keycloak upgrade

.dockerignore

@@ -1,9 +1,10 @@
-src/node_modules
 src/.npm
 src/_tmp
 src/.cache
 src/.config
 src/.nyc_output
 src/dist
 **/.next
-_data
+_data
+**/node_modules
+__coverage__

.github/workflows/aps-cypress-e2e.yaml

@@ -21,7 +21,7 @@ jobs:
     steps:
       - name: Build GWA API Image
         run: |
-          git clone https://github.com/bcgov/gwa-api.git
+          git clone -b feature/kc-upgrade https://github.com/bcgov/gwa-api.git
           cd gwa-api/microservices/gatewayApi
           docker build -t gwa-api:e2e .
 
@@ -54,6 +54,7 @@ jobs:
               break
             else
               echo  "Waiting for Cypress to Complete E2E Tests....."
+              docker compose logs cypress -n 5
               sleep 1m
             fi
           done

Dockerfile

@@ -1,5 +1,4 @@
-#FROM node:lts-alpine3.17
-FROM node:16.14.2-alpine3.15
+FROM node:20-alpine3.19
 
 ARG APP_VERSION
 ENV NEXT_PUBLIC_APP_VERSION=${APP_VERSION}
@@ -11,6 +10,9 @@ RUN apk add curl jq
 
 WORKDIR /app
 
+# Workaround due to an ESM error
+COPY src/keycloak-admin-client ./keycloak-admin-client
+
 COPY src/*.json ./
 RUN npm install --legacy-peer-deps
 

docker-compose.yml

@@ -1,3 +1,4 @@
+name: e2e
 version: '3.8'
 
 x-common-variables: &common-variables
@@ -8,39 +9,56 @@ x-common-variables: &common-variables
   KONG_PG_PASSWORD: konguser
 
 services:
-  keycloak:
-    image: quay.io/keycloak/keycloak:15.1.1
-    container_name: keycloak
-    hostname: keycloak
+  keycloak-nodes:
+    image: keycloak:latest
+    deploy:
+      replicas: 2
+      endpoint_mode: dnsrr
+    build:
+      context: .
+      dockerfile: ./local/keycloak/Dockerfile
     depends_on:
       - kong-db
     command:
       [
-        '-b',
-        '0.0.0.0',
-        '-Djboss.socket.binding.port-offset=1001',
-        '-Dkeycloak.migration.action=import',
-        '-Dkeycloak.migration.provider=singleFile',
-        '-Dkeycloak.migration.file=/tmp/realm-config/master-realm.json',
-        '-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
-        '-Dkeycloak.profile.feature.upload_scripts=enabled',
+        'start',
+        '--optimized',
+        '--cache=ispn',
+        '--hostname',
+        'http://keycloak.localtest.me:9081/auth',
+        '--db-url',
+        'jdbc:postgresql://kong-db/keycloak',
+        '--db-username',
+        'keycloakuser',
+        '--db-password',
+        'keycloakuser',
+        '--http-enabled',
+        'true',
+        '--http-port',
+        '9081',
+        '--import-realm',
       ]
+    volumes:
+      - ./local/keycloak/master-realm.json:/opt/keycloak/data/import/master-realm.json
+    networks:
+      aps-net: {}
+
+  keycloak:
+    image: nginx:latest
     ports:
-      - 9081:9081/tcp
-    environment:
-      #KEYCLOAK_USER: local
-      #KEYCLOAK_PASSWORD: local
-      DB_VENDOR: POSTGRES
-      DB_SCHEMA: public
-      DB_ADDR: kong-db:5432
-      DB_USER: keycloakuser
-      DB_PASSWORD: keycloakuser
+      - '9081:9081'
+    depends_on:
+      - keycloak-nodes
     volumes:
-      - ./local/keycloak/master-realm.json:/tmp/realm-config/master-realm.json
+      - ./local/keycloak/nginx-lb.conf:/etc/nginx/conf.d/default.conf
     networks:
       aps-net:
         aliases:
           - keycloak.localtest.me
+    deploy:
+      restart_policy:
+        condition: any
+
   oauth2-proxy:
     image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.0
     container_name: oauth2-proxy

e2e/entrypoint.sh

@@ -3,7 +3,7 @@
 cd /tmp
 
 while true; do
-    keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master)
+    keycloakstatus=$(curl -o /dev/null -sw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master)
     echo "$keycloakstatus"
     if [[ "$keycloakstatus" == "200" ]]; then
         echo  "Keycloak is up"

local/db/database-init.sql

@@ -1,11 +1,8 @@
 CREATE ROLE keystonejsuser WITH LOGIN PASSWORD 'keystonejsuser';
-
 CREATE DATABASE keystonejs OWNER keystonejsuser;
 
 CREATE ROLE konguser WITH LOGIN PASSWORD 'konguser';
-
 CREATE DATABASE kong OWNER konguser;
 
 CREATE ROLE keycloakuser WITH LOGIN PASSWORD 'keycloakuser';
-
 CREATE DATABASE keycloak OWNER keycloakuser;

local/feeder-init/init.sh

@@ -3,7 +3,7 @@ apk add --no-cache curl
 cd /tmp
 
 while true; do
-    keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master)
+    keycloakstatus=$(curl -o /dev/null -sw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master)
     echo "$keycloakstatus"
     if [[ "$keycloakstatus" == "200" ]]; then
         echo  "Keycloak is up"

local/gwa-api/.env.local

@@ -21,4 +21,5 @@ PORTAL_ACTIVITY_TOKEN=
 HOST_TRANSFORM_ENABLED=false
 HOST_TRANSFORM_BASE_URL=
 PLUGINS_RATELIMITING_REDIS_PASSWORD=s3cr3t
-LOCAL_ENVIRONMENT=True
+LOCAL_ENVIRONMENT=True
+DATA_PLANES_CONFIG_PATH=/tmp/gwa/data_planes_config.json

local/gwa-api/data_planes_config.json

@@ -0,0 +1,9 @@
+{
+    "data_planes": {
+        "local.dataplane": {
+            "kube-api": "http://kubenull",
+            "kube-ns": "local-cluster",
+            "validate-upstreams": false
+        }
+    }
+}

local/gwa-api/entrypoint.sh

@@ -55,7 +55,7 @@ kong-addr: $KONG_ADMIN_URL
 EOF
 
 while true; do
-    keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master)
+    keycloakstatus=$(curl -o /dev/null -sw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master)
     echo "$keycloakstatus"
     if [[ "$keycloakstatus" == "200" ]]; then
         echo  "Keycloak is up"

local/keycloak/Dockerfile

@@ -0,0 +1,10 @@
+FROM quay.io/keycloak/keycloak:nightly as builder
+
+ENV KC_DB=postgres
+RUN /opt/keycloak/bin/kc.sh build --http-relative-path=/auth
+
+FROM quay.io/keycloak/keycloak:nightly
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+WORKDIR /opt/keycloak
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+CMD ["start", "--optimized", "--hostname", "http://localhost:8080", "--http-enabled", "true"]