How to migrate from keycloak-18.1.1 chart to new Keycloakx chart
Mais316 opened this issue · comments
Hi All,
Please advise if anyone has migrated from legacy keycloak-18.1.1 chart to new Keycloakx chart.
Hello,
I'm also searching for a clear documentation of how to migrate from keycloak chart to the keycloakx one.
I am currently trying this - for us, the main migration issue was the renaming of some environment variables, but apart from that it seems to work ok. Our environment is quite specific, but you can have a look at the PR if it's helpful: SwissDataScienceCenter/renku#2904
Thank you @rokroskar, I will have a look and try on my side
I was able to do the mapping as well its a matter of env that was changed
replicas: 2
podDisruptionBudget:
minAvailable: 1
## Overrides the default args for the Keycloak container
args:
- "-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled"
- "-Dkeycloak.profile.feature.upload_scripts=enabled"
# Additional environment variables for Keycloak mapped from Secret or ConfigMap
extraEnvFrom: |
- secretRef:
name: 'db-creds'
command:
- "/opt/keycloak/bin/kc.sh"
- "start"
- "--http-enabled=true"
- "--http-port=8080"
- "--hostname-strict=false"
- "--hostname-strict-https=false"
# Additional environment variables for Keycloak
extraEnv: |
- name: KC_LOG_LEVEL
value: DEBUG
- name: KC_DB
value: postgres
- name: KC_DB_URL_HOST
value: <hidden>
- name: KC_DB_URL_PORT
value: "5432"
- name: KC_DB_URL_DATABASE
value: keycloak
- name: JAVA_OPTS_APPEND
value: >-
-Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
- name: JAVA_OPTS
value: >-
-XX:+UseContainerSupport
-XX:MaxRAMPercentage=50.0
-Djava.net.preferIPv4Stack=true
-Djava.awt.headless=true
# Pod resource requests and limits
resources:
requests:
cpu: '.5'
memory: "1024Mi"
limits:
cpu: '1'
memory: "2048Mi"
ingress:
enabled: true
ingressClassName: "nginx"
servicePort: http
annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
cert-manager.io/issuer: letsencrypt
kubernetes.io/tls-acme: "true"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# location ~* /auth/realms/[^/]+/metrics {
# return 403;
# }
rules:
- host: '<hidden>.com'
paths:
- path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/'
pathType: Prefix
tls:
- hosts:
- <hidden>
secretName: "keycloak-cert"
proxy:
enabled: true
mode: passthrough
@Mais316 thanks, that is very helpful. I'm in a similar situation. I'm running Keycloak version 17.0.1-legacy, which was installed with Helm chart codecentric/keycloak version 18.3.0
I have been searching for the proper method to upgrade to Keycloakx. Every example I can find uses PostgreSQL as the database provider. I'm using MySQL by setting the env var DB_VENDOR=mysql
. I'm unsure if there is any prep work required on the DB side to prepare for this upgrade. Did you need to do anything particular to your postgres DB before the upgrade?
Also - what did you do after updating the env var mappings in your values file? Was it a simple matter of installing Helm chart codecentric/keycloakx
pointing to your updated values file? Did you need to update the K8s secret with the DB creds?
Any help would be appreciated. Thank you!
for the DB, just took a backup and that's it, it was auto migrated after the upgrade to new schema.
yes, updating the values.yaml and pointing to the new chart, for the DB secret needs update to use env below
- DB_PASSWORD --> KC_DB_PASSWORD
- KEYCLOAK_USER --> KEYCLOAK_ADMIN
- KEYCLOAK_PASSWORD --> KEYCLOAK_ADMIN_PASSWORD
What would be the new equivalent of the KEYCLOAK_IMPORT
extraEnvVar if any? It was used to import specified realms on startup.
This issue has been marked as stale because it has been open for 30 days with no activity. It will be automatically closed in 10 days if no further activity occurs.
@Mais316 Hello, we are in a similar boat, and we trying to migrate to keycloakx. If my understanding is correct, we just update the values.yaml with new envVar variables and just change the helm chart? Is that correct
helm upgrade keycloak concentric/keycloakx --version x -f update-values.yaml