feat!: bump bitnami/keycloak, bitnami/common helm chart versions (#110)

epam · Jan 21, 2025 · 22d81ed · 22d81ed
1 parent dbf6e03
commit 22d81ed
Show file tree

Hide file tree

Showing 4 changed files with 197 additions and 31 deletions.
diff --git a/charts/dial/Chart.yaml b/charts/dial/Chart.yaml
@@ -5,59 +5,59 @@ apiVersion: v2
 appVersion: "1.21.0"
 dependencies:
   - name: common
-    repository: https://charts.bitnami.com/bitnami
+    repository: oci://registry-1.docker.io/bitnamicharts
     tags:
       - bitnami-common
-    version: 2.26.0
+    version: 2.29.0
   - name: keycloak
     repository: https://charts.bitnami.com/bitnami
     condition: keycloak.enabled
-    version: 16.1.7
+    version: 24.4.3
   - name: dial-extension
     repository: https://charts.epam-rail.com
     alias: authhelper
     condition: authhelper.enabled
-    version: 1.1.0
+    version: 1.2.0
   - name: dial-core
     repository: https://charts.epam-rail.com
     alias: core
     condition: core.enabled
-    version: 4.0.0
+    version: 4.1.0
   - name: dial-extension
     repository: https://charts.epam-rail.com
     alias: chat
     condition: chat.enabled
-    version: 1.1.0
+    version: 1.2.0
   - name: dial-extension
     repository: https://charts.epam-rail.com
     alias: themes
     condition: themes.enabled
-    version: 1.1.0
+    version: 1.2.0
   - name: dial-extension
     repository: https://charts.epam-rail.com
     alias: openai
     condition: openai.enabled
-    version: 1.1.0
+    version: 1.2.0
   - name: dial-extension
     repository: https://charts.epam-rail.com
     alias: bedrock
     condition: bedrock.enabled
-    version: 1.1.0
+    version: 1.2.0
   - name: dial-extension
     repository: https://charts.epam-rail.com
     alias: vertexai
     condition: vertexai.enabled
-    version: 1.1.0
-  - name: dial-extension
-    repository: https://charts.epam-rail.com
-    alias: assistant
-    condition: assistant.enabled
-    version: 1.1.0
+    version: 1.2.0
   - name: dial-extension
     repository: https://charts.epam-rail.com
     alias: dial
     condition: dial.enabled
-    version: 1.1.0
+    version: 1.2.0
+  - name: dial-extension
+    repository: https://charts.epam-rail.com
+    alias: assistant
+    condition: assistant.enabled
+    version: 1.2.0
 description: Umbrella chart for DIAL solution
 home: https://epam-rail.com
 icon: "https://docs.epam-rail.com/img/favicon.ico"
@@ -70,4 +70,4 @@ maintainers:
 name: dial
 sources:
   - https://github.com/epam/ai-dial-helm/tree/main/charts/dial
-version: 4.3.0
+version: 5.0.0
diff --git a/charts/dial/README.md b/charts/dial/README.md
@@ -1,6 +1,6 @@
 # dial
 
-![Version: 4.3.0](https://img.shields.io/badge/Version-4.3.0-informational?style=flat-square) ![AppVersion: 1.21.0](https://img.shields.io/badge/AppVersion-1.21.0-informational?style=flat-square)
+![Version: 5.0.0](https://img.shields.io/badge/Version-5.0.0-informational?style=flat-square) ![AppVersion: 1.21.0](https://img.shields.io/badge/AppVersion-1.21.0-informational?style=flat-square)
 
 Umbrella chart for DIAL solution
 
@@ -16,17 +16,17 @@ Kubernetes: `>=1.23.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.bitnami.com/bitnami | common | 2.26.0 |
-| https://charts.bitnami.com/bitnami | keycloak | 16.1.7 |
-| https://charts.epam-rail.com | core(dial-core) | 4.0.0 |
-| https://charts.epam-rail.com | authhelper(dial-extension) | 1.1.0 |
-| https://charts.epam-rail.com | chat(dial-extension) | 1.1.0 |
-| https://charts.epam-rail.com | themes(dial-extension) | 1.1.0 |
-| https://charts.epam-rail.com | openai(dial-extension) | 1.1.0 |
-| https://charts.epam-rail.com | bedrock(dial-extension) | 1.1.0 |
-| https://charts.epam-rail.com | vertexai(dial-extension) | 1.1.0 |
-| https://charts.epam-rail.com | assistant(dial-extension) | 1.1.0 |
-| https://charts.epam-rail.com | dial(dial-extension) | 1.1.0 |
+| https://charts.bitnami.com/bitnami | keycloak | 24.4.3 |
+| https://charts.epam-rail.com | core(dial-core) | 4.1.0 |
+| https://charts.epam-rail.com | authhelper(dial-extension) | 1.2.0 |
+| https://charts.epam-rail.com | chat(dial-extension) | 1.2.0 |
+| https://charts.epam-rail.com | themes(dial-extension) | 1.2.0 |
+| https://charts.epam-rail.com | openai(dial-extension) | 1.2.0 |
+| https://charts.epam-rail.com | bedrock(dial-extension) | 1.2.0 |
+| https://charts.epam-rail.com | vertexai(dial-extension) | 1.2.0 |
+| https://charts.epam-rail.com | dial(dial-extension) | 1.2.0 |
+| https://charts.epam-rail.com | assistant(dial-extension) | 1.2.0 |
+| oci://registry-1.docker.io/bitnamicharts | common | 2.29.0 |
 
 ## Installing the Chart
 
@@ -123,7 +123,7 @@ helm install my-release dial/dial -f values.yaml
 | extraDeploy | list | `[]` |  |
 | keycloak.enabled | bool | `false` | Enable/disable keycloak |
 | keycloak.extraEnvVars[0].name | string | `"KC_FEATURES"` |  |
-| keycloak.extraEnvVars[0].value | string | `"token-exchange,admin-fine-grained-authz,declarative-user-profile"` |  |
+| keycloak.extraEnvVars[0].value | string | `"token-exchange,admin-fine-grained-authz"` |  |
 | keycloak.keycloakConfigCli.enabled | bool | `true` |  |
 | keycloak.keycloakConfigCli.extraEnvVars[0].name | string | `"IMPORT_VARSUBSTITUTION_ENABLED"` |  |
 | keycloak.keycloakConfigCli.extraEnvVars[0].value | string | `"true"` |  |
@@ -153,6 +153,89 @@ helm install my-release dial/dial -f values.yaml
 
 ## Upgrading
 
+### To 5.0.0
+
+> [!TIP]
+> If you don't use Keycloak, disregard the information below and proceed with Helm upgrade as usual.
+
+> [!CAUTION]
+> The upgrade includes **BREAKING CHANGES** and require **MANUAL ACTIONS**.
+
+In this version, we've updated the following underlying dependencies which require manual actions:
+
+- `bitnami/keycloak` Helm chart version bumped from `16.1.7` to `24.4.3`
+  - `keycloak` version bumped from `22.0.3` to `26.0.8`
+  - `bitnami/postgresql` Helm chart from `12.12.9` to `16.4.3`
+    - `postgresql` version bumped from `15.4.0` to `17.2.0`
+
+Please refer to the official documentation for more details:
+
+- [bitnami/keycloak helm chart changelog](https://github.com/bitnami/charts/blob/main/bitnami/keycloak/CHANGELOG.md), [upgrade notes](https://github.com/bitnami/charts/blob/main/bitnami/keycloak/README.md#upgrading)
+- [bitnami/postgresql helm chart changelog](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/CHANGELOG.md), [upgrade notes](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/README.md#upgrading)
+
+> [!IMPORTANT]
+> We'd prepared a brief generic upgrade guide below, however, we can not be sure it'll cover all the cases. The steps may vary depending on your configuration and deployment specifics.
+
+1. Stop Keycloak
+1. Backup Postgres database, e.g. open Postgres container shell and run (replace `PGPASSWORD` with the actual password):
+
+    ```bash
+    export PGUSER=postgres
+    export PGPASSWORD=YouShouldReallyChangeThis
+    export PGDUMP_DIR=/bitnami/postgresql
+
+    pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password > ${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump
+    ```
+
+1. Run `helm upgrade` command with usual arguments and **new** `5.X.X` chart version, with addition of special values:
+    - add values
+
+      ```yaml
+      keycloak:
+        diagnosticMode:
+          enabled: true
+        keycloakConfigCli:
+          enabled: false
+        postgresql:
+          diagnosticMode:
+            enabled: true
+      ```
+
+    - delete `declarative-user-profile` from `keycloak.extraEnvVars.*.KC_FEATURES` if it's present
+    - delete all occurrences of `bruteForceProtected` option from `keycloak.keycloakConfigCli.configuration` or `realm.yaml` file if it's present/used
+1. After `helm upgrade` is finished, open Postgres container shell and run (replace `PGPASSWORD` with the actual password):
+
+    ```bash
+    # rename old data dir
+    mv /var/lib/postgresql/data /var/lib/postgresql/data_old
+
+    # run postgres manually
+    nohup /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh > /dev/null 2>&1 &
+
+    # restore databases from dump (replace `PGPASSWORD` with the actual password)
+    export PGUSER=postgres
+    export PGPASSWORD=PASSWORD_PLACEHOLDER
+    export PGDUMP_DIR=/bitnami/postgresql
+
+    psql -d postgres -f ${PGDUMP_DIR}/pg_dumpall-YYYY-MM-DD-HH-MM.pgdump
+    ```
+
+1. Run `helm upgrade` command with usual arguments, **new** `5.X.X` chart version, but without special values
+    - delete values
+
+      ```yaml
+      keycloak:
+        diagnosticMode:
+          enabled: true
+        keycloakConfigCli:
+          enabled: false
+        postgresql:
+          diagnosticMode:
+            enabled: true
+      ```
+
+1. Verify DIAL is up and running correctly
+
 ### To 4.0.0
 
 Bumping the major version to highlight Redis upgrade in `dial-core` helm chart. No actions required, however you may want to check [Redis® 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES) and [dial-core-4.0.0 release notes](https://github.com/epam/ai-dial-helm/releases/tag/dial-core-4.0.0) for specific details.

diff --git a/charts/dial/README.md.gotmpl b/charts/dial/README.md.gotmpl
@@ -69,6 +69,89 @@ helm install my-release dial/dial -f values.yaml
 
 ## Upgrading
 
+### To 5.0.0
+
+> [!TIP]
+> If you don't use Keycloak, disregard the information below and proceed with Helm upgrade as usual.
+
+> [!CAUTION]
+> The upgrade includes **BREAKING CHANGES** and require **MANUAL ACTIONS**.
+
+In this version, we've updated the following underlying dependencies which require manual actions:
+
+- `bitnami/keycloak` Helm chart version bumped from `16.1.7` to `24.4.3`
+  - `keycloak` version bumped from `22.0.3` to `26.0.8`
+  - `bitnami/postgresql` Helm chart from `12.12.9` to `16.4.3`
+    - `postgresql` version bumped from `15.4.0` to `17.2.0`
+
+Please refer to the official documentation for more details:
+
+- [bitnami/keycloak helm chart changelog](https://github.com/bitnami/charts/blob/main/bitnami/keycloak/CHANGELOG.md), [upgrade notes](https://github.com/bitnami/charts/blob/main/bitnami/keycloak/README.md#upgrading)
+- [bitnami/postgresql helm chart changelog](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/CHANGELOG.md), [upgrade notes](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/README.md#upgrading)
+
+> [!IMPORTANT]
+> We'd prepared a brief generic upgrade guide below, however, we can not be sure it'll cover all the cases. The steps may vary depending on your configuration and deployment specifics.
+
+1. Stop Keycloak
+1. Backup Postgres database, e.g. open Postgres container shell and run (replace `PGPASSWORD` with the actual password):
+
+    ```bash
+    export PGUSER=postgres
+    export PGPASSWORD=YouShouldReallyChangeThis
+    export PGDUMP_DIR=/bitnami/postgresql
+
+    pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password > ${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump
+    ```
+
+1. Run `helm upgrade` command with usual arguments and **new** `5.X.X` chart version, with addition of special values:
+    - add values
+
+      ```yaml
+      keycloak:
+        diagnosticMode:
+          enabled: true
+        keycloakConfigCli:
+          enabled: false
+        postgresql:
+          diagnosticMode:
+            enabled: true
+      ```
+
+    - delete `declarative-user-profile` from `keycloak.extraEnvVars.*.KC_FEATURES` if it's present
+    - delete all occurrences of `bruteForceProtected` option from `keycloak.keycloakConfigCli.configuration` or `realm.yaml` file if it's present/used
+1. After `helm upgrade` is finished, open Postgres container shell and run (replace `PGPASSWORD` with the actual password):
+
+    ```bash
+    # rename old data dir
+    mv /var/lib/postgresql/data /var/lib/postgresql/data_old
+
+    # run postgres manually
+    nohup /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh > /dev/null 2>&1 &
+
+    # restore databases from dump (replace `PGPASSWORD` with the actual password)
+    export PGUSER=postgres
+    export PGPASSWORD=PASSWORD_PLACEHOLDER
+    export PGDUMP_DIR=/bitnami/postgresql
+
+    psql -d postgres -f ${PGDUMP_DIR}/pg_dumpall-YYYY-MM-DD-HH-MM.pgdump
+    ```
+
+1. Run `helm upgrade` command with usual arguments, **new** `5.X.X` chart version, but without special values
+    - delete values
+
+      ```yaml
+      keycloak:
+        diagnosticMode:
+          enabled: true
+        keycloakConfigCli:
+          enabled: false
+        postgresql:
+          diagnosticMode:
+            enabled: true
+      ```
+
+1. Verify DIAL is up and running correctly
+
 ### To 4.0.0
 
 Bumping the major version to highlight Redis upgrade in `dial-core` helm chart. No actions required, however you may want to check [Redis® 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES) and [dial-core-4.0.0 release notes](https://github.com/epam/ai-dial-helm/releases/tag/dial-core-4.0.0) for specific details.

diff --git a/charts/dial/values.yaml b/charts/dial/values.yaml
@@ -15,7 +15,7 @@ keycloak:
   #   adminPassword: "youReallyNeedToChangeThis"
   extraEnvVars:
     - name: KC_FEATURES
-      value: "token-exchange,admin-fine-grained-authz,declarative-user-profile"
+      value: "token-exchange,admin-fine-grained-authz"
   postgresql:
     enabled: true
     # auth: