From 6e0c21b0446e00df4ba9be803633fad741af06cd Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Mon, 30 Sep 2024 09:52:46 +0200 Subject: [PATCH] Enable Network Policies and upgrade to Keycloak to v23.0.7 --- class/defaults.yml | 4 +- .../pages/how-tos/upgrade-15.x-to-16.x.adoc | 34 +++++++++++++++ docs/modules/ROOT/partials/nav.adoc | 1 + .../keycloakx/templates/ingress.yaml | 2 +- .../keycloakx/templates/networkpolicy.yaml | 2 +- .../keycloakx/templates/prometheusrule.yaml | 2 +- .../keycloakx/templates/service-headless.yaml | 2 +- .../keycloakx/templates/service-http.yaml | 2 +- .../keycloakx/templates/serviceaccount.yaml | 2 +- .../keycloakx/templates/servicemonitor.yaml | 2 +- .../keycloakx/templates/statefulset.yaml | 4 +- .../keycloakx/templates/ingress.yaml | 2 +- .../keycloakx/templates/networkpolicy.yaml | 41 +++++++++++++++++++ .../keycloakx/templates/prometheusrule.yaml | 2 +- .../keycloakx/templates/service-headless.yaml | 2 +- .../keycloakx/templates/service-http.yaml | 2 +- .../keycloakx/templates/serviceaccount.yaml | 2 +- .../keycloakx/templates/servicemonitor.yaml | 2 +- .../keycloakx/templates/statefulset.yaml | 4 +- .../external/01_networkpolicy_infinispan.yaml | 28 +++++++++++++ .../external/external/external/40_netpol.yaml | 27 ++++++++++++ .../keycloakx/templates/ingress.yaml | 2 +- .../keycloakx/templates/networkpolicy.yaml | 41 +++++++++++++++++++ .../keycloakx/templates/prometheusrule.yaml | 2 +- .../keycloakx/templates/service-headless.yaml | 2 +- .../keycloakx/templates/service-http.yaml | 2 +- .../keycloakx/templates/serviceaccount.yaml | 2 +- .../keycloakx/templates/servicemonitor.yaml | 2 +- .../keycloakx/templates/statefulset.yaml | 4 +- .../01_networkpolicy_infinispan.yaml | 28 +++++++++++++ .../openshift-postgres/40_netpol.yaml | 27 ++++++++++++ .../keycloakx/templates/ingress.yaml | 2 +- .../keycloakx/templates/networkpolicy.yaml | 41 +++++++++++++++++++ .../keycloakx/templates/prometheusrule.yaml | 2 +- .../keycloakx/templates/service-headless.yaml | 2 +- .../keycloakx/templates/service-http.yaml | 2 +- .../keycloakx/templates/serviceaccount.yaml | 2 +- .../keycloakx/templates/servicemonitor.yaml | 2 +- .../keycloakx/templates/statefulset.yaml | 4 +- .../01_networkpolicy_infinispan.yaml | 28 +++++++++++++ .../openshift/openshift/40_netpol.yaml | 27 ++++++++++++ 41 files changed, 358 insertions(+), 35 deletions(-) create mode 100644 docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc create mode 100644 tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml create mode 100644 tests/golden/external/external/external/01_networkpolicy_infinispan.yaml create mode 100644 tests/golden/external/external/external/40_netpol.yaml create mode 100644 tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml create mode 100644 tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_networkpolicy_infinispan.yaml create mode 100644 tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/40_netpol.yaml create mode 100644 tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml create mode 100644 tests/golden/openshift/openshift/openshift/01_networkpolicy_infinispan.yaml create mode 100644 tests/golden/openshift/openshift/openshift/40_netpol.yaml diff --git a/class/defaults.yml b/class/defaults.yml index 3ad0c150..6df509db 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -43,7 +43,7 @@ parameters: keycloak: registry: quay.io repository: keycloak/keycloak - tag: 22.0.5 + tag: 23.0.7 busybox: registry: docker.io repository: busybox @@ -261,7 +261,7 @@ parameters: host: ${keycloak:fqdn} networkPolicy: # Note: Do not enable when using ingress controller with hostNetwork=true. - enabled: false + enabled: true # Note: On Syn-managed OpenShift4 clusters there should be already NetworkPolicies that allow traffic from Ingress controller out-of-the-box. extraFrom: - podSelector: diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc new file mode 100644 index 00000000..78d262ea --- /dev/null +++ b/docs/modules/ROOT/pages/how-tos/upgrade-15.x-to-16.x.adoc @@ -0,0 +1,34 @@ += Upgrade from v15 to v16 + +This guide describes the steps to perform an upgrade of the component from version v15 to v16. + +== Breaking Changes + +* Network Policies are now enabled by default + +== Changes + +* The component requires Kubernetes v1.25 or newer. +* Keycloak version is v23.0.7 by default. + +== Parameter changes + +* None + +== Step-by-step guide + +When upgrading the component, the following actions are required if the built-in database is used: + +. Do a backup of the built-in database. ++ +[source,bash] +---- +instance=keycloak +namespace=syn-${instance} + +kubectl -n "${namespace}" exec -ti keycloak-postgresql-0 -c postgresql -- sh -c 'PGDATABASE="$POSTGRES_DATABASE" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' > keycloak-postgresql-$(date +%F-%H-%M-%S).sql +---- + +. Apply the parameter changes. + +. Compile and push the cluster catalog. diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc index 52a48c6e..7c13f58f 100644 --- a/docs/modules/ROOT/partials/nav.adoc +++ b/docs/modules/ROOT/partials/nav.adoc @@ -27,6 +27,7 @@ * xref:how-tos/upgrade-12.x-to-13.x.adoc[Upgrade 12.x to 13.x] * xref:how-tos/upgrade-13.x-to-14.x.adoc[Upgrade 13.x to 14.x] * xref:how-tos/upgrade-14.x-to-15.x.adoc[Upgrade 14.x to 15.x] +* xref:how-tos/upgrade-15.x-to-16.x.adoc[Upgrade 15.x to 16.x] * xref:how-tos/openshift-4.adoc[Install on OpenShift 4] * xref:how-tos/pin-versions.adoc[Pin versions] diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index cfa72a19..d9dc460c 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml index d01956f6..ff2a5bef 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index c3f0173b..e313d4fb 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index 6831ccd7..5868ccf5 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-headless namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index ac372ac3..88eca6fa 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-http namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index 99a3c46a..117e9584 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index 9615ed2e..21a4f812 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 579b377f..edf290f1 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-builtin @@ -97,7 +97,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:22.0.5 + image: quay.io/keycloak/keycloak:23.0.7 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index e4febae9..5dd2d29e 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-external diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml new file mode 100644 index 00000000..ff37be9a --- /dev/null +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -0,0 +1,41 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: keycloakx + app.kubernetes.io/version: 23.0.7 + helm.sh/chart: keycloakx-2.3.0 + name: keycloakx + namespace: syn-external +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: ingress-nginx + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + ports: + - port: 8080 + protocol: TCP + - port: 8443 + protocol: TCP + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + ports: + - port: 8080 + protocol: TCP + - port: 8443 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index c7c6e47b..48b48e8a 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-external diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index 8bdef180..024bb828 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-headless namespace: syn-external diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index 9a977b46..68f9d573 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-http namespace: syn-external diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index 1b3fdaef..63dbcc57 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-external diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index 9e998309..4270058d 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-keycloakx namespace: syn-external diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 18d682cc..152dba44 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-external @@ -95,7 +95,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:22.0.5 + image: quay.io/keycloak/keycloak:23.0.7 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/external/external/external/01_networkpolicy_infinispan.yaml b/tests/golden/external/external/external/01_networkpolicy_infinispan.yaml new file mode 100644 index 00000000..5b66e80a --- /dev/null +++ b/tests/golden/external/external/external/01_networkpolicy_infinispan.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + annotations: {} + labels: + app.kubernetes.io/component: keycloak + app.kubernetes.io/instance: external + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: keycloak + name: keycloakx-infinispan + name: keycloakx-infinispan +spec: + egress: [] + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + ports: + - port: 7800 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress diff --git a/tests/golden/external/external/external/40_netpol.yaml b/tests/golden/external/external/external/40_netpol.yaml new file mode 100644 index 00000000..5fe11ee4 --- /dev/null +++ b/tests/golden/external/external/external/40_netpol.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + annotations: {} + labels: + name: prometheus-syn-infra-monitoring-to-keycloakx + name: prometheus-syn-infra-monitoring-to-keycloakx + namespace: syn-external +spec: + egress: [] + ingress: + - from: + - namespaceSelector: + matchLabels: + name: syn-infra-monitoring + podSelector: + matchLabels: + app.kubernetes.io/component: prometheus + ports: + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index 26709d67..66e72884 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-openshift-postgres diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml new file mode 100644 index 00000000..5c2f8e9a --- /dev/null +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -0,0 +1,41 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: keycloakx + app.kubernetes.io/version: 23.0.7 + helm.sh/chart: keycloakx-2.3.0 + name: keycloakx + namespace: syn-openshift-postgres +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: ingress-nginx + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + ports: + - port: 8080 + protocol: TCP + - port: 8443 + protocol: TCP + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + ports: + - port: 8080 + protocol: TCP + - port: 8443 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index 62c93837..613d32dd 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-openshift-postgres diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index 285ce450..2fbc3905 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-headless namespace: syn-openshift-postgres diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index c669a37a..d1aab901 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-http namespace: syn-openshift-postgres diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index 979e334d..67145d55 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-openshift-postgres diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index 7bea919e..ce218c35 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-keycloakx namespace: syn-openshift-postgres diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index a83c2486..66eea84c 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: syn-openshift-postgres @@ -95,7 +95,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:22.0.5 + image: quay.io/keycloak/keycloak:23.0.7 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_networkpolicy_infinispan.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_networkpolicy_infinispan.yaml new file mode 100644 index 00000000..844bbad2 --- /dev/null +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_networkpolicy_infinispan.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + annotations: {} + labels: + app.kubernetes.io/component: keycloak + app.kubernetes.io/instance: openshift-postgres + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: keycloak + name: keycloakx-infinispan + name: keycloakx-infinispan +spec: + egress: [] + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + ports: + - port: 7800 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/40_netpol.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/40_netpol.yaml new file mode 100644 index 00000000..798b2ca9 --- /dev/null +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/40_netpol.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + annotations: {} + labels: + name: prometheus-syn-infra-monitoring-to-keycloakx + name: prometheus-syn-infra-monitoring-to-keycloakx + namespace: syn-openshift-postgres +spec: + egress: [] + ingress: + - from: + - namespaceSelector: + matchLabels: + name: syn-infra-monitoring + podSelector: + matchLabels: + app.kubernetes.io/component: prometheus + ports: + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index befa2d47..0ba6b793 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: keycloak-dev diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml new file mode 100644 index 00000000..537a732d --- /dev/null +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -0,0 +1,41 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: keycloakx + app.kubernetes.io/version: 23.0.7 + helm.sh/chart: keycloakx-2.3.0 + name: keycloakx + namespace: keycloak-dev +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: ingress-nginx + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + ports: + - port: 8080 + protocol: TCP + - port: 8443 + protocol: TCP + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + ports: + - port: 8080 + protocol: TCP + - port: 8443 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index cf5367de..529df615 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: keycloak-dev diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index 456a0f1f..1bb5b99b 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-headless namespace: keycloak-dev diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index 3a36ac70..42c7aea6 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-http namespace: keycloak-dev diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index bd559351..eb2a39c8 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: keycloak-dev diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index 563301a9..977d3daa 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx-keycloakx namespace: keycloak-dev diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 218250e6..c63db3e6 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 22.0.5 + app.kubernetes.io/version: 23.0.7 helm.sh/chart: keycloakx-2.3.0 name: keycloakx namespace: keycloak-dev @@ -95,7 +95,7 @@ spec: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:22.0.5 + image: quay.io/keycloak/keycloak:23.0.7 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/openshift/openshift/openshift/01_networkpolicy_infinispan.yaml b/tests/golden/openshift/openshift/openshift/01_networkpolicy_infinispan.yaml new file mode 100644 index 00000000..bdc0c4c8 --- /dev/null +++ b/tests/golden/openshift/openshift/openshift/01_networkpolicy_infinispan.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + annotations: {} + labels: + app.kubernetes.io/component: keycloak + app.kubernetes.io/instance: openshift + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: keycloak + name: keycloakx-infinispan + name: keycloakx-infinispan +spec: + egress: [] + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + ports: + - port: 7800 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress diff --git a/tests/golden/openshift/openshift/openshift/40_netpol.yaml b/tests/golden/openshift/openshift/openshift/40_netpol.yaml new file mode 100644 index 00000000..f523a201 --- /dev/null +++ b/tests/golden/openshift/openshift/openshift/40_netpol.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + annotations: {} + labels: + name: prometheus-syn-infra-monitoring-to-keycloakx + name: prometheus-syn-infra-monitoring-to-keycloakx + namespace: keycloak-dev +spec: + egress: [] + ingress: + - from: + - namespaceSelector: + matchLabels: + name: syn-infra-monitoring + podSelector: + matchLabels: + app.kubernetes.io/component: prometheus + ports: + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + policyTypes: + - Ingress