How to create keycloak with operator and external database

3/10/2021

I follow this but it is not working.

I created custom secret:

apiVersion: v1
kind: Secret
metadata:
    name: keycloak-db-secret
data:
    POSTGRES_DATABASE: ...
    POSTGRES_EXTERNAL_ADDRESS: ...
    POSTGRES_EXTERNAL_PORT: ...
    POSTGRES_HOST: ...
    POSTGRES_USERNAME: ...
    POSTGRES_PASSWORD: ...

and keycloak with external db:

apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
  labels:
      app: keycloak
  name: keycloak
spec:
  externalDatabase:
    enabled: true
  instances: 1

but when I check log, keycloak can not connect to db. It is still using default vaule: keycloak-postgresql.keycloak not value defined in my custom secret ? Why it is not using my value from secrets ?

UPDATE

when I check keycloak pod which was created by operator I can see:

  env:
    - name: DB_VENDOR
      value: POSTGRES
    - name: DB_SCHEMA
      value: public
    - name: DB_ADDR
      value: keycloak-postgresql.keycloak
    - name: DB_PORT
      value: '5432'
    - name: DB_DATABASE
      value: keycloak
    - name: DB_USER
      valueFrom:
        secretKeyRef:
          name: keycloak-db-secret
          key: POSTGRES_USERNAME
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: keycloak-db-secret
          key: POSTGRES_PASSWORD

so now I know why I can not connect to db. It use different DB_ADDR. How I can use address: my-app.postgres (db in another namespace).

I dont know why POSTGRES_HOST in secret not working and pod still using default service name

-- hudi
keycloak
kubernetes

4 Answers

4/15/2021

I'm using Azure PostgreSQL for that, and it works correctly. In pod configuration, it also uses keycloak-postgresql.keycloak as DB_ADDR, but this is pointing to my internal service created by operator based on keycloak-db-secret.

-- mielmat
Source: StackOverflow

7/30/2021

I was having this same issue, and then after looking at @JiyeYu 's answer, I have searched the project's issue backlog, and I've found some related issues that are still open (at the moment of this reply).

Particularly this one: https://issues.redhat.com/browse/KEYCLOAK-18602

After reading this, and its comments, I did the following:

  • Don't use IPs on POSTGRES_EXTERNAL_ADDRESS. If your PostGres is hosted within K8s via a StatefulSet, use the full <servicename>.<namespace>.svc.cluster.local (like @Harsh Manvar 's answer)
  • Remove the POSTGRES_HOST setting from the secret (don't just set it to the default, delete it). Apparently, it is not only being ignored, but also breaking the keycloak pod initialization process somehow.

After I applied these changes the issue was solved for me.

-- Adelmo Magalh&#227;es
Source: StackOverflow

3/10/2021

To connect with service in another namespace you can use.

<servicename>.<namespace>.svc.cluster.local

suppose your Postgres deployment and service running in test namespace it will go like

postgres.test.svc.cluster.local

this is what i am using : https://github.com/harsh4870/Keycloack-postgres-kubernetes-deployment/blob/main/keycload-deployment.yaml

i have also attached the Postgres file you can use it however in my case i have setup both in the same namespace keycloak and Postgres so working like charm.

-- Harsh Manvar
Source: StackOverflow

7/12/2021

keycloak-postgresql.keycloak this is the another service created by Keycloak Operator, which is used to connect to Postgresql's service.

You can check its endpoint.

$ kubectl get endpoints keycloak-postgresql -n keycloak
NAME                  ENDPOINTS           AGE
keycloak-postgresql   {postgresql's service ip}:5432   4m31s

However, the reason why it fails is due to the selector of this service:

selector:
  app: keycloak
  component: database

So if your DB Pod has the different Label, the selector will not work. I reported this issue to the community. If they reply me, I will try to fix this bug by submitting a patch.

-- JiyeYu
Source: StackOverflow