feat(RHIDP-9113): Update Keycloak configuration for Red Hat Build of Keycloak (RHBK):

- Remove /auth prefix from KEYCLOAK_BASE_URL endpoints
- Update OIDC issuer URLs: /auth/realms/ → /realms/
- Add PostgreSQL database configuration to Keycloak CR
- Configure bootstrap admin credentials and proxy headers

Author: skestwal

ci-scripts/rhdh-setup/template/backstage/helm/chart-values.image-override.yaml

@@ -76,7 +76,7 @@ upstream:
             key: github.token
             name: "{{ .Release.Name }}-plugin-secrets"
       - name: KEYCLOAK_BASE_URL
-        value: "https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/auth"
+        value: "https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}"
       - name: KEYCLOAK_LOGIN_REALM
         value: "backstage"
       - name: KEYCLOAK_REALM

ci-scripts/rhdh-setup/template/backstage/helm/chart-values.yaml

@@ -76,7 +76,7 @@ upstream:
             key: github.token
             name: "{{ .Release.Name }}-plugin-secrets"
       - name: KEYCLOAK_BASE_URL
-        value: "https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/auth"
+        value: "https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}"
       - name: KEYCLOAK_LOGIN_REALM
         value: "backstage"
       - name: KEYCLOAK_REALM

ci-scripts/rhdh-setup/template/backstage/helm/oauth2-container-patch.yaml

@@ -18,7 +18,7 @@ extraContainers:
             key: keycloak_cookie_secret
             name: perf-test-secrets
       - name: OAUTH2_PROXY_OIDC_ISSUER_URL
-        value: https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/auth/realms/backstage
+        value: https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/realms/backstage
       - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
         value: "true"
       - name: OAUTH2_PROXY_LOGGING_LEVEL

ci-scripts/rhdh-setup/template/backstage/olm/backstage.yaml

@@ -18,7 +18,7 @@ spec:
     extraEnvs:
       envs:
         - name: KEYCLOAK_BASE_URL
-          value: "https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/auth"
+          value: "https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}"
         - name: KEYCLOAK_LOGIN_REALM
           value: "backstage"
         - name: KEYCLOAK_REALM

ci-scripts/rhdh-setup/template/backstage/olm/rhdh-oauth2.deployment.yaml

@@ -40,7 +40,7 @@ spec:
                   key: keycloak_cookie_secret
                   name: perf-test-secrets
             - name: OAUTH2_PROXY_OIDC_ISSUER_URL
-              value: https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/auth/realms/backstage
+              value: https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/realms/backstage
             - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
               value: "true"
           image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1

ci-scripts/rhdh-setup/template/keycloak/keycloak.yaml

@@ -6,14 +6,27 @@ metadata:
     app: keycloak
 spec:
   instances: ${RHDH_KEYCLOAK_REPLICAS}
+  db:
+    vendor: postgres
+    host: keycloak-postgresql
+    port: 5432
+    database: keycloak
+    usernameSecret:
+      name: keycloak-db-user
+      key: keycloak-db-user
+    passwordSecret:
+      name: keycloak-postgresql
+      key: password
   hostname:
     strict: false
   http:
     httpEnabled: true
   ingress:
     enabled: true
   additionalOptions:
-    - name: hostname-strict
-      value: "false"
-    - name: http-enabled
-      value: "true"
+    - name: bootstrap-admin-username
+      value: admin
+    - name: bootstrap-admin-password
+      value: admin123
+    - name: proxy-headers
+      value: forwarded