Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to Keycloak v25 #316

Merged
merged 1 commit into from
Nov 21, 2024
Merged

Upgrade to Keycloak v25 #316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 4 additions & 7 deletions class/defaults.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ parameters:
keycloak:
registry: quay.io
repository: keycloak/keycloak
tag: 24.0.5
tag: 25.0.6
busybox:
registry: docker.io
repository: busybox
Expand All @@ -59,7 +59,7 @@ parameters:
charts:
keycloakx:
source: https://codecentric.github.io/helm-charts
version: v2.3.0
version: 2.5.1
postgresql:
source: https://charts.bitnami.com/bitnami
version: 12.12.10
Expand Down Expand Up @@ -189,6 +189,8 @@ parameters:
tag: ${keycloak:images:keycloak:tag}
http:
relativePath: ${keycloak:relativePath}
# Required because the Keycloak management port is HTTPS by default but the keycloakx helm chart has a default to HTTP
internalScheme: HTTPS
replicas: ${keycloak:replicas}
statefulsetLabels: ${keycloak:labels}
resources: ${keycloak:resources}
Expand All @@ -197,7 +199,6 @@ parameters:
# See https://www.keycloak.org/server/all-config
args:
- start
- --http-enabled=true # Helm chart requires it currently

# extraEnv *MUST* be a string, as it's fed through a templating
# function.
Expand Down Expand Up @@ -286,10 +287,6 @@ parameters:
image:
repository: ${keycloak:images:busybox:registry}/${keycloak:images:busybox:repository}
tag: ${keycloak:images:busybox:tag}
proxy:
enabled: 'true'
mode: ${keycloak:ingress:tls:termination}

metrics:
enabled: ${keycloak:monitoring:enabled}
database:
Expand Down
45 changes: 45 additions & 0 deletions docs/modules/ROOT/pages/how-tos/upgrade-17.x-to-18.x.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
= Upgrade from v17 to v18

This guide describes the steps to perform an upgrade of the component from version v17 to v18.

== Breaking Changes

* The component doesn't work with an older Keycloak version than v25.

== Changes

* The component requires Kubernetes v1.25 or newer.
* Keycloak version is v25.0.6 by default.

== Parameter changes

* The reverse proxy mode is no longer linked to the ingress mode. Source IPs taken from the `Forwarded header` as per RFC7239. To use `X-Forwarded-*` headers see below. You also may consult the https://www.keycloak.org/server/reverseproxy#_configure_the_reverse_proxy_headers[Keycloak documentation].

== Step-by-step guide

When upgrading the component, the following actions are required if the built-in database is used:

. If your setup requires `X-Forwarded-*` headers rather than `Forwarded header` as per RFC7239:
+
[source,bash]
----
parameters:
keycloak:
helm_values:
proxy:
mode: xforwarded
----

. Do a backup of the built-in database.
+
[source,bash]
----
instance=keycloak
namespace=syn-${instance}

kubectl -n "${namespace}" exec -ti keycloak-postgresql-0 -c postgresql -- sh -c 'PGDATABASE="$POSTGRES_DATABASE" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' > keycloak-postgresql-$(date +%F-%H-%M-%S).sql
----

. Apply the parameter changes.

. Compile and push the cluster catalog.
1 change: 1 addition & 0 deletions docs/modules/ROOT/partials/nav.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
* xref:how-tos/upgrade-14.x-to-15.x.adoc[Upgrade 14.x to 15.x]
* xref:how-tos/upgrade-15.x-to-16.x.adoc[Upgrade 15.x to 16.x]
* xref:how-tos/upgrade-16.x-to-17.x.adoc[Upgrade 16.x to 17.x]
* xref:how-tos/upgrade-17.x-to-18.x.adoc[Upgrade 17.x to 18.x]
* xref:how-tos/openshift-4.adoc[Install on OpenShift 4]
* xref:how-tos/pin-versions.adoc[Pin versions]

Expand Down
4 changes: 2 additions & 2 deletions tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-builtin
spec:
Expand Down
4 changes: 2 additions & 2 deletions ...lden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ metadata:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-builtin
spec:
Expand Down
4 changes: 2 additions & 2 deletions ...den/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-builtin
spec:
Expand Down
4 changes: 2 additions & 2 deletions ...n/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx-headless
namespace: syn-builtin
spec:
Expand Down
4 changes: 2 additions & 2 deletions ...olden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx-http
namespace: syn-builtin
spec:
Expand Down
4 changes: 2 additions & 2 deletions ...den/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-builtin
7 changes: 4 additions & 3 deletions ...den/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,16 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx-keycloakx
namespace: syn-builtin
spec:
endpoints:
- interval: 10s
path: /metrics
port: http
port: http-internal
scheme: https
scrapeTimeout: 10s
selector:
matchLabels:
Expand Down
25 changes: 16 additions & 9 deletions ...golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-builtin
spec:
Expand Down Expand Up @@ -56,7 +56,6 @@ spec:
containers:
- args:
- start
- --http-enabled=true
env:
- name: FOO
value: bar
Expand Down Expand Up @@ -86,37 +85,44 @@ spec:
value: /etc/x509/https/tls.crt
- name: KC_HTTPS_CERTIFICATE_KEY_FILE
value: /etc/x509/https/tls.key
- name: KC_HTTP_ENABLED
value: 'true'
- name: KC_HTTP_RELATIVE_PATH
value: /
- name: KC_METRICS_ENABLED
value: 'true'
- name: KC_PROXY
value: reencrypt
- name: KC_PROXY_HEADERS
value: forwarded
envFrom:
- secretRef:
name: keycloak-admin-user
- secretRef:
name: keycloak-postgresql
image: quay.io/keycloak/keycloak:24.0.5
image: quay.io/keycloak/keycloak:25.0.6
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /health/live
port: http
port: http-internal
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 9000
name: http-internal
protocol: TCP
- containerPort: 8443
name: https
protocol: TCP
readinessProbe:
httpGet:
path: /health/ready
port: http
port: http-internal
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -133,7 +139,8 @@ spec:
failureThreshold: 60
httpGet:
path: /health
port: http
port: http-internal
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down
4 changes: 2 additions & 2 deletions .../golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-external
spec:
Expand Down
4 changes: 2 additions & 2 deletions ...n/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ metadata:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-external
spec:
Expand Down
4 changes: 2 additions & 2 deletions .../external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-external
spec:
Expand Down
4 changes: 2 additions & 2 deletions ...xternal/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx-headless
namespace: syn-external
spec:
Expand Down
4 changes: 2 additions & 2 deletions ...en/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx-http
namespace: syn-external
spec:
Expand Down
4 changes: 2 additions & 2 deletions .../external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx
namespace: syn-external
7 changes: 4 additions & 3 deletions .../external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,16 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 24.0.5
helm.sh/chart: keycloakx-2.3.0
app.kubernetes.io/version: 25.0.6
helm.sh/chart: keycloakx-2.5.1
name: keycloakx-keycloakx
namespace: syn-external
spec:
endpoints:
- interval: 10s
path: /metrics
port: http
port: http-internal
scheme: https
scrapeTimeout: 10s
selector:
matchLabels:
Expand Down
Loading
Loading