fix: removes the operator's usage of the v1 proxy option
closes: #30945 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
This commit is contained in:
Steve Hawkins
Peter Zaoral
parent
0410653e71
commit
9247029ca3
4 changed files with 5 additions and 41 deletions
|
|
@ -9,6 +9,10 @@ Consequently, all caches are cleared when upgrading to this version.
|
|||
|
||||
To prevent losing user sessions upgrade to Keycloak 25 first and enable the persistent sessions feature as outlined in the migration guide for {project_name} 25.
|
||||
|
||||
= Operator no longer defaults to proxy=passthrough
|
||||
|
||||
The Operator will no longer default to the hostname v1 setting of proxy=passthrough. This allows deployments using hostname v2 for a fixed edge hostname to work as desired without additional options.
|
||||
|
||||
= New method in `ClusterProvider` API
|
||||
|
||||
The following method was added to `org.keycloak.cluster.ClusterProvider`:
|
||||
|
|
|
|||
|
|
@ -46,8 +46,7 @@ public final class Constants {
|
|||
public static final List<ValueOrSecret> DEFAULT_DIST_CONFIG_LIST = List.of(
|
||||
new ValueOrSecret("health-enabled", "true"),
|
||||
new ValueOrSecret("cache", "ispn"),
|
||||
new ValueOrSecret("cache-stack", "kubernetes"),
|
||||
new ValueOrSecret("proxy", "passthrough")
|
||||
new ValueOrSecret("cache-stack", "kubernetes")
|
||||
);
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -421,13 +421,6 @@ public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependent
|
|||
// include the kube CA if the user is not controlling KC_TRUSTSTORE_PATHS via the unsupported or the additional
|
||||
varMap.putIfAbsent(KC_TRUSTSTORE_PATHS, new EnvVarBuilder().withName(KC_TRUSTSTORE_PATHS).withValue(truststores).build());
|
||||
|
||||
// TODO remove this once the --proxy option is finally removed from Keycloak
|
||||
// not strictly necessary as --proxy-headers take precedence over --proxy but at least removes the warning
|
||||
// about deprecated --proxy option in use
|
||||
if (varMap.containsKey(getKeycloakOptionEnvVarName("proxy-headers"))) {
|
||||
varMap.remove(getKeycloakOptionEnvVarName("proxy"));
|
||||
}
|
||||
|
||||
var envVars = new ArrayList<>(varMap.values());
|
||||
baseDeployment.getSpec().getTemplate().getSpec().getContainers().get(0).setEnv(envVars);
|
||||
|
||||
|
|
|
|||
|
|
@ -104,38 +104,6 @@ public class KeycloakIngressTest extends BaseOperatorTest {
|
|||
.anyMatch(e -> "KC_PROXY_HEADERS".equals(e.getName()) && "xforwarded".equals(e.getValue()));
|
||||
}
|
||||
|
||||
// TODO remove this test once the --proxy option is finally removed from Keycloak
|
||||
@Test
|
||||
public void testFallbackToDefaultProxySettings() {
|
||||
var kc = getTestKeycloakDeployment(false);
|
||||
var hostnameSpecBuilder = new HostnameSpecBuilder()
|
||||
.withStrict(false)
|
||||
.withStrictBackchannel(false);
|
||||
if (isOpenShift) {
|
||||
kc.getSpec().setIngressSpec(new IngressSpecBuilder().withIngressClassName(KeycloakController.OPENSHIFT_DEFAULT).build());
|
||||
}
|
||||
kc.getSpec().setHostnameSpec(hostnameSpecBuilder.build());
|
||||
kc.getSpec().setProxySpec(null);
|
||||
|
||||
K8sUtils.deployKeycloak(k8sclient, kc, true);
|
||||
|
||||
String testHostname;
|
||||
if (isOpenShift) {
|
||||
testHostname = k8sclient.resource(kc).get().getSpec().getHostnameSpec().getHostname();
|
||||
} else {
|
||||
testHostname = kubernetesIp;
|
||||
}
|
||||
|
||||
testIngressURLs("https://" + testHostname + ":443");
|
||||
|
||||
// just check we really have proxy set correctly
|
||||
var envVars = k8sclient.apps().statefulSets().withName(kc.getMetadata().getName()).get().getSpec()
|
||||
.getTemplate().getSpec().getContainers().get(0).getEnv();
|
||||
assertThat(envVars)
|
||||
.anyMatch(e -> "KC_PROXY".equals(e.getName()) && "passthrough".equals(e.getValue()))
|
||||
.noneMatch(e -> "KC_PROXY_HEADERS".equals(e.getName()));
|
||||
}
|
||||
|
||||
private void testIngressURLs(String baseUrl) {
|
||||
Awaitility.await()
|
||||
.ignoreExceptions()
|
||||
|
|
|
|||
Loading…
Reference in a new issue