Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-12929

External database support with URIs to the Keycloak Operator

    Details

      Description

      Why

      • The Keycloak operator currently only supports external databases through IP addresses as it overrides the Endpoints object
      • If a URI is specified in the external database Secret for the external URL, the setup of the database will fail
      • If an external hostname Service is setup for the external database URI, env vars that Keycloak requires will not be setup (KEYCLOAK_POSTGRESQL_SERVICE_HOST and KEYCLOAK_POSTGRESQL_SERVICE_PORT)

      What

      • If the external hostname in the external database secret is a URI update the Service to be an external hostname Service
      • Set the KEYCLOAK_POSTGRESQL_SERVICE_HOST and KEYCLOAK_POSTGRESQL_SERVICE_PORT env vars explicitly on the Keycloak StatefulSet to point to the external hostname Service

      Verification should involve testing:

      • That standard non-external database deploys still work
      • That external in-cluster database deploys still work
      • That external RDS database deploys now work using the URI provided by AWS RDS

      It's important that these changes get included in a Keycloak Operator release to unblock RHMI external databases for SSO

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                peter.braun Peter Braun
                Reporter:
                akeating1 Aiden Keating
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: