Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update keycloak from 6.0.1 to the latest version, 15.0.2 #19585

Closed
Tracked by #20194
tolusha opened this issue Apr 14, 2021 · 9 comments
Closed
Tracked by #20194

Update keycloak from 6.0.1 to the latest version, 15.0.2 #19585

tolusha opened this issue Apr 14, 2021 · 9 comments
Assignees
@AndrienkoAleksandr
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/enhancement A feature request - must adhere to the feature request template. new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes severity/P1 Has a major impact to usage or development of the system.
Milestone
7.37

Comments

@tolusha
Copy link
Contributor

tolusha commented Apr 14, 2021
edited by benoitf
Loading

Is your enhancement related to a problem? Please describe.

For the time being there multiple issues with Keycloak 6.0.1 related to Eclipse Che:

Describe the solution you'd like

  1. To try update and collect possible issues
  2. Estimate them if it worth updating or wait until Keycloak won't be mandatory (5-6 month)

Release Notes text

Update keycloak from 6.0.1 to the latest version, 15.0.2
@tolusha tolusha added kind/enhancement A feature request - must adhere to the feature request template. sprint/next severity/P1 Has a major impact to usage or development of the system. area/install Issues related to installation, including offline/air gap and initial setup labels Apr 14, 2021
@l0rd
Copy link
Contributor

l0rd commented Apr 14, 2021
edited
Loading

cc @jenia90 this is something you brought to last community call. We plan to work on the upgrade of Keycloak image. Please create an issue for all the images that have security vulns and we will link this one to it.

@jenia90
Copy link

jenia90 commented Apr 14, 2021

@l0rd thank you for opening the issue. It will take us couple of days since it's holidays here, but my colleagues and myself will open all of the relevant issues somewhere next week.

@l0rd l0rd added the new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes label Apr 14, 2021
@jenia90
Copy link

jenia90 commented Apr 22, 2021

Ref issue #19646 with a list of vulnerabilities that were found in che-keycloak image.

@tolusha tolusha changed the title Update keycloak from 6.0.1 to the latest 12.x version Update keycloak from 6.0.1 to the latest version Apr 23, 2021
@tolusha tolusha mentioned this issue Apr 29, 2021
Closed
35 tasks
@tolusha tolusha added this to the 7.31 milestone May 5, 2021
@tolusha tolusha mentioned this issue May 5, 2021
Closed
41 tasks
@tolusha tolusha mentioned this issue May 24, 2021
Closed
47 tasks
@tolusha tolusha modified the milestones: 7.31, 7.32 May 24, 2021
@tolusha tolusha removed this from the 7.32 milestone Jun 16, 2021
@tolusha tolusha mentioned this issue Jul 7, 2021
Closed
24 tasks
@cccs-tom
Copy link

cccs-tom commented Jul 7, 2021

I am very interested in this update, but I see it's been removed from all milestones at this time. Is this still on the roadmap, @tolusha?

@tolusha
Copy link
Contributor Author

tolusha commented Jul 8, 2021

@cccs-tom
yes, It is still in the roadmap.
Unfortunately @AndrienkoAleksandr who is an expert in this field, currently is busy with another long lasting task

@cccs-tom
Copy link

cccs-tom commented Jul 8, 2021

Great, thanks for the update!

@tolusha tolusha mentioned this issue Jul 26, 2021
Closed
31 tasks
@tolusha tolusha added this to the 7.35 milestone Jul 28, 2021
@AndrienkoAleksandr AndrienkoAleksandr self-assigned this Aug 2, 2021
@skabashnyuk skabashnyuk mentioned this issue Aug 4, 2021
Closed
8 tasks
@AndrienkoAleksandr
Copy link
Contributor

I tested keycloak 15.0.0 on the k8s platform(minikube) and my result: login/logout/ access to user profile works. Workspaces are starting and running, but ingress blocks che-theia editor page. I found that new keycloak sends plenty big header in the response and ingress block it:

2021/08/09 07:56:12 [error] 18582#18582: *3520556 upstream sent too big header while reading response header from upstream, client: 192.168.99.1, server: keycloak-eclipse-che.192.168.99.111.nip.io, request: "GET /auth/realms/che/protocol/openid-connect/auth?client_id=che-public&redirect_uri=https%3A%2F%2Fche-eclipse-che.192.168.99.111.nip.io%2F_app%2Floader.html%3FredirectUrl%3Dhttps%3A%2F%2Fserverkjz3u98u-jwtproxy-server-4402.192.168.99.111.nip.io%2F%26workspaceId%3Dworkspacevfbms22q4nf4eetc&state=5db1dbf2-af3d-45aa-9a5e-e5999be5e528&response_mode=fragment&response_type=code&scope=openid&nonce=cd5d9e34-b29e-453b-8073-1d73c35e81bf HTTP/2.0", upstream: "http://172.17.0.15:8080/auth/realms/che/protocol/openid-connect/auth?client_id=che-public&redirect_uri=https%3A%2F%2Fche-eclipse-che.192.168.99.111.nip.io%2F_app%2Floader.html%3FredirectUrl%3Dhttps%3A%2F%2Fserverkjz3u98u-jwtproxy-server-4402.192.168.99.111.nip.io%2F%26workspaceId%3Dworkspacevfbms22q4nf4eetc&state=5db1dbf2-af3d-45aa-9a5e-e5999be5e528&response_mode=fragment&response_type=code&scope=openid&nonce=cd5d9e34-b29e-453b-8073-1d73c35e81bf", host: "keycloak-eclipse-che.192.168.99.111.nip.io", referrer: "https://che-eclipse-che.192.168.99.111.nip.io/"

So user see error page "502 Bad Gateway nginx" instead of che-theia. It can be fixed creation custom ingress configmap and modification ingress controller deployment to use this custom configmap, but such variant doesn't satisfy us. I will contact with keycloak team and I will try investigate why it works fine good on the old keycloak and brings troubles with newer one.

@tolusha tolusha mentioned this issue Aug 16, 2021
Closed
19 tasks
@tolusha tolusha modified the milestones: 7.35, 7.36 Aug 16, 2021
This was referenced Aug 17, 2021
Merged
Merged
Closed
@tolusha tolusha mentioned this issue Sep 3, 2021
Closed
29 tasks
@tolusha tolusha modified the milestones: 7.36, 7.37 Sep 3, 2021
@tolusha
Copy link
Contributor Author

tolusha commented Sep 3, 2021

Just to inform.
We have completed all tests and ready to migrate to keycloak 15.0.2 (will be done approximately next week)

@jenia90
Copy link

jenia90 commented Sep 5, 2021

Just to inform.
We have completed all tests and ready to migrate to keycloak 15.0.2 (will be done approximately next week)

This is great news! :)

@tolusha tolusha mentioned this issue Sep 10, 2021
Closed
@tolusha tolusha closed this as completed Sep 10, 2021
@nickboldt nickboldt changed the title Update keycloak from 6.0.1 to the latest version Update keycloak from 6.0.1 to the latest version, 15.0.2 Sep 13, 2021
@benoitf benoitf added the status/release-notes-review-needed Issues that needs to be reviewed by the doc team for the Release Notes wording label Sep 14, 2021
@max-cx max-cx removed the status/release-notes-review-needed Issues that needs to be reviewed by the doc team for the Release Notes wording label Jan 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AndrienkoAleksandr AndrienkoAleksandr

Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/enhancement A feature request - must adhere to the feature request template. new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.37
Development

No branches or pull requests
7 participants
@benoitf @l0rd @tolusha @jenia90 @AndrienkoAleksandr @cccs-tom @max-cx