postgres-operator-examples
postgres-operator-examples copied to clipboard
CrunchyData
adjusted keycloak yaml for latest version modifications
@cbrianpace just wanted to follow-up on the feedback I provided above to see if we can get this merged. Just let me know if any questions!
Made some minor changes to get it working in 5.2rc1. The "-legacy" version of the container image seems to work while the non-legacy fails with an error that looks like syntax for the kc.sh script, sounds like a difference in the container image ENTRYPOINT and/or CMD. Logs for the non-working non-legacy container image are at the end of this comment. Not sure if the delay and the timeout I added for the readiness probe helped, but they don't seem to hurt.
Looks like it's the legacy "WildFly" (works) vs the new "Quarkus" (doesn't work) container image builds (https://github.com/CreateHARs/fork.keycloak.keycloak-containers)
-~~More debugging to do but the pod starts and the admin console is listening on localhost:9990. Trying to figure out why it's rejecting the default username and password.~~
Never mind on that last sentence. If you connect to the console on port 8080 (it's there and listening) and use it to get to the admin console, the username and password configured in the kustomize manifest do work.
I did check the keycloak DB pod, and the keycloakdb DB was created and it's populated with lots of keycloak tables.
Here's the git diff from the vanilla keycloak.yml file in the 5.2rc1 devel branch:
diff --git a/kustomize/keycloak/keycloak.yaml b/kustomize/keycloak/keycloak.yaml
index d68f5d5..b6badff 100644
--- a/kustomize/keycloak/keycloak.yaml
+++ b/kustomize/keycloak/keycloak.yaml
@@ -15,7 +15,7 @@ spec:
app.kubernetes.io/name: keycloak
spec:
containers:
- - image: quay.io/keycloak/keycloak:latest
+ - image: quay.io/keycloak/keycloak:19.0.1-legacy
name: keycloak
env:
- name: DB_VENDOR
@@ -45,4 +45,6 @@ spec:
httpGet:
path: /auth/realms/master
port: 8080
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
restartPolicy: Always
Here's the pod log for the non-legacy, non-working flavor:
> kubectl logs keycloak-57f8645458-g8qzq
Keycloak - Open Source Identity and Access Management
Find more information at: https://www.keycloak.org/docs/latest
Usage:
kc.sh [OPTIONS] [COMMAND]
Use this command-line tool to manage your Keycloak cluster.
Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
"./kc.sh") to execute from the current folder.
Options:
-cf, --config-file <file>
Set the path to a configuration file. By default, configuration properties are
read from the "keycloak.conf" file in the "conf" directory.
-h, --help This help message.
-v, --verbose Print out error details when running this command.
-V, --version Show version information
Commands:
build Creates a new and optimized server image.
start Start the server.
start-dev Start the server in development mode.
export Export data from realms to a file or directory.
import Import data from a directory or a file.
show-config Print out the current configuration.
tools Utilities for use and interaction with the server.
completion Generate bash/zsh completion script for kc.sh.
Examples:
Start the server in development mode for local development or testing:
$ kc.sh start-dev
Building an optimized server runtime:
$ kc.sh build <OPTIONS>
Start the server in production mode:
$ kc.sh start <OPTIONS>
Enable auto-completion to bash/zsh:
$ source <(kc.sh tools completion)
Please, take a look at the documentation for more details before deploying in
production.
Use "kc.sh start --help" for the available options when starting the server.
Use "kc.sh <command> --help" for more information about other commands.
