Question 247094 in PostgreSQL Question posted in
The official documentation can be found here.

Postgresql – keycloak helm chart to use external database (LDAP)

I am attempting to install a Keycloak Helm chart and would like to utilize an external data store such as LDAP instead of the default Postgres database. Is it possible to achieve this configuration, and if so, what steps should I follow?

When I disable the default Postgresql.enabled option in the Helm chart, I encounter the following error message.

helm install keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --set postgresql.enabled=false

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/kube-user/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/kube-user/.kube/config
Pulled: registry-1.docker.io/bitnamicharts/keycloak:16.1.1
Digest: sha256:efaa12a0e3fb0e8fe32243c67cc8e24bf1854282d10c76c6d02ce0b5f0f1f02e
Error: INSTALLATION FAILED: execution error at (keycloak/templates/NOTES.txt:93:4):
VALUES VALIDATION:
**keycloak: database
    You disabled the PostgreSQL sub-chart but did not specify an external PostgreSQL host.
    Either deploy the PostgreSQL sub-chart (--set postgresql.enabled=true),
    or set a value for the external database host (--set externalDatabase.host=FOO)
    and set a value for the external database password (--set externalDatabase.password=BAR)
    or existing secret (--set externalDatabase.existingSecret=BAR)**
Tags:

2

Answers


  1. 0

    As state by the error message this option doesnot enable connection to ldap, it disable the subchart postgresql and need external configuration to an existing postgresql.

    To connect to ldap you could configure using UI doc

    Then to automate deployment you can export configuration and set it when deploying

    helm install keycloak oci://registry-1.docker.io/bitnamicharts/keycloak 
       --set keycloakConfigCli.enabled=true 
       --set-file keycloakConfigCli.configuration=<path to your configuration>
    Login or Signup to reply.
  2. 0

    Keycloak needs a PostgreSQL database even when using LDAP as an externalized source of user accounts, as all configuration is stored in the database as well (such as the endpoints/settings for your LDAP). If you disable PostgreSQL within the chart, you need to provide a manual database configuration, for instance using the externalDatabase-parameters:
    https://github.com/bitnami/charts/tree/main/bitnami/keycloak/#database-parameters

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search