Keycloak upgrade while running on docker
DB migration
Keycloak comes with Liquibase for managing DB versions. What you have to do to upgrade your keycloak should be:
Backup your DB content and non-DB content (custom providers, themes,and so on).
Run docker again with a newer keycloak tag. Then, Liquibase willdetect an older version of the DB and perform the necessary steps inorder to have it updated. Remember you must provide keycloak withsome user to grant DB altering permissions.
Config file migration
There's no automation for this task. If you haven't altered the configuration files, just run the new image. If you have edited them, you need to prepare them for the new version and run the image.
As I've got keycloak configured to run behind a reverse proxy and that needs to have custom configuration files, I wrote a Dockerfile to have my own keycloak docker image, with my own configuration wrapped:
FROM jboss/keycloak-mysql:2.4.0.FinalADD standalone.xml /opt/jboss/keycloak/standalone/configurationADD standalone-ha.xml /opt/jboss/keycloak/standalone/configurationCMD ["-b", "0.0.0.0"]Provider, theme... migration
If you have implemented custom providers or other kind of things, you'll need to check their compatibility with the new version. Otherwise, you might need to rewrite them.
As a rule, using latest tag is generally a bad idea for production environments, for any image. There is the risk to have any developer/sysadmin running docker pull command and performing the updating process automatically, which I guess is not what you want. Better stick to fixed version numbers and perform updates yourself, having done the backups first.
See also: