[bitnami/keycloak] Keycloak rolling upgrades with Infinispan

[antikalk]

Name and Version

bitnami/keycloak latest

What is the problem this feature will solve?

During rolling upgrade of Keycloak to the next Major/Minor version it could happen that the first pod that is updated can not start up due to breaking changes in Infinispan. Basically the new Pod can not connect to the infinispan cluster.

To mitigate this, it would be nice if the Keycloak pods only connect to infinispan nodes that are running the same version. This way the cache is busted during an upgrade, but it will always be possible to do a rolling update. With the new persistent-session feature, also the sessions will not be lost anymore.

This solution is inspired by: keycloak/keycloak#21067 (comment)

What is the feature you are proposing to solve the problem?

1. Include the version on the name of the headless-service (e.g. ...-keycloak-headless-25-0) and let the headless service only connect to Keycloak pods running the corresponding version. E.g. use a newly introduced label on the Keycloak pods as additional selector.
2. Update the StatefulSet to include the new pod label.
3. Adapt JAVA_OPTS_APPEND to use the new name of the headless service, e.g.: jgroups.dns.query=%s-headless-%s.%s.svc.%s

The Major/Minor version could be read from the image tag that is being used: regexReplaceAll "^([0-9]+)\\.([0-9]+).*" .Values.image.tag "$1-$2"

What alternatives have you considered?

No response

[carrodher]

Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.