KeyCloak 19.0.1: KC_* Environment variables are ignored

Configuring the server
1

Hi,
I use the following dockerImage to create an image for keycloak that is then deployed to k8s:

FROM quay.io/keycloak/keycloak:19.0.1 as builder

ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres

COPY keycloak-templates /opt/jboss/keycloak/themes/conpal
COPY plugins/* /opt/jboss/keycloak/standalone/deployments/

RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:19.0.1

COPY --from=builder /opt/keycloak/ /opt/keycloak/

ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]

In the K8s Deployment I set additional Environment vars.

  • KC_DB
  • KC_DB_URL_DATABASE
  • KC_DB_SCHEMA
  • KC_DB_PASSWORD
  • KC_DB_USERNAME
  • KC_DB_URL_HOST
  • KEYCLOAK_ADMIN
  • KEYCLOAK_ADMIN_PASSWORD

Non of the above variables are considered…
The admin user is not created, the health endpoints are not there. On Startup I see that keycloak uses H2 as database and not postgresql.

If I use the old Env Vars like DB_VENDOR, it works.
This might help me with the database and admin user but I have now issues with KC_HOSTNAME and KC_HOSTNAME_ADMIN

also I do not want to use the old environment vars…

Currently I have no idea what the issue is, would be happy for any adive.

thank you!

1 Like
2

Check the guide here:

If there is a little tool icon in the right column of the table, that is a property that must be set in the Dockerfile before running build. As you have observed, there are some legacy vars that can cause unexpected (or, in your case, expected) behavior, but the guide in the link is how things are supposed to work in the future.

Configuration Environment Variables KC_* are not working
3

OK, thanks.
Maybe I have overseen something, I will check it out

4

I am having the same issue, were you able to resolve the problem ?

@xgp

If there is a little tool icon in the right column of the table, that is a property that must be set in the Dockerfile before running build

Keycloak now builds on every start, unless you specify the --optimized flag

5

That sounds right. I’m not really sure how it’s supposed to work, but setting a variable that is supposed to be a “build” variable will force a build on every start unless --optimized is set.