Config management, zero downtime deployments and rollbacks

jonnewell · October 29, 2025, 5:52pm

We are currently deploying to K8 using a custom docker image that has our SPI and theme implementations. The config management portion is handled with helm and terraform. We had been using realm import to manage realm configuration but want to switch to use terraform.

It seems like configuration management should be split into two parts:

Configuration of the Keycloak infrastructure
Realm configuration

Just wondering how others are managing this. How are you coordinating your deployments so that the new version of the service is not ready until the realms are configured? How are you supporting rollback?

Thanks
-Jonathan

dasniko · October 30, 2025, 8:28pm

Keycloak does not support guaranteed zero downtime upgrades. Versions might come with incompatible changes.
Keycloak does not support rollbacks. If there’s an error in your upgrade process, you’ll have to restore the database with a backup you hopefully did right before the update started. In best case your database supports point in time recovery.

jonnewell · November 4, 2025, 9:19pm

Thank you for your help and awesome contributions.

-Jonathan

Topic		Replies	Views
How do you manage and sync Keycloak realm config across environments?	8	99	September 15, 2025
Configuration migration Configuring the server admin-console	5	776	July 27, 2021
Keycloak infrastructure as Code (IaC) approach Configuring the server	1	4199	December 12, 2019
Synchronising realm configuration between environments Getting advice	7	4183	April 15, 2022
Options to deploy configuration Configuring the server	1	555	November 30, 2020

Config management, zero downtime deployments and rollbacks

Related topics