KCB part of keycloak/keycloak#31807 (#909)

Signed-off-by: Michal Hajas <[email protected]>
keycloak · Aug 8, 2024 · d29de69 · d29de69
1 parent 7ebc0c7
commit d29de69
Show file tree

Hide file tree

Showing 13 changed files with 46 additions and 46 deletions.
diff --git a/.github/actions/keycloak-create-deployment/action.yml b/.github/actions/keycloak-create-deployment/action.yml
@@ -12,8 +12,8 @@ inputs:
   disableStickySessions:
     description: 'Disable sticky session in OpenShift Route'
     default: 'true'
-  enablePersistentSessions:
-    description: 'Enable persistent sessions to DB'
+  enableKc25Mode:
+    description: 'Set to true when version older than 26 is deployed'
     default: 'false'
   enableExternalInfinispanFeature:
     description: 'To enable the external Infinispan feature. It disables the embedded caches and only uses the remote caches.'
@@ -55,7 +55,7 @@ runs:
         KC_NAMESPACE_PREFIX: ${{ inputs.projectPrefix }}
         KC_INSTANCES: ${{ inputs.replicas }}
         KC_DISABLE_STICKY_SESSION: ${{ inputs.disableStickySessions }}
-        KC_PERSISTENT_SESSIONS: ${{ inputs.enablePersistentSessions }}
+        KC_KC25_MODE: ${{ inputs.enableKc25Mode }}
         KC_EXTERNAL_INFINISPAN: ${{ inputs.enableExternalInfinispanFeature }}
         KC_CONTAINER_IMAGE: ${{ inputs.image }}
         KC_MEMORY_REQUESTS_MB: ${{ inputs.podMemoryRequests }}

diff --git a/.github/workflows/rosa-multi-az-cluster-create.yml b/.github/workflows/rosa-multi-az-cluster-create.yml
@@ -50,8 +50,8 @@ on:
         description: 'When true deploy an Active/Active Keycloak deployment'
         type: boolean
         default: false
-      enablePersistentSessions:
-        description: 'To enable Persistent user and client sessions to the DB'
+      enableKc25Mode:
+        description: 'Set to true when version older than 26 is deployed'
         type: boolean
         default: false
       enableExternalInfinispanFeature:
@@ -65,7 +65,7 @@ on:
 env:
   CLUSTER_PREFIX: ${{ inputs.clusterPrefix || format('gh-{0}', github.repository_owner) }}
   REGION: ${{ inputs.region || vars.AWS_DEFAULT_REGION }}
-  KC_PERSISTENT_SESSIONS: ${{ inputs.enablePersistentSessions }}
+  KC_KC25_MODE: ${{ inputs.enableKc25Mode }}
   KC_EXTERNAL_INFINISPAN: ${{ inputs.enableExternalInfinispanFeature }}
 
 jobs:
@@ -187,7 +187,7 @@ jobs:
           KC_INSTANCES: 3
           KC_DISABLE_STICKY_SESSION: true
           KC_CRYOSTAT: false
-          KC_PERSISTENT_SESSIONS: ${{ env.KC_PERSISTENT_SESSIONS }}
+          KC_KC25_MODE: ${{ env.KC_KC25_MODE }}
           KC_EXTERNAL_INFINISPAN: ${{ env.KC_EXTERNAL_INFINISPAN }}
           KC_MEMORY_REQUESTS_MB: 3000
           KC_MEMORY_LIMITS_MB: 4000
@@ -226,7 +226,7 @@ jobs:
           KC_INSTANCES: 3
           KC_DISABLE_STICKY_SESSION: true
           KC_CRYOSTAT: false
-          KC_PERSISTENT_SESSIONS: ${{ env.KC_PERSISTENT_SESSIONS }}
+          KC_KC25_MODE: ${{ env.KC_KC25_MODE }}
           KC_EXTERNAL_INFINISPAN: ${{ env.KC_EXTERNAL_INFINISPAN }}
           KC_MEMORY_REQUESTS_MB: 3000
           KC_MEMORY_LIMITS_MB: 4000

diff --git a/doc/benchmark/modules/ROOT/pages/report/rosa-benchmark-key-results.adoc b/doc/benchmark/modules/ROOT/pages/report/rosa-benchmark-key-results.adoc
@@ -32,7 +32,7 @@ Deploy OpenShift and ROSA as described in xref:kubernetes-guide::prerequisite/pr
 KC_CPU_REQUESTS=6
 KC_INSTANCES=3
 KC_DISABLE_STICKY_SESSION=true
-KC_PERSISTENT_SESSIONS=false
+KC_KC25_MODE=true
 KC_MEMORY_REQUESTS_MB=3000
 KC_MEMORY_LIMITS_MB=4000
 KC_DB_POOL_INITIAL_SIZE=30

diff --git a/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc b/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc
@@ -221,9 +221,9 @@ Available options:
 +
 NOTE: This option is implemented only for OpenShift deployments.
 
-[[KC_PERSISTENT_SESSIONS,KC_PERSISTENT_SESSIONS]]
-KC_PERSISTENT_SESSIONS::
-We can enable the persistent sessions to be stored in the user-sessions and client-sessions into the target database in use. By default, the `KC_PERSISTENT_SESSIONS` is set to `false` in our benchmark provisioning module, we need to override it to `true` to enable this feature. Please note that, there will be a tax on the endpoint performance when you enable this feature and this is as designed, to provide better resiliency for Keycloak.
+[[KC_KC25_MODE,KC_KC25_MODE]]
+KC_KC25_MODE::
+To deploy older Keycloak version prior to Keycloak 26 it is necessary to enable the KC25 mode.
 
 == Available Benchmark options
 

diff --git a/provision/common/Taskfile.yaml b/provision/common/Taskfile.yaml
@@ -24,7 +24,7 @@ vars:
   KC_REMOTE_STORE_HOST: '{{default "localhost" .KC_REMOTE_STORE_HOST}}'
   KC_REMOTE_STORE_PORT: '{{default "11222" .KC_REMOTE_STORE_PORT}}'
   KC_DISABLE_STICKY_SESSION: '{{default "false" .KC_DISABLE_STICKY_SESSION}}'
-  KC_PERSISTENT_SESSIONS: '{{default "false" .KC_PERSISTENT_SESSIONS}}'
+  KC_KC25_MODE: '{{default "false" .KC_KC25_MODE}}'
   KC_EXTERNAL_INFINISPAN: '{{default "false" .KC_EXTERNAL_INFINISPAN}}'
   MULTI_AZ: '{{default "false" .MULTI_AZ}}'
   ENV_DATA_JSON_PATH: "{{.ROOT_DIR}}/../environment_data.json"
@@ -72,7 +72,7 @@ tasks:
       - echo {{.KC_REMOTE_STORE_HOST}} > .task/var-KC_REMOTE_STORE_HOST
       - echo {{.KC_REMOTE_STORE_PORT}} > .task/var-KC_REMOTE_STORE_PORT
       - echo {{.KC_DISABLE_STICKY_SESSION}} > .task/var-KC_DISABLE_STICKY_SESSION
-      - echo {{.KC_PERSISTENT_SESSIONS}} > .task/var-KC_PERSISTENT_SESSIONS
+      - echo {{.KC_KC25_MODE}} > .task/var-KC_KC25_MODE
       - echo {{.KC_EXTERNAL_INFINISPAN}} > .task/var-KC_EXTERNAL_INFINISPAN
       - echo {{.KC_HOSTNAME_OVERRIDE}} > .task/var-KC_HOSTNAME_OVERRIDE
       - echo {{.KC_HEALTH_HOSTNAME}} > .task/var-KC_HEALTH_HOSTNAME
@@ -81,7 +81,6 @@ tasks:
           --arg cpu_limits_per_pod "{{ .KC_CPU_LIMITS }}" \
           --arg num_of_pods "{{ .KC_INSTANCES }}" \
           --argjson sticky_sessions "{{ .KC_DISABLE_STICKY_SESSION }}" \
-          --argjson persistent_sessions "{{ .KC_PERSISTENT_SESSIONS }}" \
           --argjson external_infinispan "{{ .KC_EXTERNAL_INFINISPAN }}" \
           --arg mem_req_per_pod "{{ .KC_MEMORY_REQUESTS_MB }}" \
           --arg mem_limit_per_pod "{{ .KC_MEMORY_LIMITS_MB }}" \
@@ -99,7 +98,6 @@ tasks:
                              "cpuLimitsPerPod": (if ($cpu_limits_per_pod | length) == 0 then null else ($cpu_limits_per_pod | tonumber?) end),
                              "stickySessionDisabled": ($sticky_sessions),
                              "externalInfinispanFeatureEnabled": ($external_infinispan),
-                             "persistentSessionsEnabled": ($persistent_sessions),
                              "memRequestsPerPod": ($mem_req_per_pod|tonumber),
                              "memLimitPerPod": ($mem_limit_per_pod|tonumber),
                              "dbPool": {
@@ -142,7 +140,7 @@ tasks:
       - test "{{.KC_REMOTE_STORE_HOST}}" == "$(cat .task/var-KC_REMOTE_STORE_HOST)"
       - test "{{.KC_REMOTE_STORE_PORT}}" == "$(cat .task/var-KC_REMOTE_STORE_PORT)"
       - test "{{.KC_DISABLE_STICKY_SESSION}}" == "$(cat .task/var-KC_DISABLE_STICKY_SESSION)"
-      - test "{{.KC_PERSISTENT_SESSIONS}}" == "$(cat .task/var-KC_PERSISTENT_SESSIONS)"
+      - test "{{.KC_KC25_MODE}}" == "$(cat .task/var-KC_KC25_MODE)"
       - test "{{.KC_EXTERNAL_INFINISPAN}}" == "$(cat .task/var-KC_EXTERNAL_INFINISPAN)"
       - test "{{.KC_HOSTNAME_OVERRIDE}}" == "$(cat .task/var-KC_HOSTNAME_OVERRIDE)"
       - test "{{.KC_HEALTH_HOSTNAME}}" == "$(cat .task/var-KC_HEALTH_HOSTNAME)"

diff --git a/provision/infinispan/Utils.yaml b/provision/infinispan/Utils.yaml
@@ -111,7 +111,7 @@ tasks:
         --set alertmanager.webhook.url={{ .ACCELERATOR_WEBHOOK_URL }}
         --set alertmanager.webhook.username={{ .ACCELERATOR_WEBHOOK_USERNAME }}
         --set alertmanager.webhook.password={{ .ACCELERATOR_WEBHOOK_PASSWORD }}
-        {{if eq .KC_PERSISTENT_SESSIONS "true"}}--values ispn-helm/persistent-session-caches.yaml{{end}}
+        {{if eq .KC_KC25_MODE "true"}}--values ispn-helm/kc-25-caches.yaml{{end}}
         ./ispn-helm
     preconditions:
       - test -f ".task/kubecfg/{{.ROSA_CLUSTER_NAME}}"

diff --git a/provision/infinispan/ispn-helm/kc-25-caches.yaml b/provision/infinispan/ispn-helm/kc-25-caches.yaml
@@ -0,0 +1,17 @@
+caches:
+  sessions:
+    owners: 2
+    memory:
+      maxCount: -1
+  offlineSessions:
+    owners: 2
+    memory:
+      maxCount: -1
+  clientSessions:
+    owners: 2
+    memory:
+      maxCount: -1
+  offlineClientSessions:
+    owners: 2
+    memory:
+      maxCount: -1
diff --git a/provision/infinispan/ispn-helm/persistent-session-caches.yaml b/provision/infinispan/ispn-helm/persistent-session-caches.yaml
diff --git a/provision/infinispan/ispn-helm/values.yaml b/provision/infinispan/ispn-helm/values.yaml
@@ -21,16 +21,27 @@ cacheDefaults:
   txLockMode: PESSIMISTIC
 caches:
   sessions:
-    owners: 2
+    owners: 1
+    memory:
+      maxCount: 10000
     mergePolicy: ALWAYS_REMOVE
   actionTokens: {}
   authenticationSessions:
     mergePolicy: ALWAYS_REMOVE
   offlineSessions:
+    owners: 1
+    memory:
+      maxCount: 10000
     mergePolicy: ALWAYS_REMOVE
   clientSessions:
+    owners: 1
+    memory:
+      maxCount: 10000
     mergePolicy: ALWAYS_REMOVE
   offlineClientSessions:
+    owners: 1
+    memory:
+      maxCount: 10000
     mergePolicy: ALWAYS_REMOVE
   loginFailures: { }
   work: { }

diff --git a/provision/keycloak-tasks/Taskfile.yaml b/provision/keycloak-tasks/Taskfile.yaml
@@ -52,7 +52,7 @@ vars:
   KC_REMOTE_STORE_HOST: '{{default "localhost" .KC_REMOTE_STORE_HOST}}'
   KC_REMOTE_STORE_PORT: '{{default "11222" .KC_REMOTE_STORE_PORT}}'
   KC_DISABLE_STICKY_SESSION: '{{default "false" .KC_DISABLE_STICKY_SESSION}}'
-  KC_PERSISTENT_SESSIONS: '{{default "false" .KC_PERSISTENT_SESSIONS}}'
+  KC_KC25_MODE: '{{default "false" .KC_KC25_MODE}}'
   KC_EXTERNAL_INFINISPAN: '{{default "false" .KC_EXTERNAL_INFINISPAN}}'
 
 tasks:

diff --git a/provision/keycloak-tasks/Utils.yaml b/provision/keycloak-tasks/Utils.yaml
@@ -255,7 +255,6 @@ tasks:
         --set namespace={{.NAMESPACE}}
         --set keycloakAdminPassword="{{.KC_ADMIN_PASSWORD}}"
         --set disableIngressStickySession={{ .KC_DISABLE_STICKY_SESSION }}
-        --set persistentSessions={{ .KC_PERSISTENT_SESSIONS }}
         --set externalInfinispan={{ .KC_EXTERNAL_INFINISPAN }}
         --set nodePortsEnabled=false
         ../minikube/keycloak

diff --git a/provision/minikube/keycloak/templates/keycloak.yaml b/provision/minikube/keycloak/templates/keycloak.yaml
@@ -57,9 +57,6 @@ spec:
   features:
     enabled:
       - multi-site # <3>
-{{- if .Values.persistentSessions }}
-      - persistent-user-sessions
-{{- end }}
 {{- if .Values.externalInfinispan }}
       - remote-cache
 {{- end }}
@@ -78,10 +75,6 @@ spec:
   # tag::keycloak-ispn[]
   additionalOptions:
   # end::keycloak-ispn[]
-    {{- if .Values.persistentSessions }}
-    - name: spi-user-sessions-infinispan-use-caches
-      value: "false"
-    {{- end }}
     - name: http-metrics-histograms-enabled
       value: 'true'
     - name: http-metrics-slos

diff --git a/provision/openshift/Taskfile.yaml b/provision/openshift/Taskfile.yaml
@@ -273,7 +273,6 @@ tasks:
         --set namespace={{.KC_NAMESPACE_PREFIX}}keycloak
         --set keycloakAdminPassword="{{.KC_ADMIN_PASSWORD}}"
         --set disableIngressStickySession={{ .KC_DISABLE_STICKY_SESSION }}
-        --set persistentSessions={{ .KC_PERSISTENT_SESSIONS }}
         --set externalInfinispan={{ .KC_EXTERNAL_INFINISPAN }}
         --set nodePortsEnabled=false
         ../minikube/keycloak