From 1465488c730912a8a9cc4d90a308f36642b6119a Mon Sep 17 00:00:00 2001 From: Hans Erik Heggem Date: Fri, 14 Jun 2024 10:28:51 +0200 Subject: [PATCH 1/5] Upgraded to version 25.0.0 of Keycloak Signed-off-by: Hans Erik Heggem --- charts/keycloakx/Chart.yaml | 2 +- .../examples/postgresql-kubeping/Dockerfile | 2 +- charts/keycloakx/templates/statefulset.yaml | 3 +++ charts/keycloakx/values.yaml | 14 +++++++------- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/charts/keycloakx/Chart.yaml b/charts/keycloakx/Chart.yaml index a3ee6f39..f84355f5 100644 --- a/charts/keycloakx/Chart.yaml +++ b/charts/keycloakx/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: keycloakx version: 2.3.0 -appVersion: 22.0.4 +appVersion: 25.0.0 description: Keycloak.X - Open Source Identity and Access Management for Modern Applications and Services keywords: - sso diff --git a/charts/keycloakx/examples/postgresql-kubeping/Dockerfile b/charts/keycloakx/examples/postgresql-kubeping/Dockerfile index a401b4ae..c535e651 100644 --- a/charts/keycloakx/examples/postgresql-kubeping/Dockerfile +++ b/charts/keycloakx/examples/postgresql-kubeping/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/keycloak/keycloak:22.0.4 +FROM quay.io/keycloak/keycloak:25.0.0 ENV JGROUPS_KUBERNETES_VERSION 1.0.16.Final diff --git a/charts/keycloakx/templates/statefulset.yaml b/charts/keycloakx/templates/statefulset.yaml index 84eaeb9f..db467d3b 100644 --- a/charts/keycloakx/templates/statefulset.yaml +++ b/charts/keycloakx/templates/statefulset.yaml @@ -145,6 +145,9 @@ spec: - name: http containerPort: 8080 protocol: TCP + - name: http-internal + containerPort: 9000 + protocol: TCP {{- if .Values.service.httpsPort }} - name: https containerPort: 8443 diff --git a/charts/keycloakx/values.yaml b/charts/keycloakx/values.yaml index 385b9166..bf3a4ae3 100644 --- a/charts/keycloakx/values.yaml +++ b/charts/keycloakx/values.yaml @@ -11,7 +11,7 @@ image: # The Keycloak image repository repository: quay.io/keycloak/keycloak # Overrides the Keycloak image tag whose default is the chart appVersion - tag: "22.0.4" + tag: "25.0.0" # Overrides the Keycloak image tag with a specific digest digest: "" # The Keycloak image pull policy @@ -166,7 +166,7 @@ podAnnotations: {} livenessProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live' - port: http + port: http-internal initialDelaySeconds: 0 timeoutSeconds: 5 @@ -174,7 +174,7 @@ livenessProbe: | readinessProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready' - port: http + port: http-internal initialDelaySeconds: 10 timeoutSeconds: 1 @@ -182,7 +182,7 @@ readinessProbe: | startupProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health' - port: http + port: http-internal initialDelaySeconds: 15 timeoutSeconds: 1 failureThreshold: 60 @@ -436,7 +436,7 @@ serviceMonitor: # The path at which metrics are served path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/metrics' # The Service port at which metrics are served - port: http + port: http-internal extraServiceMonitor: # If `true`, a ServiceMonitor resource for the prometheus-operator is created @@ -454,9 +454,9 @@ extraServiceMonitor: # Timeout for scraping scrapeTimeout: 10s # The path at which metrics are served - path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/realms/master/metrics' + path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/metrics' # The Service port at which metrics are served - port: http + port: http-internal prometheusRule: # If `true`, a PrometheusRule resource for the prometheus-operator is created From 54b2a2575ba3d06ba20dca0258b5875e26dc9862 Mon Sep 17 00:00:00 2001 From: Hans Erik Heggem Date: Mon, 17 Jun 2024 22:44:28 +0200 Subject: [PATCH 2/5] using a separate value for internal port, due to backwards compatibility Signed-off-by: Hans Erik Heggem --- charts/keycloakx/values.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/keycloakx/values.yaml b/charts/keycloakx/values.yaml index bf3a4ae3..65a4eb4d 100644 --- a/charts/keycloakx/values.yaml +++ b/charts/keycloakx/values.yaml @@ -166,7 +166,7 @@ podAnnotations: {} livenessProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live' - port: http-internal + port: '{{ .Values.http.internalPort }}' initialDelaySeconds: 0 timeoutSeconds: 5 @@ -174,7 +174,7 @@ livenessProbe: | readinessProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready' - port: http-internal + port: '{{ .Values.http.internalPort }}' initialDelaySeconds: 10 timeoutSeconds: 1 @@ -182,7 +182,7 @@ readinessProbe: | startupProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health' - port: http-internal + port: '{{ .Values.http.internalPort }}' initialDelaySeconds: 15 timeoutSeconds: 1 failureThreshold: 60 @@ -417,6 +417,7 @@ health: http: # For backwards compatibility reasons we set this to the value used by previous Keycloak versions. relativePath: "/auth" + internalPort: http-internal serviceMonitor: # If `true`, a ServiceMonitor resource for the prometheus-operator is created @@ -436,7 +437,7 @@ serviceMonitor: # The path at which metrics are served path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/metrics' # The Service port at which metrics are served - port: http-internal + port: '{{ .Values.http.internalPort }}' extraServiceMonitor: # If `true`, a ServiceMonitor resource for the prometheus-operator is created @@ -456,7 +457,7 @@ extraServiceMonitor: # The path at which metrics are served path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/metrics' # The Service port at which metrics are served - port: http-internal + port: '{{ .Values.http.internalPort }}' prometheusRule: # If `true`, a PrometheusRule resource for the prometheus-operator is created From 030388018b9c4d597a299da371ccc99feb3d8ff5 Mon Sep 17 00:00:00 2001 From: Hans Erik Heggem Date: Sat, 22 Jun 2024 10:17:36 +0200 Subject: [PATCH 3/5] Using http internal port value in port naming Signed-off-by: Hans Erik Heggem --- charts/keycloakx/templates/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/keycloakx/templates/statefulset.yaml b/charts/keycloakx/templates/statefulset.yaml index db467d3b..e69899f3 100644 --- a/charts/keycloakx/templates/statefulset.yaml +++ b/charts/keycloakx/templates/statefulset.yaml @@ -145,7 +145,7 @@ spec: - name: http containerPort: 8080 protocol: TCP - - name: http-internal + - name: '{{ .Values.http.internalPort }}' containerPort: 9000 protocol: TCP {{- if .Values.service.httpsPort }} From 0c252928a325308d56bdc082a06127bde4937897 Mon Sep 17 00:00:00 2001 From: Hans Erik Heggem Date: Sat, 22 Jun 2024 15:32:32 +0200 Subject: [PATCH 4/5] Removed deprecated --hostname-strict-https argument Signed-off-by: Hans Erik Heggem --- charts/keycloakx/README.md | 1 - charts/keycloakx/ci/h2-values.yaml | 1 - .../examples/postgresql-kubeping/keycloak-server-values.yaml | 1 - charts/keycloakx/examples/postgresql/keycloak-server-values.yaml | 1 - 4 files changed, 4 deletions(-) diff --git a/charts/keycloakx/README.md b/charts/keycloakx/README.md index dfd1fab0..79541296 100644 --- a/charts/keycloakx/README.md +++ b/charts/keycloakx/README.md @@ -14,7 +14,6 @@ command: - "--http-enabled=true" - "--http-port=8080" - "--hostname-strict=false" - - "--hostname-strict-https=false" extraEnv: | - name: KEYCLOAK_ADMIN value: admin diff --git a/charts/keycloakx/ci/h2-values.yaml b/charts/keycloakx/ci/h2-values.yaml index 65402520..ee8e1d04 100644 --- a/charts/keycloakx/ci/h2-values.yaml +++ b/charts/keycloakx/ci/h2-values.yaml @@ -3,7 +3,6 @@ command: - "--verbose" - "start" - --hostname-strict=false - - --hostname-strict-https=false extraEnv: | - name: KEYCLOAK_ADMIN diff --git a/charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml b/charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml index 72eb2f83..37056006 100644 --- a/charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml +++ b/charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml @@ -8,7 +8,6 @@ command: - "--http-enabled=true" - "--http-port=8080" - "--hostname-strict=false" - - "--hostname-strict-https=false" - "--spi-events-listener-jboss-logging-success-level=info" - "--spi-events-listener-jboss-logging-error-level=warn" diff --git a/charts/keycloakx/examples/postgresql/keycloak-server-values.yaml b/charts/keycloakx/examples/postgresql/keycloak-server-values.yaml index 3d82fb33..e9636703 100644 --- a/charts/keycloakx/examples/postgresql/keycloak-server-values.yaml +++ b/charts/keycloakx/examples/postgresql/keycloak-server-values.yaml @@ -8,7 +8,6 @@ command: - "--http-enabled=true" - "--http-port=8080" - "--hostname-strict=false" - - "--hostname-strict-https=false" - "--spi-events-listener-jboss-logging-success-level=info" - "--spi-events-listener-jboss-logging-error-level=warn" From aadeb660a46a9ec53bde1cf40e2dc1f8f1e0151d Mon Sep 17 00:00:00 2001 From: Hans Erik Heggem Date: Sat, 22 Jun 2024 15:53:18 +0200 Subject: [PATCH 5/5] Fixed deprecated PROXY configuration with new PROXY_HEADERS config Signed-off-by: Hans Erik Heggem --- charts/keycloakx/README.md | 1 - .../postgresql-kubeping/keycloak-server-values.yaml | 1 - .../examples/postgresql/keycloak-server-values.yaml | 1 - charts/keycloakx/templates/statefulset.yaml | 6 +++++- charts/keycloakx/values.yaml | 4 +++- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/charts/keycloakx/README.md b/charts/keycloakx/README.md index 79541296..b19416cc 100644 --- a/charts/keycloakx/README.md +++ b/charts/keycloakx/README.md @@ -11,7 +11,6 @@ $ cat << EOF > values.yaml command: - "/opt/keycloak/bin/kc.sh" - "start" - - "--http-enabled=true" - "--http-port=8080" - "--hostname-strict=false" extraEnv: | diff --git a/charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml b/charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml index 37056006..2c975ed9 100644 --- a/charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml +++ b/charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml @@ -5,7 +5,6 @@ command: - "/opt/keycloak/bin/kc.sh" - "--verbose" - "start" - - "--http-enabled=true" - "--http-port=8080" - "--hostname-strict=false" - "--spi-events-listener-jboss-logging-success-level=info" diff --git a/charts/keycloakx/examples/postgresql/keycloak-server-values.yaml b/charts/keycloakx/examples/postgresql/keycloak-server-values.yaml index e9636703..678e19d2 100644 --- a/charts/keycloakx/examples/postgresql/keycloak-server-values.yaml +++ b/charts/keycloakx/examples/postgresql/keycloak-server-values.yaml @@ -5,7 +5,6 @@ command: - "/opt/keycloak/bin/kc.sh" - "--verbose" - "start" - - "--http-enabled=true" - "--http-port=8080" - "--hostname-strict=false" - "--spi-events-listener-jboss-logging-success-level=info" diff --git a/charts/keycloakx/templates/statefulset.yaml b/charts/keycloakx/templates/statefulset.yaml index e69899f3..00add770 100644 --- a/charts/keycloakx/templates/statefulset.yaml +++ b/charts/keycloakx/templates/statefulset.yaml @@ -100,9 +100,13 @@ spec: value: "kubernetes" {{- end }} {{- if .Values.proxy.enabled }} - - name: KC_PROXY + - name: KC_PROXY_HEADERS value: {{ .Values.proxy.mode }} {{- end }} + {{- if .Values.proxy.http.enabled }} + - name: KC_HTTP_ENABLED + value: "true" + {{- end }} {{- if .Values.database.vendor }} - name: KC_DB value: {{ .Values.database.vendor }} diff --git a/charts/keycloakx/values.yaml b/charts/keycloakx/values.yaml index 65a4eb4d..4f704ced 100644 --- a/charts/keycloakx/values.yaml +++ b/charts/keycloakx/values.yaml @@ -406,7 +406,9 @@ cache: proxy: enabled: true - mode: edge + mode: forwarded + http: + enabled: true metrics: enabled: true