postgresql google-kubernetes-engine keycloak keycloak-connect

Kubernetes (GKE) Keycloak couldn't connect to CloudSQL

I run keycloak in my kubernetes cluster, it run pretty well until i realize that the database still stuck using H2, even tho i already adding POSTGRES config in my deployment.yaml. can someone point out where i'm missing?

apiVersion: apps/v1
kind: Deployment
...
spec:
  ...
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:17.0.0
          args:
            [
              "start",
              "--hostname-strict=false"
            ]
          env:
            - name: DB_VENDOR
              value: postgres
            - name: DB_ADDR
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: host
            - name: DB_PORT
              value: "5432"
            - name: DB_DATABASE
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: database
            - name: DB_SCHEMA
              value: public
            - name: DB_USER
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: username
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: password
            - name: KEYCLOAK_ADMIN
              valueFrom:
                secretKeyRef:
                  name: keycloak-secret
                  key: username
            - name: KEYCLOAK_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-secret
                  key: password
            - name: PROXY_ADDRESS_FORWARDING
              value: "true"
            - name: KC_PROXY
              value: "edge"
            - name: JAVA_OPTS
              value: -Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled

I use Postgre CloudSQL from GCP

Solution

The "db_vendor" value you set is for the old wildfly distribution, according to the image in your example you are using quarkus based image. So first of all, it's now called "db". Ref: https://www.keycloak.org/server/db

Also, please notice that the "db" option is a "build option", meaning you have to "build" the server in order for it to take effect.

Way 1: you can add start --auto-build to your args. That way, Keycloak detects automatically for you that you have changed a build time option and runs a build when the container starts up. This is convenient, but takes some time.

Way 2: Or you can use the recommended way of creating an optimized server image first, leading to better startup times. E.g. by using a Dockerfile like this:

FROM quay.io/keycloak/keycloak:latest as builder

ENV KC_FEATURES=scripts
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build

and do a docker build . -t my_optimized_keycloak and then upload the image to the registry of choice. ref: https://www.keycloak.org/server/containers

Also I noticed you mix some old configuration keys with new ones, so general recommendation: Look at the new guides section at https://www.keycloak.org/guides - especially the "All configuration" guide gives a good overview.

Also I noticed you are using the deprecated upload_scripts feature. That was removed since Keycloak 18 (see https://www.keycloak.org/2022/04/keycloak-1800-released.html ) fyi.