Edit Page

Restore Keycloak

This guide shows you how to restore Keycloak in your Rhize environment.

Caution

Restoring Keycloak to a running instance involves downtime.

Typically, this downtime lasts less than a minute. The exact duration needed depends on network constraints, backup size, and the performance of the Kubernetes cluster.

Prerequisites

Before you start, ensure you have the following:

Steps

  1. Confirm the cluster and namespace are correct:

    ## context
kubectl config current-context
## namespace
kubectl get namespace

    To change the namespace for all subsequent kubectl commands to libre, run this command:

    kubectl config set-context --current --namespace=libre

    For a reference of useful kubectl commands, refer to the official kubectl Cheat Sheet.

  2. Retrieve the Keycloak user password using the following command, replacing <NAMESPACE> with your namespace:

    kubectl get secret keycloak-<NAMESPACE>-postgresql -o jsonpath="{.data.postgres-password}" | base64 --decode

  3. Extract your backup file:

    gzip -d keycloak-postgres-backup-YYYYMMDDTHHMMAA.sql

  4. To prevent new records from being created while the backup is restored, scale down the Keycloak replicas to 0. Keycloak will be unavailable after this command.

    kubectl scale statefulsets keycloak --replicas=0

  5. Scale down the replicas of PostgreSQL to 0, so that existing persistent volume claims and persistent volumes can be removed:

    kubectl scale statefulsets keycloak-postgresql --replicas=0

  6. Remove the Postgres persistent volume claim:

    kubectl delete pvc data-keycloak-postgresql-0

  7. Identify the Keycloak Postgres volumes:

    kubectl get pv | grep keycloak

    This displays a list of persistent volume claims related to Keycloak. For example:

    pvc-95176bc4-88f4-4178-83ab-ee7b256991bc   10Gi       RWO            Delete           Terminating   libre/data-keycloak-postgresql-0   hostpath                48d

    Note the names of the ´pvc-*` items. You’ll need them for the next step.

  8. Remove the persistent volumes with this command, replacing <PVC_FROM_PREVIOUS_STEP> with the pvc-* name from the previous step:

    $ kubectl delete pv <PVC_FROM_PREVIOUS_STEP>

  9. Scale up the replicas of PostgreSQL to 1:

    kubectl scale statefulsets keycloak-postgresql --replicas=1

  10. Restore the backup:

    cat keycloak-postgres-backup-YYYYMMDDTHHMMAA.sql | kubectl exec -i keycloak-postgresql-0 -- psql postgresql://postgres:<your-postgres-password>@localhost:5432 -U postgres

  11. Scale up the replicas of Keycloak to 1:

    kubectl scale statefulsets keycloak --replicas=1

  12. Proxy the web portal of Keycloak:

    kubectl port-forward  svc/keycloak 5101:80

Confirm access by checking http://localhost:80.