ADR 0027 - Keycloak Deployment with Helm Chart
Author |
Nicolas Bigler |
|---|---|
Owner |
Schedar |
Reviewers |
Schedar |
Date Created |
2023-10-19 |
Date Updated |
2023-10-19 |
Status |
implemented |
Tags |
service,keycloak,helm |
|
Summary
We use the Codecentric Helm Chart to deploy Keycloak. |
Problem
We need to provide Keycloak on Kubernetes with the following features:
-
Standalone and Cluster functionality (HA)
-
Ability to customize Keycloak (themes, providers, env variables)
-
Regular Maintenance
-
Version Upgrades
For custom themes and providers we need to be able to start an initContainer that copies the themes and providers to the volume mount used by the Keycloak container.
Solutions
For Keycloak there are multiple operators as well as Helm Charts available.
The following section contains the solutions that have been looked at.
| Requirements | Official Operator | Glasskube Operator | Codecentric Helmchart | Bitnami Helmchart |
|---|---|---|---|---|
Standalone and cluster |
✅ |
❌ only standalone |
✅ |
✅ |
Customize Keycloak Settings |
✅ |
❌ |
✅ |
✅ |
Metrics |
❌ |
❌ |
✅ |
✅ |
Use custom image |
✅ |
❌ |
✅ |
✅ |
Regular Maintenance |
❌ |
❌ |
❌ |
❌ |
Version Upgrades |
✅ |
❌ |
✅ |
✅ |
Some additional notes:
The Glasskube operator supports various tools and the Keycloak support is currently very minimalistic (see official docs).
The official Keycloak operator only supports a handful of settings. However, it has been designed in a way to completely customize Keycloak. It uses deployments for deploying Keycloak.
The Codecentric Helm Chart is very flexible and supports a lot of settings. It uses a StatefulSet for deploying Keycloak.
The Bitnami Helm Chart has the most settings and flexibility. However, the Chart works best in conjunction with the Bitnami Keycloak image and certain settings might not work correctly if using a different image.
Decision
The instantiation of the Helm Charts will be handled by provider-helm.
- Advantages
-
-
Less complexity than operators, but provides the same features
-
We have been using this helm chart to deploy Keycloak for years. We know it works.
-
The Helm Chart is very flexible and supports a lot of settings
-
The Helm Chart is actively maintained and updated regularly
-
No need to create a provider for a Keycloak operator.
-
Migrating to another Helm Chart or forking the Helm Chart if neeeded is easier than replacing an operator.
-
- Disadvantages
-
-
Lack of regular, automated maintenance
-
Rationale
Both operators are not very mature and lack basic features.
Although it is possible to configure every aspect of the deployment with the official operator using the unsupported field. It is officially not supported by Keycloak.
The Glasskube operator is very rudimentary and does not support any of the features we need.
The Glasskube operator is written in Kotlin. We lack the expertise to contribute to this projects.
As we already have experience deploying services with Helm Charts and we have been using the Codecentric Helm Chart for years, we are confident that this is the best solution for us.
Furthermore we don’t need to write a custom provider as we can use the provider-helm provider to instantiate the Helm Chart.