diff --git a/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc b/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc index 2c35bb3e52c..ff295e29fc7 100644 --- a/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc +++ b/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc @@ -100,6 +100,12 @@ Consider one of the following cases and recommended migration steps: * With the feature `persistent-user-session` feature enabled, the remote store configuration is ignored and {project_name} will print a warning. ==== +=== Kubernetes cache stack has been deprecated + +The `kubernetes` cache stack has been deprecated and will be removed in a future release. Users should transition to the `jdbc-ping` stack. + +Consequently, the Keycloak Operator now uses the `jdbc-ping` cache stack by default. + === Signing out from other devices now disabled by default Previously, when a user updated their credentials, like changing their password or adding another factor like an OTP or Passkey, they had a checkbox *Sign out from other devices* which was checked by default. Since this release, {project_name} displays the checkbox *Sign out from other devices* not checked by default. This checkbox should now be intentionally enabled by the user to logout all the other related sessions associated to the same user. diff --git a/docs/guides/server/caching.adoc b/docs/guides/server/caching.adoc index c0c5b5a61a5..b6c3cdda4f6 100644 --- a/docs/guides/server/caching.adoc +++ b/docs/guides/server/caching.adoc @@ -242,7 +242,7 @@ The following table shows transport stacks that are available using the `--cache |=== |Stack name|Transport protocol|Discovery -|`kubernetes`|TCP|DNS resolution using the JGroups `DNS_PING` protocol. It requires to set `jgroups.dns.query` to the headless service FQDN. +|`kubernetes` (deprecated) |TCP|DNS resolution using the JGroups `DNS_PING` protocol. It requires to set `jgroups.dns.query` to the headless service FQDN. |`tcp` (deprecated)|TCP|IP multicast using the JGroups `MPING` protocol. See below on how to configure a unique `jgroups.mcast_addr` or `jgroups.mcast_port` for each cluster. |`udp` (deprecated)|UDP|IP multicast using the JGroups `PING` protocol. See below on how to configure a unique `jgroups.mcast_addr` or `jgroups.mcast_port` for each cluster. |=== diff --git a/operator/src/main/java/org/keycloak/operator/Constants.java b/operator/src/main/java/org/keycloak/operator/Constants.java index f3efcf84e24..a3f883e341f 100644 --- a/operator/src/main/java/org/keycloak/operator/Constants.java +++ b/operator/src/main/java/org/keycloak/operator/Constants.java @@ -49,8 +49,7 @@ public final class Constants { public static final List DEFAULT_DIST_CONFIG_LIST = List.of( new ValueOrSecret("health-enabled", "true"), - new ValueOrSecret("cache", "ispn"), - new ValueOrSecret("cache-stack", "kubernetes") + new ValueOrSecret("cache", "ispn") ); diff --git a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java index ade08347769..4b3261c2d4e 100644 --- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java +++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java @@ -99,8 +99,6 @@ public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependent public static final String KC_TRACING_SERVICE_NAME = "KC_TRACING_SERVICE_NAME"; public static final String KC_TRACING_RESOURCE_ATTRIBUTES = "KC_TRACING_RESOURCE_ATTRIBUTES"; - static final String JGROUPS_DNS_QUERY_PARAM = "-Djgroups.dns.query="; - public static final String OPTIMIZED_ARG = "--optimized"; private boolean useServiceCaCrt; @@ -325,7 +323,6 @@ public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependent } // Set bind address as this is required for JGroups to form a cluster in IPv6 envionments containerBuilder.addToArgs(0, "-Djgroups.bind.address=$(%s)".formatted(POD_IP)); - containerBuilder.addToArgs(0, getJGroupsParameter(keycloakCR)); // probes var protocol = isTlsConfigured(keycloakCR) ? "HTTPS" : "HTTP"; @@ -425,9 +422,6 @@ public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependent } - private static String getJGroupsParameter(Keycloak keycloakCR) { - return JGROUPS_DNS_QUERY_PARAM + KeycloakDiscoveryServiceDependentResource.getName(keycloakCR) +"." + keycloakCR.getMetadata().getNamespace(); - } private void addEnvVars(StatefulSet baseDeployment, Keycloak keycloakCR, TreeSet allSecrets, Context context) { var distConfigurator = ContextUtils.getDistConfigurator(context); diff --git a/operator/src/test/java/org/keycloak/operator/testsuite/unit/PodTemplateTest.java b/operator/src/test/java/org/keycloak/operator/testsuite/unit/PodTemplateTest.java index 0963b7f08cf..eb9a26188fe 100644 --- a/operator/src/test/java/org/keycloak/operator/testsuite/unit/PodTemplateTest.java +++ b/operator/src/test/java/org/keycloak/operator/testsuite/unit/PodTemplateTest.java @@ -246,8 +246,8 @@ public class PodTemplateTest { // Assert assertEquals(1, podTemplate.getSpec().getContainers().get(0).getCommand().size()); assertEquals(command, podTemplate.getSpec().getContainers().get(0).getCommand().get(0)); - assertEquals(3, podTemplate.getSpec().getContainers().get(0).getArgs().size()); - assertEquals(arg, podTemplate.getSpec().getContainers().get(0).getArgs().get(2)); + assertEquals(2, podTemplate.getSpec().getContainers().get(0).getArgs().size()); + assertEquals(arg, podTemplate.getSpec().getContainers().get(0).getArgs().get(1)); } @Test diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java index 436fd8c00ca..0e6a611b049 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java @@ -65,7 +65,7 @@ public class CachingOptions { .strictExpectedValues(false) .description("Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set.") // Do not set a default value here as it would otherwise overwrite an explicit stack chosen in cache config XML - .deprecatedValues("Use 'jdbc-ping' instead by leaving it unset", Stack.azure, Stack.ec2, Stack.google, Stack.tcp, Stack.udp, Stack.jdbc_ping_udp) + .deprecatedValues("Use 'jdbc-ping' instead by leaving it unset", Stack.azure, Stack.ec2, Stack.google, Stack.jdbc_ping_udp, Stack.kubernetes, Stack.tcp, Stack.udp) .build(); public static final Option CACHE_CONFIG_FILE = new OptionBuilder<>(CACHE_CONFIG_FILE_PROPERTY, File.class) diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt index 6e43e1710e4..26b4bef9e7c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt @@ -103,9 +103,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt index f72fcd72d3c..07f8f965ff2 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt @@ -84,9 +84,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt index 7df490dac0d..ecba644099f 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt @@ -104,9 +104,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt index 4278cebf0ad..7b917a7c23a 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt @@ -84,9 +84,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt index dec88cdce96..099ad77762e 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt @@ -104,9 +104,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt index cf28442e299..3b5cf519321 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt @@ -83,9 +83,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt index f787ff44eee..a1e25106ab2 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt @@ -103,9 +103,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt index 0389ac15243..655b61161cb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt @@ -81,9 +81,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt index 76e9ca2f960..a4a9574ad3c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt @@ -101,9 +101,9 @@ Cache: --cache-stack Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping, - kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated), - ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one. - Available only when 'cache' type is set to 'ispn'. + kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp + (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or + a custom one. Available only when 'cache' type is set to 'ispn'. Config: