From 9bae9b305f5638bca00205f919a8f6fb90d67b79 Mon Sep 17 00:00:00 2001
From: Noah <40781376+noahpb@users.noreply.github.com>
Date: Thu, 14 Nov 2024 17:18:22 -0500
Subject: [PATCH] fix: scale keycloak sts to zero if deployed in ha mode
 (#1010)

## Description


## Related Issue
Fixes #1009

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [ ] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed
---
 src/keycloak/common/zarf.yaml | 37 +++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml
index 5b349e312..c29526069 100644
--- a/src/keycloak/common/zarf.yaml
+++ b/src/keycloak/common/zarf.yaml
@@ -17,7 +17,44 @@ components:
         localPath: ../chart
     actions:
       onDeploy:
+        before:
+          - description: Scale down previous Keycloak pods if in HA Mode
+            mute: true
+            cmd: |
+              set +e
+              # Check if Keycloak is installed
+              KEYCLOAK_INSTALLED=$(zarf tools kubectl get sts -n keycloak keycloak > /dev/null 2>&1; echo $?)
+              echo "KEYCLOAK_INSTALLED: $KEYCLOAK_INSTALLED"  # Check the value
+
+              # Check if Keycloak is not yet on the latest version
+              KEYCLOAK_IS_LATEST=$(zarf tools kubectl get sts -n keycloak -l helm.sh/chart=keycloak-26.0.5 -ojsonpath='{.items[].metadata.name}' > /dev/null 2>&1; echo $?)
+              echo "KEYCLOAK_IS_LATEST: $KEYCLOAK_IS_LATEST"  # Check the value
+
+              # Check if Keycloak is in HA mode
+              KEYCLOAK_IS_HA=$(zarf tools kubectl get hpa keycloak -n keycloak > /dev/null 2>&1; echo $?)
+              echo "KEYCLOAK_IS_HA: $KEYCLOAK_IS_HA"  # Check the value
+
+              # If Keycloak is installed but not the latest, check if HA is enabled, then delete HPA and scale down
+              if [ "${KEYCLOAK_INSTALLED}" -eq 0 ] && [ "${KEYCLOAK_IS_LATEST}" -ne 0 ]; then
+                if [ "${KEYCLOAK_IS_HA}" -eq 0 ]; then
+                  echo "Keycloak is installed and not on the latest version. Scaling down..."
+                  zarf tools kubectl delete hpa keycloak -n keycloak
+                  zarf tools kubectl scale statefulsets keycloak -n keycloak --replicas=1
+                  export KEYCLOAK_IS_HA=true
+                else
+                  echo "Keycloak is not deployed in HA mode, skipping scale down."
+                fi
+              else
+                echo "Keycloak 26.0.5 is already installed, skipping scale down."
+              fi
         after:
+          - description: Validate Keycloak Pods
+            wait:
+              cluster:
+                kind: Pod
+                name: app.kubernetes.io/name=keycloak
+                condition: Ready
+                namespace: keycloak
           - description: Validate Keycloak Package
             maxTotalSeconds: 300
             wait: