feat!: new 20.x release

feat: backup labels for mysql
adds welcome_theme env
2022-11-16 19:37:17 +01:00 · 2022-11-16 18:16:25 +01:00 · 2022-05-18 14:54:35 +02:00 · 2022-02-10 11:02:13 +01:00 · 2022-01-03 16:09:47 +01:00 · 2022-01-02 15:57:16 +01:00
4 changed files with 40 additions and 10 deletions
--- a/.env.sample
+++ b/.env.sample
@ -6,6 +6,7 @@ DOMAIN=keycloak.example.com
 LETS_ENCRYPT_ENV=production

 ADMIN_USERNAME=admin
+WELCOME_THEME=keycloak

 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,9 @@ version: "3.8"

 services:
  app:
-    image: "jboss/keycloak:16.1.0"
+    image: "keycloak/keycloak:20.0.1"
+    entrypoint: >
+      bash -c "KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
    networks:
      - proxy
      - internal
@ -11,14 +13,14 @@ services:
      - admin_password
      - db_password
    environment:
-      - DB_ADDR=db
-      - DB_DATABASE=keycloak
-      - DB_PASSWORD_FILE=/run/secrets/db_password
-      - DB_USER=keycloak
-      - DB_VENDOR=mariadb
-      - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
-      - KEYCLOAK_USER=${ADMIN_USERNAME}
-      - PROXY_ADDRESS_FORWARDING=true
+      - KC_DB=mariadb
+      - KC_DB_URL_DATABASE=keycloak
+      - KC_DB_URL_HOST=db
+      - KC_HOSTNAME=${DOMAIN}
+      - KC_PROXY=edge
+      - KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
+      - KEYCLOAK_ADMIN=${ADMIN_USERNAME}
+      - KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080"]
      interval: 30s
@ -42,7 +44,7 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=4.0.0+16.1.0"
+        - "coop-cloud.${STACK_NAME}.version=5.0.0+20.0.1"

  db:
    image: "mariadb:10.6"
@ -58,6 +60,12 @@ services:
      - "mariadb:/var/lib/mysql"
    networks:
      - internal
+    deploy:
+      labels:
+          backupbot.backup: "true"
+          backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" keycloak > /tmp/backup/backup.sql'
+          backupbot.backup.post-hook: "rm -rf /tmp/backup"
+          backupbot.backup.path: "/tmp/backup/"

 networks:
  internal:
--- a/release/4.0.0+16.1.0
+++ b/release/4.0.0+16.1.0
@ -0,0 +1,12 @@
+This major release comes with a blog post about a CVE:
+
+    https://www.keycloak.org/2021/12/cve.html
+
+Not all versions are affected but they're suggesting that people upgrade soon.
+
+As per usual, this upgrade didn't go too smoothly and I ended up having to
+undeploy and deploy the new versions. The healtcheck kept failing on the new
+instance when trying to deploy alongside the existing old version. Idk, some
+docker weirdness.
+
+No app data errors discovered after upgrade.
--- a/release/5.0.0+20.0.1
+++ b/release/5.0.0+20.0.1
@ -0,0 +1,9 @@
+You'll need to remove `/auth/` from your app SSO URLs, e.g.
+
+    https://foo.example.com/auth/realms/foo/protocol/openid-connect/auth
+
+Would become:
+
+    https://foo.example.com/realms/foo/protocol/openid-connect/auth
+
+-- decentral1se @ Autonomic
Author	SHA1	Message	Date
decentral1se	2ac47abfcd	feat!: new 20.x release	2022-11-16 19:37:17 +01:00
decentral1se	ef6ffd9985	feat: backup labels for mysql	2022-11-16 18:16:25 +01:00
Philipp Rothmann	38bdef2fd0	adds welcome_theme env	2022-05-18 14:54:35 +02:00
decentral1se	2de7006106	chore: publish 4.0.1+16.1.1 release	2022-02-10 11:02:13 +01:00
cellarspoon	0edb882a06	release: expand notes	2022-01-03 16:09:47 +01:00
cellarspoon	2c29c75398	release: add notes	2022-01-02 15:57:16 +01:00