Keycloack upgrade

I’m planning to upgrade my current Keycloak (v18) to a newer version.
Based on my previous experience, it’s not exactly a ‘walk in the park.’
Which version would be the easiest to upgrade to with the fewest breaking changes or issues? Thanks in advance.

usually the next version in stack, if yours is 18 then 19 would be the one with fewer changes.

@amir4895

I just run a successful single step upgrade from 18 to 25.0.2, just do a test run in a staging environment first ( and do backups before as well).

As @bpedersen2 said, it is possible to do an upgrade directly to the most recent version. Usually this is dependent on the data in your system. Because of this, I would add a clarification to his recommendation: Do a test run in your staging environment with the same data from your target production environment. This will be indicative of your ability to jump a large number of versions.

If that doesn’t work, you should go one major version at a time to discover what the issue is.

3 Likes

Thanks for the reply.
Generally speaking, are there any issues with backward compatibility or anything similar?
or instance, when I upgraded from v10 to v18, I encountered problems with settings and route for admin login console and environment variables that were either added or no longer supported and needed to be replaced.

Additionally, I faced serious cache issues and had to work around them with Infinispan cache configuration and other tricky situations that I’d prefer to avoid this time

There is no such thing as “backward compatibility” in Keycloak. There are constantly breaking changes made in Keycloak, especially between major versions, definitely in a 7 major version jump.

Always do full database and configuration backups before and after upgrades, and plan to schedule downtime to deal with the upgrade and a possible restore to downgrade.

1 Like

Two things to add here:

  1. Make sure to read the upgrade guides for each version. Every required changed is mentioned there. This way, there’s no “…we encountered this and that…” - it’s all in the docs!

  2. For large amounts of data, it’s possibly a good thing to extend the default timeouts, this way you can also migrate large data sets over multiple versions. See als here: Keycloak - Tuning Database Settings when experiencing Transaction timeouts | Niko Köbler – Experte für Keycloak IAM & SSO, Software-Architekt & Trainer

1 Like

Hi, thanks for the clarification.

I may have missed some specific documents, but I didn’t see any documentation outlining the upgrade process from version X to Y for each combination of versions(unfortunate but make sense).

Therefore, when upgrading multiple versions at once, it can be difficult to track all the changes.

As I mentioned, keeping track of all changes from version 10 to 18 was challenging for me personally, and since I’m thinking of doing an upgrade from version 18 to 24, I wanted to identify any known issues in advance. In my opinion, the documentation wasn’t very accurate back then, or perhaps the information was spread across too many documents—I’m not sure.

Regarding the cache issue I mentioned, it occurred about a year ago, and I didn’t find many people discussing it in blogs. It seems strange that it’s not a widespread issue within the community, but I can’t argue with the facts