I run keycloak in my kubernetes cluster, it run pretty well until i realize that the database still stuck using H2, even tho i already adding POSTGRES config in my deployment.yaml
.
can someone point out where i'm missing?
apiVersion: apps/v1
kind: Deployment
...
spec:
...
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:17.0.0
args:
[
"start",
"--hostname-strict=false"
]
env:
- name: DB_VENDOR
value: postgres
- name: DB_ADDR
valueFrom:
secretKeyRef:
name: keycloak-db-cred
key: host
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: keycloak-db-cred
key: database
- name: DB_SCHEMA
value: public
- name: DB_USER
valueFrom:
secretKeyRef:
name: keycloak-db-cred
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-db-cred
key: password
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
name: keycloak-secret
key: username
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-secret
key: password
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KC_PROXY
value: "edge"
- name: JAVA_OPTS
value: -Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled
I use Postgre CloudSQL from GCP
The "db_vendor" value you set is for the old wildfly distribution, according to the image in your example you are using quarkus based image. So first of all, it's now called "db". Ref: https://www.keycloak.org/server/db
Also, please notice that the "db" option is a "build option", meaning you have to "build" the server in order for it to take effect.
Way 1: you can add start --auto-build
to your args
. That way, Keycloak detects automatically for you that you have changed a build time option and runs a build when the container starts up. This is convenient, but takes some time.
Way 2: Or you can use the recommended way of creating an optimized server image first, leading to better startup times. E.g. by using a Dockerfile like this:
FROM quay.io/keycloak/keycloak:latest as builder
ENV KC_FEATURES=scripts
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build
and do a docker build . -t my_optimized_keycloak
and then upload the image to the registry of choice. ref: https://www.keycloak.org/server/containers
Also I noticed you mix some old configuration keys with new ones, so general recommendation: Look at the new guides section at https://www.keycloak.org/guides - especially the "All configuration" guide gives a good overview.
Also I noticed you are using the deprecated upload_scripts feature. That was removed since Keycloak 18 (see https://www.keycloak.org/2022/04/keycloak-1800-released.html ) fyi.