Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable Network Policies and upgrade to Keycloak to v23.0.7 #293

Merged
merged 1 commit into from
Sep 30, 2024
Merged

Enable Network Policies and upgrade to Keycloak to v23.0.7 #293

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions class/defaults.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ parameters:
keycloak:
registry: quay.io
repository: keycloak/keycloak
tag: 22.0.5
tag: 23.0.7
busybox:
registry: docker.io
repository: busybox
Expand Down Expand Up @@ -261,7 +261,7 @@ parameters:
host: ${keycloak:fqdn}
networkPolicy:
# Note: Do not enable when using ingress controller with hostNetwork=true.
enabled: false
enabled: true
# Note: On Syn-managed OpenShift4 clusters there should be already NetworkPolicies that allow traffic from Ingress controller out-of-the-box.
extraFrom:
- podSelector:
Expand Down
34 changes: 34 additions & 0 deletions docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
= Upgrade from v15 to v16

This guide describes the steps to perform an upgrade of the component from version v15 to v16.

== Breaking Changes

* Network Policies are now enabled by default

== Changes

* The component requires Kubernetes v1.25 or newer.
* Keycloak version is v23.0.7 by default.

== Parameter changes

* None

== Step-by-step guide

When upgrading the component, the following actions are required if the built-in database is used:

. Do a backup of the built-in database.
+
[source,bash]
----
instance=keycloak
namespace=syn-${instance}

kubectl -n "${namespace}" exec -ti keycloak-postgresql-0 -c postgresql -- sh -c 'PGDATABASE="$POSTGRES_DATABASE" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' > keycloak-postgresql-$(date +%F-%H-%M-%S).sql
----

. Apply the parameter changes.

. Compile and push the cluster catalog.
1 change: 1 addition & 0 deletions docs/modules/ROOT/partials/nav.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
* xref:how-tos/upgrade-12.x-to-13.x.adoc[Upgrade 12.x to 13.x]
* xref:how-tos/upgrade-13.x-to-14.x.adoc[Upgrade 13.x to 14.x]
* xref:how-tos/upgrade-14.x-to-15.x.adoc[Upgrade 14.x to 15.x]
* xref:how-tos/upgrade-15.x-to-16.x.adoc[Upgrade 15.x to 16.x]
* xref:how-tos/openshift-4.adoc[Install on OpenShift 4]
* xref:how-tos/pin-versions.adoc[Pin versions]

Expand Down
2 changes: 1 addition & 1 deletion tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-builtin
Expand Down
2 changes: 1 addition & 1 deletion ...lden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-builtin
Expand Down
2 changes: 1 addition & 1 deletion ...den/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-builtin
Expand Down
2 changes: 1 addition & 1 deletion ...n/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx-headless
namespace: syn-builtin
Expand Down
2 changes: 1 addition & 1 deletion ...olden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx-http
namespace: syn-builtin
Expand Down
2 changes: 1 addition & 1 deletion ...den/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-builtin
2 changes: 1 addition & 1 deletion ...den/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx-keycloakx
namespace: syn-builtin
Expand Down
4 changes: 2 additions & 2 deletions ...golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: builtin
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-builtin
Expand Down Expand Up @@ -97,7 +97,7 @@ spec:
name: keycloak-admin-user
- secretRef:
name: keycloak-postgresql
image: quay.io/keycloak/keycloak:22.0.5
image: quay.io/keycloak/keycloak:23.0.7
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
Expand Down
2 changes: 1 addition & 1 deletion .../golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-external
Expand Down
41 changes: 41 additions & 0 deletions ...n/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-external
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- port: 8080
protocol: TCP
- port: 8443
protocol: TCP
- from:
- podSelector:
matchLabels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/name: keycloakx
ports:
- port: 8080
protocol: TCP
- port: 8443
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/name: keycloakx
policyTypes:
- Ingress
2 changes: 1 addition & 1 deletion .../external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-external
Expand Down
2 changes: 1 addition & 1 deletion ...xternal/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx-headless
namespace: syn-external
Expand Down
2 changes: 1 addition & 1 deletion ...en/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx-http
namespace: syn-external
Expand Down
2 changes: 1 addition & 1 deletion .../external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-external
2 changes: 1 addition & 1 deletion .../external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx-keycloakx
namespace: syn-external
Expand Down
4 changes: 2 additions & 2 deletions ...den/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-external
Expand Down Expand Up @@ -95,7 +95,7 @@ spec:
name: keycloak-admin-user
- secretRef:
name: keycloak-postgresql
image: quay.io/keycloak/keycloak:22.0.5
image: quay.io/keycloak/keycloak:23.0.7
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
Expand Down
28 changes: 28 additions & 0 deletions tests/golden/external/external/external/01_networkpolicy_infinispan.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
annotations: {}
labels:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: external
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
name: keycloakx-infinispan
name: keycloakx-infinispan
spec:
egress: []
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/name: keycloakx
ports:
- port: 7800
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/name: keycloakx
policyTypes:
- Ingress
27 changes: 27 additions & 0 deletions tests/golden/external/external/external/40_netpol.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
annotations: {}
labels:
name: prometheus-syn-infra-monitoring-to-keycloakx
name: prometheus-syn-infra-monitoring-to-keycloakx
namespace: syn-external
spec:
egress: []
ingress:
- from:
- namespaceSelector:
matchLabels:
name: syn-infra-monitoring
podSelector:
matchLabels:
app.kubernetes.io/component: prometheus
ports:
- port: 8080
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/name: keycloakx
policyTypes:
- Ingress
2 changes: 1 addition & 1 deletion ...nshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ metadata:
app.kubernetes.io/instance: openshift-postgres
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-openshift-postgres
Expand Down
41 changes: 41 additions & 0 deletions ...-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-openshift-postgres
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- port: 8080
protocol: TCP
- port: 8443
protocol: TCP
- from:
- podSelector:
matchLabels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/name: keycloakx
ports:
- port: 8080
protocol: TCP
- port: 8443
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/name: keycloakx
policyTypes:
- Ingress
2 changes: 1 addition & 1 deletion ...postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: openshift-postgres
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-openshift-postgres
Expand Down
2 changes: 1 addition & 1 deletion ...stgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: keycloakx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloakx
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx-headless
namespace: syn-openshift-postgres
Expand Down
2 changes: 1 addition & 1 deletion ...t-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: openshift-postgres
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx-http
namespace: syn-openshift-postgres
Expand Down
2 changes: 1 addition & 1 deletion ...postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: openshift-postgres
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 22.0.5
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloakx-2.3.0
name: keycloakx
namespace: syn-openshift-postgres
Loading
Loading