defenseunicorns · mjnagel · Jul 12, 2024 · Jul 3, 2024 · Jul 9, 2024 · Jul 9, 2024
@@ -10,7 +10,11 @@ For more information on Keycloak and its capabilities, see its [documentation](h
 
 ### Dev Mode
 
-When `devMode: true` is set, the chart will deploy a single Keycloak Pod with an in-memory database and scaling turned off. Devmode also leverages PVCs by default for `data` and `themes`.
+When `devMode: true` is set, the chart will deploy a single Keycloak Pod with an in-memory database and scaling turned off. Dev Mode also leverages PVCs by default for `data` and `themes`. 
+
+Using an external database with Dev Mode enabled is not supported.
+
+Dev Mode enables debug logging for Keycloak. To configure debug logging outside of Dev Mode, set `debugMode: true` in your values.
 
 ### Autoscaling
 

@@ -74,3 +74,24 @@ Create the service DNS name.
 {{- define "keycloak.serviceDnsName" -}}
 {{ include "keycloak.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
 {{- end }}
+
+{{/*
+Check external PostgreSQL connection information. Fails when required values are missing or if PostgreSQL is configured when devMode is enabled.
+*/}}
+
+{{- define "keycloak.postgresql.config" -}}
+{{- if not .Values.devMode -}}
+{{- if .Values.postgresql -}}
+{{ $requiredKeys := list "username" "password" "database" "host" "port" }}
+{{- range $k := $requiredKeys -}}
+{{ if empty (get $.Values.postgresql $k) }}{{- fail (printf "Missing value for \"postgresql.%s\"." $k ) -}}{{- end }}
+{{- end }}
+{{- else -}}{{fail "You must define \"username\", \"password\", \"database\", \"host\", and \"port\" for \"postgresql\"."}}
+{{- end -}}
+{{- default "true" "" }}
+{{- else if not (empty (compact (values (omit .Values.postgresql "port")))) -}}
+{{ fail "Cannot use an external PostgreSQL Database when devMode is enabled." -}}
+{{- else -}}
+{{ default "false" "" }}
+{{- end }}
+{{- end }}
@@ -1,4 +1,4 @@
-{{- if not .Values.devMode }}
+{{- if eq (include "keycloak.postgresql.config" .) "true" }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -13,4 +13,4 @@ data:
   password: {{ .Values.postgresql.password | b64enc }}
   host: {{ .Values.postgresql.host | b64enc }}
   port: {{ .Values.postgresql.port | toString | b64enc }}
-{{- end }}
+{{- end }}
@@ -113,15 +113,16 @@ spec:
             # Dumb value (not used in the nginx provider, but required by the SPI)
             - name: KC_SPI_X509CERT_LOOKUP_NGINX_SSL_CLIENT_CERT_CHAIN_PREFIX
               value: UNUSED
-          {{- if .Values.devMode }}
-            # Enable dubug logs in dev mode
+          {{- if or .Values.devMode .Values.debugMode }}
+            # Enable debug logs
             - name: KC_LOG_LEVEL
               value: DEBUG
             - name: QUARKUS_LOG_CATEGORY__ORG_APACHE_HTTP__LEVEL
               value: DEBUG
             - name: QUARKUS_LOG_CATEGORY__ORG_KEYCLOAK_SERVICES_X509__LEVEL
               value: TRACE
-          {{- else }}
+          {{- end }}
+          {{- if eq (include "keycloak.postgresql.config" .) "true" }}
             # Infinispan cache configuration
             - name: KC_CACHE
               value: ispn
@@ -168,7 +169,7 @@ spec:
             - name: JAVA_TOOL_OPTIONS
               value: "-Dcom.redhat.fips=true"
             {{- end }}
-          {{- end }}
+           {{- end }}  
           {{- if .Values.insecureAdminPasswordGeneration.enabled }}
             - name: KEYCLOAK_ADMIN
               valueFrom:

@@ -52,8 +52,8 @@ spec:
         remoteGenerated: Anywhere
       {{- end }}
 
-      {{- if not .Values.devMode }}
-      - description: "PostgresQL Database access"
+      {{- if eq (include "keycloak.postgresql.config" .) "true" }}
+      - description: "PostgreSQL Database access"
         direction: Egress
         selector:
           app.kubernetes.io/name: keycloak

@@ -55,8 +55,12 @@ terminationGracePeriodSeconds: 5
 clusterDomain: cluster.local
 
 # Sets development mode for Keycloak. This disables caching, Postgres and HPAs and should only be used for testing
+# Must have no values populated for `postgresql` in order to use
 devMode: true
 
+# Enable debug logging for keycloak and quarkus
+debugMode: false
+
 # Enable SMTP networkPolicy and config
 smtp:
   enabled: false
@@ -149,16 +153,17 @@ service:
   # Session affinity config
   sessionAffinityConfig: {}
 
+# Connection information for external postgres database
 postgresql:
-  # PostgreSQL User to create
-  username: keycloak
-  # PostgreSQL Password for the new user
-  password: keycloak
-  # PostgreSQL Database to create
-  database: keycloak
-  # PostgreSQL host
-  host: postgresql
-  # PostgreSQL port
+  # The username of the database user
+  username: ""
+  # The password of the database user
+  password: ""
+  # Database name
+  database: ""
+  # URL for the database
+  host: ""
+  # Port the database is listening on
   port: 5432
 
 serviceMonitor:

@@ -1,7 +1,7 @@
 tasks:
   - name: validate
     actions:
-      - description: Validate promail
+      - description: Validate promtail
         wait:
           cluster:
             kind: Pod

@@ -54,7 +54,7 @@ tasks:
             echo "Status is '$STATUS'... waiting to see if it changes"
 
             # local testing indicates the status is "Finalizing" for a few seconds after completion
-            sleep 15
+            sleep 30
 
             # check again...
             STATUS=$(uds zarf tools kubectl get backups -n velero ${BACKUP_NAME} -o jsonpath='{.status.phase}')