Skip to content

Keycloak and PostgreSQL configuration

Keycloak is an open-source identity and access management platform used by kdb Insights Enterprise to provide features such as:

  • User authentication and authorization
  • Service account authentication and authorization
  • Role management
  • Single sign on (SSO) and identity brokering

Keycloak is deployed using the Codecentric Helm chart, which uses images from Codecentric’s public image catalog.

In kdb Insights Enterprise Keycloak is backed by PostgreSQL. To support high-availability (HA) deployments and improve configurability the CloudNativePG (CNPG) is used. CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.

Install scenarios

The install scenarios are as follows:

Operation Database Behavior
New Install A new empty CNPG database cluster is created and initialized.
Upgrade The data and roles from the existing PostgreSQL database are automatically migrated into the new CNPG cluster to preserve all application data. The old PostgreSQL volume is retained incase of a rollback being required.
Rollback When rolling back to an version prior to 1.17 the rollback reuses the existing PersistentVolumeClaim (PVC) from the previous PostgreSQL installation to restore the original database state. Changes made to the database with the upgraded system will be lost.

Keycloak Configuration

Configuration of Keycloak can be managed through the values file.

Example configuration snippet:

global:
  keycloak:
    auth:
      existingSecret: kxi-keycloak
    guiClientSecret: guiClientSecret
    operatorClientSecret: operatorClientSecret

keycloak:
  importUsers: true
  initClient:
    clientId: test-client
    clientSecret: test-secret
    enabled: true
  initUser:
    auth: test-password
    name: test-user
    enabled: true
  replicas: 3
  resources:
    requests:
      cpu: 80m
      memory: 128Mi

CNPG Configuration

Configuration of both the CNPG database and the CNPG operator can be managed through the values file.

The following configuration snippet shows the current defaults:

cnpg-database:
  image: ghcr.io/cloudnative-pg/postgresql:17.6-202511030807-standard-bullseye
  instances: 3
  resources:
    limits:
      cpu: 2000m
      memory: 400Mi
    requests:
      cpu: 50m
      memory: 100Mi
  storage: 8Gi
cnpg-operator:
  private-registry:
    enabled: false
    host: registry-local.aws-red.kxi-dev.kx.com
    pull-secret: kxi-registry-pull-secret
  version: 0.25.0

Configuration changes

You can adjust the above fields based on your environment and deployment requirements.

For example, you can change the number of replicas by changing the following:

keycloak:
  replicas: <Value>
cnpg-database:
  instances: <Value>