Before reporting an issue
Area
operator
Describe the bug
Description
I am encountering an issue with the Keycloak Operator and the KeycloakRealmImport CRD (k8s.keycloak.org/v2alpha1).
When I apply a KeycloakRealmImport custom resource, the Operator processes it successfully. I can verify via SQL that the Realm is correctly created in the underlying database. However, the new Realm does not appear in the Keycloak Admin Console (dropdown menu) or API responses from the running Keycloak pods.
The Realm only becomes visible and usable after performing a rollout restart of the Keycloak StatefulSet.
Environment
Analysis / Potential Cause
This behavior suggests a synchronization issue between the temporary Import Job spawned by the Operator and the running Keycloak StatefulSet.
It appears that while the Import Job successfully writes to the database, the running Keycloak nodes (managed by the StatefulSet) do not receive an invalidation event via Infinispan/JGroups. Therefore, they continue to serve the old realm list from their local cache until a restart forces a reload from the database.
Version
26.5
Regression
Expected behavior
The imported Realm should be visible in the Admin Console immediately after the KeycloakRealmImport resource is successfully reconciled. The running Keycloak instances should invalidate their realm cache once the import job completes.
Actual behavior
The Realm is persisted in the database but remains invisible in the Admin Console until the application is restarted.
How to Reproduce?
-
Deploy Keycloak using the Keycloak Operator.
-
Create a valid KeycloakRealmImport YAML file (see example below).
-
Apply the CRD: kubectl apply -f import-realm.yaml.
-
Wait for the Operator to process the import (Status becomes DONE / Ready).
-
Verify the database content (e.g., connect to the DB pod and query the realm table): The Realm exists.
-
Log in to the Keycloak Admin Console on the running Keycloak instance.
-
Check the realm dropdown: The imported Realm is missing.
-
Restart the Keycloak pods: kubectl rollout restart statefulset/keycloak.
-
Refresh the Admin Console: The Realm is now visible.
Anything else?
No response
Before reporting an issue
Area
operator
Describe the bug
Description
I am encountering an issue with the Keycloak Operator and the
KeycloakRealmImportCRD (k8s.keycloak.org/v2alpha1).When I apply a
KeycloakRealmImportcustom resource, the Operator processes it successfully. I can verify via SQL that the Realm is correctly created in the underlying database. However, the new Realm does not appear in the Keycloak Admin Console (dropdown menu) or API responses from the running Keycloak pods.The Realm only becomes visible and usable after performing a rollout restart of the Keycloak StatefulSet.
Environment
Keycloak Version: 26.5
Keycloak Operator Version: 26.5.1
Kubernetes Version: 1.34.2
Database: PostgreSQL 17
Analysis / Potential Cause
This behavior suggests a synchronization issue between the temporary Import Job spawned by the Operator and the running Keycloak StatefulSet.
It appears that while the Import Job successfully writes to the database, the running Keycloak nodes (managed by the StatefulSet) do not receive an invalidation event via Infinispan/JGroups. Therefore, they continue to serve the old realm list from their local cache until a restart forces a reload from the database.
Version
26.5
Regression
Expected behavior
The imported Realm should be visible in the Admin Console immediately after the
KeycloakRealmImportresource is successfully reconciled. The running Keycloak instances should invalidate their realm cache once the import job completes.Actual behavior
The Realm is persisted in the database but remains invisible in the Admin Console until the application is restarted.
How to Reproduce?
Deploy Keycloak using the Keycloak Operator.
Create a valid
KeycloakRealmImportYAML file (see example below).Apply the CRD:
kubectl apply -f import-realm.yaml.Wait for the Operator to process the import (Status becomes
DONE/Ready).Verify the database content (e.g., connect to the DB pod and query the
realmtable): The Realm exists.Log in to the Keycloak Admin Console on the running Keycloak instance.
Check the realm dropdown: The imported Realm is missing.
Restart the Keycloak pods:
kubectl rollout restart statefulset/keycloak.Refresh the Admin Console: The Realm is now visible.
Anything else?
No response