Keycloak example Crashloopbackoff

[simonjcarr]

I have run both the keycloak example and .\kustomize\keycloak and also followed the Postgres tutorial where you provide a custom script for installing keycloak. In both cases, keycloak endsup in Crashloopbackoff, but there is no error. The logs in the container show the following

Keycloak - Open Source Identity and Access Management
--
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Find more information at: https://www.keycloak.org/docs/latest
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Usage:
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | kc.sh [OPTIONS] [COMMAND]
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Use this command-line tool to manage your Keycloak cluster.
Fri, Apr 15 2022 2:20:13 pm | Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
Fri, Apr 15 2022 2:20:13 pm | "./kc.sh") to execute from the current folder.
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Options:
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | -cf, --config-file <file>
Fri, Apr 15 2022 2:20:13 pm | Set the path to a configuration file. By default, configuration properties are
Fri, Apr 15 2022 2:20:13 pm | read from the "keycloak.conf" file in the "conf" directory.
Fri, Apr 15 2022 2:20:13 pm | -h, --help This help message.
Fri, Apr 15 2022 2:20:13 pm | -v, --verbose Print out error details when running this command.
Fri, Apr 15 2022 2:20:13 pm | -V, --version Show version information
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Commands:
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | build Creates a new and optimized server image.
Fri, Apr 15 2022 2:20:13 pm | start Start the server.
Fri, Apr 15 2022 2:20:13 pm | start-dev Start the server in development mode.
Fri, Apr 15 2022 2:20:13 pm | export Export data from realms to a file or directory.
Fri, Apr 15 2022 2:20:13 pm | import Import data from a directory or a file.
Fri, Apr 15 2022 2:20:13 pm | show-config Print out the current configuration.
Fri, Apr 15 2022 2:20:13 pm | tools Utilities for use and interaction with the server.
Fri, Apr 15 2022 2:20:13 pm | completion Generate bash/zsh completion script for kc.sh.
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Examples:
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Start the server in development mode for local development or testing:
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | $ kc.sh start-dev
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Building an optimized server runtime:
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | $ kc.sh build <OPTIONS>
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Start the server in production mode:
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | $ kc.sh start <OPTIONS>
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Enable auto-completion to bash/zsh:
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | $ source <(kc.sh tools completion)
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Please, take a look at the documentation for more details before deploying in
Fri, Apr 15 2022 2:20:13 pm | production.
Fri, Apr 15 2022 2:20:13 pm |  
Fri, Apr 15 2022 2:20:13 pm | Use "kc.sh start --help" for the available options when starting the server.
Fri, Apr 15 2022 2:20:13 pm | Use "kc.sh <command> --help" for more information about other commands.

If I describe the pod I get

Name:         keycloak-5d679bc848-z42zj
Namespace:    keycloak
Priority:     0
Node:         master3/192.168.1.22
Start Time:   Fri, 15 Apr 2022 15:57:15 +0100
Labels:       app.kubernetes.io/name=keycloak
              pod-template-hash=5d679bc848
Annotations:  <none>
Status:       Running
IP:           10.42.2.146
IPs:
  IP:           10.42.2.146
Controlled By:  ReplicaSet/keycloak-5d679bc848
Containers:
  keycloak:
    Container ID:   containerd://132e4c013f388476f6770cd7c1a86a9102d034b7305db43a7194c4760f83be74
    Image:          quay.io/keycloak/keycloak:latest
    Image ID:       quay.io/keycloak/keycloak@sha256:9e7e11f0c71e6959c94bb40610f60d1b27d8a71bcfecfe8c7c714837960a6d17
    Ports:          8080/TCP, 8443/TCP
    Host Ports:     0/TCP, 0/TCP
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Fri, 15 Apr 2022 15:57:37 +0100
      Finished:     Fri, 15 Apr 2022 15:57:38 +0100
    Ready:          False
    Restart Count:  2
    Readiness:      http-get http://:8080/auth/realms/master delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:
      DB_VENDOR:                 postgres
      DB_ADDR:                   <set to the key 'POSTGRES_HOST' in secret 'keycloak-db-secret'>      Optional: false
      DB_PORT:                   <set to the key 'POSTGRES_PORT' in secret 'keycloak-db-secret'>      Optional: false
      DB_DATABASE:               <set to the key 'POSTGRES_DATABASE' in secret 'keycloak-db-secret'>  Optional: false
      DB_USER:                   <set to the key 'POSTGRES_USERNAME' in secret 'keycloak-db-secret'>  Optional: false
      DB_PASSWORD:               <set to the key 'POSTGRES_PASSWORD' in secret 'keycloak-db-secret'>  Optional: false
      KEYCLOAK_USER:             admin
      KEYCLOAK_PASSWORD:         admin
      PROXY_ADDRESS_FORWARDING:  true
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-b7tbb (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  kube-api-access-b7tbb:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  38s                default-scheduler  Successfully assigned keycloak/keycloak-5d679bc848-z42zj to master3
  Normal   Pulled     37s                kubelet            Successfully pulled image "quay.io/keycloak/keycloak:latest" in 519.760275ms
  Normal   Pulled     36s                kubelet            Successfully pulled image "quay.io/keycloak/keycloak:latest" in 523.734937ms
  Normal   Pulling    16s (x3 over 38s)  kubelet            Pulling image "quay.io/keycloak/keycloak:latest"
  Normal   Created    16s (x3 over 37s)  kubelet            Created container keycloak
  Normal   Started    16s (x3 over 37s)  kubelet            Started container keycloak
  Normal   Pulled     16s                kubelet            Successfully pulled image "quay.io/keycloak/keycloak:latest" in 624.331764ms
  Warning  Unhealthy  15s                kubelet            Readiness probe failed: Get "http://10.42.2.146:8080/auth/realms/master": dial tcp 10.42.2.146:8080: connect: connection refused
  Warning  BackOff    13s (x5 over 35s)  kubelet            Back-off restarting failed container

I am able to login to the Postgres database and list databases, but it does not look like a keycloak database was created.

[benjaminjb]

Just updating here to let you know we have this in our backlog.

[scart88]

The keycloak.yaml is outdated and it no longer works with the latest image from keycloak:

I used the following yaml file that works. I invite you to try it.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: postgres-operator
  labels:
    app.kubernetes.io/name: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: keycloak
  template:
    metadata:
      labels:
        app.kubernetes.io/name: keycloak
    spec:
      containers:
      - image: quay.io/keycloak/keycloak:20.0.2
        name: keycloak
        args: ["start-dev"]
        env:
        - name: KC_DB
          value: "postgres"
        - name: KC_DB_URL_HOST
          valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: host } }
        - name: KC_DB_URL_PORT
          valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: port } }
        - name: KC_DB_URL_DATABASE
          valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: dbname } }
        - name: KC_DB_USERNAME
          valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: user } }
        - name: KC_DB_PASSWORD
          valueFrom: { secretKeyRef: { name: hippo-pguser-hippo, key: password } }
        - name: KEYCLOAK_ADMIN
          value: "admin"
        - name: KEYCLOAK_ADMIN_PASSWORD
          value: "admin"
        - name: KC_PROXY
          value: "edge"
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8443
        readinessProbe:
          httpGet:
            path: /realms/master
            port: 8080
          initialDelaySeconds: 60
      restartPolicy: Always

[localleon]

I can confirm this issue on the latest version of the operator

Are there any current PRs working on this? If not, i could provide a PR if necessary!

[dsessler7]

Hello @simonjcarr and @localleon,

We have made updates to the Keycloak example which should fix the issue.