Skip to content

Fix Keycloak database service naming for ephemeral dev deployments#6216

Open
theosanderson wants to merge 3 commits intomainfrom
claude/review-pr-discussion-ZztVW
Open

Fix Keycloak database service naming for ephemeral dev deployments#6216
theosanderson wants to merge 3 commits intomainfrom
claude/review-pr-discussion-ZztVW

Conversation

@theosanderson
Copy link
Copy Markdown
Member

@theosanderson theosanderson commented Apr 1, 2026
edited by loculus-bot
Loading

PR Checklist

  • All necessary documentation has been adapted.
  • The implemented feature is covered by appropriate, automated tests.
  • Any manual testing that has been done is documented (i.e. what exactly was tested?)

🚀 Preview: https://claude-review-pr-discussi.loculus.org

@claude
fix(deployment): include commit tag in keycloak DB service name to pr…
d7cb3eb 
…event stale DB connections

When using the ephemeral development keycloak database, the service name
now includes the docker tag (e.g. loculus-keycloak-database-service-commit-abc123).
This ensures keycloak cannot connect to an old database instance during
redeployments - it will only resolve DNS once the new database pod with
the matching service selector is running.

https://claude.ai/code/session_01FjiKZfHS8w53Anu9Krk4hi
@claude claude bot added deployment Code changes targetting the deployment infrastructure keycloak Related to keycloak and keycloakify labels Apr 1, 2026
anna-parker
anna-parker reviewed Apr 1, 2026
View reviewed changes
Comment thread kubernetes/loculus/templates/keycloak-database-service.yaml Outdated
@anna-parker anna-parker marked this pull request as ready for review April 1, 2026 13:49
@claude
Copy link
Copy Markdown
Contributor

claude bot commented Apr 1, 2026
edited
Loading

Claude finished @anna-parker's task in 2m 3s —— View job

Code Review

  • Read changed files
  • Analyze changes
  • Post review feedback

The fix is correct in its core logic — adding the conditional KC_DB_URL_HOST in keycloak-deployment.yaml is the key bug fix (previously Keycloak always used the secret even in dev mode). The helper template in _urls.tpl is clean and well-placed.

One concern raised via inline comment: the selector in keycloak-database-service.yaml always includes the docker tag, even when developmentDatabasePersistence=true. Since the deployment uses argocd.argoproj.io/sync-options: Replace=true, a tag change will destroy and recreate the pod regardless of the persistence setting. If persistent behavior across tag changes is intended, the selector (and matching pod labels) should also be conditional on not .Values.developmentDatabasePersistence.

claude[bot]
claude bot reviewed Apr 1, 2026
View reviewed changes
Comment thread kubernetes/loculus/templates/keycloak-database-service.yaml Outdated
@anna-parker @claude
Apply suggestion from @claude[bot]
44251f0 
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
anna-parker
anna-parker reviewed Apr 10, 2026
View reviewed changes
Comment thread kubernetes/loculus/templates/keycloak-database-standin.yaml Outdated
anna-parker
anna-parker reviewed Apr 10, 2026
View reviewed changes
Comment thread kubernetes/loculus/templates/keycloak-database-standin.yaml Outdated
@anna-parker
Apply suggestions from code review
6fe0f3d 
Co-authored-by: Anna (Anya) Parker <50943381+anna-parker@users.noreply.github.com>
anna-parker
anna-parker reviewed Apr 10, 2026
View reviewed changes
Comment thread kubernetes/loculus/templates/keycloak-deployment.yaml
- name: KC_DB
value: postgres
- name: KC_DB_URL_HOST
{{- if .Values.runDevelopmentKeycloakDatabase }}
Copy link
Copy Markdown
Contributor

@anna-parker anna-parker Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Im not sure I understand this change - @theosanderson could you perhaps explain it to me?

Copy link
Copy Markdown
Member Author

@theosanderson theosanderson Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If running the development keycloak DB this change would use the template for the service name

Copy link
Copy Markdown
Member Author

@theosanderson theosanderson Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I'm not sure which bit you are asking about - Slack may be better?)

@anna-parker anna-parker added the preview Triggers a deployment to argocd label Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anna-parker anna-parker anna-parker left review comments

@claude claude[bot] claude[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

deployment Code changes targetting the deployment infrastructure keycloak Related to keycloak and keycloakify preview Triggers a deployment to argocd

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@theosanderson @anna-parker @claude