ...tin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,13 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
helm.sh/chart: postgresql-9.1.1
helm.sh/chart: postgresql-10.3.13
name: keycloak-postgresql
namespace: syn-builtin
spec:
ingress:
- ports:
- port: 5432
- ports:
- port: 9187
podSelector:
matchLabels:
app.kubernetes.io/instance: keycloak
Expand Down
57 changes: 46 additions & 11 deletions ...iltin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,16 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
helm.sh/chart: postgresql-9.1.1
helm.sh/chart: postgresql-10.3.13
name: keycloak-postgresql
namespace: syn-builtin
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: postgresql
role: master
role: primary
serviceName: keycloak-postgresql-headless
template:
metadata:
Expand All @@ -27,13 +28,29 @@ spec:
PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean'
k8up.syn.tools/file-extension: .sql
labels:
app.kubernetes.io/component: primary
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
helm.sh/chart: postgresql-9.1.1
role: master
helm.sh/chart: postgresql-10.3.13
role: primary
name: keycloak-postgresql
spec:
affinity:
nodeAffinity: null
podAffinity: null
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: primary
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: postgresql
namespaces:
- syn-builtin
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: BITNAMI_DEBUG
Expand All @@ -44,6 +61,11 @@ spec:
value: /bitnami/postgresql
- name: PGDATA
value: /bitnami/postgresql/data
- name: POSTGRES_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: postgresql-postgres-password
name: keycloak-postgresql
- name: POSTGRES_USER
value: keycloak
- name: POSTGRES_PASSWORD
Expand All @@ -63,7 +85,19 @@ spec:
value: /opt/bitnami/postgresql/certs/tls.crt
- name: POSTGRESQL_TLS_KEY_FILE
value: /opt/bitnami/postgresql/certs/tls.key
image: quay.io/bitnami/postgresql:11.8.0-debian-10-r61
- name: POSTGRESQL_LOG_HOSTNAME
value: 'false'
- name: POSTGRESQL_LOG_CONNECTIONS
value: 'false'
- name: POSTGRESQL_LOG_DISCONNECTIONS
value: 'false'
- name: POSTGRESQL_PGAUDIT_LOG_CATALOG
value: 'off'
- name: POSTGRESQL_CLIENT_MIN_MESSAGES
value: error
- name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
value: pgaudit
image: quay.io/bitnami/postgresql:11.11.0-debian-10-r31
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
Expand Down Expand Up @@ -118,12 +152,13 @@ spec:
- command:
- /bin/sh
- -cx
- "mkdir -p /bitnami/postgresql/data\nchmod 700 /bitnami/postgresql/data\n\
find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name \"conf\"\
\ -not -name \".snapshot\" -not -name \"lost+found\" | \\\n xargs chown\
\ -R 1001:1001\nchmod -R 777 /dev/shm\ncp /tmp/certs/* /opt/bitnami/postgresql/certs/\n\
chown -R 1001:1001 /opt/bitnami/postgresql/certs/\nchmod 600 /opt/bitnami/postgresql/certs/tls.key\n"
image: docker.io/bitnami/minideb:buster
- "chown 1001:1001 /bitnami/postgresql\nmkdir -p /bitnami/postgresql/data\n\
chmod 700 /bitnami/postgresql/data\nfind /bitnami/postgresql -mindepth\
\ 1 -maxdepth 1 -not -name \"conf\" -not -name \".snapshot\" -not -name\
\ \"lost+found\" | \\\n xargs chown -R 1001:1001\nchmod -R 777 /dev/shm\n\
cp /tmp/certs/* /opt/bitnami/postgresql/certs/\nchown -R 1001:1001 /opt/bitnami/postgresql/certs/\n\
chmod 600 /opt/bitnami/postgresql/certs/tls.key\n"
image: docker.io/bitnami/bitnami-shell:10
imagePullPolicy: Always
name: init-chmod-data
resources:
Expand Down
5 changes: 4 additions & 1 deletion ...ltin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,17 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
helm.sh/chart: postgresql-9.1.1
helm.sh/chart: postgresql-10.3.13
service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
name: keycloak-postgresql-headless
namespace: syn-builtin
spec:
clusterIP: None
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
publishNotReadyAddresses: true
selector:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: postgresql
Expand Down
5 changes: 3 additions & 2 deletions ...iltin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
helm.sh/chart: postgresql-9.1.1
helm.sh/chart: postgresql-10.3.13
name: keycloak-postgresql
namespace: syn-builtin
spec:
ports:
- name: tcp-postgresql
Expand All @@ -16,5 +17,5 @@ spec:
selector:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: postgresql
role: master
role: primary
type: ClusterIP
4 changes: 2 additions & 2 deletions ...n/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,6 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 15.0.2
helm.sh/chart: keycloak-10.3.1
app.kubernetes.io/version: 16.1.1
helm.sh/chart: keycloak-17.0.2
name: keycloak-startup
4 changes: 2 additions & 2 deletions tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 15.0.2
helm.sh/chart: keycloak-10.3.1
app.kubernetes.io/version: 16.1.1
helm.sh/chart: keycloak-17.0.2
name: keycloak
spec:
rules:
Expand Down
4 changes: 2 additions & 2 deletions ...lden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 15.0.2
helm.sh/chart: keycloak-10.3.1
app.kubernetes.io/version: 16.1.1
helm.sh/chart: keycloak-17.0.2
name: keycloak
spec:
groups:
Expand Down
4 changes: 2 additions & 2 deletions ...en/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 15.0.2
helm.sh/chart: keycloak-10.3.1
app.kubernetes.io/version: 16.1.1
helm.sh/chart: keycloak-17.0.2
name: keycloak-headless
spec:
clusterIP: None
Expand Down
4 changes: 2 additions & 2 deletions ...golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 15.0.2
helm.sh/chart: keycloak-10.3.1
app.kubernetes.io/version: 16.1.1
helm.sh/chart: keycloak-17.0.2
name: keycloak-http
spec:
ports:
Expand Down
4 changes: 2 additions & 2 deletions ...lden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 15.0.2
helm.sh/chart: keycloak-10.3.1
app.kubernetes.io/version: 16.1.1
helm.sh/chart: keycloak-17.0.2
name: keycloak
4 changes: 2 additions & 2 deletions ...lden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 15.0.2
helm.sh/chart: keycloak-10.3.1
app.kubernetes.io/version: 16.1.1
helm.sh/chart: keycloak-17.0.2
name: keycloak-wildfly
spec:
endpoints:
Expand Down
8 changes: 4 additions & 4 deletions .../golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 15.0.2
helm.sh/chart: keycloak-10.3.1
app.kubernetes.io/version: 16.1.1
helm.sh/chart: keycloak-17.0.2
name: keycloak
spec:
podManagementPolicy: Parallel
Expand All @@ -20,7 +20,7 @@ spec:
template:
metadata:
annotations:
checksum/config-startup: c6c620d6f92a0e8dc6c4ec68299a0cdb580b97df3191044d4b4d9668994aba51
checksum/config-startup: dc1c28e62927de272accd01fe42a7044ec37f448b6a1ced1a94900338787ec95
checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
labels:
app.kubernetes.io/instance: keycloak
Expand Down Expand Up @@ -94,7 +94,7 @@ spec:
name: keycloak-admin-user
- secretRef:
name: keycloak-postgresql
image: quay.io/keycloak/keycloak:15.0.2
image: quay.io/keycloak/keycloak:16.1.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
Expand Down
Loading

0 comments on commit 65cc46b

Please sign in to comment.