feat: upgrade Keycloak to recent release and deprovision operator #2078
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Coverage report
Show files with reduced coverage 🔻
Test suite run success93 tests passing in 9 suites. Report generated by 🧪jest coverage report action from 109e16e |
CasLubbers
approved these changes
Apr 23, 2025
Ani1357
approved these changes
Apr 23, 2025
There was a problem hiding this comment.
Tested upgrade from latest release in conjunction with the update versions of console and api(through raw_values).
Upgrade script was executed as expected and keycloak operator resources were removed.
Login/Logout works for platform-admin and team users. Also login to gitea argocd harbor works through oidc.
# Conflicts: # values/keycloak-operator/keycloak-operator-cr.gotmpl
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📌 Summary
This PR upgrades Keycloak to a more recent and maintained release. Since the previous Operator pattern did not provide a good way of maintaining the lifecycle of this product in our platform, a change is made to a regular Helm install like the majority of our integrated projects. The Bitnami chart was chosen since it provided good practices of pre-configuration, relatively close to our current setup.
For the upgrade, it was necessary to change the platform logout URL redirect, which had already been depending on a deprecated feature. Since this was provided as a 301 HTTP response code from
/logout-otomi, the latter had to be changed; otherwise browsers cache this response indefinitely and therefore may never follow the updated redirect. The new redirect under/platform-logoutwas changed to a 302 HTTP response code to make changes easier in the future (e.g. should we rename the realm or client for rebranding purposes). As a consequence, Console and API also need to be updated accordingly.Console: https://github.com/linode/apl-console/pull/545
API: https://github.com/linode/apl-api/pull/701
🔍 Reviewer Notes
In particular, the following should be verified:
mainFor the logout and closing of TTY sessions to work, the matching feature branches of APL-691 will need to be used for API and Console. Also, cleanups were made in Console regarding the login theme, which was causing 404 errors due to missing (but not needed) CSS files. In order to test the updated theme, the values (multi-line string) of the ArgoCD application
keycloak-keycloakmust be manually patched ininitContainers[0].imagetodocker.io/linode/apl-console:APL-691. When referring tomain, it will still work the same as before, just not benefit from improvements there. These manual changes will be overwritten on any Tekton pipeline run.🧹 Checklist