coop-cloud/keycloak
coop-cloud
/
keycloak
4
0
Fork 2
Code Issues 4 Pull Requests Releases 1 Wiki Activity

Publish 20.x recipe version #12

New Issue
Closed
opened 2022-11-13 01:03:50 +00:00 by javielico · 11 comments
javielico commented 2022-11-13 01:03:50 +00:00
Member
Copy Link

Hi folks,

I was exploring this recipe a bit more and got me a bit concerned as the image that we're using from Docker Hub jboss/keycloak:16.1.1 has not been updated for 10 months. I can see that the latest stable is 20.0 as per the repo from Redhat, is there anything we can do about this as it doesnt seem to be an image on dockerhub?

CC @3wordchant @decentral1se

🙏 - J

Hi folks, I was exploring this recipe a bit more and got me a bit concerned as the image that we're using from Docker Hub `jboss/keycloak:16.1.1` has not been updated for 10 months. I can see that the latest stable is 20.0 as per the repo from Redhat, is there anything we can do about this as it doesnt seem to be an image on dockerhub? CC @3wordchant @decentral1se 🙏 - J
❤️ 1
javielico commented 2022-11-13 01:04:48 +00:00
Author
Member
Copy Link

We could perhaps switch it to this image? https://hub.docker.com/r/keycloak/keycloak/tags

We could perhaps switch it to this image? https://hub.docker.com/r/keycloak/keycloak/tags
3wordchant commented 2022-11-13 03:10:26 +00:00
Owner
Copy Link

Good call, thanks @javielico! 🙏 Images switching repo is one area where we really don't have a good solution for automated monitoring. It recently hit our radar at Autonomic that our Keycloak recipe was falling behind (because of a warning from Dashy, of all things), it's on our list to sort out an update, and keycloak/keycloak seems like a great move.

Race you to trying it out and making a PR for the switch! Either way, much appreciate your work investigating

Good call, thanks @javielico! 🙏 Images switching repo is one area where we really don't have a good solution for automated monitoring. It recently hit our radar at Autonomic that our Keycloak recipe was falling behind (because of a warning from Dashy, of all things), it's on our list to sort out an update, and `keycloak/keycloak` seems like a great move. Race you to trying it out and making a PR for the switch! Either way, much appreciate your work investigating ✊
javielico commented 2022-11-13 16:20:39 +00:00
Author
Member
Copy Link

No worries @3wordchant, I will put it on my list to test out next week; I will have a look through the changelogs first and test it out on a dev enviroment before raising the PR.

No worries @3wordchant, I will put it on my list to test out next week; I will have a look through the changelogs first and test it out on a dev enviroment before raising the PR.
javielico commented 2022-11-13 16:41:31 +00:00
Author
Member
Copy Link

Just to add for reference, here's a list of CVE's fixed since the version we've on the docker image (16.1.1)

I will treat these tests as priority for now just to avoid having a security hole on our identity services.

Just to add for reference, here's a list of CVE's fixed since the version we've on the docker image (16.1.1) * https://github.com/keycloak/keycloak/issues/11245 * https://github.com/keycloak/keycloak-containers/issues/393 * https://github.com/keycloak/keycloak/issues/11063 * https://github.com/keycloak/keycloak/issues/11071 * https://github.com/keycloak/keycloak/issues/11196 * https://github.com/keycloak/keycloak/issues/11292 * https://github.com/keycloak/keycloak/issues/14786 * https://github.com/keycloak/keycloak/issues/14787 I will treat these tests as priority for now just to avoid having a security hole on our identity services.
3wordchant commented 2022-11-13 17:43:23 +00:00
Owner
Copy Link

Nice, appreciate that research! 💯

Nice, appreciate that research! 💯
decentral1se commented 2022-11-13 21:47:18 +00:00
Owner
Copy Link

Yeh, excellent to raise this. We need to get on it. We've slipped behind on several major version changes as I understand it? I think the upgrade path will be pretty hairy... haven't dug into it but yeh, let's fix this and get our shit upgraded! Thanks!

Yeh, excellent to raise this. We need to get on it. We've slipped behind on several major version changes as I understand it? I think the upgrade path will be pretty hairy... haven't dug into it but yeh, let's fix this and get our shit upgraded! Thanks!
javielico commented 2022-11-14 22:04:04 +00:00
Author
Member
Copy Link

No problem @decentral1se, happy to help maintain the recipes!

No problem @decentral1se, happy to help maintain the recipes!
❤️ 1
decentral1se commented 2022-11-16 18:38:54 +00:00
Owner
Copy Link

@javielico we just managed to wire up the changes for an upgrade directly to latest in 2ac47abfcd and tested it on two different deployments. It seems to work! It's late now, so not doing more of the release work for the recipe but will follow up.

@javielico we just managed to wire up the changes for an upgrade directly to latest in https://git.coopcloud.tech/coop-cloud/keycloak/commit/2ac47abfcd82b98b2d0861ad8e086b68178b325f and tested it on two different deployments. It seems to work! It's late now, so not doing more of the release work for the recipe but will follow up.
javielico commented 2022-11-19 15:46:26 +00:00
Author
Member
Copy Link

Thank you for the merge on this topic @decentral1se

Thank you for the merge on this topic @decentral1se
❤️ 1
decentral1se commented 2022-11-21 10:09:30 +00:00
Owner
Copy Link

Nice, so, this upgrade seems legit, have tested it a lot.

Just leaving this open to push the release / tag now.

Nice, so, this upgrade seems legit, have tested it a lot. Just leaving this open to push the release / tag now.
decentral1se changed title from Image has not been updated for 10 months to Publish 20.x recipe version 2022-11-21 10:10:58 +00:00
knoflook commented 2023-03-06 14:38:31 +00:00
Owner
Copy Link

woohoo we're running 20.x!

woohoo we're running 20.x!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
postgres
dev
arm64
custom-theme-loading
8.0.1+23.0.6
8.0.0+23.0.0
7.2.0+22.0.5
7.1.0+22.0.5
7.0.2+22.0.5
7.0.1+22.0.4
6.1.0+22.0.1
7.0.0+22.0.1
6.0.0+21.0.2
5.1.0+20.0.3
5.0.2+20.0.3
5.0.1+20.0.3
5.0.0+20.0.1
4.0.1+16.1.1
4.0.0+16.1.0
3.0.0+15.0.2
2.0.0+14.0.0
1.0.0+13.0.1
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/keycloak#12
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?