From f16772b81ccb6702c8e8afea686aae8b0c80da80 Mon Sep 17 00:00:00 2001 From: stianst Date: Fri, 7 Feb 2025 02:27:07 +0000 Subject: [PATCH] =?UTF-8?q?Deploying=20to=20main=20from=20=20@=20abf57c7f7?= =?UTF-8?q?9eb658d876a91898f1d3a276a932ec0=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nightly/operator/advanced-configuration.html | 24 +++++++++++++++++++- nightly/server/all-config.html | 4 ++-- nightly/server/containers.html | 2 +- nightly/server/features.html | 8 +++++-- nightly/server/update-compatibility.html | 24 ++++++++++++++++++-- 5 files changed, 54 insertions(+), 8 deletions(-) diff --git a/nightly/operator/advanced-configuration.html b/nightly/operator/advanced-configuration.html index 8460533ffdf..fb9a8b095d7 100644 --- a/nightly/operator/advanced-configuration.html +++ b/nightly/operator/advanced-configuration.html @@ -644,6 +644,21 @@

Managing Keycloak Operator

The Keycloak Operator offers updates strategies to control how the Operator handles changes to the Keycloak CR.

+
+ + + + + +
+ + +
+

While on preview stage, the feature rolling-updates must be enabled. +Otherwise, the Keycloak Operator will fail.

+
+
+

Supported Updates Types:

@@ -687,14 +702,21 @@

Configuring the Update Strategy

metadata: name: example-kc spec: + features: + enabled: + - rolling-updates (1) update: - strategy: Recreate|<not set> (1) + strategy: Recreate|<not set> (2)
+ + + +
1Enable preview feature rolling-updates.
2 Set the desired update strategy here (Recreate in this example).
diff --git a/nightly/server/all-config.html b/nightly/server/all-config.html index edde3d3c255..26868ac7fb0 100644 --- a/nightly/server/all-config.html +++ b/nightly/server/all-config.html @@ -971,7 +971,7 @@

Feature

-

account-api[:v1], account[:v3], admin-api[:v1], admin-fine-grained-authz[:v1,v2], admin[:v2], authorization[:v1], cache-embedded-remote-store[:v1], ciba[:v1], client-policies[:v1], client-secret-rotation[:v1], client-types[:v1], clusterless[:v1], declarative-ui[:v1], device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v2], impersonation[:v1], ipa-tuura-federation[:v1], kerberos[:v1], login[:v2,v1], multi-site[:v1], oid4vc-vci[:v1], opentelemetry[:v1], organization[:v1], par[:v1], passkeys[:v1], persistent-user-sessions[:v1], preview, quick-theme[:v1], recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1], token-exchange-federated[:v2], token-exchange-standard[:v2], token-exchange-subject-impersonation[:v2], token-exchange[:v1], transient-users[:v1], update-email[:v1], user-event-metrics[:v1], web-authn[:v1]

+

account-api[:v1], account[:v3], admin-api[:v1], admin-fine-grained-authz[:v1,v2], admin[:v2], authorization[:v1], cache-embedded-remote-store[:v1], ciba[:v1], client-policies[:v1], client-secret-rotation[:v1], client-types[:v1], clusterless[:v1], declarative-ui[:v1], device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v2], impersonation[:v1], ipa-tuura-federation[:v1], kerberos[:v1], login[:v2,v1], multi-site[:v1], oid4vc-vci[:v1], opentelemetry[:v1], organization[:v1], par[:v1], passkeys[:v1], persistent-user-sessions[:v1], preview, quick-theme[:v1], recovery-codes[:v1], rolling-updates[:v1], scripts[:v1], step-up-authentication[:v1], token-exchange-federated[:v2], token-exchange-standard[:v2], token-exchange-subject-impersonation[:v2], token-exchange[:v1], transient-users[:v1], update-email[:v1], user-event-metrics[:v1], web-authn[:v1]

@@ -988,7 +988,7 @@

Feature

-

account, account-api, admin, admin-api, admin-fine-grained-authz, authorization, cache-embedded-remote-store, ciba, client-policies, client-secret-rotation, client-types, clusterless, declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, ipa-tuura-federation, kerberos, login, multi-site, oid4vc-vci, opentelemetry, organization, par, passkeys, persistent-user-sessions, preview, quick-theme, recovery-codes, scripts, step-up-authentication, token-exchange, token-exchange-federated, token-exchange-standard, token-exchange-subject-impersonation, transient-users, update-email, user-event-metrics, web-authn

+

account, account-api, admin, admin-api, admin-fine-grained-authz, authorization, cache-embedded-remote-store, ciba, client-policies, client-secret-rotation, client-types, clusterless, declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, ipa-tuura-federation, kerberos, login, multi-site, oid4vc-vci, opentelemetry, organization, par, passkeys, persistent-user-sessions, preview, quick-theme, recovery-codes, rolling-updates, scripts, step-up-authentication, token-exchange, token-exchange-federated, token-exchange-standard, token-exchange-subject-impersonation, transient-users, update-email, user-event-metrics, web-authn

diff --git a/nightly/server/containers.html b/nightly/server/containers.html index 070992d3a91..5db47d65580 100644 --- a/nightly/server/containers.html +++ b/nightly/server/containers.html @@ -547,7 +547,7 @@

Relevant options

-

account-api[:v1], account[:v3], admin-api[:v1], admin-fine-grained-authz[:v1,v2], admin[:v2], authorization[:v1], cache-embedded-remote-store[:v1], ciba[:v1], client-policies[:v1], client-secret-rotation[:v1], client-types[:v1], clusterless[:v1], declarative-ui[:v1], device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v2], impersonation[:v1], ipa-tuura-federation[:v1], kerberos[:v1], login[:v2,v1], multi-site[:v1], oid4vc-vci[:v1], opentelemetry[:v1], organization[:v1], par[:v1], passkeys[:v1], persistent-user-sessions[:v1], preview, quick-theme[:v1], recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1], token-exchange-federated[:v2], token-exchange-standard[:v2], token-exchange-subject-impersonation[:v2], token-exchange[:v1], transient-users[:v1], update-email[:v1], user-event-metrics[:v1], web-authn[:v1]

+

account-api[:v1], account[:v3], admin-api[:v1], admin-fine-grained-authz[:v1,v2], admin[:v2], authorization[:v1], cache-embedded-remote-store[:v1], ciba[:v1], client-policies[:v1], client-secret-rotation[:v1], client-types[:v1], clusterless[:v1], declarative-ui[:v1], device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v2], impersonation[:v1], ipa-tuura-federation[:v1], kerberos[:v1], login[:v2,v1], multi-site[:v1], oid4vc-vci[:v1], opentelemetry[:v1], organization[:v1], par[:v1], passkeys[:v1], persistent-user-sessions[:v1], preview, quick-theme[:v1], recovery-codes[:v1], rolling-updates[:v1], scripts[:v1], step-up-authentication[:v1], token-exchange-federated[:v2], token-exchange-standard[:v2], token-exchange-subject-impersonation[:v2], token-exchange[:v1], transient-users[:v1], update-email[:v1], user-event-metrics[:v1], web-authn[:v1]

diff --git a/nightly/server/features.html b/nightly/server/features.html index 83eb2004bf8..69d9d528af6 100644 --- a/nightly/server/features.html +++ b/nightly/server/features.html @@ -303,6 +303,10 @@

Preview features

Recovery codes

+
rolling-updates
+
+

Rolling Updates

+
scripts

Write custom authenticators using JavaScript

@@ -369,7 +373,7 @@

Relevant options

-

account-api[:v1], account[:v3], admin-api[:v1], admin-fine-grained-authz[:v1,v2], admin[:v2], authorization[:v1], cache-embedded-remote-store[:v1], ciba[:v1], client-policies[:v1], client-secret-rotation[:v1], client-types[:v1], clusterless[:v1], declarative-ui[:v1], device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v2], impersonation[:v1], ipa-tuura-federation[:v1], kerberos[:v1], login[:v2,v1], multi-site[:v1], oid4vc-vci[:v1], opentelemetry[:v1], organization[:v1], par[:v1], passkeys[:v1], persistent-user-sessions[:v1], preview, quick-theme[:v1], recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1], token-exchange-federated[:v2], token-exchange-standard[:v2], token-exchange-subject-impersonation[:v2], token-exchange[:v1], transient-users[:v1], update-email[:v1], user-event-metrics[:v1], web-authn[:v1]

+

account-api[:v1], account[:v3], admin-api[:v1], admin-fine-grained-authz[:v1,v2], admin[:v2], authorization[:v1], cache-embedded-remote-store[:v1], ciba[:v1], client-policies[:v1], client-secret-rotation[:v1], client-types[:v1], clusterless[:v1], declarative-ui[:v1], device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v2], impersonation[:v1], ipa-tuura-federation[:v1], kerberos[:v1], login[:v2,v1], multi-site[:v1], oid4vc-vci[:v1], opentelemetry[:v1], organization[:v1], par[:v1], passkeys[:v1], persistent-user-sessions[:v1], preview, quick-theme[:v1], recovery-codes[:v1], rolling-updates[:v1], scripts[:v1], step-up-authentication[:v1], token-exchange-federated[:v2], token-exchange-standard[:v2], token-exchange-subject-impersonation[:v2], token-exchange[:v1], transient-users[:v1], update-email[:v1], user-event-metrics[:v1], web-authn[:v1]

@@ -386,7 +390,7 @@

Relevant options

-

account, account-api, admin, admin-api, admin-fine-grained-authz, authorization, cache-embedded-remote-store, ciba, client-policies, client-secret-rotation, client-types, clusterless, declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, ipa-tuura-federation, kerberos, login, multi-site, oid4vc-vci, opentelemetry, organization, par, passkeys, persistent-user-sessions, preview, quick-theme, recovery-codes, scripts, step-up-authentication, token-exchange, token-exchange-federated, token-exchange-standard, token-exchange-subject-impersonation, transient-users, update-email, user-event-metrics, web-authn

+

account, account-api, admin, admin-api, admin-fine-grained-authz, authorization, cache-embedded-remote-store, ciba, client-policies, client-secret-rotation, client-types, clusterless, declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, ipa-tuura-federation, kerberos, login, multi-site, oid4vc-vci, opentelemetry, organization, par, passkeys, persistent-user-sessions, preview, quick-theme, recovery-codes, rolling-updates, scripts, step-up-authentication, token-exchange, token-exchange-federated, token-exchange-standard, token-exchange-subject-impersonation, transient-users, update-email, user-event-metrics, web-authn

diff --git a/nightly/server/update-compatibility.html b/nightly/server/update-compatibility.html index 2c1efef76b5..7d9b4c26181 100644 --- a/nightly/server/update-compatibility.html +++ b/nightly/server/update-compatibility.html @@ -98,6 +98,21 @@

Update Compatibility Tool

+
+ + + + + +
+ + +
+

While on preview stage, the feature rolling-updates must be enabled. +Otherwise, the commands will fail.

+
+
+

The goal of this tool is to assist with modifying a Keycloak deployment, whether upgrading to a new version, enabling/disabling features, or changing configuration. The outcome will indicate whether a rolling upgrade is possible or if a recreate upgrade is required.

@@ -189,7 +204,7 @@

Generating the Metadata

Generate and save the metadata from the current deployment.
-
bin/kc.[sh|bat] update-compatibility metadata --file=/path/to/file.json
+
bin/kc.[sh|bat] update-compatibility metadata --file=/path/to/file.json --features=rolling-updates
@@ -227,7 +242,7 @@

Checking the Metadata

Check the metadata from a previous deployment.
-
bin/kc.[sh|bat] update-compatibility check --file=/path/to/file.json
+
bin/kc.[sh|bat] update-compatibility check --file=/path/to/file.json --features=rolling-updates
@@ -316,6 +331,11 @@

Checking the Metadata

Rolling Upgrade is not possible. The deployment must be shut down before applying the new configuration.

+ +

4

+

Rolling Upgrade is not possible. +The feature rolling-updates is disabled.

+