Followup: Support deployment state version seed in the operator.

[ahus1]

Description

When map storage is enabled in Keycloak, the parameter --storage-deployment-state-version-seed needs to be set in the operator.

This is due to be refined with the cloud native team. It is a follow-up to #12710

Discussion

No response

Motivation

No response

Details

No response

[ahus1]

@hmlnarik - added this as a follow-up issue. Happy to pick it once I get the time.

[hmlnarik]

This is out of scope for Quarkus as it is an Operator RFE enhancement, and thus has been offloaded from Storage project.

@vmuzikar Could you please consider it for your backlog? It should be considered ready for development only after the current --storage-deployment-state-version-seed option is either marked as ready for production or in another way transitioned from experimental state.

@ahus1 Feel free to work with @keycloak/cloud-native-team re the implementation.

[vmuzikar]

Makes sense for the Operator to set this field automatically.

How does it work with clustering? All pods can use the same value?

[ahus1]

@vmuzikar - actually all pods must use the same value. And if the Keycloak cluster is being restarted, it should keep the value. The value itself should be confidential as it would allow a remote party to read the deployed version of the Keycloak instance. So it would be good to consider it a secret.

If we don't see a good way to handle this in the operator automatically, we could ask the user to create a secret for that value. Something like with the generated admin user's password would do the trick here ... but the Operator should do this only when map storage has been enabled.