Fix the FIPS hardware encryption issue that doesn't allow Keycloak to start #134
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug diagnosis
add-user-keycloak.sh
hence we can not init theadmin
user neither themta
userA detailed explanation is being given at keycloak/keycloak#9916
Useful links:
About this PR
Adding the JAVA_OPTS ENV variable
Steps to test this PR:
Create a container image for the operator
quay.io/windupeng/windup-operator-native:fips
Deploy the operator (you need an OCP instance where you have cluster-admin permissions)
Open the file
src/main/resources/k8s/def/windup.deployment.yaml
and replace the line 20 to point to your custom image. So- image: quay.io/windupeng/windup-operator-native:latest
should become- image: quay.io/YOUR_USERNAME/windup-operator-native:native:fips
Create a namespace named
mta
(the name must bemta
):mta-example
and the ENV variables of that deployment should contain the new ENVJAVA_OPTS
with value-Dcom.redhat.fips=false
That's all. We need to keep in mind that this PR only adds a new ENV variable to the deployment, it is not changing any core behaviour of the operator