diff --git a/class/defaults.yml b/class/defaults.yml index 72b64250..457d60d8 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -36,7 +36,7 @@ parameters: namespace: syn-${_instance} name: keycloak charts: - keycloak: "10.3.1" + keycloak: "17.0.2" # FQDN should be overwritten on the cluster level fqdn: keycloak.example.com # Namespace labels @@ -156,7 +156,6 @@ parameters: helm_values: image: repository: quay.io/keycloak/keycloak - tag: '15.0.2' replicas: ${keycloak:replicas} statefulsetLabels: ${keycloak:labels} resources: ${keycloak:resources} @@ -216,7 +215,9 @@ parameters: servicePort: https rules: - host: ${keycloak:fqdn} - paths: ["/"] + paths: + - path: / + pathType: Prefix tls: - hosts: - ${keycloak:fqdn} @@ -253,8 +254,7 @@ parameters: existingSecret: ${keycloak:database:secretname} image: registry: quay.io - # TODO: Rename master to primary when upgrading to Postgres 11 https://github.com/bitnami/charts/commit/7eabc85fd4fae43127228a22829c7ce3fe85c389 - master: + primary: podAnnotations: # Annotations to support both K8up v1 and v2 k8up.syn.tools/backupcommand: sh -c 'PGDATABASE="$POSTGRES_DB" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' diff --git a/component/main.jsonnet b/component/main.jsonnet index 9ba0c607..cf20fcb9 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -28,6 +28,8 @@ local admin_secret = kube.Secret(params.admin.secretname) { local connection_secrets = { builtin: { + // PostgreSQL admin password + 'postgresql-postgres-password': params.database.password, // this secret is shared between Keycloak and PostgreSQL 'postgresql-password': params.database.password, [if params.database.jdbcParams != '' then 'JDBC_PARAMS']: params.database.jdbcParams, diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc new file mode 100644 index 00000000..fae26e05 --- /dev/null +++ b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc @@ -0,0 +1,46 @@ += Upgrade from v6 to v7 + +This guide describes the steps to perform an upgrade of the component from version v6 to v7. + +== Parameter changes + +* `charts.keycloak` changed from `10.3.1` to `17.0.2`, that includes the `bitnami/postgresql` chart update from `9.1.1` to `10.3.13`. +* `helm_values.image.tag` version pin removed from the defaults, which means a Keycloak upgrade from `v15.0.2` to `v16.1.1`. +* `helm_values.ingress.path[0]` changed from `/` (string array) to `{"path": "/", "pathType": "Prefix"}` (object array). +* `helm_values.postgres.master` renamed to `helm_values.postgres.primary`. +* If built-in database is used, PostgreSQL is going to be upgraded from `11.8.0-debian-10-r61` to `11.11.0-debian-10-r31`. + +If you've configured custom values for any of those parameters, make sure to adjust your configurations when upgrading from component version v6 to v7. + +== Step-by-step guide + +When upgrading the component, the following actions are required if the built-in database is used: + +. Make a backup of the built-in database. ++ +[source,bash] +---- +instance=keycloak +namespace=syn-${instance} + +kubectl -n "${namespace}" exec -ti keycloak-postgresql-0 -c keycloak-postgresql -- sh -c 'PGDATABASE="$POSTGRES_DB" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' > keycloak-postgresql-$(date +%F-%H-%M-%S).sql +---- + +. Apply the parameter changes. + +. Compile and push the cluster catalog. + +. If you use the built-in database, you need to delete its StatefulSet to allow ArgoCD to apply the new version. ++ +[source,bash] +---- +kubectl -n syn-keycloak delete sts keycloak-postgresql +---- ++ +[NOTE] +==== +This step is necessary since the upgrade changes immutable properties in the Postgres StatefulSet if using the built-in database. +This won't delete the PVC `data-keycloak-postgresql-0`. +==== + +. Verify that ArgoCD can sync all resources. diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc index 66aa663f..73328f0a 100644 --- a/docs/modules/ROOT/pages/index.adoc +++ b/docs/modules/ROOT/pages/index.adoc @@ -1,7 +1,7 @@ = keycloak: A Commodore component to manage Keycloak This component provides a set of tuned defaults and a simplified interface to -deploy the https://artifacthub.io/packages/helm/codecentric/keycloak/9.9.1[Keycloak helm +deploy the https://artifacthub.io/packages/helm/codecentric/keycloak/17.0.2[Keycloak helm chart] on a Syn-enabled cluster. The component defaults to provisioning a Bitnami Postgres database via the diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 77995596..67f5d110 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -44,7 +44,7 @@ Usually there is just one deployment and therefore no change is required. [horizontal] type:: helm chart version -default:: `10.3.1` +default:: `17.0.2` A specific chart version. See the https://kapitan.dev/external_dependencies/#helm-type[kapitan documentation] for more information. @@ -724,6 +724,6 @@ type:: dict default:: see `defaults.yml` All helm_values are passed to the helm chart. -This allows to configure all https://github.com/codecentric/helm-charts/tree/keycloak-10.3.1/charts/keycloak#configuration[keycloak helm chart values]. +This allows to configure all https://github.com/codecentric/helm-charts/tree/keycloak-17.0.2/charts/keycloak#configuration[keycloak helm chart values]. Note that it's your own liability to make sure you don't break stuff by overwriting values here! diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc index 47a2384f..d56dc908 100644 --- a/docs/modules/ROOT/partials/nav.adoc +++ b/docs/modules/ROOT/partials/nav.adoc @@ -18,6 +18,7 @@ * xref:how-tos/upgrade-3.x-to-4.x.adoc[Upgrade 3.x to 4.x] * xref:how-tos/upgrade-4.x-to-5.x.adoc[Upgrade 4.x to 5.x] * xref:how-tos/upgrade-5.x-to-6.x.adoc[Upgrade 5.x to 6.x] +* xref:how-tos/upgrade-6.x-to-7.x.adoc[Upgrade 6.x to 7.x] * xref:how-tos/openshift-4.adoc[Install on OpenShift 4] * xref:how-tos/pin-versions.adoc[Pin versions] diff --git a/tests/builtin/secrets_test.go b/tests/builtin/secrets_test.go index 84270925..2b7dee16 100644 --- a/tests/builtin/secrets_test.go +++ b/tests/builtin/secrets_test.go @@ -21,6 +21,8 @@ func Test_Database_Secret_DefaultParameters(t *testing.T) { require.NotEmpty(t, subject.StringData) data := subject.StringData - assert.Len(t, data, 2) - assert.Equal(t, "t-silent-test-1234/c-green-test-1234/builtin/db-password", data["postgresql-password"]) + expected := "t-silent-test-1234/c-green-test-1234/builtin/db-password" + assert.Len(t, data, 3) + assert.Equal(t, expected, data["postgresql-password"]) + assert.Equal(t, expected, data["postgresql-postgres-password"]) } diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml index 837e1e5e..b70107c0 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml @@ -5,14 +5,13 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-9.1.1 + helm.sh/chart: postgresql-10.3.13 name: keycloak-postgresql + namespace: syn-builtin spec: ingress: - ports: - port: 5432 - - ports: - - port: 9187 podSelector: matchLabels: app.kubernetes.io/instance: keycloak diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml index 6bda1377..084785ff 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml @@ -7,15 +7,16 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - helm.sh/chart: postgresql-9.1.1 + helm.sh/chart: postgresql-10.3.13 name: keycloak-postgresql + namespace: syn-builtin spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: postgresql - role: master + role: primary serviceName: keycloak-postgresql-headless template: metadata: @@ -27,13 +28,29 @@ spec: PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' k8up.syn.tools/file-extension: .sql labels: + app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-9.1.1 - role: master + helm.sh/chart: postgresql-10.3.13 + role: primary name: keycloak-postgresql spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: keycloak + app.kubernetes.io/name: postgresql + namespaces: + - syn-builtin + topologyKey: kubernetes.io/hostname + weight: 1 containers: - env: - name: BITNAMI_DEBUG @@ -44,6 +61,11 @@ spec: value: /bitnami/postgresql - name: PGDATA value: /bitnami/postgresql/data + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgresql-postgres-password + name: keycloak-postgresql - name: POSTGRES_USER value: keycloak - name: POSTGRES_PASSWORD @@ -63,7 +85,19 @@ spec: value: /opt/bitnami/postgresql/certs/tls.crt - name: POSTGRESQL_TLS_KEY_FILE value: /opt/bitnami/postgresql/certs/tls.key - image: quay.io/bitnami/postgresql:11.8.0-debian-10-r61 + - name: POSTGRESQL_LOG_HOSTNAME + value: 'false' + - name: POSTGRESQL_LOG_CONNECTIONS + value: 'false' + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: 'false' + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: 'off' + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: quay.io/bitnami/postgresql:11.11.0-debian-10-r31 imagePullPolicy: IfNotPresent livenessProbe: exec: @@ -118,12 +152,13 @@ spec: - command: - /bin/sh - -cx - - "mkdir -p /bitnami/postgresql/data\nchmod 700 /bitnami/postgresql/data\n\ - find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name \"conf\"\ - \ -not -name \".snapshot\" -not -name \"lost+found\" | \\\n xargs chown\ - \ -R 1001:1001\nchmod -R 777 /dev/shm\ncp /tmp/certs/* /opt/bitnami/postgresql/certs/\n\ - chown -R 1001:1001 /opt/bitnami/postgresql/certs/\nchmod 600 /opt/bitnami/postgresql/certs/tls.key\n" - image: docker.io/bitnami/minideb:buster + - "chown 1001:1001 /bitnami/postgresql\nmkdir -p /bitnami/postgresql/data\n\ + chmod 700 /bitnami/postgresql/data\nfind /bitnami/postgresql -mindepth\ + \ 1 -maxdepth 1 -not -name \"conf\" -not -name \".snapshot\" -not -name\ + \ \"lost+found\" | \\\n xargs chown -R 1001:1001\nchmod -R 777 /dev/shm\n\ + cp /tmp/certs/* /opt/bitnami/postgresql/certs/\nchown -R 1001:1001 /opt/bitnami/postgresql/certs/\n\ + chmod 600 /opt/bitnami/postgresql/certs/tls.key\n" + image: docker.io/bitnami/bitnami-shell:10 imagePullPolicy: Always name: init-chmod-data resources: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml index c61c4cc1..be3ba8e2 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml @@ -5,14 +5,17 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-9.1.1 + helm.sh/chart: postgresql-10.3.13 + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' name: keycloak-postgresql-headless + namespace: syn-builtin spec: clusterIP: None ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql + publishNotReadyAddresses: true selector: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: postgresql diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml index c03292d4..454f5a63 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml @@ -6,8 +6,9 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-9.1.1 + helm.sh/chart: postgresql-10.3.13 name: keycloak-postgresql + namespace: syn-builtin spec: ports: - name: tcp-postgresql @@ -16,5 +17,5 @@ spec: selector: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: postgresql - role: master + role: primary type: ClusterIP diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml index fac5383b..ea1f225c 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml @@ -31,6 +31,6 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-startup diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml index c4dfb1d8..e88eccac 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml @@ -10,8 +10,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: rules: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml index eb68a0c1..0ecc10cb 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: groups: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml index f9841f9c..48591b4e 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-headless spec: clusterIP: None diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml index e699ba7b..fc7afb61 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-http spec: ports: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml index c3e3d1e4..99e33b6c 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml @@ -7,6 +7,6 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml index 9d80ddfd..b82e4cb1 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-wildfly spec: endpoints: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml index f5edbdeb..cbc80bd4 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: podManagementPolicy: Parallel @@ -20,7 +20,7 @@ spec: template: metadata: annotations: - checksum/config-startup: c6c620d6f92a0e8dc6c4ec68299a0cdb580b97df3191044d4b4d9668994aba51 + checksum/config-startup: dc1c28e62927de272accd01fe42a7044ec37f448b6a1ced1a94900338787ec95 checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a labels: app.kubernetes.io/instance: keycloak @@ -94,7 +94,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:15.0.2 + image: quay.io/keycloak/keycloak:16.1.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/builtin/builtin/builtin/11_db_secret.yaml b/tests/golden/builtin/builtin/builtin/11_db_secret.yaml index 6005be31..ec22c156 100644 --- a/tests/golden/builtin/builtin/builtin/11_db_secret.yaml +++ b/tests/golden/builtin/builtin/builtin/11_db_secret.yaml @@ -13,4 +13,5 @@ metadata: stringData: JDBC_PARAMS: sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt postgresql-password: t-silent-test-1234/c-green-test-1234/builtin/db-password + postgresql-postgres-password: t-silent-test-1234/c-green-test-1234/builtin/db-password type: Opaque diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml index fac5383b..ea1f225c 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml @@ -31,6 +31,6 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-startup diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/ingress.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/ingress.yaml index de968e87..3a42249f 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/ingress.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/ingress.yaml @@ -9,8 +9,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: rules: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml index 75b5cd79..62d613d7 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: groups: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-headless.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-headless.yaml index f9841f9c..48591b4e 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-headless.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-headless spec: clusterIP: None diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-http.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-http.yaml index c0bdbf18..82eeb005 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-http.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-http.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-http spec: ports: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml index 984157dc..9c04c632 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml @@ -7,6 +7,6 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml index 9dc7d51b..412121d6 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-wildfly spec: endpoints: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/statefulset.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/statefulset.yaml index 66c7561c..028cf20b 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/statefulset.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: podManagementPolicy: Parallel @@ -20,7 +20,7 @@ spec: template: metadata: annotations: - checksum/config-startup: c6c620d6f92a0e8dc6c4ec68299a0cdb580b97df3191044d4b4d9668994aba51 + checksum/config-startup: dc1c28e62927de272accd01fe42a7044ec37f448b6a1ced1a94900338787ec95 checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a labels: app.kubernetes.io/instance: keycloak @@ -76,7 +76,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:15.0.2 + image: quay.io/keycloak/keycloak:16.1.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml index fac5383b..ea1f225c 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml @@ -31,6 +31,6 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-startup diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/ingress.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/ingress.yaml index 300c9161..e9350926 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/ingress.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/ingress.yaml @@ -10,8 +10,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: rules: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml index 935c2780..087a5e12 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: groups: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-headless.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-headless.yaml index f9841f9c..48591b4e 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-headless.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-headless spec: clusterIP: None diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-http.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-http.yaml index 940e78b4..ce5be072 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-http.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-http.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-http spec: ports: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml index ab646ce4..a68392a5 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml @@ -7,6 +7,6 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml index b3a9e67a..477eb901 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-wildfly spec: endpoints: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/statefulset.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/statefulset.yaml index a7959886..b7e5e90d 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/statefulset.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: podManagementPolicy: Parallel @@ -20,7 +20,7 @@ spec: template: metadata: annotations: - checksum/config-startup: c6c620d6f92a0e8dc6c4ec68299a0cdb580b97df3191044d4b4d9668994aba51 + checksum/config-startup: dc1c28e62927de272accd01fe42a7044ec37f448b6a1ced1a94900338787ec95 checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a labels: app.kubernetes.io/instance: keycloak @@ -76,7 +76,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:15.0.2 + image: quay.io/keycloak/keycloak:16.1.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: