Customize Keycloak and MySQL

Customize MySQL settings for high availability

  • To scale the number of MySQL instances use the Verrazzano custom resource, not the MySQL StatefulSet. Directly modifying the StatefulSet may change the status of the cluster to ONLINE_PARTIAL.
  • You must have at least one running mysql-router to access the MySQL InnoDB Cluster. Scaling the number of mysql-router instances to zero may result in the MySQL Operator permanently losing communication with the cluster and Keycloak being unable to communicate with MySQL.
  • There are limitations to MySQL group replication policy to provide distributed coordination between servers. See MySQL Fault-tolerance.

For instructions to customize persistent storage settings, see Customize Persistent Storage.

Customize MySQL my.cnf settings

The file, my.cnf, contains the main configuration for MySQL. You can customize the contents of the my.cnf file by providing overrides to the Keycloak subcomponent MySQL in the Verrazzano custom resource.

For example, you can override the default value of max_connections as follows:

kind: Verrazzano
  name: verrazzano
  profile: dev
          - values:
                mycnf: |
                  max_connections = 250

The MySQL Operator supports my.cnf file configuration overrides only upon installation. After initial installation, the following steps are required to make changes to the my.cnf file.

  1. Edit the Verrazzano custom resource and set the overrides for serverConfig.mycnf as shown previously in the max_connections example. For example:
    $ kubectl patch verrazzano verrazzano -p '{"spec":{"components":{"keycloak":{"mysql":{"overrides":[{"values": {"serverConfig": {"mycnf": "max_connections = 250\n"}}}]}}}}}' --type=merge
  2. Wait for the Verrazzano platform operator to reconcile the changes made to the Verrazzano custom resource.
    $ kubectl -n verrazzano-install rollout status deployment/verrazzano-platform-operator
  3. The MySQL InnoDBCluster object is updated by the Verrazzano platform-operator to contain the serverConfig.mycnf overrides. You can use the following command to view the contents of the InnoDBCluster object.
    $ kubectl get innodbcluster -n keycloak mysql -o yaml
  4. Edit the mysql-initconf ConfigMap in the keycloak namespace and update the settings in the 99-extra.cnf section. For example:
    $ kubectl patch configmap -n keycloak mysql-initconf -p \
    '{"data":{"99-extra.cnf": "# Additional user configurations taken from spec.mycnf in InnoDBCluster.\n# Do not edit directly.\n[mysqld]\nmax_connections = 250\n"}}' \
    Example snippet of the 99-extra.cnf portion of the ConfigMap after the patch.
      99-extra.cnf: |
        # Additional user configurations taken from spec.mycnf in InnoDBCluster.
        # Do not edit directly.
        max_connections = 250
  5. Start a rollout restart of the MySQL StatefulSet. After the rollout restart completes, the MySQL pods will be using the configuration overrides.
    $ kubectl rollout restart -n keycloak statefulset mysql
  6. Wait for the rollout restart of the MySQL StatefulSet to complete.
    $ kubectl -n keycloak rollout status statefulset/mysql