Change discovery in Kubernetes to jdbc-ping

Closes #39544 Signed-off-by: Ryan Emerson <remerson@redhat.com>
2025-12-21 06:20:05 -06:00 · 2025-06-05 15:48:30 +01:00
parent c3bbf45a7b
commit 0c62bd0878
15 changed files with 38 additions and 39 deletions
--- a/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc
+++ b/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc
@@ -100,6 +100,12 @@ Consider one of the following cases and recommended migration steps:
 * With the feature `persistent-user-session` feature enabled, the remote store configuration is ignored and {project_name} will print a warning.
 ====

+=== Kubernetes cache stack has been deprecated
+
+The `kubernetes` cache stack has been deprecated and will be removed in a future release. Users should transition to the `jdbc-ping` stack.
+
+Consequently, the Keycloak Operator now uses the `jdbc-ping` cache stack by default.
+
 === Signing out from other devices now disabled by default

 Previously, when a user updated their credentials, like changing their password or adding another factor like an OTP or Passkey, they had a checkbox *Sign out from other devices* which was checked by default. Since this release, {project_name} displays the checkbox *Sign out from other devices* not checked by default. This checkbox should now be intentionally enabled by the user to logout all the other related sessions associated to the same user.
--- a/docs/guides/server/caching.adoc
+++ b/docs/guides/server/caching.adoc
@@ -242,7 +242,7 @@ The following table shows transport stacks that are available using the `--cache
 |===
 |Stack name|Transport protocol|Discovery

-|`kubernetes`|TCP|DNS resolution using the JGroups `DNS_PING` protocol. It requires to set `jgroups.dns.query` to the headless service FQDN.
+|`kubernetes` (deprecated) |TCP|DNS resolution using the JGroups `DNS_PING` protocol. It requires to set `jgroups.dns.query` to the headless service FQDN.
 |`tcp` (deprecated)|TCP|IP multicast using the JGroups `MPING` protocol. See below on how to configure a unique `jgroups.mcast_addr` or `jgroups.mcast_port` for each cluster.
 |`udp` (deprecated)|UDP|IP multicast using the JGroups `PING` protocol. See below on how to configure a unique `jgroups.mcast_addr` or `jgroups.mcast_port` for each cluster.
 |===
--- a/operator/src/main/java/org/keycloak/operator/Constants.java
+++ b/operator/src/main/java/org/keycloak/operator/Constants.java
@@ -49,8 +49,7 @@ public final class Constants {

    public static final List<ValueOrSecret> DEFAULT_DIST_CONFIG_LIST = List.of(
            new ValueOrSecret("health-enabled", "true"),
-            new ValueOrSecret("cache", "ispn"),
-            new ValueOrSecret("cache-stack", "kubernetes")
+            new ValueOrSecret("cache", "ispn")
    );


--- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java
+++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java
@@ -99,8 +99,6 @@ public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependent
    public static final String KC_TRACING_SERVICE_NAME = "KC_TRACING_SERVICE_NAME";
    public static final String KC_TRACING_RESOURCE_ATTRIBUTES = "KC_TRACING_RESOURCE_ATTRIBUTES";

-    static final String JGROUPS_DNS_QUERY_PARAM = "-Djgroups.dns.query=";
-
    public static final String OPTIMIZED_ARG = "--optimized";

    private boolean useServiceCaCrt;
@@ -325,7 +323,6 @@ public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependent
        }
        // Set bind address as this is required for JGroups to form a cluster in IPv6 envionments
        containerBuilder.addToArgs(0, "-Djgroups.bind.address=$(%s)".formatted(POD_IP));
-        containerBuilder.addToArgs(0, getJGroupsParameter(keycloakCR));

        // probes
        var protocol = isTlsConfigured(keycloakCR) ? "HTTPS" : "HTTP";
@@ -425,9 +422,6 @@ public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependent

    }

-    private static String getJGroupsParameter(Keycloak keycloakCR) {
-        return JGROUPS_DNS_QUERY_PARAM + KeycloakDiscoveryServiceDependentResource.getName(keycloakCR) +"." + keycloakCR.getMetadata().getNamespace();
-    }

    private void addEnvVars(StatefulSet baseDeployment, Keycloak keycloakCR, TreeSet<String> allSecrets, Context<Keycloak> context) {
        var distConfigurator = ContextUtils.getDistConfigurator(context);
--- a/operator/src/test/java/org/keycloak/operator/testsuite/unit/PodTemplateTest.java
+++ b/operator/src/test/java/org/keycloak/operator/testsuite/unit/PodTemplateTest.java
@@ -246,8 +246,8 @@ public class PodTemplateTest {
        // Assert
        assertEquals(1, podTemplate.getSpec().getContainers().get(0).getCommand().size());
        assertEquals(command, podTemplate.getSpec().getContainers().get(0).getCommand().get(0));
-        assertEquals(3, podTemplate.getSpec().getContainers().get(0).getArgs().size());
-        assertEquals(arg, podTemplate.getSpec().getContainers().get(0).getArgs().get(2));
+        assertEquals(2, podTemplate.getSpec().getContainers().get(0).getArgs().size());
+        assertEquals(arg, podTemplate.getSpec().getContainers().get(0).getArgs().get(1));
    }

    @Test
--- a/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java
+++ b/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java
@@ -65,7 +65,7 @@ public class CachingOptions {
            .strictExpectedValues(false)
            .description("Define the default stack to use for cluster communication and node discovery. Defaults to 'jdbc-ping' if not set.")
            // Do not set a default value here as it would otherwise overwrite an explicit stack chosen in cache config XML
-            .deprecatedValues("Use 'jdbc-ping' instead by leaving it unset", Stack.azure, Stack.ec2, Stack.google, Stack.tcp, Stack.udp, Stack.jdbc_ping_udp)
+            .deprecatedValues("Use 'jdbc-ping' instead by leaving it unset", Stack.azure, Stack.ec2, Stack.google, Stack.jdbc_ping_udp, Stack.kubernetes, Stack.tcp, Stack.udp)
            .build();

    public static final Option<File> CACHE_CONFIG_FILE = new OptionBuilder<>(CACHE_CONFIG_FILE_PROPERTY, File.class)
--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt
@@ -103,9 +103,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config:

--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt
@@ -84,9 +84,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config:

--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt
@@ -104,9 +104,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config:

--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt
@@ -84,9 +84,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config:

--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt
@@ -104,9 +104,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config:

--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt
@@ -83,9 +83,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config:

--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt
@@ -103,9 +103,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config:

--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt
@@ -81,9 +81,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config:

--- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt
+++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt
@@ -101,9 +101,9 @@ Cache:
 --cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       Defaults to 'jdbc-ping' if not set. Possible values are: jdbc-ping,
-                       kubernetes, jdbc-ping-udp (deprecated), tcp (deprecated), udp (deprecated),
-                       ec2 (deprecated), azure (deprecated), google (deprecated), or a custom one.
-                       Available only when 'cache' type is set to 'ispn'.
+                       kubernetes (deprecated), jdbc-ping-udp (deprecated), tcp (deprecated), udp
+                       (deprecated), ec2 (deprecated), azure (deprecated), google (deprecated), or
+                       a custom one. Available only when 'cache' type is set to 'ispn'.

 Config: