Upgrade from v13 to v14

This guide describes the steps to perform an upgrade of the component from version v13 to v14.

Breaking Changes

  • Without intervention - see below - the default relativ path of Keycloak changes from /auth to /! New installations shall follow the default, which is / since a while.

  • Passthrough proxy mode passthrough does no longer recongnize X-Forwarded headers.


  • The component requires Kubernetes v1.24 or newer.

  • Keycloak version is v22.0.5 by default.

  • Keycloak does now support IPv4 and IPv6 at the same time (dualstack).

Parameter changes

  • relativePath has been added.

Step-by-step guide

When upgrading the component, the following actions are required if the built-in database is used:

  1. Do a backup of the built-in database.

    kubectl -n "${namespace}" exec -ti keycloak-postgresql-0 -c postgresql -- sh -c 'PGDATABASE="$POSTGRES_DATABASE" PGUSER="$POSTGRES_USER" PGPASSWORD="$POSTGRES_PASSWORD" pg_dump --clean' > keycloak-postgresql-$(date +%F-%H-%M-%S).sql
  2. If you want to preserve the relativ path of /auth for first installations based on Wildfly please add:

      <keycloak instance>:
        relativePath: /auth
  3. Apply the parameter changes.

  4. Compile and push the cluster catalog.