From d29de696417ec14ed89307e199d4a12ffddde05e Mon Sep 17 00:00:00 2001 From: Michal Hajas Date: Thu, 8 Aug 2024 08:26:59 +0200 Subject: [PATCH] KCB part of https://github.com/keycloak/keycloak/issues/31807 (#909) Signed-off-by: Michal Hajas --- .../keycloak-create-deployment/action.yml | 6 +++--- .../workflows/rosa-multi-az-cluster-create.yml | 10 +++++----- .../report/rosa-benchmark-key-results.adoc | 2 +- .../ROOT/pages/customizing-deployment.adoc | 6 +++--- provision/common/Taskfile.yaml | 8 +++----- provision/infinispan/Utils.yaml | 2 +- .../infinispan/ispn-helm/kc-25-caches.yaml | 17 +++++++++++++++++ .../ispn-helm/persistent-session-caches.yaml | 17 ----------------- provision/infinispan/ispn-helm/values.yaml | 13 ++++++++++++- provision/keycloak-tasks/Taskfile.yaml | 2 +- provision/keycloak-tasks/Utils.yaml | 1 - .../minikube/keycloak/templates/keycloak.yaml | 7 ------- provision/openshift/Taskfile.yaml | 1 - 13 files changed, 46 insertions(+), 46 deletions(-) create mode 100644 provision/infinispan/ispn-helm/kc-25-caches.yaml delete mode 100644 provision/infinispan/ispn-helm/persistent-session-caches.yaml diff --git a/.github/actions/keycloak-create-deployment/action.yml b/.github/actions/keycloak-create-deployment/action.yml index 31d018452..dc43bc18d 100644 --- a/.github/actions/keycloak-create-deployment/action.yml +++ b/.github/actions/keycloak-create-deployment/action.yml @@ -12,8 +12,8 @@ inputs: disableStickySessions: description: 'Disable sticky session in OpenShift Route' default: 'true' - enablePersistentSessions: - description: 'Enable persistent sessions to DB' + enableKc25Mode: + description: 'Set to true when version older than 26 is deployed' default: 'false' enableExternalInfinispanFeature: description: 'To enable the external Infinispan feature. It disables the embedded caches and only uses the remote caches.' @@ -55,7 +55,7 @@ runs: KC_NAMESPACE_PREFIX: ${{ inputs.projectPrefix }} KC_INSTANCES: ${{ inputs.replicas }} KC_DISABLE_STICKY_SESSION: ${{ inputs.disableStickySessions }} - KC_PERSISTENT_SESSIONS: ${{ inputs.enablePersistentSessions }} + KC_KC25_MODE: ${{ inputs.enableKc25Mode }} KC_EXTERNAL_INFINISPAN: ${{ inputs.enableExternalInfinispanFeature }} KC_CONTAINER_IMAGE: ${{ inputs.image }} KC_MEMORY_REQUESTS_MB: ${{ inputs.podMemoryRequests }} diff --git a/.github/workflows/rosa-multi-az-cluster-create.yml b/.github/workflows/rosa-multi-az-cluster-create.yml index 1bfc75486..2fad061ea 100644 --- a/.github/workflows/rosa-multi-az-cluster-create.yml +++ b/.github/workflows/rosa-multi-az-cluster-create.yml @@ -50,8 +50,8 @@ on: description: 'When true deploy an Active/Active Keycloak deployment' type: boolean default: false - enablePersistentSessions: - description: 'To enable Persistent user and client sessions to the DB' + enableKc25Mode: + description: 'Set to true when version older than 26 is deployed' type: boolean default: false enableExternalInfinispanFeature: @@ -65,7 +65,7 @@ on: env: CLUSTER_PREFIX: ${{ inputs.clusterPrefix || format('gh-{0}', github.repository_owner) }} REGION: ${{ inputs.region || vars.AWS_DEFAULT_REGION }} - KC_PERSISTENT_SESSIONS: ${{ inputs.enablePersistentSessions }} + KC_KC25_MODE: ${{ inputs.enableKc25Mode }} KC_EXTERNAL_INFINISPAN: ${{ inputs.enableExternalInfinispanFeature }} jobs: @@ -187,7 +187,7 @@ jobs: KC_INSTANCES: 3 KC_DISABLE_STICKY_SESSION: true KC_CRYOSTAT: false - KC_PERSISTENT_SESSIONS: ${{ env.KC_PERSISTENT_SESSIONS }} + KC_KC25_MODE: ${{ env.KC_KC25_MODE }} KC_EXTERNAL_INFINISPAN: ${{ env.KC_EXTERNAL_INFINISPAN }} KC_MEMORY_REQUESTS_MB: 3000 KC_MEMORY_LIMITS_MB: 4000 @@ -226,7 +226,7 @@ jobs: KC_INSTANCES: 3 KC_DISABLE_STICKY_SESSION: true KC_CRYOSTAT: false - KC_PERSISTENT_SESSIONS: ${{ env.KC_PERSISTENT_SESSIONS }} + KC_KC25_MODE: ${{ env.KC_KC25_MODE }} KC_EXTERNAL_INFINISPAN: ${{ env.KC_EXTERNAL_INFINISPAN }} KC_MEMORY_REQUESTS_MB: 3000 KC_MEMORY_LIMITS_MB: 4000 diff --git a/doc/benchmark/modules/ROOT/pages/report/rosa-benchmark-key-results.adoc b/doc/benchmark/modules/ROOT/pages/report/rosa-benchmark-key-results.adoc index 6dfc0ed10..e9763e10c 100644 --- a/doc/benchmark/modules/ROOT/pages/report/rosa-benchmark-key-results.adoc +++ b/doc/benchmark/modules/ROOT/pages/report/rosa-benchmark-key-results.adoc @@ -32,7 +32,7 @@ Deploy OpenShift and ROSA as described in xref:kubernetes-guide::prerequisite/pr KC_CPU_REQUESTS=6 KC_INSTANCES=3 KC_DISABLE_STICKY_SESSION=true -KC_PERSISTENT_SESSIONS=false +KC_KC25_MODE=true KC_MEMORY_REQUESTS_MB=3000 KC_MEMORY_LIMITS_MB=4000 KC_DB_POOL_INITIAL_SIZE=30 diff --git a/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc b/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc index ea00d65ed..b0f189e96 100644 --- a/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc +++ b/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc @@ -221,9 +221,9 @@ Available options: + NOTE: This option is implemented only for OpenShift deployments. -[[KC_PERSISTENT_SESSIONS,KC_PERSISTENT_SESSIONS]] -KC_PERSISTENT_SESSIONS:: -We can enable the persistent sessions to be stored in the user-sessions and client-sessions into the target database in use. By default, the `KC_PERSISTENT_SESSIONS` is set to `false` in our benchmark provisioning module, we need to override it to `true` to enable this feature. Please note that, there will be a tax on the endpoint performance when you enable this feature and this is as designed, to provide better resiliency for Keycloak. +[[KC_KC25_MODE,KC_KC25_MODE]] +KC_KC25_MODE:: +To deploy older Keycloak version prior to Keycloak 26 it is necessary to enable the KC25 mode. == Available Benchmark options diff --git a/provision/common/Taskfile.yaml b/provision/common/Taskfile.yaml index 0350a8818..237edad94 100644 --- a/provision/common/Taskfile.yaml +++ b/provision/common/Taskfile.yaml @@ -24,7 +24,7 @@ vars: KC_REMOTE_STORE_HOST: '{{default "localhost" .KC_REMOTE_STORE_HOST}}' KC_REMOTE_STORE_PORT: '{{default "11222" .KC_REMOTE_STORE_PORT}}' KC_DISABLE_STICKY_SESSION: '{{default "false" .KC_DISABLE_STICKY_SESSION}}' - KC_PERSISTENT_SESSIONS: '{{default "false" .KC_PERSISTENT_SESSIONS}}' + KC_KC25_MODE: '{{default "false" .KC_KC25_MODE}}' KC_EXTERNAL_INFINISPAN: '{{default "false" .KC_EXTERNAL_INFINISPAN}}' MULTI_AZ: '{{default "false" .MULTI_AZ}}' ENV_DATA_JSON_PATH: "{{.ROOT_DIR}}/../environment_data.json" @@ -72,7 +72,7 @@ tasks: - echo {{.KC_REMOTE_STORE_HOST}} > .task/var-KC_REMOTE_STORE_HOST - echo {{.KC_REMOTE_STORE_PORT}} > .task/var-KC_REMOTE_STORE_PORT - echo {{.KC_DISABLE_STICKY_SESSION}} > .task/var-KC_DISABLE_STICKY_SESSION - - echo {{.KC_PERSISTENT_SESSIONS}} > .task/var-KC_PERSISTENT_SESSIONS + - echo {{.KC_KC25_MODE}} > .task/var-KC_KC25_MODE - echo {{.KC_EXTERNAL_INFINISPAN}} > .task/var-KC_EXTERNAL_INFINISPAN - echo {{.KC_HOSTNAME_OVERRIDE}} > .task/var-KC_HOSTNAME_OVERRIDE - echo {{.KC_HEALTH_HOSTNAME}} > .task/var-KC_HEALTH_HOSTNAME @@ -81,7 +81,6 @@ tasks: --arg cpu_limits_per_pod "{{ .KC_CPU_LIMITS }}" \ --arg num_of_pods "{{ .KC_INSTANCES }}" \ --argjson sticky_sessions "{{ .KC_DISABLE_STICKY_SESSION }}" \ - --argjson persistent_sessions "{{ .KC_PERSISTENT_SESSIONS }}" \ --argjson external_infinispan "{{ .KC_EXTERNAL_INFINISPAN }}" \ --arg mem_req_per_pod "{{ .KC_MEMORY_REQUESTS_MB }}" \ --arg mem_limit_per_pod "{{ .KC_MEMORY_LIMITS_MB }}" \ @@ -99,7 +98,6 @@ tasks: "cpuLimitsPerPod": (if ($cpu_limits_per_pod | length) == 0 then null else ($cpu_limits_per_pod | tonumber?) end), "stickySessionDisabled": ($sticky_sessions), "externalInfinispanFeatureEnabled": ($external_infinispan), - "persistentSessionsEnabled": ($persistent_sessions), "memRequestsPerPod": ($mem_req_per_pod|tonumber), "memLimitPerPod": ($mem_limit_per_pod|tonumber), "dbPool": { @@ -142,7 +140,7 @@ tasks: - test "{{.KC_REMOTE_STORE_HOST}}" == "$(cat .task/var-KC_REMOTE_STORE_HOST)" - test "{{.KC_REMOTE_STORE_PORT}}" == "$(cat .task/var-KC_REMOTE_STORE_PORT)" - test "{{.KC_DISABLE_STICKY_SESSION}}" == "$(cat .task/var-KC_DISABLE_STICKY_SESSION)" - - test "{{.KC_PERSISTENT_SESSIONS}}" == "$(cat .task/var-KC_PERSISTENT_SESSIONS)" + - test "{{.KC_KC25_MODE}}" == "$(cat .task/var-KC_KC25_MODE)" - test "{{.KC_EXTERNAL_INFINISPAN}}" == "$(cat .task/var-KC_EXTERNAL_INFINISPAN)" - test "{{.KC_HOSTNAME_OVERRIDE}}" == "$(cat .task/var-KC_HOSTNAME_OVERRIDE)" - test "{{.KC_HEALTH_HOSTNAME}}" == "$(cat .task/var-KC_HEALTH_HOSTNAME)" diff --git a/provision/infinispan/Utils.yaml b/provision/infinispan/Utils.yaml index b6e78e152..01d7b9dba 100644 --- a/provision/infinispan/Utils.yaml +++ b/provision/infinispan/Utils.yaml @@ -111,7 +111,7 @@ tasks: --set alertmanager.webhook.url={{ .ACCELERATOR_WEBHOOK_URL }} --set alertmanager.webhook.username={{ .ACCELERATOR_WEBHOOK_USERNAME }} --set alertmanager.webhook.password={{ .ACCELERATOR_WEBHOOK_PASSWORD }} - {{if eq .KC_PERSISTENT_SESSIONS "true"}}--values ispn-helm/persistent-session-caches.yaml{{end}} + {{if eq .KC_KC25_MODE "true"}}--values ispn-helm/kc-25-caches.yaml{{end}} ./ispn-helm preconditions: - test -f ".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" diff --git a/provision/infinispan/ispn-helm/kc-25-caches.yaml b/provision/infinispan/ispn-helm/kc-25-caches.yaml new file mode 100644 index 000000000..5c2d6ab79 --- /dev/null +++ b/provision/infinispan/ispn-helm/kc-25-caches.yaml @@ -0,0 +1,17 @@ +caches: + sessions: + owners: 2 + memory: + maxCount: -1 + offlineSessions: + owners: 2 + memory: + maxCount: -1 + clientSessions: + owners: 2 + memory: + maxCount: -1 + offlineClientSessions: + owners: 2 + memory: + maxCount: -1 diff --git a/provision/infinispan/ispn-helm/persistent-session-caches.yaml b/provision/infinispan/ispn-helm/persistent-session-caches.yaml deleted file mode 100644 index 6a63cb01b..000000000 --- a/provision/infinispan/ispn-helm/persistent-session-caches.yaml +++ /dev/null @@ -1,17 +0,0 @@ -caches: - sessions: - owners: 1 - memory: - maxCount: 10000 - offlineSessions: - owners: 1 - memory: - maxCount: 10000 - clientSessions: - owners: 1 - memory: - maxCount: 10000 - offlineClientSessions: - owners: 1 - memory: - maxCount: 10000 diff --git a/provision/infinispan/ispn-helm/values.yaml b/provision/infinispan/ispn-helm/values.yaml index c064324e3..a3120246a 100644 --- a/provision/infinispan/ispn-helm/values.yaml +++ b/provision/infinispan/ispn-helm/values.yaml @@ -21,16 +21,27 @@ cacheDefaults: txLockMode: PESSIMISTIC caches: sessions: - owners: 2 + owners: 1 + memory: + maxCount: 10000 mergePolicy: ALWAYS_REMOVE actionTokens: {} authenticationSessions: mergePolicy: ALWAYS_REMOVE offlineSessions: + owners: 1 + memory: + maxCount: 10000 mergePolicy: ALWAYS_REMOVE clientSessions: + owners: 1 + memory: + maxCount: 10000 mergePolicy: ALWAYS_REMOVE offlineClientSessions: + owners: 1 + memory: + maxCount: 10000 mergePolicy: ALWAYS_REMOVE loginFailures: { } work: { } diff --git a/provision/keycloak-tasks/Taskfile.yaml b/provision/keycloak-tasks/Taskfile.yaml index cd80e13b9..80d23d944 100644 --- a/provision/keycloak-tasks/Taskfile.yaml +++ b/provision/keycloak-tasks/Taskfile.yaml @@ -52,7 +52,7 @@ vars: KC_REMOTE_STORE_HOST: '{{default "localhost" .KC_REMOTE_STORE_HOST}}' KC_REMOTE_STORE_PORT: '{{default "11222" .KC_REMOTE_STORE_PORT}}' KC_DISABLE_STICKY_SESSION: '{{default "false" .KC_DISABLE_STICKY_SESSION}}' - KC_PERSISTENT_SESSIONS: '{{default "false" .KC_PERSISTENT_SESSIONS}}' + KC_KC25_MODE: '{{default "false" .KC_KC25_MODE}}' KC_EXTERNAL_INFINISPAN: '{{default "false" .KC_EXTERNAL_INFINISPAN}}' tasks: diff --git a/provision/keycloak-tasks/Utils.yaml b/provision/keycloak-tasks/Utils.yaml index d7fe69e4a..763c3e819 100644 --- a/provision/keycloak-tasks/Utils.yaml +++ b/provision/keycloak-tasks/Utils.yaml @@ -255,7 +255,6 @@ tasks: --set namespace={{.NAMESPACE}} --set keycloakAdminPassword="{{.KC_ADMIN_PASSWORD}}" --set disableIngressStickySession={{ .KC_DISABLE_STICKY_SESSION }} - --set persistentSessions={{ .KC_PERSISTENT_SESSIONS }} --set externalInfinispan={{ .KC_EXTERNAL_INFINISPAN }} --set nodePortsEnabled=false ../minikube/keycloak diff --git a/provision/minikube/keycloak/templates/keycloak.yaml b/provision/minikube/keycloak/templates/keycloak.yaml index aeced353a..9339e178a 100644 --- a/provision/minikube/keycloak/templates/keycloak.yaml +++ b/provision/minikube/keycloak/templates/keycloak.yaml @@ -57,9 +57,6 @@ spec: features: enabled: - multi-site # <3> -{{- if .Values.persistentSessions }} - - persistent-user-sessions -{{- end }} {{- if .Values.externalInfinispan }} - remote-cache {{- end }} @@ -78,10 +75,6 @@ spec: # tag::keycloak-ispn[] additionalOptions: # end::keycloak-ispn[] - {{- if .Values.persistentSessions }} - - name: spi-user-sessions-infinispan-use-caches - value: "false" - {{- end }} - name: http-metrics-histograms-enabled value: 'true' - name: http-metrics-slos diff --git a/provision/openshift/Taskfile.yaml b/provision/openshift/Taskfile.yaml index 69a3a1a82..29a10c92c 100644 --- a/provision/openshift/Taskfile.yaml +++ b/provision/openshift/Taskfile.yaml @@ -273,7 +273,6 @@ tasks: --set namespace={{.KC_NAMESPACE_PREFIX}}keycloak --set keycloakAdminPassword="{{.KC_ADMIN_PASSWORD}}" --set disableIngressStickySession={{ .KC_DISABLE_STICKY_SESSION }} - --set persistentSessions={{ .KC_PERSISTENT_SESSIONS }} --set externalInfinispan={{ .KC_EXTERNAL_INFINISPAN }} --set nodePortsEnabled=false ../minikube/keycloak