[bitnami/keycloak] "Error: secret "keycloak-externaldb" not found" when trying to install helm chart using external database

[federicochiesa]

Name and Version

bitnami/keycloak 24.2.2

What architecture are you using?

amd64

What steps will reproduce the bug?

1. Install with the provided values file
2. kubectl describe pod keycloak-0 -n sso
3. I get the error in the title

Are you using any custom parameters or values?

nameOverride: "keycloak"
namespaceOverride: "sso"
image:
  registry: docker.io
  repository: bitnami/keycloak
  tag: 26.0.6-debian-12-r0

adminRealm: "master"

production: true

proxy: "edge"

replicaCount: 2

resourcesPreset: "medium"

livenessProbe:
  enabled: true
  initialDelaySeconds: 300
  periodSeconds: 1
  timeoutSeconds: 5
  failureThreshold: 1
  successThreshold: 1

readinessProbe:
  enabled: true
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 1
  failureThreshold: 1
  successThreshold: 1

autoscaling:
  enabled: true
  minReplicas: 1
  maxReplicas: 3

  behavior:
    scaleUp:
      stabilizationWindowSeconds: 120
      selectPolicy: Max
      policies: []
    scaleDown:
      stabilizationWindowSeconds: 300
      selectPolicy: Max
      policies:
        - type: Pods
          value: 1
          periodSeconds: 300

postgresql:
  enabled: false

externalDatabase:
  host: "xxxxxxxxxxxxx"
  port: 5432
  user: keycloak_kubernetes
  database: keycloak_kubernetes
  password: "xxxxxxxxxxx"

logging:
  output: default
  level: WARN

What is the expected behavior?

It should connect to the DB using the provided values, which are the same as indicated in the readme.

What do you see instead?

Events:
  Type     Reason     Age                   From               Message
  ----     ------     ----                  ----               -------
  Normal   Scheduled  29m                   default-scheduler  Successfully assigned sso/keycloak-0 to xxxxxxxxxx
  Normal   Pulling    29m                   kubelet            Pulling image "docker.io/bitnami/keycloak:26.0.6-debian-12-r0"
  Normal   Pulled     28m                   kubelet            Successfully pulled image "docker.io/bitnami/keycloak:26.0.6-debian-12-r0" in 17.598s (17.598s including waiting). Image size: 422618500 bytes.
  Normal   Created    28m                   kubelet            Created container prepare-write-dirs
  Normal   Started    28m                   kubelet            Started container prepare-write-dirs
  Warning  Failed     26m (x10 over 28m)    kubelet            Error: secret "keycloak-externaldb" not found
  Normal   Pulled     4m7s (x116 over 28m)  kubelet            Container image "docker.io/bitnami/keycloak:26.0.6-debian-12-r0" already present on machine

[javsalgar]

Hi!

Could you run kubectl get secrets to see if there is a secret created for the external database?

[federicochiesa]

There was this secret:

Name:         keycloak-externaldb
Namespace:    default
Labels:       app.kubernetes.io/instance=keycloak
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=keycloak
              app.kubernetes.io/version=26.0.6
              helm.sh/chart=keycloak-24.2.2
Annotations:  meta.helm.sh/release-name: keycloak
              meta.helm.sh/release-namespace: default

Type:  Opaque

Data
====
db-password:  20 bytes

I tried to delete it along with everything else and start from scratch, but I get the same exact error and the secret reappeared.

The secret contained the correct password for the DB.

[javsalgar]

Ok, so, looking at the values, I see that you set namespaceOverride: sso. That means that the namespace should be sso and not default, right?

[javsalgar]

I think I found the issue:

In keycloak/templates/secret-external-db.yaml, instead of

  namespace: {{ .Release.Namespace | quote }}

it should be:

  namespace: {{ include "common.names.namespace" . | quote }}

As you spotted the issue, would you like to submit a PR with the fix?

[federicochiesa]

Thank you! I just did.

[javsalgar]

Thank you! The team will take a look