Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Upgrade keycloak postgresql to version 15 #310

Merged
merged 1 commit into from
Jun 3, 2024
Merged

✨ Upgrade keycloak postgresql to version 15 #310

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/create-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ jobs:
addon_analyzer: quay.io/konveyor/tackle2-addon-analyzer:${{ inputs.version }}
# The ones we don't own
oauth_proxy: quay.io/konveyor/origin-oauth-proxy:${{ inputs.version }}
tackle_postgres: quay.io/konveyor/postgresql-12-centos7:${{ inputs.version }}
tackle_postgres: quay.io/konveyor/postgresql-15-c9s:${{ inputs.version }}
keycloak_sso: quay.io/konveyor/keycloak:${{ inputs.version }}
# Bundle specific args
version: ${{ inputs.version }}
Expand Down
6 changes: 6 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@ USER 0
COPY tools/upgrades/migrate-pathfinder-assessments.py /usr/local/bin/migrate-pathfinder-assessments.py
COPY tools/upgrades/jwt.sh /usr/local/bin/jwt.sh
RUN dnf -y install openssl && dnf clean all
RUN echo -e "[centos8-appstream]" \
"\nname = centos8-appstream" \
"\nbaseurl = http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/" \
"\nenabled = 1" \
"\ngpgcheck = 0" > /etc/yum.repos.d/centos.repo
RUN dnf -y module enable postgresql:15 && dnf -y install postgresql && dnf clean all
USER 1001

COPY requirements.yml ${HOME}/requirements.yml
Expand Down
4 changes: 2 additions & 2 deletions bundle/manifests/konveyor-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ spec:
- name: RELATED_IMAGE_TACKLE_HUB
value: quay.io/konveyor/tackle2-hub:latest
- name: RELATED_IMAGE_TACKLE_POSTGRES
value: quay.io/centos7/postgresql-12-centos7:centos7
value: quay.io/sclorg/postgresql-15-c9s:latest
- name: RELATED_IMAGE_KEYCLOAK_SSO
value: quay.io/keycloak/keycloak:18.0.2-legacy
- name: RELATED_IMAGE_KEYCLOAK_INIT
Expand Down Expand Up @@ -354,7 +354,7 @@ spec:
name: oauth-proxy
- image: quay.io/konveyor/tackle2-hub:latest
name: tackle-hub
- image: quay.io/centos7/postgresql-12-centos7:centos7
- image: quay.io/sclorg/postgresql-15-c9s:latest
name: tackle-postgres
- image: quay.io/keycloak/keycloak:18.0.2-legacy
name: keycloak-sso
Expand Down
2 changes: 1 addition & 1 deletion helm/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ images:
operator: quay.io/konveyor/tackle2-operator:latest
oauth_proxy: quay.io/openshift/origin-oauth-proxy:latest
tackle_hub: quay.io/konveyor/tackle2-hub:latest
tackle_postgres: quay.io/centos7/postgresql-12-centos7:centos7
tackle_postgres: quay.io/sclorg/postgresql-15-c9s:latest
keycloak_sso: quay.io/keycloak/keycloak:18.0.2-legacy
keycloak_init: quay.io/konveyor/tackle-keycloak-init:latest
tackle_ui: quay.io/konveyor/tackle2-ui:latest
Expand Down
3 changes: 2 additions & 1 deletion roles/tackle/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,9 +81,10 @@ keycloak_database_container_requests_memory: "350Mi"
keycloak_database_data_volume_name: "{{ keycloak_database_service_name }}-database"
keycloak_database_data_volume_size: "1Gi"
keycloak_database_data_volume_path: "/var/lib/pgsql"
keycloak_database_data_volume_claim_name: "{{ keycloak_database_service_name }}-volume-claim"
keycloak_database_data_volume_claim_name: "{{ keycloak_database_service_name }}-{{ keycloak_database_db_version }}-volume-claim"
keycloak_database_db_name: "keycloak_db"
keycloak_database_db_name_b64: "{{ keycloak_database_db_name | b64encode }}"
keycloak_database_db_version: "15"

keycloak_sso_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_KEYCLOAK_SSO') }}"
keycloak_init_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_KEYCLOAK_INIT') }}"
Expand Down
68 changes: 63 additions & 5 deletions roles/tackle/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,11 +130,6 @@
name: "{{ keycloak_database_service_name }}"
namespace: "{{ app_namespace }}"

- name: "Setup Keycloak PostgreSQL Service"
k8s:
state: present
definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}"

- name: "Setup Keycloak PostgreSQL Deployment"
k8s:
state: present
Expand All @@ -153,6 +148,69 @@
status: "True"
wait_timeout: 240

- name: "Check for old postgresql version deployment"
k8s_info:
api_version: v1
kind: Deployment
name: "{{ keycloak_database_service_name }}"
namespace: "{{ app_namespace }}"
register: pgsql_old_deployment

- when: ( pgsql_old_deployment.resources | length ) > 0
block:
- name: Set up the temporary migration service
k8s:
state: present
definition: "{{ lookup('template', 'service-keycloak-postgresql-migration.yml.j2') }}"

- name: "Get the keycloak DB secret"
k8s_info:
api_version: v1
kind: Secret
name: "tackle-keycloak-postgresql"
namespace: "konveyor-tackle"
register: pgsql_secret

- name: "Set the keycloak DB credentials"
set_fact:
dbm_user: "{{ pgsql_secret.resources[0].data['database-user'] | b64decode }}"
dbm_pass: "{{ pgsql_secret.resources[0].data['database-password'] | b64decode }}"

- name: "Generate DB URLs"
set_fact:
dbm_src: postgresql://{{ dbm_user }}:{{ dbm_pass }}@{{ keycloak_database_service_k8s_resource_name }}/{{ keycloak_database_db_name }}
dbm_dst: postgresql://{{ dbm_user }}:{{ dbm_pass }}@{{ keycloak_database_service_k8s_resource_name }}-migration/{{ keycloak_database_db_name }}

- name: "Perform the DB upgrade"
shell: |
set -o pipefail
sleep 10 # give the service a few seconds to be available
pg_dump {{ dbm_src }} | psql {{ dbm_dst }}
changed_when: false

- name: "Remove the temporary migration service"
k8s:
state: absent
definition: "{{ lookup('template', 'service-keycloak-postgresql-migration.yml.j2') }}"

- name: "Remove the old deployment"
k8s:
state: absent
api_version: v1
kind: Deployment
name: "{{ keycloak_database_service_name }}"
namespace: "{{ app_namespace }}"

- name: "Remove the service so it can be recreated"
k8s:
state: absent
definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}"

- name: "Setup Keycloak PostgreSQL Service"
k8s:
state: present
definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}"

- name: "Check if Keycloak SSO Secret exists already so we don't update it"
k8s_info:
api_version: v1
Expand Down
5 changes: 4 additions & 1 deletion roles/tackle/templates/deployment-keycloak-postgresql.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,21 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ keycloak_database_deployment_name }}
name: {{ keycloak_database_deployment_name }}-{{ keycloak_database_db_version }}
namespace: {{ app_namespace }}
labels:
app.kubernetes.io/name: {{ keycloak_database_service_name }}
app.kubernetes.io/component: {{ keycloak_database_component_name }}
app.kubernetes.io/part-of: {{ app_name }}
version: "{{ keycloak_database_db_version }}"
spec:
replicas: {{ keycloak_database_deployment_replicas }}
selector:
matchLabels:
app.kubernetes.io/name: {{ keycloak_database_service_name }}
app.kubernetes.io/component: {{ keycloak_database_component_name }}
app.kubernetes.io/part-of: {{ app_name }}
version: "{{ keycloak_database_db_version }}"
{% if keycloak_database_deployment_strategy == 'Recreate' %}
strategy:
type: {{ keycloak_database_deployment_strategy }}
Expand All @@ -27,6 +29,7 @@ spec:
app.kubernetes.io/part-of: {{ app_name }}
app: {{ app_name }}
role: {{ keycloak_database_service_name }}
version: "{{ keycloak_database_db_version }}"
spec:
containers:
- name: {{ keycloak_database_container_name }}
Expand Down
21 changes: 21 additions & 0 deletions roles/tackle/templates/service-keycloak-postgresql-migration.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: {{ keycloak_database_service_name }}
app.kubernetes.io/component: {{ keycloak_database_component_name }}
app.kubernetes.io/part-of: {{ app_name }}
name: {{ keycloak_database_service_k8s_resource_name }}-migration
namespace: {{ app_namespace }}
spec:
ports:
- name: postgres
port: 5432
targetPort: 5432
protocol: TCP
selector:
app.kubernetes.io/name: {{ keycloak_database_service_name }}
app.kubernetes.io/component: {{ keycloak_database_component_name }}
app.kubernetes.io/part-of: {{ app_name }}
version: "{{ keycloak_database_db_version }}"
1 change: 1 addition & 0 deletions roles/tackle/templates/service-keycloak-postgresql.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,4 @@ spec:
app.kubernetes.io/name: {{ keycloak_database_service_name }}
app.kubernetes.io/component: {{ keycloak_database_component_name }}
app.kubernetes.io/part-of: {{ app_name }}
version: "{{ keycloak_database_db_version }}"
Loading