postgres-operator-examples
postgres-operator-examples copied to clipboard
Keycloak example Crashloopbackoff
I have run both the keycloak example and .\kustomize\keycloak and also followed the Postgres tutorial where you provide a custom script for installing keycloak. In both cases, keycloak endsup in Crashloopbackoff, but there is no error. The logs in the container show the following
Keycloak - Open Source Identity and Access Management
--
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Find more information at: https://www.keycloak.org/docs/latest
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Usage:
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | kc.sh [OPTIONS] [COMMAND]
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Use this command-line tool to manage your Keycloak cluster.
Fri, Apr 15 2022 2:20:13 pm | Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
Fri, Apr 15 2022 2:20:13 pm | "./kc.sh") to execute from the current folder.
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Options:
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | -cf, --config-file <file>
Fri, Apr 15 2022 2:20:13 pm | Set the path to a configuration file. By default, configuration properties are
Fri, Apr 15 2022 2:20:13 pm | read from the "keycloak.conf" file in the "conf" directory.
Fri, Apr 15 2022 2:20:13 pm | -h, --help This help message.
Fri, Apr 15 2022 2:20:13 pm | -v, --verbose Print out error details when running this command.
Fri, Apr 15 2022 2:20:13 pm | -V, --version Show version information
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Commands:
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | build Creates a new and optimized server image.
Fri, Apr 15 2022 2:20:13 pm | start Start the server.
Fri, Apr 15 2022 2:20:13 pm | start-dev Start the server in development mode.
Fri, Apr 15 2022 2:20:13 pm | export Export data from realms to a file or directory.
Fri, Apr 15 2022 2:20:13 pm | import Import data from a directory or a file.
Fri, Apr 15 2022 2:20:13 pm | show-config Print out the current configuration.
Fri, Apr 15 2022 2:20:13 pm | tools Utilities for use and interaction with the server.
Fri, Apr 15 2022 2:20:13 pm | completion Generate bash/zsh completion script for kc.sh.
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Examples:
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Start the server in development mode for local development or testing:
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | $ kc.sh start-dev
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Building an optimized server runtime:
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | $ kc.sh build <OPTIONS>
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Start the server in production mode:
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | $ kc.sh start <OPTIONS>
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Enable auto-completion to bash/zsh:
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | $ source <(kc.sh tools completion)
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Please, take a look at the documentation for more details before deploying in
Fri, Apr 15 2022 2:20:13 pm | production.
Fri, Apr 15 2022 2:20:13 pm |
Fri, Apr 15 2022 2:20:13 pm | Use "kc.sh start --help" for the available options when starting the server.
Fri, Apr 15 2022 2:20:13 pm | Use "kc.sh <command> --help" for more information about other commands.
If I describe the pod I get
Name: keycloak-5d679bc848-z42zj
Namespace: keycloak
Priority: 0
Node: master3/192.168.1.22
Start Time: Fri, 15 Apr 2022 15:57:15 +0100
Labels: app.kubernetes.io/name=keycloak
pod-template-hash=5d679bc848
Annotations: <none>
Status: Running
IP: 10.42.2.146
IPs:
IP: 10.42.2.146
Controlled By: ReplicaSet/keycloak-5d679bc848
Containers:
keycloak:
Container ID: containerd://132e4c013f388476f6770cd7c1a86a9102d034b7305db43a7194c4760f83be74
Image: quay.io/keycloak/keycloak:latest
Image ID: quay.io/keycloak/keycloak@sha256:9e7e11f0c71e6959c94bb40610f60d1b27d8a71bcfecfe8c7c714837960a6d17
Ports: 8080/TCP, 8443/TCP
Host Ports: 0/TCP, 0/TCP
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Completed
Exit Code: 0
Started: Fri, 15 Apr 2022 15:57:37 +0100
Finished: Fri, 15 Apr 2022 15:57:38 +0100
Ready: False
Restart Count: 2
Readiness: http-get http://:8080/auth/realms/master delay=0s timeout=1s period=10s #success=1 #failure=3
Environment:
DB_VENDOR: postgres
DB_ADDR: <set to the key 'POSTGRES_HOST' in secret 'keycloak-db-secret'> Optional: false
DB_PORT: <set to the key 'POSTGRES_PORT' in secret 'keycloak-db-secret'> Optional: false
DB_DATABASE: <set to the key 'POSTGRES_DATABASE' in secret 'keycloak-db-secret'> Optional: false
DB_USER: <set to the key 'POSTGRES_USERNAME' in secret 'keycloak-db-secret'> Optional: false
DB_PASSWORD: <set to the key 'POSTGRES_PASSWORD' in secret 'keycloak-db-secret'> Optional: false
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
PROXY_ADDRESS_FORWARDING: true
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-b7tbb (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-b7tbb:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 38s default-scheduler Successfully assigned keycloak/keycloak-5d679bc848-z42zj to master3
Normal Pulled 37s kubelet Successfully pulled image "quay.io/keycloak/keycloak:latest" in 519.760275ms
Normal Pulled 36s kubelet Successfully pulled image "quay.io/keycloak/keycloak:latest" in 523.734937ms
Normal Pulling 16s (x3 over 38s) kubelet Pulling image "quay.io/keycloak/keycloak:latest"
Normal Created 16s (x3 over 37s) kubelet Created container keycloak
Normal Started 16s (x3 over 37s) kubelet Started container keycloak
Normal Pulled 16s kubelet Successfully pulled image "quay.io/keycloak/keycloak:latest" in 624.331764ms
Warning Unhealthy 15s kubelet Readiness probe failed: Get "http://10.42.2.146:8080/auth/realms/master": dial tcp 10.42.2.146:8080: connect: connection refused
Warning BackOff 13s (x5 over 35s) kubelet Back-off restarting failed container
I am able to login to the Postgres database and list databases, but it does not look like a keycloak database was created.
Just updating here to let you know we have this in our backlog.
The keycloak.yaml
is outdated and it no longer works with the latest image from keycloak:
I used the following yaml file that works. I invite you to try it.
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: postgres-operator
labels:
app.kubernetes.io/name: keycloak
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: keycloak
template:
metadata:
labels:
app.kubernetes.io/name: keycloak
spec:
containers:
- image: quay.io/keycloak/keycloak:20.0.2
name: keycloak
args: ["start-dev"]
env:
- name: KC_DB
value: "postgres"
- name: KC_DB_URL_HOST
valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: host } }
- name: KC_DB_URL_PORT
valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: port } }
- name: KC_DB_URL_DATABASE
valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: dbname } }
- name: KC_DB_USERNAME
valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: user } }
- name: KC_DB_PASSWORD
valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: password } }
- name: KEYCLOAK_ADMIN
value: "admin"
- name: KEYCLOAK_ADMIN_PASSWORD
value: "admin"
- name: KC_PROXY
value: "edge"
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /realms/master
port: 8080
initialDelaySeconds: 60
restartPolicy: Always
I can confirm this issue on the latest version of the operator
Are there any current PRs working on this? If not, i could provide a PR if necessary!
Hello @simonjcarr and @localleon,
We have made updates to the Keycloak example which should fix the issue.