From a3577ba7f76664d57ace8104510c2512806e0a7a Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Fri, 4 Mar 2022 17:01:38 +0100 Subject: [PATCH 01/10] Update Helm chart to 17.0.2 and keycloak from v15.0.2 to v16.1.1 Postgres master has been renamed to primary Ingress networking/v1 has been introduced Ref: * Postgres helm: https://github.com/bitnami/charts/blob/0391090fe16c1c9b80300bd5c24c76b52bcfc169/bitnami/postgresql/values.yaml * Postgres master to primary: https://github.com/bitnami/charts/blob/0391090fe16c1c9b80300bd5c24c76b52bcfc169/bitnami/postgresql/values.yaml#L424 --- class/defaults.yml | 10 +++++----- component/main.jsonnet | 2 ++ docs/modules/ROOT/pages/references/parameters.adoc | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/class/defaults.yml b/class/defaults.yml index 20743dab..44d19605 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -35,7 +35,7 @@ parameters: namespace: syn-${_instance} name: keycloak charts: - keycloak: "10.3.1" + keycloak: "17.0.2" # FQDN should be overwritten on the cluster level fqdn: keycloak.example.com # Namespace labels @@ -155,7 +155,6 @@ parameters: helm_values: image: repository: quay.io/keycloak/keycloak - tag: '15.0.2' replicas: ${keycloak:replicas} statefulsetLabels: ${keycloak:labels} resources: ${keycloak:resources} @@ -215,7 +214,9 @@ parameters: servicePort: https rules: - host: ${keycloak:fqdn} - paths: ["/"] + paths: + - path: / + pathType: Prefix tls: - hosts: - ${keycloak:fqdn} @@ -252,8 +253,7 @@ parameters: existingSecret: ${keycloak:database:secretname} image: registry: quay.io - # TODO: Rename master to primary when upgrading to Postgres 11 https://github.com/bitnami/charts/commit/7eabc85fd4fae43127228a22829c7ce3fe85c389 - master: + primary: podAnnotations: # Annotations to support both K8up v1 and v2 k8up.syn.tools/backupcommand: sh -c 'PGDATABASE="$POSTGRES_DB" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' diff --git a/component/main.jsonnet b/component/main.jsonnet index 9ba0c607..cf20fcb9 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -28,6 +28,8 @@ local admin_secret = kube.Secret(params.admin.secretname) { local connection_secrets = { builtin: { + // PostgreSQL admin password + 'postgresql-postgres-password': params.database.password, // this secret is shared between Keycloak and PostgreSQL 'postgresql-password': params.database.password, [if params.database.jdbcParams != '' then 'JDBC_PARAMS']: params.database.jdbcParams, diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 5f5320b3..76ead757 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -44,7 +44,7 @@ Usually there is just one deployment and therefore no change is required. [horizontal] type:: helm chart version -default:: `10.3.1` +default:: `17.0.2` A specific chart version. See the https://kapitan.dev/external_dependencies/#helm-type[kapitan documentation] for more information. From 2793ae4aee9a4d464be25fa20cf84c7f8198cafc Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Mon, 28 Mar 2022 10:42:33 +0200 Subject: [PATCH 02/10] Add Upgrade 6.x to 7.x how-to --- .../ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc | 15 +++++++++++++++ docs/modules/ROOT/partials/nav.adoc | 1 + 2 files changed, 16 insertions(+) create mode 100644 docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc new file mode 100644 index 00000000..07d5929b --- /dev/null +++ b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc @@ -0,0 +1,15 @@ += Upgrade from v6 to v7 + +This guide describes the steps to perform an upgrade of the component from version v6 to v7. + +== Changes + +Keycloak will be upgraded from v15.0.2 to v16.1.1 and if the built-in PostgreSQL database is used, PostgreSQL is going to be updated from 11.8.0-debian-10-r61 to 11.11.0-debian-10-r31. + +== Step-by-step guide + +When upgrading the component, the following actions are required if the built-in database is used: + +. Take a backup of the built-in database! +. Unchangable attributes in the postgres statefulset are going to be changed: + `kubectl -n syn-keycloak delete sts keycloak-postgresql` diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc index 47a2384f..abf06c34 100644 --- a/docs/modules/ROOT/partials/nav.adoc +++ b/docs/modules/ROOT/partials/nav.adoc @@ -18,6 +18,7 @@ * xref:how-tos/upgrade-3.x-to-4.x.adoc[Upgrade 3.x to 4.x] * xref:how-tos/upgrade-4.x-to-5.x.adoc[Upgrade 4.x to 5.x] * xref:how-tos/upgrade-5.x-to-6.x.adoc[Upgrade 5.x to 6.x] +* xref:how-tos/upgrade-5.x-to-6.x.adoc[Upgrade 6.x to 7.x] * xref:how-tos/openshift-4.adoc[Install on OpenShift 4] * xref:how-tos/pin-versions.adoc[Pin versions] From f976be65db4220d81dfde8280b8e03a5ebe2ae77 Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Mon, 28 Mar 2022 10:42:33 +0200 Subject: [PATCH 03/10] Add Upgrade 6.x to 7.x how-to --- docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc index 07d5929b..201f99d0 100644 --- a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc +++ b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc @@ -11,5 +11,7 @@ Keycloak will be upgraded from v15.0.2 to v16.1.1 and if the built-in PostgreSQL When upgrading the component, the following actions are required if the built-in database is used: . Take a backup of the built-in database! -. Unchangable attributes in the postgres statefulset are going to be changed: +. Unchangable attributes in the postgres statefulset are going to be changed. + If ArgoCD can't apply the statefulset, it needs to be deleted: `kubectl -n syn-keycloak delete sts keycloak-postgresql` + This don't touch the PVC `data-keycloak-postgresql-0`. From f8015314c1fc1d4949a399391cfa4e06123347a9 Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Mon, 28 Mar 2022 10:48:27 +0200 Subject: [PATCH 04/10] Update helm version strings --- docs/modules/ROOT/pages/index.adoc | 2 +- docs/modules/ROOT/pages/references/parameters.adoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc index 66aa663f..73328f0a 100644 --- a/docs/modules/ROOT/pages/index.adoc +++ b/docs/modules/ROOT/pages/index.adoc @@ -1,7 +1,7 @@ = keycloak: A Commodore component to manage Keycloak This component provides a set of tuned defaults and a simplified interface to -deploy the https://artifacthub.io/packages/helm/codecentric/keycloak/9.9.1[Keycloak helm +deploy the https://artifacthub.io/packages/helm/codecentric/keycloak/17.0.2[Keycloak helm chart] on a Syn-enabled cluster. The component defaults to provisioning a Bitnami Postgres database via the diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 76ead757..0c4a260f 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -724,6 +724,6 @@ type:: dict default:: see `defaults.yml` All helm_values are passed to the helm chart. -This allows to configure all https://github.com/codecentric/helm-charts/tree/keycloak-10.3.1/charts/keycloak#configuration[keycloak helm chart values]. +This allows to configure all https://github.com/codecentric/helm-charts/tree/keycloak-17.0.2/charts/keycloak#configuration[keycloak helm chart values]. Note that it's your own liability to make sure you don't break stuff by overwriting values here! From 14da72d966b1ac39596fc64069fc40fc595fc281 Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Mon, 28 Mar 2022 10:57:45 +0200 Subject: [PATCH 05/10] Update tests for Keycloak 16.1.1 and Postgres 11.11.0-debian-10-r31 --- .../postgresql/templates/networkpolicy.yaml | 5 +- .../postgresql/templates/statefulset.yaml | 57 +++++++++++++++---- .../postgresql/templates/svc-headless.yaml | 5 +- .../charts/postgresql/templates/svc.yaml | 5 +- .../keycloak/templates/configmap-startup.yaml | 4 +- .../keycloak/templates/ingress.yaml | 4 +- .../keycloak/templates/prometheusrule.yaml | 4 +- .../keycloak/templates/service-headless.yaml | 4 +- .../keycloak/templates/service-http.yaml | 4 +- .../keycloak/templates/serviceaccount.yaml | 4 +- .../keycloak/templates/servicemonitor.yaml | 4 +- .../keycloak/templates/statefulset.yaml | 8 +-- .../builtin/builtin/builtin/11_db_secret.yaml | 1 + .../keycloak/templates/configmap-startup.yaml | 4 +- .../keycloak/templates/ingress.yaml | 4 +- .../keycloak/templates/prometheusrule.yaml | 4 +- .../keycloak/templates/service-headless.yaml | 4 +- .../keycloak/templates/service-http.yaml | 4 +- .../keycloak/templates/serviceaccount.yaml | 4 +- .../keycloak/templates/servicemonitor.yaml | 4 +- .../keycloak/templates/statefulset.yaml | 8 +-- .../keycloak/templates/configmap-startup.yaml | 4 +- .../keycloak/templates/ingress.yaml | 4 +- .../keycloak/templates/prometheusrule.yaml | 4 +- .../keycloak/templates/service-headless.yaml | 4 +- .../keycloak/templates/service-http.yaml | 4 +- .../keycloak/templates/serviceaccount.yaml | 4 +- .../keycloak/templates/servicemonitor.yaml | 4 +- .../keycloak/templates/statefulset.yaml | 8 +-- 29 files changed, 110 insertions(+), 71 deletions(-) diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml index 837e1e5e..b70107c0 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/networkpolicy.yaml @@ -5,14 +5,13 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-9.1.1 + helm.sh/chart: postgresql-10.3.13 name: keycloak-postgresql + namespace: syn-builtin spec: ingress: - ports: - port: 5432 - - ports: - - port: 9187 podSelector: matchLabels: app.kubernetes.io/instance: keycloak diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml index 6bda1377..084785ff 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/statefulset.yaml @@ -7,15 +7,16 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - helm.sh/chart: postgresql-9.1.1 + helm.sh/chart: postgresql-10.3.13 name: keycloak-postgresql + namespace: syn-builtin spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: postgresql - role: master + role: primary serviceName: keycloak-postgresql-headless template: metadata: @@ -27,13 +28,29 @@ spec: PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' k8up.syn.tools/file-extension: .sql labels: + app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-9.1.1 - role: master + helm.sh/chart: postgresql-10.3.13 + role: primary name: keycloak-postgresql spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: keycloak + app.kubernetes.io/name: postgresql + namespaces: + - syn-builtin + topologyKey: kubernetes.io/hostname + weight: 1 containers: - env: - name: BITNAMI_DEBUG @@ -44,6 +61,11 @@ spec: value: /bitnami/postgresql - name: PGDATA value: /bitnami/postgresql/data + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgresql-postgres-password + name: keycloak-postgresql - name: POSTGRES_USER value: keycloak - name: POSTGRES_PASSWORD @@ -63,7 +85,19 @@ spec: value: /opt/bitnami/postgresql/certs/tls.crt - name: POSTGRESQL_TLS_KEY_FILE value: /opt/bitnami/postgresql/certs/tls.key - image: quay.io/bitnami/postgresql:11.8.0-debian-10-r61 + - name: POSTGRESQL_LOG_HOSTNAME + value: 'false' + - name: POSTGRESQL_LOG_CONNECTIONS + value: 'false' + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: 'false' + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: 'off' + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: quay.io/bitnami/postgresql:11.11.0-debian-10-r31 imagePullPolicy: IfNotPresent livenessProbe: exec: @@ -118,12 +152,13 @@ spec: - command: - /bin/sh - -cx - - "mkdir -p /bitnami/postgresql/data\nchmod 700 /bitnami/postgresql/data\n\ - find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name \"conf\"\ - \ -not -name \".snapshot\" -not -name \"lost+found\" | \\\n xargs chown\ - \ -R 1001:1001\nchmod -R 777 /dev/shm\ncp /tmp/certs/* /opt/bitnami/postgresql/certs/\n\ - chown -R 1001:1001 /opt/bitnami/postgresql/certs/\nchmod 600 /opt/bitnami/postgresql/certs/tls.key\n" - image: docker.io/bitnami/minideb:buster + - "chown 1001:1001 /bitnami/postgresql\nmkdir -p /bitnami/postgresql/data\n\ + chmod 700 /bitnami/postgresql/data\nfind /bitnami/postgresql -mindepth\ + \ 1 -maxdepth 1 -not -name \"conf\" -not -name \".snapshot\" -not -name\ + \ \"lost+found\" | \\\n xargs chown -R 1001:1001\nchmod -R 777 /dev/shm\n\ + cp /tmp/certs/* /opt/bitnami/postgresql/certs/\nchown -R 1001:1001 /opt/bitnami/postgresql/certs/\n\ + chmod 600 /opt/bitnami/postgresql/certs/tls.key\n" + image: docker.io/bitnami/bitnami-shell:10 imagePullPolicy: Always name: init-chmod-data resources: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml index c61c4cc1..be3ba8e2 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc-headless.yaml @@ -5,14 +5,17 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-9.1.1 + helm.sh/chart: postgresql-10.3.13 + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' name: keycloak-postgresql-headless + namespace: syn-builtin spec: clusterIP: None ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql + publishNotReadyAddresses: true selector: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: postgresql diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml index c03292d4..454f5a63 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/charts/postgresql/templates/svc.yaml @@ -6,8 +6,9 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-9.1.1 + helm.sh/chart: postgresql-10.3.13 name: keycloak-postgresql + namespace: syn-builtin spec: ports: - name: tcp-postgresql @@ -16,5 +17,5 @@ spec: selector: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: postgresql - role: master + role: primary type: ClusterIP diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml index fac5383b..ea1f225c 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml @@ -31,6 +31,6 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-startup diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml index c4dfb1d8..e88eccac 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/ingress.yaml @@ -10,8 +10,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: rules: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml index eb68a0c1..0ecc10cb 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: groups: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml index f9841f9c..48591b4e 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-headless spec: clusterIP: None diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml index e699ba7b..fc7afb61 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/service-http.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-http spec: ports: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml index c3e3d1e4..99e33b6c 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml @@ -7,6 +7,6 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml index 9d80ddfd..b82e4cb1 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-wildfly spec: endpoints: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml index f5edbdeb..cbc80bd4 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloak/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: podManagementPolicy: Parallel @@ -20,7 +20,7 @@ spec: template: metadata: annotations: - checksum/config-startup: c6c620d6f92a0e8dc6c4ec68299a0cdb580b97df3191044d4b4d9668994aba51 + checksum/config-startup: dc1c28e62927de272accd01fe42a7044ec37f448b6a1ced1a94900338787ec95 checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a labels: app.kubernetes.io/instance: keycloak @@ -94,7 +94,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:15.0.2 + image: quay.io/keycloak/keycloak:16.1.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/builtin/builtin/builtin/11_db_secret.yaml b/tests/golden/builtin/builtin/builtin/11_db_secret.yaml index 6005be31..ec22c156 100644 --- a/tests/golden/builtin/builtin/builtin/11_db_secret.yaml +++ b/tests/golden/builtin/builtin/builtin/11_db_secret.yaml @@ -13,4 +13,5 @@ metadata: stringData: JDBC_PARAMS: sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt postgresql-password: t-silent-test-1234/c-green-test-1234/builtin/db-password + postgresql-postgres-password: t-silent-test-1234/c-green-test-1234/builtin/db-password type: Opaque diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml index fac5383b..ea1f225c 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml @@ -31,6 +31,6 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-startup diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/ingress.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/ingress.yaml index de968e87..3a42249f 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/ingress.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/ingress.yaml @@ -9,8 +9,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: rules: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml index 75b5cd79..62d613d7 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: groups: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-headless.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-headless.yaml index f9841f9c..48591b4e 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-headless.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-headless spec: clusterIP: None diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-http.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-http.yaml index c0bdbf18..82eeb005 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-http.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/service-http.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-http spec: ports: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml index 984157dc..9c04c632 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml @@ -7,6 +7,6 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml index 9dc7d51b..412121d6 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-wildfly spec: endpoints: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/statefulset.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/statefulset.yaml index 66c7561c..028cf20b 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/statefulset.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloak/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: podManagementPolicy: Parallel @@ -20,7 +20,7 @@ spec: template: metadata: annotations: - checksum/config-startup: c6c620d6f92a0e8dc6c4ec68299a0cdb580b97df3191044d4b4d9668994aba51 + checksum/config-startup: dc1c28e62927de272accd01fe42a7044ec37f448b6a1ced1a94900338787ec95 checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a labels: app.kubernetes.io/instance: keycloak @@ -76,7 +76,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:15.0.2 + image: quay.io/keycloak/keycloak:16.1.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml index fac5383b..ea1f225c 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/configmap-startup.yaml @@ -31,6 +31,6 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-startup diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/ingress.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/ingress.yaml index 300c9161..e9350926 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/ingress.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/ingress.yaml @@ -10,8 +10,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: rules: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml index 935c2780..087a5e12 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: groups: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-headless.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-headless.yaml index f9841f9c..48591b4e 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-headless.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-headless spec: clusterIP: None diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-http.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-http.yaml index 940e78b4..ce5be072 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-http.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/service-http.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-http spec: ports: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml index ab646ce4..a68392a5 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/serviceaccount.yaml @@ -7,6 +7,6 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml index b3a9e67a..477eb901 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/servicemonitor.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak-wildfly spec: endpoints: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/statefulset.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/statefulset.yaml index a7959886..b7e5e90d 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/statefulset.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloak/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.0.2 - helm.sh/chart: keycloak-10.3.1 + app.kubernetes.io/version: 16.1.1 + helm.sh/chart: keycloak-17.0.2 name: keycloak spec: podManagementPolicy: Parallel @@ -20,7 +20,7 @@ spec: template: metadata: annotations: - checksum/config-startup: c6c620d6f92a0e8dc6c4ec68299a0cdb580b97df3191044d4b4d9668994aba51 + checksum/config-startup: dc1c28e62927de272accd01fe42a7044ec37f448b6a1ced1a94900338787ec95 checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a labels: app.kubernetes.io/instance: keycloak @@ -76,7 +76,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:15.0.2 + image: quay.io/keycloak/keycloak:16.1.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: From 48bee9b9375e62686e80ea84598090baf0d4668e Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Mon, 28 Mar 2022 11:27:54 +0200 Subject: [PATCH 06/10] Adjust the test for the new secret data key postgresql-postgres-password in db-password --- tests/builtin/secrets_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/builtin/secrets_test.go b/tests/builtin/secrets_test.go index 84270925..0f8f80b8 100644 --- a/tests/builtin/secrets_test.go +++ b/tests/builtin/secrets_test.go @@ -21,6 +21,6 @@ func Test_Database_Secret_DefaultParameters(t *testing.T) { require.NotEmpty(t, subject.StringData) data := subject.StringData - assert.Len(t, data, 2) - assert.Equal(t, "t-silent-test-1234/c-green-test-1234/builtin/db-password", data["postgresql-password"]) + assert.Len(t, data, 3) + assert.Equal(t, "t-silent-test-1234/c-green-test-1234/builtin/db-password", data["postgresql-postgres-password"], data["postgresql-password"]) } From e03c5bd5555fab75b8903eb4c592af38a8312b16 Mon Sep 17 00:00:00 2001 From: Megian Date: Mon, 28 Mar 2022 13:55:21 +0200 Subject: [PATCH 07/10] Apply suggestions from code review Co-authored-by: Chris --- .../pages/how-tos/upgrade-6.x-to-7.x.adoc | 28 ++++++++++++++----- docs/modules/ROOT/partials/nav.adoc | 2 +- tests/builtin/secrets_test.go | 4 ++- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc index 201f99d0..51d6a8b0 100644 --- a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc +++ b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc @@ -2,16 +2,30 @@ This guide describes the steps to perform an upgrade of the component from version v6 to v7. -== Changes +== Parameter changes -Keycloak will be upgraded from v15.0.2 to v16.1.1 and if the built-in PostgreSQL database is used, PostgreSQL is going to be updated from 11.8.0-debian-10-r61 to 11.11.0-debian-10-r31. +* `charts.keycloak` changed from `10.3.1` to `17.0.2`, that includes the `bitnami/postgresql` chart update from `9.1.1` to `10.3.13`. +* `helm_values.image.tag` version pin removed from the defaults, which means a Keycloak upgrade from `v15.0.2` to `v16.1.1`. +* `helm_values.ingress.path[0]` changed from `/` (string array) to `{"path": "/", "pathType": "Prefix"}` (object array). +* `helm_values.postgres.master` renamed to `helm_values.postgres.primary`. +* If built-in database is used, PostgreSQL is going to be upgraded from `11.8.0-debian-10-r61` to `11.11.0-debian-10-r31`. == Step-by-step guide When upgrading the component, the following actions are required if the built-in database is used: -. Take a backup of the built-in database! -. Unchangable attributes in the postgres statefulset are going to be changed. - If ArgoCD can't apply the statefulset, it needs to be deleted: - `kubectl -n syn-keycloak delete sts keycloak-postgresql` - This don't touch the PVC `data-keycloak-postgresql-0`. +. Make a backup of the built-in database. + +. Apply the parameter changes. + +. Compile and push the cluster catalog. + +. If ArgoCD can't apply the updated StatefulSet, it needs to be deleted: `kubectl -n syn-keycloak delete sts keycloak-postgresql`. + + + [NOTE] + ==== + This step is necessary since the upgrade changes immutable properties in the Postgres StatefulSet if using the built-in database. + This won't delete the PVC `data-keycloak-postgresql-0`. + ==== + +. Verify that ArgoCD can sync all resources. diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc index abf06c34..d56dc908 100644 --- a/docs/modules/ROOT/partials/nav.adoc +++ b/docs/modules/ROOT/partials/nav.adoc @@ -18,7 +18,7 @@ * xref:how-tos/upgrade-3.x-to-4.x.adoc[Upgrade 3.x to 4.x] * xref:how-tos/upgrade-4.x-to-5.x.adoc[Upgrade 4.x to 5.x] * xref:how-tos/upgrade-5.x-to-6.x.adoc[Upgrade 5.x to 6.x] -* xref:how-tos/upgrade-5.x-to-6.x.adoc[Upgrade 6.x to 7.x] +* xref:how-tos/upgrade-6.x-to-7.x.adoc[Upgrade 6.x to 7.x] * xref:how-tos/openshift-4.adoc[Install on OpenShift 4] * xref:how-tos/pin-versions.adoc[Pin versions] diff --git a/tests/builtin/secrets_test.go b/tests/builtin/secrets_test.go index 0f8f80b8..2b7dee16 100644 --- a/tests/builtin/secrets_test.go +++ b/tests/builtin/secrets_test.go @@ -21,6 +21,8 @@ func Test_Database_Secret_DefaultParameters(t *testing.T) { require.NotEmpty(t, subject.StringData) data := subject.StringData + expected := "t-silent-test-1234/c-green-test-1234/builtin/db-password" assert.Len(t, data, 3) - assert.Equal(t, "t-silent-test-1234/c-green-test-1234/builtin/db-password", data["postgresql-postgres-password"], data["postgresql-password"]) + assert.Equal(t, expected, data["postgresql-password"]) + assert.Equal(t, expected, data["postgresql-postgres-password"]) } From 4ee7902ada9429be55d8fc8b1526742091c97b94 Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Mon, 28 Mar 2022 14:00:28 +0200 Subject: [PATCH 08/10] Remove not required whitespaces --- docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc index 51d6a8b0..9440ad69 100644 --- a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc +++ b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc @@ -25,7 +25,7 @@ When upgrading the component, the following actions are required if the built-in [NOTE] ==== This step is necessary since the upgrade changes immutable properties in the Postgres StatefulSet if using the built-in database. - This won't delete the PVC `data-keycloak-postgresql-0`. + This won't delete the PVC `data-keycloak-postgresql-0`. ==== . Verify that ArgoCD can sync all resources. From 288da672596d76022d79aa7dab300520d68902ec Mon Sep 17 00:00:00 2001 From: Megian Date: Tue, 29 Mar 2022 18:23:54 +0200 Subject: [PATCH 09/10] Apply suggestions from code review Co-authored-by: Simon Gerber --- .../pages/how-tos/upgrade-6.x-to-7.x.adoc | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc index 9440ad69..b977229b 100644 --- a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc +++ b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc @@ -10,6 +10,8 @@ This guide describes the steps to perform an upgrade of the component from versi * `helm_values.postgres.master` renamed to `helm_values.postgres.primary`. * If built-in database is used, PostgreSQL is going to be upgraded from `11.8.0-debian-10-r61` to `11.11.0-debian-10-r31`. +If you've configured custom values for any of those parameters, make sure to adjust your configurations when upgrading from component version v6 to v7. + == Step-by-step guide When upgrading the component, the following actions are required if the built-in database is used: @@ -20,12 +22,17 @@ When upgrading the component, the following actions are required if the built-in . Compile and push the cluster catalog. -. If ArgoCD can't apply the updated StatefulSet, it needs to be deleted: `kubectl -n syn-keycloak delete sts keycloak-postgresql`. - + - [NOTE] - ==== - This step is necessary since the upgrade changes immutable properties in the Postgres StatefulSet if using the built-in database. - This won't delete the PVC `data-keycloak-postgresql-0`. - ==== +. If you use the built-in database, you need to delete its StatefulSet to allow ArgoCD to apply the new version. ++ +[source,bash] +---- +kubectl -n syn-keycloak delete sts keycloak-postgresql +---- ++ +[NOTE] +==== +This step is necessary since the upgrade changes immutable properties in the Postgres StatefulSet if using the built-in database. +This won't delete the PVC `data-keycloak-postgresql-0`. +==== . Verify that ArgoCD can sync all resources. From 7fb3935f5372511549dc47bae79f42fd99c51848 Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Fri, 8 Apr 2022 13:34:57 +0200 Subject: [PATCH 10/10] Add an example how to do a manual postgresql DB backup --- docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc index b977229b..fae26e05 100644 --- a/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc +++ b/docs/modules/ROOT/pages/how-tos/upgrade-6.x-to-7.x.adoc @@ -17,6 +17,14 @@ If you've configured custom values for any of those parameters, make sure to adj When upgrading the component, the following actions are required if the built-in database is used: . Make a backup of the built-in database. ++ +[source,bash] +---- +instance=keycloak +namespace=syn-${instance} + +kubectl -n "${namespace}" exec -ti keycloak-postgresql-0 -c keycloak-postgresql -- sh -c 'PGDATABASE="$POSTGRES_DB" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' > keycloak-postgresql-$(date +%F-%H-%M-%S).sql +---- . Apply the parameter changes.