docs: replace postgresql operator with dedicated rds for keycloak

cspell.config.yaml

@@ -300,6 +300,9 @@ words:
   - toastify
   - Toastify
   - unpublishing
+  - pguser
+  - dbname
+  - jdbc
 # Ignore RegExp patterns (for things like URLs, version numbers, etc.)
 ignoreRegExpList:
   # Ignore Cyrillic characters (non-English content in FAQ files)

docs/admin/deployment/aws/04-infrastructure-deployment/index.md

@@ -95,12 +95,13 @@ The core platform infrastructure provisions all AWS resources needed to run AI/R
 
 ### Data & Storage
 
-| Resource             | Purpose                                                       |
-| -------------------- | ------------------------------------------------------------- |
-| **RDS PostgreSQL**   | Managed database service for CodeMie application data         |
-| **RDS Subnet Group** | Database subnet group for multi-AZ deployment                 |
-| **S3 Bucket**        | Persistent storage for CodeMie application data and artifacts |
-| **EBS Volumes**      | Block storage for Kubernetes persistent volumes               |
+| Resource                      | Purpose                                                       |
+| ----------------------------- | ------------------------------------------------------------- |
+| **RDS PostgreSQL**            | Managed database service for CodeMie application data         |
+| **RDS PostgreSQL (Keycloak)** | Dedicated database instance for Keycloak (optional)           |
+| **RDS Subnet Group**          | Database subnet group for multi-AZ deployment                 |
+| **S3 Bucket**                 | Persistent storage for CodeMie application data and artifacts |
+| **EBS Volumes**               | Block storage for Kubernetes persistent volumes               |
 
 ### Security & Identity
 

docs/admin/deployment/aws/04-infrastructure-deployment/scripted-deployment.md

@@ -137,6 +137,10 @@ TF_VAR_enable_private_connections=true
 TF_VAR_lb_prefix_list_ids='[]'
 TF_VAR_lb_specific_ips='[]'
 TF_VAR_security_group_ids='[]'
+
+# Optional: Keycloak Database
+# Set to false to share the existing CodeMie RDS instance instead of creating a dedicated one
+TF_VAR_keycloak_dedicated_database_instance=true
 ...
 ```
 
@@ -172,12 +176,19 @@ AWS_KMS_KEY_ID=12345678-90ab-cdef-1234-567890abcdef
 AWS_S3_BUCKET_NAME=codemie-platform-bucket
 CODEMIE_DOMAIN_NAME=airun.example.com
 
-# Database Outputs
+# RDS Database Outputs
 CODEMIE_POSTGRES_DATABASE_HOST=codemie-rds.123456789012.us-east-1.rds.amazonaws.com
 CODEMIE_POSTGRES_DATABASE_PORT=5432
 CODEMIE_POSTGRES_DATABASE_NAME=codemie
 CODEMIE_POSTGRES_DATABASE_USER=dbadmin
 CODEMIE_POSTGRES_DATABASE_PASSWORD="generated-password"
+
+# Keycloak Database Outputs (present when TF_VAR_keycloak_dedicated_database_instance=true)
+KEYCLOAK_POSTGRES_DATABASE_HOST=codemie-keycloak-rds.123456789012.us-east-1.rds.amazonaws.com
+KEYCLOAK_POSTGRES_DATABASE_PORT=5432
+KEYCLOAK_POSTGRES_DATABASE_NAME=keycloak
+KEYCLOAK_POSTGRES_DATABASE_USER=keycloak_admin
+KEYCLOAK_POSTGRES_DATABASE_PASSWORD="generated-password"
 ```
 
 :::tip Save These Outputs

docs/admin/deployment/aws/05-components-deployment/index.md

@@ -14,7 +14,7 @@ pagination_next: admin/deployment/aws/components-deployment/components-scripted-
 This section guides you through deploying the AI/Run CodeMie application stack on your EKS cluster. After completing infrastructure deployment, this phase installs all necessary Kubernetes components including:
 
 - **Core AI/Run CodeMie services** (API, UI, MCP Connect, NATS Auth)
-- **Data layer** (Elasticsearch, PostgreSQL via operators)
+- **Data layer** (Elasticsearch)
 - **Security & Identity** (Keycloak, OAuth2 Proxy)
 - **Infrastructure services** (Ingress controller, storage)
 - **Observability** (Kibana, Fluent Bit)
@@ -63,11 +63,10 @@ bash get-codemie-latest-release-version.sh -c /path/to/key.json
 
 Database and search components for data persistence:
 
-| Component               | Container Registry                                                | Description                                                                        |
-| ----------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------------- |
-| **Elasticsearch**       | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z`             | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) |
-| **Kibana**              | `docker.elastic.co/kibana/kibana:x.y.z`                           | Analytics and visualization interface for Elasticsearch data                       |
-| **PostgreSQL Operator** | `registry.developers.crunchydata.com/.../postgres-operator:x.y.z` | Manages PostgreSQL instances for Keycloak                                          |
+| Component         | Container Registry                                    | Description                                                                        |
+| ----------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------- |
+| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) |
+| **Kibana**        | `docker.elastic.co/kibana/kibana:x.y.z`               | Analytics and visualization interface for Elasticsearch data                       |
 
 #### Security & Identity Management
 
@@ -117,9 +116,9 @@ Components that can be omitted based on configuration:
 Components must be deployed in the following order due to dependencies:
 
 1. **Infrastructure** → Ingress Controller, Storage Class
-2. **Operators** → PostgreSQL Operator, Keycloak Operator
-3. **Data Layer** → Elasticsearch, PostgreSQL instances
-4. **Security** → Keycloak, OAuth2 Proxy
+2. **Operators** → Keycloak Operator
+3. **Data Layer** → Elasticsearch
+4. **Security** → Keycloak (with database credentials), OAuth2 Proxy
 5. **Messaging** → NATS
 6. **Core Services** → CodeMie API, UI, MCP Connect, NATS Auth
 7. **Observability** → Fluent Bit, Kibana

docs/admin/deployment/aws/05-components-deployment/manual-deployment/02-data-layer.md

@@ -9,18 +9,13 @@ pagination_next: admin/deployment/aws/components-deployment/manual-deployment/se
 
 import DataLayerOverview from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-overview.mdx';
 import DataLayerElasticsearch from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-elasticsearch.mdx';
-import DataLayerPostgresOperator from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-postgresql-operator.mdx';
 import DataLayerPostgresConfig from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-postgresql-config.mdx';
 import DataLayerValidation from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-validation.mdx';
 
 <DataLayerOverview />
 
 <DataLayerElasticsearch cloudProvider="AWS" valuesFileName="values-aws.yaml" />
 
-<DataLayerPostgresOperator
-  postgresServiceName="AWS RDS PostgreSQL"
-/>
-
 <DataLayerPostgresConfig
   postgresServiceName="AWS RDS PostgreSQL"
   postgresExampleHost="codemie-postgres.abc123.us-west-2.rds.amazonaws.com"

docs/admin/deployment/aws/05-components-deployment/manual-deployment/index.md

@@ -86,8 +86,6 @@ Components must be installed in the following order to satisfy dependencies:
 **Components**:
 
 - Elasticsearch (document storage and search engine)
-- PostgreSQL Operator (database lifecycle management)
-- PostgreSQL (relational database instances or RDS connection)
 
 **Dependencies**: Requires storage class from Step 1
 
@@ -101,7 +99,7 @@ Components must be installed in the following order to satisfy dependencies:
 - Keycloak (identity and access management)
 - OAuth2 Proxy (authentication proxy)
 
-**Dependencies**: Requires PostgreSQL from Step 2
+**Dependencies**: Requires RDS from infrastructure deployment
 
 ### 4. [Plugin Engine](./plugin-engine)
 

docs/admin/deployment/aws/05-components-deployment/scripted-deployment.md

@@ -20,7 +20,7 @@ Scripted deployment is recommended for standard installations as it automates co
 The deployment script automates the installation of:
 
 - **Infrastructure services** (Nginx Ingress, Storage Class)
-- **Data layer** (Elasticsearch, PostgreSQL Operator)
+- **Data layer** (Elasticsearch)
 - **Security components** (Keycloak, OAuth2 Proxy)
 - **Messaging system** (NATS)
 - **Core CodeMie services** (API, UI, MCP Connect)

docs/admin/deployment/azure/04-infrastructure-deployment/index.md

@@ -72,11 +72,12 @@ The core platform infrastructure provisions all Azure resources needed to run AI
 
 ### Data & Storage
 
-| Resource                       | Purpose                                                                         |
-| ------------------------------ | ------------------------------------------------------------------------------- |
-| **PostgreSQL Flexible Server** | Managed database service for CodeMie application data with private connectivity |
-| **Storage Account**            | Persistent storage for CodeMie application data and artifacts                   |
-| **Container Registry (ACR)**   | Private Docker image repository for CodeMie container images                    |
+| Resource                                  | Purpose                                                                         |
+| ----------------------------------------- | ------------------------------------------------------------------------------- |
+| **PostgreSQL Flexible Server**            | Managed database service for CodeMie application data with private connectivity |
+| **PostgreSQL Flexible Server (Keycloak)** | Dedicated database instance for Keycloak (optional)                             |
+| **Storage Account**                       | Persistent storage for CodeMie application data and artifacts                   |
+| **Container Registry (ACR)**              | Private Docker image repository for CodeMie container images                    |
 
 :::info Optional: Azure Container Registry
 ACR deployment is optional. If you plan to use an external container registry (e.g., Google Container Registry, Docker Hub, or a corporate registry), ACR can be omitted from the deployment.

docs/admin/deployment/azure/04-infrastructure-deployment/scripted-deployment.md

@@ -84,6 +84,10 @@ TF_VAR_tags='{"createdWith":"Terraform","environment":"production"}'
 
 # Optional: AI Models Deployment
 DEPLOY_AI_MODELS="true"                    # Set to "false" to skip Azure OpenAI deployment
+
+# Optional: Keycloak Database
+# Set to false to share the existing CodeMie PostgreSQL instance instead of creating a dedicated one
+TF_VAR_keycloak_dedicated_database_instance=true
 ```
 
 :::tip Required vs Optional Variables
@@ -368,12 +372,19 @@ AZURE_AI_TENANT_ID="00000000-0000-0000-0000-000000000000"
 AZURE_AI_CLIENT_ID="00000000-0000-0000-0000-000000000000"
 AZURE_AI_CLIENT_SECRET="some-secret"
 
-# Database Outputs
+# CodeMie PostgreSQL
 CODEMIE_POSTGRES_DATABASE_HOST="codemie-psql-abc123.postgres.database.azure.com"
 CODEMIE_POSTGRES_DATABASE_PORT="5432"
 CODEMIE_POSTGRES_DATABASE_NAME="codemie"
 CODEMIE_POSTGRES_DATABASE_USER="pgadmin"
 CODEMIE_POSTGRES_DATABASE_PASSWORD="password"
+
+# Keycloak PostgreSQL (present when TF_VAR_keycloak_dedicated_database_instance=true)
+KEYCLOAK_POSTGRES_DATABASE_HOST="keycloak-psql-abc123.postgres.database.azure.com"
+KEYCLOAK_POSTGRES_DATABASE_PORT="5432"
+KEYCLOAK_POSTGRES_DATABASE_NAME="keycloak"
+KEYCLOAK_POSTGRES_DATABASE_USER="keycloak_admin"
+KEYCLOAK_POSTGRES_DATABASE_PASSWORD="password"
 ```
 
 :::tip Save These Outputs

docs/admin/deployment/azure/05-components-deployment/index.md

@@ -14,7 +14,7 @@ pagination_next: admin/deployment/azure/components-deployment/components-scripte
 This section guides you through deploying the AI/Run CodeMie application stack on your AKS cluster. After completing infrastructure deployment, this phase installs all necessary Kubernetes components including:
 
 - **Core AI/Run CodeMie services** (API, UI, MCP Connect, NATS Auth)
-- **Data layer** (Elasticsearch, PostgreSQL via operators)
+- **Data layer** (Elasticsearch)
 - **Security & Identity** (Keycloak, OAuth2 Proxy)
 - **Infrastructure services** (Ingress controller, storage)
 - **Observability** (Kibana, Fluent Bit)
@@ -63,11 +63,10 @@ bash get-codemie-latest-release-version.sh -c /path/to/key.json
 
 Database and search components for data persistence:
 
-| Component               | Container Registry                                                | Description                                                                        |
-| ----------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------------- |
-| **Elasticsearch**       | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z`             | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) |
-| **Kibana**              | `docker.elastic.co/kibana/kibana:x.y.z`                           | Analytics and visualization interface for Elasticsearch data                       |
-| **PostgreSQL Operator** | `registry.developers.crunchydata.com/.../postgres-operator:x.y.z` | Manages PostgreSQL instances for Keycloak                                          |
+| Component         | Container Registry                                    | Description                                                                        |
+| ----------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------- |
+| **Elasticsearch** | `docker.elastic.co/elasticsearch/elasticsearch:x.y.z` | Primary data store for AI/Run CodeMie (datasources, projects, conversations, etc.) |
+| **Kibana**        | `docker.elastic.co/kibana/kibana:x.y.z`               | Analytics and visualization interface for Elasticsearch data                       |
 
 #### Security & Identity Management
 
@@ -117,9 +116,9 @@ Components that can be omitted based on configuration:
 Components must be deployed in the following order due to dependencies:
 
 1. **Infrastructure** → Ingress Controller, Storage Class
-2. **Operators** → PostgreSQL Operator, Keycloak Operator
-3. **Data Layer** → Elasticsearch, PostgreSQL instances
-4. **Security** → Keycloak, OAuth2 Proxy
+2. **Operators** → Keycloak Operator
+3. **Data Layer** → Elasticsearch
+4. **Security** → Keycloak (with database credentials), OAuth2 Proxy
 5. **Messaging** → NATS
 6. **Core Services** → CodeMie API, UI, MCP Connect, NATS Auth
 7. **Observability** → Fluent Bit, Kibana

docs/admin/deployment/azure/05-components-deployment/manual-deployment/02-data-layer.md

@@ -9,18 +9,13 @@ pagination_next: admin/deployment/azure/components-deployment/manual-deployment/
 
 import DataLayerOverview from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-overview.mdx';
 import DataLayerElasticsearch from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-elasticsearch.mdx';
-import DataLayerPostgresOperator from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-postgresql-operator.mdx';
 import DataLayerPostgresConfig from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-postgresql-config.mdx';
 import DataLayerValidation from '../../../common/deployment/05-components-deployment/manual-deployment/data-layer/\_data-layer-validation.mdx';
 
 <DataLayerOverview />
 
 <DataLayerElasticsearch cloudProvider="Azure" valuesFileName="values-azure.yaml" />
 
-<DataLayerPostgresOperator
-  postgresServiceName="Azure Database for PostgreSQL"
-/>
-
 <DataLayerPostgresConfig
   postgresServiceName="Azure Database for PostgreSQL"
   postgresExampleHost="codemie-postgres.postgres.database.azure.com"

docs/admin/deployment/azure/05-components-deployment/manual-deployment/index.md

@@ -86,8 +86,6 @@ Components must be installed in the following order to satisfy dependencies:
 **Components**:
 
 - Elasticsearch (document storage and search engine)
-- PostgreSQL Operator (database lifecycle management)
-- PostgreSQL (relational database instances)
 
 **Dependencies**: Requires storage class from Step 1
 
@@ -101,7 +99,7 @@ Components must be installed in the following order to satisfy dependencies:
 - Keycloak (identity and access management)
 - OAuth2 Proxy (authentication proxy)
 
-**Dependencies**: Requires PostgreSQL from Step 2
+**Dependencies**: Requires PostgreSQL from infrastructure deployment
 
 ### 4. [Plugin Engine](./plugin-engine)
 

docs/admin/deployment/azure/05-components-deployment/scripted-deployment.md

@@ -20,7 +20,7 @@ Scripted deployment is recommended for standard installations as it automates co
 The deployment script automates the installation of:
 
 - **Infrastructure services** (Nginx Ingress, Storage Class)
-- **Data layer** (Elasticsearch, PostgreSQL Operator)
+- **Data layer** (Elasticsearch)
 - **Security components** (Keycloak, OAuth2 Proxy)
 - **Messaging system** (NATS)
 - **Core CodeMie services** (API, UI, MCP Connect)

docs/admin/deployment/common/deployment/02-prerequisites/_cluster-requirements.mdx

@@ -44,18 +44,6 @@ Requires cluster-wide permissions for identity and access management operations.
 
   </TabItem>
 
-  <TabItem value="postgresql" label="PostgreSQL Operator">
-
-**Kubernetes APIs:** `ClusterRole`, `ClusterRoleBinding`, Custom Resource Definitions (CRDs), Custom Resources (CRs)
-
-**Purpose:** Manages PostgreSQL database instances and their lifecycle
-
-:::note
-Requires cluster-wide permissions for database provisioning and management.
-:::
-
-  </TabItem>
-
   <TabItem value="security" label="Security Context">
 
 **Kubernetes API:** `Pod` with `securityContext`

docs/admin/deployment/common/deployment/02-prerequisites/_network-requirements.mdx

@@ -2,13 +2,12 @@
 
 Your {props.clusterName} cluster's {props.networkSecurityName} must allow **outbound access** to the following endpoints:
 
-| Destination                           | Purpose                                                        |
-| ------------------------------------- | -------------------------------------------------------------- |
-| `europe-west3-docker.pkg.dev`         | AI/Run CodeMie container registry (Google Container Registry)  |
-| `quay.io`                             | Third-party container images                                   |
-| `docker.io`                           | Docker Hub container images                                    |
-| `registry.developers.crunchydata.com` | PostgreSQL operator images                                     |
-| Your integration services             | GitLab, GitHub, or other services you plan to use with CodeMie |
+| Destination                   | Purpose                                                        |
+| ----------------------------- | -------------------------------------------------------------- |
+| `europe-west3-docker.pkg.dev` | AI/Run CodeMie container registry (Google Container Registry)  |
+| `quay.io`                     | Third-party container images                                   |
+| `docker.io`                   | Docker Hub container images                                    |
+| Your integration services     | GitLab, GitHub, or other services you plan to use with CodeMie |
 
 :::note Container Registry Access
 AI/Run CodeMie container images are hosted on Google Container Registry (GCR). You will need **gcloud CLI** installed on your deployment machine to authenticate and pull helm charts from GCR.