Closed
Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
operator
Describe the bug
The recreate update logic is not scaling down the stateful set to zero, and it is doing a rolling update which is unsafe to do.
Version
26.2.4
Regression
- The issue is a regression
Expected behavior
Using version 26.2.2, I got the correct behavior with the following events when changing the image in the Keycloak CR
4m43s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-3 in StatefulSet keycloak successful
4m43s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-2 in StatefulSet keycloak successful
4m38s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-1 in StatefulSet keycloak successful
4m36s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-0 in StatefulSet keycloak successful
4m35s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-0 in StatefulSet keycloak successful
4m19s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-1 in StatefulSet keycloak successful
4m3s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-2 in StatefulSet keycloak successful
3m48s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-3 in StatefulSet keycloak successful
Actual behavior
With version 26.2.4, I got the following events when changing the image in the Keycloak CR:
3m12s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-3 in StatefulSet keycloak successful
3m10s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-3 in StatefulSet keycloak successful
2m55s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-2 in StatefulSet keycloak successful
2m55s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-2 in StatefulSet keycloak successful
2m35s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-1 in StatefulSet keycloak successful
2m34s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-1 in StatefulSet keycloak successful
2m19s Normal SuccessfulDelete statefulset/keycloak delete Pod keycloak-0 in StatefulSet keycloak successful
2m18s Normal SuccessfulCreate statefulset/keycloak create Pod keycloak-0 in StatefulSet keycloak successful
As observed, each pod is restarted individually.
How to Reproduce?
- Deploy a simple Keycloak CR. I'm using the following
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
labels:
app: keycloak
name: keycloak
spec:
hostname:
hostname: "<redacted>"
resources:
requests:
cpu: "1"
memory: "1000M"
limits:
cpu: "1"
memory: "1000M"
db:
vendor: postgres
url: jdbc:postgresql://postgres:5432/keycloak
poolMinSize: 8
poolInitialSize: 8
poolMaxSize: 30
usernameSecret:
name: postgres-secret
key: username
passwordSecret:
name: postgres-secret
key: password
ingress:
enabled: true
image: image-registry.openshift-image-registry.svc:5000/training-base/keycloak-base:26.2
startOptimized: true
http:
tlsSecret: keycloak-tls-secret
instances: 4
unsupported:
podTemplate:
spec:
containers:
- env:
# We want to have an externally provided username and password, therefore, we override those two environment variables
- name: KC_BOOTSTRAP_ADMIN_USERNAME
valueFrom:
secretKeyRef:
name: keycloak-preconfigured-admin
key: username
optional: false
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-preconfigured-admin
key: password
optional: false
- On the OpenShift web console, change the image.
Anything else?
No response