[keycloakx] Bump Keycloak to v19.0.2

[Footur]

I've updated the Keycloak container image to version 19.0.2.

[igor-nikiforov]

It make sense to change path for readiness and liveness probes according upgrade guide as well https://www.keycloak.org/docs/latest/upgrading/index.html#potentially-breaking-changes-to-the-health-endpoints. Don't forget to change Chart version too.

[Footur]

@igor-nikiforov Thank you for pointing this out. I've changed the default values for the self probes. The chart version will be changed automatically, according to my understanding.

[grieshaber]

@Footur regarding the change of readness and liveness probe, i think we should tackle https://github.com/codecentric/helm-charts/issues/636 in the same release. I'll try to add a PR for this in the next days.

[grieshaber]

Currently "blocked" by #638

[grieshaber]

Reading through the release-notes, i read that a flag we have in the /examples --auto-build is now deprecated, so i'd like to mention the deprecation there and ideally make not use of it anymore. Suggestion for file charts/keycloakx/examples/*/keycloak-server-values.yaml:

command:
  - "/opt/keycloak/bin/kc.sh"
  - "--verbose"
  - "start"
  # - "--auto-build" deprecated and now "default"
  # - "--optimized" disable new default with this flag

[Footur]

I've removed the --auto-build flag. According to my understanding, to use the --optimize option, kc.sh build must be run first. Optimize the Keycloak startup.

Does the lint test fail because the UI of Keycloak has changed?

[grieshaber]

Agreed, i misread that section.

Regarding lint test:

It seems, that it now tries to access /auth/health/ endpoints. At least if i understood it correctly, the /auth/ path is wrong here (for the healthchecks). Therefore the Pods wont become ready and b/c of that the test are failing.

Root-Issue is

http:
  # For backwards compatibility reasons we set this to the value used by previous Keycloak versions.
  relativePath: "/auth"

which is used in the probes.

[Footur]

@grieshaber I've tested the realtive path with "/", but the lint test is still failing.

https://github.com/codecentric/helm-charts/runs/7688193943?check_suite_focus=true

[grieshaber]

I see the following issue:

"http://10.244.1.2:8080/health": dial tcp 10.244.1.2:8080: connect: connection refused

[Footur]

Unfortunately, I can't reproduce the error in my local setup. I also don't have the time to delve deeper into the CI because I'm on holiday for a two weeks starting tomorrow.

/edit fix typo

[grieshaber]

I really appreciate your effort @Footur. I'll check on my local setup as well and if i find sth will update here.

[grieshaber]

So, the issue it not connected to startup probe etc. The pod spin up without any issue. But the executed tests are failing - i will now try to understand why and if there is an obvious part that broke with the update.

[Footur]

@grieshaber I've fixed the deployment, but the Selenium test is failing.

[grieshaber]

@Footur yes, i saw that as well.. from selenium pov the login / redirect to login UI is not working properly. I started debugging some time ago and had issues aswell - sometimes it just went on and on loading forever and sometimes it worked immediately. But i did not make it work in the UI tests..

[aleshchynskyi]

Is there any chance it will be released in the nearest future (a week?)?

[Footur]

Is there any chance it will be released in the nearest future (a week?)?

Hello Anton,

I don't have enough time right now to figure out the root of the problem. In our development environment the chart is working. Feel free to commit by your self.

Cheers, Footur

[cocor-au-lait]

Hello. I'm looking forward to this update!

About test failure, I also tried to find out.

The first thing I tried was to disable the new admin console that became the default in 19.x.

charts/keycloakx/ci/h2-values.yaml/h2-values.yaml

extraEnv: |
  - name: KC_FEATURES_DISABLED
    value: admin2

The test finished successfully.

I wonder why the tests failed on the new admin console. (like: PhatomJS not compatible with newer JS frameworks?)

---

As another way, based on @Footur's method of using ChromeDriver, I tried to use different Docker image.

charts/keycloakx/values.yaml

test:
  image:
    repository: docker.io/joyzoursky/python-chromedriver
    tag: 3.9-selenium

https://github.com/joyzoursky/docker-python-chromedriver

The test finished successfully in new admin console!

See below for final changes.

https://github.com/cocor-au-lait/keycloak-helm-charts/pull/1

Can you reflect the changes in this PR?

[Footur]

Hey @cocor-au-lait, Thank you for the contribution.

I wonder why the tests failed on the new admin console. (like: PhatomJS not compatible with newer JS frameworks?)

I've change PhantomJS to Chrome, because PhantomJS is deprecated.

just created test that launch in production mode and passes.

https://github.com/cocor-au-lait/keycloak-helm-charts/pull/3/files#diff-a2787f787ce9c889ac6c604daa1c10fce6d02e7478333378f82bf541863a0b70R4-R5

To pass the test, It's need to set strict hostname and https.

I don't see a change in the test behavior.

[Footur]

@cocor-au-lait Thank you for the hint. It's fixed now. 💖

@grieshaber Can you review the PR and provide some feedback please? I've changed the selenium container image, because PhantomJS is deprecated.

[grieshaber]

@Footur @cocor-au-lait thank you both for resolving the issue(s)! I'll do the review until the next scheduled release, so that we have the new version release friday afternoon!

[Footur]

@grieshaber I hope you have some time to review this pull request soon. :)

[grieshaber]

@Footur seems like this PR needs a rebase before merging aswell..

[Footur]

@Footur seems like this PR needs a rebase before merging aswell..

@grieshaber What makes you think that? This branch is up-to-date.

[grieshaber]

@grieshaber What makes you think that? This branch is up-to-date.

nvm, Github was per default set to rebase - which is not possible due to conflicts. Merge is possible..