Keylcoak major version bump of postgres

charts/kubezero-auth/Chart.yaml

@@ -3,7 +3,7 @@ name: kubezero-auth
 description: KubeZero umbrella chart for all things Authentication and Identity management
 type: application
 version: 0.4.3
-appVersion: 22.0.1
+appVersion: 22.0.5
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero-auth/README.md

@@ -1,6 +1,6 @@
 # kubezero-auth
 
-![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 22.0.1](https://img.shields.io/badge/AppVersion-22.0.1-informational?style=flat-square)
+![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 22.0.1](https://img.shields.io/badge/AppVersion-22.0.1-informational?style=flat-square)
 
 KubeZero umbrella chart for all things Authentication and Identity management
 
@@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0`
 | Repository | Name | Version |
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
-| oci://registry-1.docker.io/bitnamicharts | keycloak | 16.1.2 |
+| oci://registry-1.docker.io/bitnamicharts | keycloak | 17.3.0 |
 
 # Keycloak
    
@@ -41,9 +41,12 @@ https://github.com/keycloak/keycloak-benchmark/tree/main/provision/minikube/keyc
 | keycloak.auth.existingSecret | string | `"kubezero-auth"` |  |
 | keycloak.auth.passwordSecretKey | string | `"admin-password"` |  |
 | keycloak.enabled | bool | `false` |  |
-| keycloak.istio.enabled | bool | `false` |  |
+| keycloak.istio.admin.enabled | bool | `false` |  |
-| keycloak.istio.gateway | string | `"istio-ingress/private-ingressgateway"` |  |
+| keycloak.istio.admin.gateway | string | `"istio-ingress/private-ingressgateway"` |  |
-| keycloak.istio.url | string | `""` |  |
+| keycloak.istio.admin.url | string | `""` |  |
+| keycloak.istio.auth.enabled | bool | `false` |  |
+| keycloak.istio.auth.gateway | string | `"istio-ingress/ingressgateway"` |  |
+| keycloak.istio.auth.url | string | `""` |  |
 | keycloak.metrics.enabled | bool | `false` |  |
 | keycloak.metrics.serviceMonitor.enabled | bool | `true` |  |
 | keycloak.pdb.create | bool | `false` |  |
@@ -56,3 +59,5 @@ https://github.com/keycloak/keycloak-benchmark/tree/main/provision/minikube/keyc
 | keycloak.production | bool | `true` |  |
 | keycloak.proxy | string | `"edge"` |  |
 | keycloak.replicaCount | int | `1` |  |
+| keycloak.resources.requests.cpu | string | `"100m"` |  |
+| keycloak.resources.requests.memory | string | `"512Mi"` |  |

charts/kubezero-auth/docs/postgres.md

@@ -0,0 +1,48 @@
+# Upgrade Postgres major version
+
+## backup
+
+- shell into running posgres-auth pod
+```
+export PGPASSWORD="<postgres_password from secret>"
+cd /bitnami/posgres
+pg_dumpall > backup
+```
+
+- store backup off-site
+```
+kubectl cp keycloak/kubezero-auth-postgresql-0:/bitnami/postgresql/backup postgres-backup
+```
+
+## upgrade
+
+- upgrade auth chart
+
+- delete postgres-auth PVC and POD to flush old DB
+
+## restore
+
+- copy backup to new PVC
+```
+kubectl cp postgres-backup keycloak/kubezero-auth-postgresql-0:/bitnami/postgresql/backup
+```
+
+- log into psql as admin ( shell on running pod )
+```
+psql -U postgres
+```
+
+- drop database `keycloak`
+```
+DROP database keycloak
+``` 
+if keycloak is running and postgres complains about connected users simply kill the keycloak and retry
+
+- actual restore
+```
+psql -U postgres -d postgres -f backup
+```
+
+- restart keycloak once more
+
+success.