search

codecentric / helm-charts

A curated set of Helm charts brought to you by codecentric
Apache License 2.0
615 stars 604 forks source link

Migrating from Keycloak to KeycloakX chart #643

Closed conor-nsurely closed 2 years ago

conor-nsurely commented 2 years ago

I'm having a hard time finding information on migrating from Keycloak(using release 18.0.0 with postgresql for reference) to KeycloakX.

In the past I have upgraded keycloak using these instructions https://docs.bitnami.com/kubernetes/apps/keycloak/administration/upgrade-helm3/

However going from Keycloak -> Keycloakx involves using a differenet chart so I am not sure on how to proceed. How best to do this, while transferring users/realms etc?

djessich commented 2 years ago

I moved from codecentric/keycloak to codecentric/keycloakx and it was not easy. It took me a little while to figure out, how this needs to done.

I backuped my entire DB, LDAP directory and my realm settings and imported the Realm into KeycloakX during container startup using the generated realm backup. So you need to create a realm backup with jboss-cli from within Keycloak Legacy container and save it to a location, where you can mount it into KeycloakX container (e.g. NFS dir). The backup should be done via CLI, not via Keycloak Legacy Admin console, as the latter is only a partial backup from which you cannot full recreate your Keycloak instance. You may need to add such a mount before doing the backup.

Then change the startup command for KeycloakX to import the realm using the created backup. It should mount the same volume, in which the backup needs to exists before deployment of KeycloakX with the KeycloakX helm chart. Deploy with the Helm chart and it will import the realm. When imported, stop the container and change back the startup command to allow KeycloakX to start successfully, without importing the backup. You do not need to mount the backup anymore, as KeycloakX already imported it, so you can remove the extra mount from KeycloakX container. I did not reuse the DB backup, as it was autofilled by KeycloakX during Realm import, so I deployed a fresh DB using bitnami/postgresql Helm chart. Currently (at time of writing), KeycloakX Helm chart does not autodeploy the database as it was with Keycloak Legacy Helm chart.

Maybe this gives you a direction how the migration can be done 🚀 I do not know if there is an easier way, but it worked for me 👍

conor-nsurely commented 2 years ago

@djessich Sorry I forgot to reply.

In the end I exported the DB from the postgresql instance, then created a new postgresql instance with a Keycloak DB/user. FInally I imported the DB exported from the previous postgresql instance, and installed the new "KeycloakX" helm chart, with the postgresql hostname set to that of the new postgresql instance.

All users/config carried over fine, haven't had any issue since.