Skip to content

Commit

Permalink
feat: upgrade RH-SSO from 7.5 to 7.6 (#1058)
Browse files Browse the repository at this point in the history
* feat: upgrade RH-SSO from 7.5 to 7.6 (#977)

* upgrade RH-SSO from 7.5 to 7.6

Signed-off-by: iam-veeramalla <[email protected]>

* fix: failing tests

Signed-off-by: iam-veeramalla <[email protected]>

* fix: failing tests

Signed-off-by: iam-veeramalla <[email protected]>

---------

Signed-off-by: iam-veeramalla <[email protected]>

* fix: keycloak probes failure and intermittent perforamance issues (#1008)

* fix: keycloak probes failure results in pod crash

Signed-off-by: iam-veeramalla <[email protected]>

* fix: use latest keycloak image to handle performance issue

Signed-off-by: iam-veeramalla <[email protected]>

---------

Signed-off-by: iam-veeramalla <[email protected]>

---------

Signed-off-by: iam-veeramalla <[email protected]>
  • Loading branch information
iam-veeramalla authored Nov 7, 2023
1 parent dc3c9a2 commit 5482a8c
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 12 deletions.
6 changes: 3 additions & 3 deletions common/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -183,11 +183,11 @@ const (
ArgoCDKeycloakVersion = "sha256:64fb81886fde61dee55091e6033481fa5ccdac62ae30a4fd29b54eb5e97df6a9"

// ArgoCDKeycloakImageForOpenShift is the default Keycloak Image used for the OpenShift platform when not specified.
ArgoCDKeycloakImageForOpenShift = "registry.redhat.io/rh-sso-7/sso75-openshift-rhel8"
ArgoCDKeycloakImageForOpenShift = "registry.redhat.io/rh-sso-7/sso76-openshift-rhel8"

// ArgoCDKeycloakVersionForOpenShift is the default Keycloak version used for the OpenShift platform when not specified.
// Version: 7.5.1
ArgoCDKeycloakVersionForOpenShift = "sha256:720a7e4c4926c41c1219a90daaea3b971a3d0da5a152a96fed4fb544d80f52e3"
// Version: 7.6-32
ArgoCDKeycloakVersionForOpenShift = "sha256:ec9f60018694dcc5d431ba47d5536b761b71cb3f66684978fe6bb74c157679ac"

// ArgoCDDefaultOIDCConfig is the default OIDC configuration.
ArgoCDDefaultOIDCConfig = ""
Expand Down
22 changes: 18 additions & 4 deletions controllers/argocd/keycloak.go
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ func getKeycloakContainer(cr *argoprojv1a1.ArgoCD) corev1.Container {
Image: getKeycloakContainerImage(cr),
ImagePullPolicy: "Always",
LivenessProbe: &corev1.Probe{
FailureThreshold: 3,
TimeoutSeconds: 240,
ProbeHandler: corev1.ProbeHandler{
Exec: &corev1.ExecAction{
Command: []string{
Expand All @@ -233,7 +233,7 @@ func getKeycloakContainer(cr *argoprojv1a1.ArgoCD) corev1.Container {
},
},
},
InitialDelaySeconds: 60,
InitialDelaySeconds: 120,
},
Name: "${APPLICATION_NAME}",
Ports: []corev1.ContainerPort{
Expand All @@ -243,7 +243,8 @@ func getKeycloakContainer(cr *argoprojv1a1.ArgoCD) corev1.Container {
{ContainerPort: 8888, Name: "ping", Protocol: "TCP"},
},
ReadinessProbe: &corev1.Probe{
FailureThreshold: 20,
TimeoutSeconds: 240,
InitialDelaySeconds: 120,
ProbeHandler: corev1.ProbeHandler{
Exec: &corev1.ExecAction{
Command: []string{
Expand All @@ -253,7 +254,6 @@ func getKeycloakContainer(cr *argoprojv1a1.ArgoCD) corev1.Container {
},
},
},
InitialDelaySeconds: 60,
},
Resources: getKeycloakResources(cr),
VolumeMounts: []corev1.VolumeMount{
Expand All @@ -267,12 +267,18 @@ func getKeycloakContainer(cr *argoprojv1a1.ArgoCD) corev1.Container {
Name: "service-ca",
ReadOnly: true,
},
{
Name: "sso-probe-netrc-volume",
MountPath: "/mnt/rh-sso",
ReadOnly: false,
},
},
}
}

func getKeycloakDeploymentConfigTemplate(cr *argoprojv1a1.ArgoCD) *appsv1.DeploymentConfig {
ns := cr.Namespace
var medium corev1.StorageMedium = "Memory"
keycloakContainer := getKeycloakContainer(cr)

dc := &appsv1.DeploymentConfig{
Expand Down Expand Up @@ -342,6 +348,14 @@ func getKeycloakDeploymentConfigTemplate(cr *argoprojv1a1.ArgoCD) *appsv1.Deploy
},
},
},
{
Name: "sso-probe-netrc-volume",
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{
Medium: medium,
},
},
},
},
NodeSelector: common.DefaultNodeSelector(),
},
Expand Down
12 changes: 10 additions & 2 deletions controllers/argocd/keycloak_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,14 @@ var (
},
},
},
{
Name: "sso-probe-netrc-volume",
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{
Medium: "Memory",
},
},
},
}
)

Expand Down Expand Up @@ -111,7 +119,7 @@ func TestKeycloakContainerImage(t *testing.T) {
}),
updateCrFunc: nil,
templateAPIFound: true,
wantContainerImage: "registry.redhat.io/rh-sso-7/sso75-openshift-rhel8@sha256:720a7e4c4926c41c1219a90daaea3b971a3d0da5a152a96fed4fb544d80f52e3",
wantContainerImage: "registry.redhat.io/rh-sso-7/sso76-openshift-rhel8@sha256:ec9f60018694dcc5d431ba47d5536b761b71cb3f66684978fe6bb74c157679ac",
},
{
name: "ArgoCDKeycloakImageEnvName env var set",
Expand Down Expand Up @@ -268,7 +276,7 @@ func TestNewKeycloakTemplate_testKeycloakContainer(t *testing.T) {
}
kc := getKeycloakContainer(a)
assert.Equal(t,
"registry.redhat.io/rh-sso-7/sso75-openshift-rhel8@sha256:720a7e4c4926c41c1219a90daaea3b971a3d0da5a152a96fed4fb544d80f52e3", kc.Image)
"registry.redhat.io/rh-sso-7/sso76-openshift-rhel8@sha256:ec9f60018694dcc5d431ba47d5536b761b71cb3f66684978fe6bb74c157679ac", kc.Image)
assert.Equal(t, corev1.PullAlways, kc.ImagePullPolicy)
assert.Equal(t, "${APPLICATION_NAME}", kc.Name)
}
Expand Down
8 changes: 6 additions & 2 deletions examples/argocd-keycloak-openshift.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,14 @@ kind: ArgoCD
metadata:
name: example-argocd
spec:
extraConfig:
oidc.tls.insecure.skip.verify: 'true'
sso:
provider: keycloak
# uncomment the below line when running operator locally.
# verifyTLS: false
keycloak:
rootCA: "---BEGIN---END---"
# Uncomment the below line when running operator locally.
# verifyTLS: false
server:
route:
enabled: true
2 changes: 1 addition & 1 deletion tests/ocp/1-001_validate_rhsso/01-assert.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ spec:
name: keycloak
spec:
containers:
- image: registry.redhat.io/rh-sso-7/sso75-openshift-rhel8@sha256:720a7e4c4926c41c1219a90daaea3b971a3d0da5a152a96fed4fb544d80f52e3
- image: registry.redhat.io/rh-sso-7/sso76-openshift-rhel8@sha256:ec9f60018694dcc5d431ba47d5536b761b71cb3f66684978fe6bb74c157679ac
resources:
limits:
cpu: "1"
Expand Down

0 comments on commit 5482a8c

Please sign in to comment.