UNCLASSIFIED - NO CUI

Fix bundled Postgres image mismatch

Daniel Pritchettrequested to merge
issue-301-postgres-image into main

General MR

Summary

Updates the bundled Keycloak PostgreSQL subchart configuration to use the supported Iron Bank opensource/postgres/postgresql:18.4 image instead of the deprecated Bitnami PostgreSQL image. This also aligns the chart values, documentation, README, Renovate tracking, and local plugin-development compose setup with the new Postgres image and runtime paths.

Relevant logs/screenshots

Manual database upgrade flow

Follow-up local k3d-dev migration evidence:

  • Installed the current main chart with the old bundled PG17 Bitnami image.
  • Created a canary table/row in the keycloak database.
  • Exported the PG17 DB with pg_dump -Fc.
  • Upgraded to this MR’s PG18 Iron Bank image/layout.
  • Confirmed the canary table was absent before restore.
  • Restored the PG17 dump into PG18 with pg_restore.
  • Confirmed the same canary row existed under PostgreSQL 18.4.

The same PVC retained the old Bitnami-layout PG17 data directory and the new PG18 data directory. This confirms the Helm/image upgrade does not automatically migrate bundled DB data, but a logical dump/restore migration successfully moves data from PG17 into the new PG18 layout.

Cypress Screenshots

See passing CI jobs for clean install. Skipping the upgrade job as explained in the upgrade notices below.

image

Linked Issue

issue

Upgrade Notices

  • BREAKING DATABASE CHANGE: The bundled internal PostgreSQL database has been updated from PG17 to PG18 and moved from the deprecated Bitnami image/layout to the Iron Bank opensource/postgres/postgresql image/layout. Platform One does not support the bundled internal PostgreSQL database for production deployments; this option should only be used for development or CI pipelines.

  • DO NOT UPGRADE WITHOUT A DATABASE BACKUP if you need to preserve data from the bundled database. Existing bundled database data is not automatically migrated or reused by the new image layout. To preserve data, export from the old bundled PG17 database with pg_dump/pg_dumpall, upgrade to this release, then restore into the new PG18 database with pg_restore/psql.

  • If you already upgraded without exporting, do not delete the PVC. The old Bitnami-layout PG17 data remains on the PVC, but the new PG18 image uses a different data directory. Roll back to the previous chart/image to access the old data and export it manually.

Regular database backups and best practices should be followed.

Edited by Daniel Pritchett

Merge request reports

UNCLASSIFIED - NO CUI