From 47fccb18a2efa9254998a8f49a96f8a7431ebd2e Mon Sep 17 00:00:00 2001
From: Philip Haupt <“der.mad.mob@gmail.com”>
Date: Sat, 8 Nov 2025 15:36:11 +0100
Subject: [PATCH] keycloak fixes

---
 keycloak/main.yaml       | 36 ++++++++++++++++++++++++++++++++++--
 keycloak/src/values.yaml |  8 ++++++--
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/keycloak/main.yaml b/keycloak/main.yaml
index a82d84a..2f16520 100644
--- a/keycloak/main.yaml
+++ b/keycloak/main.yaml
@@ -122,7 +122,12 @@ spec:
                 app.kubernetes.io/name: keycloakx
             topologyKey: kubernetes.io/hostname
       containers:
-      - env:
+      - command:
+        - /opt/keycloak/bin/kc.sh
+        - start
+        - --http-port=8080
+        - --hostname-strict=false
+        env:
         - name: KC_HTTP_RELATIVE_PATH
           value: /auth
         - name: KC_CACHE
@@ -138,7 +143,7 @@ spec:
         - name: KC_DB_URL_HOST
           value: cnpg-keycloak-cluster-rw.keycloak.svc.cluster.local
         - name: KC_DB_URL_PORT
-          value: "1234"
+          value: "5432"
         - name: KC_DB_URL_DATABASE
           value: keycloak
         - name: KC_DB_USERNAME
@@ -195,6 +200,33 @@ spec:
           timeoutSeconds: 1
         volumeMounts: null
       enableServiceLinks: true
+      initContainers:
+      - command:
+        - sh
+        - -c
+        - |
+          echo 'Waiting for Database to become ready...'
+
+          until printf "." && nc -z -w 2 cnpg-keycloak-cluster-rw.keycloak.svc.cluster.local 5432; do
+              sleep 2;
+          done;
+
+          echo 'Database OK ✓'
+        image: docker.io/busybox:1.32
+        imagePullPolicy: IfNotPresent
+        name: dbchecker
+        resources:
+          limits:
+            cpu: 20m
+            memory: 32Mi
+          requests:
+            cpu: 20m
+            memory: 32Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
       restartPolicy: Always
       securityContext:
         fsGroup: 1000
diff --git a/keycloak/src/values.yaml b/keycloak/src/values.yaml
index 16a07f5..92e54df 100644
--- a/keycloak/src/values.yaml
+++ b/keycloak/src/values.yaml
@@ -105,7 +105,11 @@ terminationGracePeriodSeconds: 60
 clusterDomain: cluster.local
 
 ## Overrides the default entrypoint of the Keycloak container
-command: []
+command:
+  - "/opt/keycloak/bin/kc.sh"
+  - "start"
+  - "--http-port=8080"
+  - "--hostname-strict=false"
 
 ## Overrides the default args for the Keycloak container
 args: []
@@ -379,7 +383,7 @@ route:
     termination: edge
 
 dbchecker:
-  enabled: false
+  enabled: true
   image:
     # Docker image used to check Database readiness at startup
     repository: docker.io/busybox