diff --git a/docs/admin/deployment/aws/04-infrastructure-deployment/index.md b/docs/admin/deployment/aws/04-infrastructure-deployment/index.md
index 457c3c31..5c5cb3b8 100644
--- a/docs/admin/deployment/aws/04-infrastructure-deployment/index.md
+++ b/docs/admin/deployment/aws/04-infrastructure-deployment/index.md
@@ -95,12 +95,13 @@ The core platform infrastructure provisions all AWS resources needed to run AI/R
### Data & Storage
-| Resource | Purpose |
-| -------------------- | ------------------------------------------------------------- |
-| **RDS PostgreSQL** | Managed database service for CodeMie application data |
-| **RDS Subnet Group** | Database subnet group for multi-AZ deployment |
-| **S3 Bucket** | Persistent storage for CodeMie application data and artifacts |
-| **EBS Volumes** | Block storage for Kubernetes persistent volumes |
+| Resource | Purpose |
+| ----------------------------- | ------------------------------------------------------------- |
+| **RDS PostgreSQL** | Managed database service for CodeMie application data |
+| **RDS PostgreSQL (Keycloak)** | Dedicated database instance for Keycloak (optional) |
+| **RDS Subnet Group** | Database subnet group for multi-AZ deployment |
+| **S3 Bucket** | Persistent storage for CodeMie application data and artifacts |
+| **EBS Volumes** | Block storage for Kubernetes persistent volumes |
### Security & Identity
diff --git a/docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md b/docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md
index 6dc8d202..f1e214da 100644
--- a/docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md
+++ b/docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md
@@ -137,6 +137,10 @@ TF_VAR_enable_private_connections=true
TF_VAR_lb_prefix_list_ids='[]'
TF_VAR_lb_specific_ips='[]'
TF_VAR_security_group_ids='[]'
+
+# Optional: Keycloak Database
+# Set to true to share the existing CodeMie RDS instance instead of creating a dedicated one
+TF_VAR_keycloak_shared_database_instance=false
...
```
@@ -172,12 +176,19 @@ AWS_KMS_KEY_ID=12345678-90ab-cdef-1234-567890abcdef
AWS_S3_BUCKET_NAME=codemie-platform-bucket
CODEMIE_DOMAIN_NAME=airun.example.com
-# Database Outputs
+# RDS Database Outputs
CODEMIE_POSTGRES_DATABASE_HOST=codemie-rds.123456789012.us-east-1.rds.amazonaws.com
CODEMIE_POSTGRES_DATABASE_PORT=5432
CODEMIE_POSTGRES_DATABASE_NAME=codemie
CODEMIE_POSTGRES_DATABASE_USER=dbadmin
CODEMIE_POSTGRES_DATABASE_PASSWORD="generated-password"
+
+# Keycloak Database Outputs (present when TF_VAR_keycloak_shared_database_instance=false)
+KEYCLOAK_POSTGRES_DATABASE_HOST=codemie-keycloak-rds.123456789012.us-east-1.rds.amazonaws.com
+KEYCLOAK_POSTGRES_DATABASE_PORT=5432
+KEYCLOAK_POSTGRES_DATABASE_NAME=keycloak
+KEYCLOAK_POSTGRES_DATABASE_USER=keycloak_admin
+KEYCLOAK_POSTGRES_DATABASE_PASSWORD="generated-password"
```
:::tip Save These Outputs
diff --git a/docs/admin/deployment/aws/05-components-deployment/index.md b/docs/admin/deployment/aws/05-components-deployment/index.md
index d29f2b45..27d88d8e 100644
--- a/docs/admin/deployment/aws/05-components-deployment/index.md
+++ b/docs/admin/deployment/aws/05-components-deployment/index.md
@@ -14,7 +14,7 @@ pagination_next: admin/deployment/aws/components-deployment/components-scripted-
This section guides you through deploying the AI/Run CodeMie application stack on your EKS cluster. After completing infrastructure deployment, this phase installs all necessary Kubernetes components including:
- **Core AI/Run CodeMie services** (API, UI, MCP Connect, NATS Auth)
-- **Data layer** (Elasticsearch, PostgreSQL via operators)
+- **Data layer** (Elasticsearch)
- **Security & Identity** (Keycloak, OAuth2 Proxy)
- **Infrastructure services** (Ingress controller, storage)
- **Observability** (Kibana, Fluent Bit)
@@ -63,11 +63,10 @@ bash get-codemie-latest-release-version.sh -c /path/to/key.json
Database and search components for data persistence:
-| Component | Container Registry | Description |
-| ----------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------------- |
-| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) |
-| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Analytics and visualization interface for Elasticsearch data |
-| **PostgreSQL Operator** | `registry.developers.crunchydata.com/.../postgres-operator:x.y.z` | Manages PostgreSQL instances for Keycloak |
+| Component | Container Registry | Description |
+| ----------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------- |
+| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) |
+| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Analytics and visualization interface for Elasticsearch data |
#### Security & Identity Management
@@ -117,9 +116,9 @@ Components that can be omitted based on configuration:
Components must be deployed in the following order due to dependencies:
1. **Infrastructure** → Ingress Controller, Storage Class
-2. **Operators** → PostgreSQL Operator, Keycloak Operator
-3. **Data Layer** → Elasticsearch, PostgreSQL instances
-4. **Security** → Keycloak, OAuth2 Proxy
+2. **Operators** → Keycloak Operator
+3. **Data Layer** → Elasticsearch
+4. **Security** → Keycloak (with database credentials), OAuth2 Proxy
5. **Messaging** → NATS
6. **Core Services** → CodeMie API, UI, MCP Connect, NATS Auth
7. **Observability** → Fluent Bit, Kibana
diff --git a/docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md b/docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md
index 644a89cb..a9e24af8 100644
--- a/docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md
+++ b/docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md
@@ -9,7 +9,6 @@ pagination_next: admin/deployment/aws/components-deployment/manual-deployment/se
import DataLayerOverview from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-overview.mdx';
import DataLayerElasticsearch from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-elasticsearch.mdx';
-import DataLayerPostgresOperator from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-postgresql-operator.mdx';
import DataLayerPostgresConfig from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-postgresql-config.mdx';
import DataLayerValidation from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-validation.mdx';
@@ -17,10 +16,6 @@ import DataLayerValidation from '../../../common/deployment/05-components-deploy
-
-
-
-
-
-
-**Kubernetes APIs:** `ClusterRole`, `ClusterRoleBinding`, Custom Resource Definitions (CRDs), Custom Resources (CRs)
-
-**Purpose:** Manages PostgreSQL database instances and their lifecycle
-
-:::note
-Requires cluster-wide permissions for database provisioning and management.
-:::
-
-
-
**Kubernetes API:** `Pod` with `securityContext`
diff --git a/docs/admin/deployment/common/deployment/02-prerequisites/_network-requirements.mdx b/docs/admin/deployment/common/deployment/02-prerequisites/_network-requirements.mdx
index b99df164..4dbf21be 100644
--- a/docs/admin/deployment/common/deployment/02-prerequisites/_network-requirements.mdx
+++ b/docs/admin/deployment/common/deployment/02-prerequisites/_network-requirements.mdx
@@ -2,13 +2,12 @@
Your {props.clusterName} cluster's {props.networkSecurityName} must allow **outbound access** to the following endpoints:
-| Destination | Purpose |
-| ------------------------------------- | -------------------------------------------------------------- |
-| `europe-west3-docker.pkg.dev` | AI/Run CodeMie container registry (Google Container Registry) |
-| `quay.io` | Third-party container images |
-| `docker.io` | Docker Hub container images |
-| `registry.developers.crunchydata.com` | PostgreSQL operator images |
-| Your integration services | GitLab, GitHub, or other services you plan to use with CodeMie |
+| Destination | Purpose |
+| ----------------------------- | -------------------------------------------------------------- |
+| `europe-west3-docker.pkg.dev` | AI/Run CodeMie container registry (Google Container Registry) |
+| `quay.io` | Third-party container images |
+| `docker.io` | Docker Hub container images |
+| Your integration services | GitLab, GitHub, or other services you plan to use with CodeMie |
:::note Container Registry Access
AI/Run CodeMie container images are hosted on Google Container Registry (GCR). You will need **gcloud CLI** installed on your deployment machine to authenticate and pull helm charts from GCR.
diff --git a/docs/admin/deployment/common/deployment/03-architecture/_container-resources.mdx b/docs/admin/deployment/common/deployment/03-architecture/_container-resources.mdx
index 74ba52e8..005b49b4 100644
--- a/docs/admin/deployment/common/deployment/03-architecture/_container-resources.mdx
+++ b/docs/admin/deployment/common/deployment/03-architecture/_container-resources.mdx
@@ -2,20 +2,21 @@
The table below specifies resource requirements for AI/Run CodeMie components sized for **high-scale production deployments** supporting 500+ concurrent users.
-| Component | Pods | RAM | vCPU | Storage |
-| ------------------- | ------------------------ | ----- | ---- | -------------- |
-| CodeMie API | 2 | 8Gi | 4.0 | – |
-| CodeMie UI | 1 | 128Mi | 0.1 | – |
-| Elasticsearch | 2 | 16Gi | 4.0 | 200 GB per pod |
-| Kibana | 1 | 1Gi | 1.0 | – |
-| Mermaid-server | 1 | 512Mi | 1.0 | – |
-| PostgreSQL | Managed service in cloud | – | – | 30-50 GB |
-| Keycloak + DB | 1 + 1 | 4Gi | 2.0 | 1 GB |
-| Oauth2-proxy | 1 | 128Mi | 0.1 | – |
-| NATS + Auth Callout | 1 + 1 | 512Mi | 1.0 | – |
-| MCP Connect | 1 | 1Gi | 0.5 | – |
-| Fluent Bit | DaemonSet | 128Mi | 0.1 | – |
-| LLM Proxy | 1 | 1Gi | 1.0 | – |
+| Component | Pods | RAM | vCPU | Storage |
+| ------------------------------ | ------------------------ | ----- | ---- | -------------- |
+| CodeMie API | 2 | 8Gi | 4.0 | – |
+| CodeMie UI | 1 | 128Mi | 0.1 | – |
+| Elasticsearch | 2 | 16Gi | 4.0 | 200 GB per pod |
+| Kibana | 1 | 1Gi | 1.0 | – |
+| Mermaid-server | 1 | 512Mi | 1.0 | – |
+| PostgreSQL | Managed service in cloud | – | – | 30-50 GB |
+| Keycloak PostgreSQL (optional) | Managed service in cloud | – | – | 20 GB |
+| Keycloak | 1 | 4Gi | 2.0 | – |
+| Oauth2-proxy | 1 | 128Mi | 0.1 | – |
+| NATS + Auth Callout | 1 + 1 | 512Mi | 1.0 | – |
+| MCP Connect | 1 | 1Gi | 0.5 | – |
+| Fluent Bit | DaemonSet | 128Mi | 0.1 | – |
+| LLM Proxy | 1 | 1Gi | 1.0 | – |
:::info Scaling Considerations
@@ -23,7 +24,7 @@ The listed requirements are designed for high-scale production deployments. For
- **User Concurrency**: API replicas can be scaled depending on the load
- **Data Volume**: Elasticsearch stores vector datasources, user metrics and container logs, therefore storage grows with datasources amount and size and log retention policies
-- **Database Sizing**: PostgreSQL managed service tier depends on user count, the amount of resources they create in CodeMie, and additional extensions connected to CodeMie that share the same database instance
+- **Database Sizing**: PostgreSQL managed service tier depends on user count and the amount of resources they create in CodeMie. When Keycloak uses a dedicated database instance, each instance can be sized independently; when Keycloak shares the CodeMie database, the combined workload must be accounted for when choosing the service tier
- **LLM Proxy**: Resource requirements depend on the exact LLM proxy type being used
:::
diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-overview.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-overview.mdx
index 5e83e8af..d7d934ca 100644
--- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-overview.mdx
+++ b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-overview.mdx
@@ -2,12 +2,11 @@ This guide covers the installation of data storage components that provide persi
## Overview
-The data layer consists of three components:
+The data layer consists of two components:
- **Elasticsearch** - Document storage and search engine for application logs, embeddings, and search functionality
-- **PostgreSQL Operator** - Kubernetes operator for managing PostgreSQL database lifecycle
-- **PostgreSQL** - Cloud-managed relational database for Keycloak and application metadata
+- **PostgreSQL** - Cloud-managed relational database for application metadata
:::info Installation Order
-These components must be installed in the order presented, as PostgreSQL Operator is required before configuring PostgreSQL secrets.
+These components must be installed in the order presented.
:::
diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx
deleted file mode 100644
index 45941572..00000000
--- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx
+++ /dev/null
@@ -1,33 +0,0 @@
-## PostgreSQL Operator Installation
-
-The PostgreSQL Operator automates the management of PostgreSQL databases in Kubernetes. While CodeMie uses a cloud-managed {props.postgresServiceName}, the operator is required for Keycloak database configuration.
-
-### Step 1: Install PostgreSQL Operator Helm Chart
-
-Deploy the PostgreSQL Operator:
-
-```bash
-helm upgrade --install postgres-operator postgres-operator-helm/. \
- -n postgres-operator \
- --create-namespace \
- --wait \
- --timeout 900s \
- --dependency-update
-```
-
-### Step 2: Verify PostgreSQL Operator Deployment
-
-Check that the operator is running:
-
-```bash
-# Check pod status
-kubectl get pods -n postgres-operator
-
-# Check operator logs
-kubectl logs -n postgres-operator deployment/postgres-operator --tail=50
-```
-
-Expected output:
-
-- Operator pod should be in `Running` state
-- Logs should show "controller started" or similar success message
diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-validation.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-validation.mdx
index 9c057369..4e0124ee 100644
--- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-validation.mdx
+++ b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-validation.mdx
@@ -7,9 +7,6 @@ After completing all data layer installations, verify the following:
kubectl get pods -n elastic | grep Running
kubectl get statefulset -n elastic
-# PostgreSQL Operator is running
-kubectl get pods -n postgres-operator | grep Running
-
# PostgreSQL secret exists
kubectl get secret codemie-postgresql -n codemie
diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/k8s/_storage-ingress-validation.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/k8s/_storage-ingress-validation.mdx
index 7d742ace..40e1d761 100644
--- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/k8s/_storage-ingress-validation.mdx
+++ b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/k8s/_storage-ingress-validation.mdx
@@ -17,4 +17,4 @@ All checks should return successful results before proceeding.
## Next Steps
-Once storage and ingress are configured, proceed to **[Data Layer](./data-layer)** installation to deploy Elasticsearch, Kibana, and PostgreSQL components.
+Once storage and ingress are configured, proceed to **[Data Layer](./data-layer)** installation to deploy Elasticsearch and Kibana components.
diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-keycloak-install.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-keycloak-install.mdx
index cf73d6ac..6e534a29 100644
--- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-keycloak-install.mdx
+++ b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-keycloak-install.mdx
@@ -6,26 +6,83 @@ Keycloak provides centralized authentication and user management for AI/Run Code
### Step 1: Configure Domain Name
-Fill in values in `keycloak-helm/values-gcp.yaml` file by replacing `%%DOMAIN%%` with your domain name, e.g., `airun.example.com`
+Fill in values in keycloak-helm/{props.valuesFileName} by replacing `%%DOMAIN%%` with your domain name, e.g., `airun.example.com`
:::tip Domain Configuration
If you followed the Getting Started steps in the [overview](./), this should already be configured.
:::
-### Step 2: Install Keycloak Helm Chart
+### Step 2: Create Database Secrets
-Deploy Keycloak using Helm:
+Create the required Kubernetes secrets in the `security` namespace before installing Keycloak.
+
+Keycloak can use a dedicated database instance or share the existing CodeMie database. Choose the appropriate option based on your infrastructure.
+
+**Dedicated database instance** (when `TF_VAR_keycloak_shared_database_instance=false`):
+
+```bash
+# Source the infrastructure outputs
+source deployment_outputs.env
+
+kubectl create secret generic keycloak-postgresql \
+ --from-literal=password="${KEYCLOAK_POSTGRES_DATABASE_PASSWORD}" \
+ --namespace security
+```
+
+**Shared CodeMie database** (when `TF_VAR_keycloak_shared_database_instance=true`):
+
+```bash
+# Source the infrastructure outputs
+source deployment_outputs.env
+
+# Generate a password for the Keycloak database user
+KEYCLOAK_DB_PASSWORD=$(openssl rand -base64 16 | tr -d '=+/' | head -c 16)
+
+kubectl create secret generic keycloak-postgresql \
+ --from-literal=password="${KEYCLOAK_DB_PASSWORD}" \
+ --namespace security
+
+kubectl create secret generic codemie-postgresql \
+ --from-literal=PG_USER="${CODEMIE_POSTGRES_DATABASE_USER}" \
+ --from-literal=PG_PASS="${CODEMIE_POSTGRES_DATABASE_PASSWORD}" \
+ --namespace security
+```
+
+:::info Shared Database Init Job
+When using a shared database, a Helm hook Job automatically creates a dedicated `keycloak` database and `keycloak_admin` user on the shared PostgreSQL instance during Keycloak installation.
+:::
+
+### Step 3: Install Keycloak Helm Chart
+
+Deploy Keycloak, providing the database hostname and mode.
+
+**Dedicated database instance:**
+
+
+{`helm upgrade --install keycloak keycloak-helm/. \\
+ -n security \\
+ --values keycloak-helm/${props.valuesFileName} \\
+ --set keycloakx.database.hostname="\${KEYCLOAK_POSTGRES_DATABASE_HOST}" \\
+ --set sharedDatabaseInstance.enabled=false \\
+ --wait \\
+ --timeout 900s \\
+ --dependency-update`}
+
+
+**Shared database:**
{`helm upgrade --install keycloak keycloak-helm/. \\
-n security \\
--values keycloak-helm/${props.valuesFileName} \\
+ --set keycloakx.database.hostname="\${CODEMIE_POSTGRES_DATABASE_HOST}" \\
+ --set sharedDatabaseInstance.enabled=true \\
--wait \\
--timeout 900s \\
--dependency-update`}
-### Step 3: Verify Keycloak Deployment
+### Step 4: Verify Keycloak Deployment
Check that Keycloak is running:
@@ -46,7 +103,7 @@ Expected output:
- Keycloak pods should be in `Running` state
- Logs should indicate successful startup
-### Step 4: Access Keycloak Admin Console
+### Step 5: Access Keycloak Admin Console
Keycloak Admin UI can be accessed at:
diff --git a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-oauth2-proxy.mdx b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-oauth2-proxy.mdx
index cac122f4..9105789d 100644
--- a/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-oauth2-proxy.mdx
+++ b/docs/admin/deployment/common/deployment/05-components-deployment/manual-deployment/security/_security-oauth2-proxy.mdx
@@ -56,7 +56,7 @@ kubectl get secret keycloak-admin -n security -o yaml | \
### Step 4: Configure Domain Name
-Fill in missing values in `oauth2-proxy/values-gcp.yaml` file by replacing `%%DOMAIN%%` with your domain name, e.g., `example.com`
+Fill in missing values in oauth2-proxy/{props.valuesFileName} file by replacing `%%DOMAIN%%` with your domain name, e.g., `example.com`
:::tip Domain Configuration
If you followed the Getting Started steps in the [overview](./), this should already be configured.
diff --git a/docs/admin/deployment/gcp/04-infrastructure-deployment/index.md b/docs/admin/deployment/gcp/04-infrastructure-deployment/index.md
index 4b66b138..1f29ed92 100644
--- a/docs/admin/deployment/gcp/04-infrastructure-deployment/index.md
+++ b/docs/admin/deployment/gcp/04-infrastructure-deployment/index.md
@@ -64,10 +64,11 @@ The core platform infrastructure provisions all GCP resources needed to run AI/R
### Data & Storage
-| Resource | Purpose |
-| -------------------------- | ------------------------------------------------------------------------------------------ |
-| **Cloud SQL (PostgreSQL)** | Managed PostgreSQL database service for CodeMie application data with private connectivity |
-| **Cloud Storage Buckets** | Optional persistent storage for CodeMie application data and artifacts |
+| Resource | Purpose |
+| ----------------------------------- | ------------------------------------------------------------------------------------------ |
+| **Cloud SQL (PostgreSQL)** | Managed PostgreSQL database service for CodeMie application data with private connectivity |
+| **Cloud SQL PostgreSQL (Keycloak)** | Dedicated Cloud SQL instance for Keycloak (optional) |
+| **Cloud Storage Buckets** | Optional persistent storage for CodeMie application data and artifacts |
:::info Optional Components
Some components like Cloud Storage buckets or public DNS zones may be optional depending on your deployment configuration and requirements.
diff --git a/docs/admin/deployment/gcp/04-infrastructure-deployment/manual-deployment.md b/docs/admin/deployment/gcp/04-infrastructure-deployment/manual-deployment.md
index 1176fd6c..ae4c1679 100644
--- a/docs/admin/deployment/gcp/04-infrastructure-deployment/manual-deployment.md
+++ b/docs/admin/deployment/gcp/04-infrastructure-deployment/manual-deployment.md
@@ -193,6 +193,10 @@ extra_authorized_networks = [
# Cluster Configuration
private_cluster = false # Set to true for completely private GKE cluster
create_private_dns_zone = false # Set to true if using private DNS
+
+# Optional: Keycloak Database
+# Set to true to share the existing CodeMie Cloud SQL instance instead of creating a dedicated one
+keycloak_shared_database_instance = false
```
:::info Configuration References
@@ -239,7 +243,8 @@ gcloud compute networks list --project=your-project-id
- GKE cluster connection commands
- Bastion Host SSH/RDP commands
-- Cloud SQL connection details
+- Cloud SQL connection details (`pg_host`, `pg_port`, `pg_database`, `pg_user`, `pg_secret_name`)
+- Keycloak Cloud SQL details (`keycloak_pg_host`, `keycloak_pg_database`, `keycloak_pg_user`, `keycloak_pg_secret_name`) — present when `keycloak_shared_database_instance = false`
- Service account information
:::tip Infrastructure Ready
diff --git a/docs/admin/deployment/gcp/05-components-deployment/index.md b/docs/admin/deployment/gcp/05-components-deployment/index.md
index 0c01ff8b..f6395cc6 100644
--- a/docs/admin/deployment/gcp/05-components-deployment/index.md
+++ b/docs/admin/deployment/gcp/05-components-deployment/index.md
@@ -14,7 +14,7 @@ pagination_next: admin/deployment/gcp/components-deployment/components-scripted-
This section guides you through deploying the AI/Run CodeMie application stack on your GKE cluster. After completing infrastructure deployment, this phase installs all necessary Kubernetes components including:
- **Core AI/Run CodeMie services** (API, UI, MCP Connect, NATS Auth)
-- **Data layer** (Elasticsearch, PostgreSQL via operators)
+- **Data layer** (Elasticsearch)
- **Security & Identity** (Keycloak, OAuth2 Proxy)
- **Infrastructure services** (Ingress controller, storage)
- **Observability** (Kibana, Fluent Bit)
@@ -63,12 +63,10 @@ Make sure you logged in with `key.json` shared with you.
Database and storage services for application data:
-| Component | Container Image | Description |
-| ----------------------- | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
-| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Document storage, full-text search engine, and analytics platform |
-| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Visualization and exploration tool for Elasticsearch data and logs |
-| **PostgreSQL Operator** | `registry.developers.crunchydata.com/.../postgres-operator:x.y.z` | Kubernetes operator for managing PostgreSQL database lifecycle |
-| **PostgreSQL** | `registry.developers.crunchydata.com/.../crunchy-postgres:x.y.z` | Relational database for structured application data (managed via operator or Cloud SQL) |
+| Component | Container Image | Description |
+| ----------------- | ----------------------------------------------------- | ------------------------------------------------------------------ |
+| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Document storage, full-text search engine, and analytics platform |
+| **Kibana** | `docker.elastic.co/kibana/kibana:x.y.z` | Visualization and exploration tool for Elasticsearch data and logs |
##### Security & Identity Components
@@ -119,9 +117,9 @@ Additional services for enhanced functionality:
Components must be installed in the following sequence to satisfy dependencies:
1. **Infrastructure** → Ingress Controller, Storage Class
-2. **Operators** → PostgreSQL Operator, Keycloak Operator
-3. **Data Layer** → Elasticsearch, PostgreSQL instances
-4. **Security** → Keycloak, OAuth2 Proxy
+2. **Operators** → Keycloak Operator
+3. **Data Layer** → Elasticsearch
+4. **Security** → Keycloak (with database credentials), OAuth2 Proxy
5. **Messaging** → NATS
6. **Core Services** → CodeMie API, UI, MCP Connect, NATS Auth
7. **Observability** → Fluent Bit, Kibana
diff --git a/docs/admin/deployment/gcp/05-components-deployment/manual-deployment/02-data-layer.mdx b/docs/admin/deployment/gcp/05-components-deployment/manual-deployment/02-data-layer.mdx
index d1d8b00c..2289ef2b 100644
--- a/docs/admin/deployment/gcp/05-components-deployment/manual-deployment/02-data-layer.mdx
+++ b/docs/admin/deployment/gcp/05-components-deployment/manual-deployment/02-data-layer.mdx
@@ -7,7 +7,6 @@ sidebar_label: Data Layer
import DataLayerOverview from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-overview.mdx';
import DataLayerElasticsearch from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-elasticsearch.mdx';
-import DataLayerPostgresOperator from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-operator.mdx';
import DataLayerPostgresConfig from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-postgresql-config.mdx';
import DataLayerValidation from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/_data-layer-validation.mdx';
@@ -15,10 +14,6 @@ import DataLayerValidation from '../../../common/deployment/05-components-deploy
-
-