-
Bug
-
Resolution: Done
-
Undefined
-
26.2.5
-
False
-
-
False
-
-
Before reporting an issue
[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
operator
Describe the bug
The recreate update logic is not scaling down the stateful set to zero, and it is doing a rolling update which is unsafe to do.
Version
26.2.4
Regression
[x] The issue is a regression
Expected behavior
Using version 26.2.2, I got the correct behavior with the following events when changing the image in the Keycloak CR
4m43s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-3 in StatefulSet keycloak successful 4m43s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-2 in StatefulSet keycloak successful 4m38s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-1 in StatefulSet keycloak successful 4m36s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-0 in StatefulSet keycloak successful 4m35s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-0 in StatefulSet keycloak successful 4m19s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-1 in StatefulSet keycloak successful 4m3s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-2 in StatefulSet keycloak successful 3m48s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-3 in StatefulSet keycloak successful
Actual behavior
With version 26.2.4, I got the following events when changing the image in the Keycloak CR:
3m12s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-3 in StatefulSet keycloak successful 3m10s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-3 in StatefulSet keycloak successful 2m55s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-2 in StatefulSet keycloak successful 2m55s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-2 in StatefulSet keycloak successful 2m35s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-1 in StatefulSet keycloak successful 2m34s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-1 in StatefulSet keycloak successful 2m19s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-0 in StatefulSet keycloak successful 2m18s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-0 in StatefulSet keycloak successful
As observed, each pod is restarted individually.
How to Reproduce?
1. Deploy a simple Keycloak CR. I'm using the following
apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: labels:
app: keycloak
name: keycloak spec: hostname:
hostname: "<redacted>"
resources:
requests:
cpu: "1"
memory: "1000M"
limits:
cpu: "1"
memory: "1000M"
db:
vendor: postgres
url: jdbc:postgresql://postgres:5432/keycloak
poolMinSize: 8
poolInitialSize: 8
poolMaxSize: 30
usernameSecret:
name: postgres-secret
key: username
passwordSecret:
name: postgres-secret
key: password
ingress:
enabled: true
image: image-registry.openshift-image-registry.svc:5000/training-base/keycloak-base:26.2
startOptimized: true
http:
tlsSecret: keycloak-tls-secret
instances: 4 unsupported:
podTemplate:
spec:
containers:
- env:
- We want to have an externally provided username and password, therefore, we override those two environment variables
- name: KC_BOOTSTRAP_ADMIN_USERNAME
valueFrom:
secretKeyRef:
name: keycloak-preconfigured-admin
key: username
optional: false - name: KC_BOOTSTRAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-preconfigured-admin
key: password
optional: false
2. On the OpenShift web console, change the image.
Anything else?
No response
- links to
