Comments (19)
Are you using the metrics extension ?
from keycloak-operator.
I am not using the metrics extension (unless it is installed by default).
For completeness, here is the entire keycloak-resource (sensitive data replaced by [redacted]
):
apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"keycloak.org/v1alpha1","kind":"Keycloak","metadata":{"annotations":{},"labels":{"app":"[redacted]-keycloak"},"name":"[redacted]-keycloak","namespace":"keycloak-operator"},"spec":{"externalAccess":{"enabled":true},"instances":3}}
creationTimestamp: "2021-11-12T15:44:03Z"
generation: 4
labels:
app: [redacted]-keycloak
managedFields:
- apiVersion: keycloak.org/v1alpha1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app: {}
f:spec:
.: {}
f:externalAccess:
.: {}
f:enabled: {}
f:instances: {}
manager: kubectl-client-side-apply
operation: Update
time: "2021-11-12T15:44:03Z"
- apiVersion: keycloak.org/v1alpha1
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:external: {}
f:externalDatabase: {}
f:keycloakDeploymentSpec:
.: {}
f:experimental:
.: {}
f:volumes: {}
f:resources: {}
f:migration:
.: {}
f:backups: {}
f:multiAvailablityZones: {}
f:podDisruptionBudget: {}
f:postgresDeploymentSpec:
.: {}
f:resources: {}
f:status:
.: {}
f:credentialSecret: {}
f:externalURL: {}
f:internalURL: {}
f:message: {}
f:phase: {}
f:ready: {}
f:secondaryResources:
.: {}
f:ConfigMap: {}
f:Deployment: {}
f:Ingress: {}
f:PersistentVolumeClaim: {}
f:Secret: {}
f:Service: {}
f:StatefulSet: {}
f:version: {}
manager: keycloak-operator
operation: Update
time: "2021-11-12T15:44:16Z"
- apiVersion: keycloak.org/v1alpha1
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:extensions: {}
f:externalAccess:
f:host: {}
manager: kubectl-edit
operation: Update
time: "2021-12-20T11:00:24Z"
name: [redacted]-keycloak
namespace: keycloak-operator
resourceVersion: "7995889"
uid: 95a85a87-7184-4cc7-b71f-ee27143fc9b6
spec:
extensions:
- [redacted].jar
externalAccess:
enabled: true
host: [redacted]
instances: 3
status:
credentialSecret: credential-[redacted]-keycloak
externalURL: [redacted]
internalURL: https://keycloak.keycloak-operator.svc:8443
message: ""
phase: initialising
ready: false
secondaryResources:
ConfigMap:
- keycloak-probes
Deployment:
- keycloak-postgresql
Ingress:
- keycloak
PersistentVolumeClaim:
- keycloak-postgresql-claim
Secret:
- credential-[redacted]-keycloak
- keycloak-db-secret
Service:
- keycloak-postgresql
- keycloak
- keycloak-discovery
StatefulSet:
- keycloak
version: 16.0.0
from keycloak-operator.
Some more info: When I manually execute the curl-statement of the liveness-probe with the -L
and -v
options, I get a complete and correct response back. However, even after adding -L
in the configmap for the liveness-probes and recreating the pod, k8s reports that liveness and readiness probes are failing - so my initial thought regarding the missing curl parameter was definitely wrong.
Manually executing either probe-script just gives no output at all.
This is the entire log-output of the keycloak-pod:
Added 'admin' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
-b 0.0.0.0
=========================================================================
Using PostgreSQL database
=========================================================================
19:17:33,634 INFO [org.jboss.modules] (CLI command executor) JBoss Modules version 1.12.0.Final
19:17:33,700 INFO [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.13.Final
19:17:33,707 INFO [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final
19:17:33,807 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) starting
19:17:34,752 INFO [org.wildfly.security] (ServerService Thread Pool -- 19) ELY00001: WildFly Elytron version 1.17.1.Final
19:17:35,819 WARN [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00023: KeyStore file '/opt/jboss/keycloak/standalone/configuration/application.keystore' does not exist. Used blank.
19:17:35,827 WARN [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY01084: KeyStore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
19:17:35,875 INFO [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
19:17:36,030 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
19:17:36,032 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) started in 2391ms - Started 49 of 72 services (24 services are lazy, passive or on-demand)
The batch executed successfully
19:17:36,266 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0050: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) stopped in 21ms
19:17:37,740 INFO [org.jboss.modules] (CLI command executor) JBoss Modules version 1.12.0.Final
19:17:37,793 INFO [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.13.Final
19:17:37,801 INFO [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final
19:17:37,908 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) starting
19:17:38,875 INFO [org.wildfly.security] (ServerService Thread Pool -- 20) ELY00001: WildFly Elytron version 1.17.1.Final
19:17:40,173 WARN [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00023: KeyStore file '/opt/jboss/keycloak/standalone/configuration/application.keystore' does not exist. Used blank.
19:17:40,186 WARN [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY01084: KeyStore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
19:17:40,237 INFO [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
19:17:40,365 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
19:17:40,367 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) started in 2622ms - Started 49 of 79 services (31 services are lazy, passive or on-demand)
The batch executed successfully
19:17:40,600 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) stopped in 19ms
Creating Keycloak truststore..
Keycloak truststore successfully created at: /opt/jboss/keycloak/standalone/configuration/keystores/truststore.jks
Warning: use -cacerts option to access cacerts keystore
Importing certificates from system's Java CA certificate bundle into Keycloak truststore..
Successfully imported certificates from system's Java CA certificate bundle into Keycloak truststore at: /opt/jboss/keycloak/standalone/configuration/keystores/truststore.jks
Setting JGroups discovery to dns.DNS_PING with properties {dns_query=>keycloak-discovery.keycloak-operator}
Setting cache owners to 2 replicas
Enabling replication of AuthenticationSessions with 2 replicas
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /opt/jboss/keycloak
JAVA: java
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.desktop/sun.awt=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.management/javax.management=ALL-UNNAMED --add-opens=java.naming/javax.naming=ALL-UNNAMED
=========================================================================
19:18:20,194 INFO [org.jboss.modules] (main) JBoss Modules version 1.12.0.Final
19:18:20,761 INFO [org.jboss.msc] (main) JBoss MSC version 1.4.13.Final
19:18:20,774 INFO [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final
19:18:20,905 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) starting
19:18:21,956 INFO [org.wildfly.security] (ServerService Thread Pool -- 21) ELY00001: WildFly Elytron version 1.17.1.Final
19:18:23,151 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 3) WFLYDR0001: Content added at location /opt/jboss/keycloak/standalone/data/content/bd/303c17793d8a88f75d5f58466b6796d46d6c10/content
19:18:23,340 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
19:18:23,355 INFO [org.xnio] (MSC service thread 1-2) XNIO version 3.8.4.Final
19:18:23,365 INFO [org.xnio.nio] (MSC service thread 1-2) XNIO NIO Implementation Version 3.8.4.Final
19:18:23,407 INFO [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 5.0.23.Final
19:18:23,462 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 49) WFLYNAM0001: Activating Naming Subsystem
19:18:23,464 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 38) WFLYCLINF0001: Activating Infinispan subsystem.
19:18:23,493 INFO [org.wildfly.extension.health] (ServerService Thread Pool -- 37) WFLYHEALTH0001: Activating Base Health Subsystem
19:18:23,511 INFO [org.jboss.as.clustering.jgroups] (ServerService Thread Pool -- 42) WFLYCLJG0001: Activating JGroups subsystem. JGroups version 4.2.11
19:18:23,507 INFO [org.wildfly.extension.metrics] (ServerService Thread Pool -- 47) WFLYMETRICS0001: Activating Base Metrics Subsystem
19:18:23,495 WARN [org.jboss.as.txn] (ServerService Thread Pool -- 53) WFLYTX0013: The node-identifier attribute on the /subsystem=transactions is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.
19:18:23,501 INFO [org.jboss.as.connector] (MSC service thread 1-2) WFLYJCA0009: Starting Jakarta Connectors Subsystem (WildFly/IronJacamar 1.5.2.Final)
19:18:23,560 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4)
19:18:23,512 INFO [org.jboss.as.jaxrs] (ServerService Thread Pool -- 40) WFLYRS0016: RESTEasy version 4.7.2.Final
19:18:23,634 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0005: Deploying non-JDBC-compliant driver class org.postgresql.Driver (version 42.2)
19:18:23,605 INFO [org.wildfly.extension.io] (ServerService Thread Pool -- 39) WFLYIO001: Worker 'default' has auto-configured to 2 IO threads with 16 max task threads based on your 1 available processors
19:18:23,766 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-2) WFLYJCA0018: Started Driver service with driver-name = h2
19:18:23,769 INFO [org.jboss.as.naming] (MSC service thread 1-1) WFLYNAM0003: Starting Naming Service
19:18:23,775 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = postgresql
19:18:23,787 INFO [org.jboss.as.mail.extension] (MSC service thread 1-1) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default]
19:18:23,908 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0003: Undertow 2.2.12.Final starting
19:18:23,934 INFO [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0482: Strict pool mdb-strict-max-pool is using a max instance size of 4 (per class), which is derived from the number of CPUs on this host.
19:18:23,935 INFO [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0481: Strict pool slsb-strict-max-pool is using a max instance size of 16 (per class), which is derived from thread worker pool sizing.
19:18:23,948 WARN [org.wildfly.clustering.web.undertow] (ServerService Thread Pool -- 54) WFLYCLWEBUT0007: No routing provider found for default-server; using legacy provider based on static configuration
19:18:24,068 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 54) WFLYUT0014: Creating file handler for path '/opt/jboss/keycloak/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]']
19:18:24,216 WARN [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY00023: KeyStore file '/opt/jboss/keycloak/standalone/configuration/application.keystore' does not exist. Used blank.
19:18:24,443 WARN [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY01084: KeyStore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
19:18:24,753 INFO [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
19:18:24,754 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0012: Started server default-server.
19:18:24,782 WARN [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00024: Certificate [dstrootcax3] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Thu Sep 30 14:01:15 GMT 2021
at java.base/sun.security.x509.CertificateValidity.valid(CertificateValidity.java:277)
at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:675)
at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:648)
at [email protected]//org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:230)
at [email protected]//org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:192)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
at java.base/java.lang.Thread.run(Thread.java:829)
19:18:24,784 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-2) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/jboss/keycloak/standalone/deployments
19:18:24,788 WARN [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00024: Certificate [globalsignrootca-r2] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Wed Dec 15 08:00:00 GMT 2021
at java.base/sun.security.x509.CertificateValidity.valid(CertificateValidity.java:277)
at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:675)
at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:648)
at [email protected]//org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:230)
at [email protected]//org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:192)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
at java.base/java.lang.Thread.run(Thread.java:829)
19:18:24,789 WARN [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00024: Certificate [cybertrustglobalroot] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Wed Dec 15 08:00:00 GMT 2021
at java.base/sun.security.x509.CertificateValidity.valid(CertificateValidity.java:277)
at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:675)
at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:648)
at [email protected]//org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:230)
at [email protected]//org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:192)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
at java.base/java.lang.Thread.run(Thread.java:829)
19:18:24,794 INFO [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
19:18:24,800 INFO [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0027: Starting deployment of "[redacted].jar" (runtime-name: "[redacted].jar")
19:18:24,861 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow AJP listener ajp listening on 0.0.0.0:8009
19:18:24,863 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:8080
19:18:24,863 INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443
19:18:24,863 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) Queuing requests.
19:18:24,864 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0018: Host default-host starting
19:18:24,864 INFO [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0493: Jakarta Enterprise Beans subsystem suspension complete
19:18:24,939 INFO [org.jboss.modcluster] (ServerService Thread Pool -- 56) MODCLUSTER000001: Initializing mod_cluster version 1.4.3.Final
19:18:24,956 INFO [org.jboss.modcluster] (ServerService Thread Pool -- 56) MODCLUSTER000032: Listening to proxy advertisements on /224.0.1.105:23364
19:18:25,304 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]
19:18:25,305 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
19:18:28,940 INFO [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 56) keycloak-0: no members discovered after 3040 ms: creating cluster as coordinator
19:18:29,553 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 58) ISPN000128: Infinispan version: Infinispan 'Taedonggang' 12.1.7.Final
19:18:29,557 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 57) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
19:18:29,559 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 58) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
19:18:29,565 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 60) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
19:18:29,569 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 59) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
19:18:29,628 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 56) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
19:18:29,779 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 58) ISPN000078: Starting JGroups channel ejb
19:18:29,781 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000078: Starting JGroups channel ejb
19:18:29,784 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000078: Starting JGroups channel ejb
19:18:29,785 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000078: Starting JGroups channel ejb
19:18:29,786 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
19:18:29,793 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 58) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
19:18:29,793 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000078: Starting JGroups channel ejb
19:18:29,793 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
19:18:29,795 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.244.0.226:7600]
19:18:29,809 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 58) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.244.0.226:7600]
19:18:29,813 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
19:18:29,815 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.244.0.226:7600]
19:18:29,819 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
19:18:29,825 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.244.0.226:7600]
19:18:29,833 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.244.0.226:7600]
19:18:29,870 INFO [org.infinispan.CONFIG] (MSC service thread 1-1) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
19:18:29,875 INFO [org.infinispan.CONFIG] (MSC service thread 1-1) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
19:18:30,198 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started http-remoting-connector cache from ejb container
19:18:30,381 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container
19:18:30,406 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started clientSessions cache from keycloak container
19:18:30,422 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started offlineSessions cache from keycloak container
19:18:30,385 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0002: Started work cache from keycloak container
19:18:30,385 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 59) WFLYCLINF0002: Started authenticationSessions cache from keycloak container
19:18:30,402 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started sessions cache from keycloak container
19:18:30,394 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0002: Started loginFailures cache from keycloak container
19:18:30,422 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started actionTokens cache from keycloak container
19:18:30,461 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0002: Started users cache from keycloak container
19:18:30,464 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0002: Started realms cache from keycloak container
19:18:30,468 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0002: Started authorization cache from keycloak container
19:18:30,469 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started keys cache from keycloak container
19:18:30,578 WARN [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
19:18:31,027 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
19:18:31,792 INFO [org.keycloak.url.DefaultHostnameProviderFactory] (ServerService Thread Pool -- 64) Frontend: <request>, Admin: <frontend>, Backend: <request>
19:18:31,845 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started realmRevisions cache from keycloak container
19:18:31,850 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started userRevisions cache from keycloak container
19:18:31,858 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container
19:18:31,859 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 64) Node name: keycloak-0, Site name: null
19:18:33,044 INFO [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (ServerService Thread Pool -- 64) Database info: {databaseUrl=jdbc:postgresql://keycloak-postgresql.keycloak-operator:5432/root, databaseUser=keycloak, databaseProduct=PostgreSQL 10.17, databaseDriver=PostgreSQL JDBC Driver 42.2.5}
19:18:34,539 INFO [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 64) HHH000204: Processing PersistenceUnitInfo [
name: keycloak-default
...]
19:18:34,602 INFO [org.hibernate.Version] (ServerService Thread Pool -- 64) HHH000412: Hibernate Core {5.3.23.Final}
19:18:34,603 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 64) HHH000206: hibernate.properties not found
19:18:34,738 INFO [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 64) HCANN000001: Hibernate Commons Annotations {5.0.5.Final}
19:18:34,883 INFO [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 64) HHH000400: Using dialect: org.hibernate.dialect.PostgreSQL95Dialect
19:18:35,166 INFO [org.hibernate.engine.jdbc.env.internal.LobCreatorBuilderImpl] (ServerService Thread Pool -- 64) HHH000424: Disabling contextual LOB creation as createClob() method threw error : java.lang.reflect.InvocationTargetException
19:18:35,170 INFO [org.hibernate.type.BasicTypeRegistry] (ServerService Thread Pool -- 64) HHH000270: Type registration [java.util.UUID] overrides previous : org.hibernate.type.UUIDBinaryType@40dd793f
19:18:35,174 INFO [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 64) Envers integration enabled? : true
19:18:35,492 INFO [org.hibernate.orm.beans] (ServerService Thread Pool -- 64) HHH10005002: No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
19:18:35,710 INFO [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 64) HV000001: Hibernate Validator 6.0.22.Final
19:18:36,965 INFO [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 64) HHH000397: Using ASTQueryTranslatorFactory
19:18:38,348 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0006: Importing users from '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'
19:18:38,775 WARN [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0104: Not creating user admin. It already exists.
19:18:39,380 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication
19:18:39,382 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,382 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,383 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,383 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,383 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,383 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,384 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,384 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,384 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
19:18:39,504 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 64) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
19:18:39,643 INFO [org.jboss.as.server] (ServerService Thread Pool -- 33) WFLYSRV0010: Deployed "[redacted].jar" (runtime-name : "[redacted].jar")
19:18:39,644 INFO [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
19:18:39,711 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
19:18:39,715 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) started in 19924ms - Started 719 of 1022 services (699 services are lazy, passive or on-demand)
19:18:39,718 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://0.0.0.0:9990/management
19:18:39,718 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://0.0.0.0:9990
from keycloak-operator.
Hi @MBauerDC , I'm investigating this issue, thanks for reporting it.
From what I see :
- you are using an extension specified in the CR
spec:
extensions:
- [redacted].jar
- KC seems to start correctly in the end , per the logs attached.
- In my test, without extensions on KC 16.0.0, first attempt failed as you said, but after several minutes it worked fine ( I'm having another look to this though )
Can you confirm that without using any extension, after few minutes the probes are still failing and the pod is shown as not ready ?
from keycloak-operator.
The same happened here:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 40m default-scheduler Successfully assigned keycloak-operator/keycloak-0 to ops-k1n02t.domain.de
Normal Pulling 40m kubelet Pulling image "quay.io/keycloak/keycloak-init-container:16.0.0"
Normal Pulled 40m kubelet Successfully pulled image "quay.io/keycloak/keycloak-init-container:16.0.0" in 1.762557057s
Normal Created 40m kubelet Created container extensions-init
Normal Started 40m kubelet Started container extensions-init
Normal Pulled 40m kubelet Container image "quay.io/keycloak/keycloak:16.0.0" already present on machine
Normal Created 40m kubelet Created container keycloak
Normal Started 40m kubelet Started container keycloak
Warning Unhealthy 3s (x79 over 39m) kubelet Readiness probe failed:
Readyness probe :
bash-4.4$ bash /probes/readiness_probe.sh
bash-4.4$ echo $?
22
bash-4.4$ bash /probes/liveness_probe.sh
bash-4.4$ echo $?
0
here is the operator:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "6"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"keycloak-operator","namespace":"keycloak-operator"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"keycloak-operator"}},"template":{"metadata":{"labels":{"name":"keycloak-operator"}},"spec":{"containers":[{"command":["keycloak-operator"],"env":[{"name":"WATCH_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},{"name":"OPERATOR_NAME","value":"keycloak-operator"}],"image":"quay.io/keycloak/keycloak-operator:main","imagePullPolicy":"Always","name":"keycloak-operator"}],"serviceAccountName":"keycloak-operator"}}}}
creationTimestamp: "2021-08-30T13:36:57Z"
generation: 6
managedFields:
- apiVersion: apps/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:spec:
f:progressDeadlineSeconds: {}
f:replicas: {}
f:revisionHistoryLimit: {}
f:selector: {}
f:strategy:
f:rollingUpdate:
.: {}
f:maxSurge: {}
f:maxUnavailable: {}
f:type: {}
f:template:
f:metadata:
f:labels:
.: {}
f:name: {}
f:spec:
f:containers:
k:{"name":"keycloak-operator"}:
.: {}
f:command: {}
f:env:
.: {}
k:{"name":"OPERATOR_NAME"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"POD_NAME"}:
.: {}
f:name: {}
f:valueFrom:
.: {}
f:fieldRef:
.: {}
f:apiVersion: {}
f:fieldPath: {}
k:{"name":"WATCH_NAMESPACE"}:
.: {}
f:name: {}
f:valueFrom:
.: {}
f:fieldRef:
.: {}
f:apiVersion: {}
f:fieldPath: {}
f:imagePullPolicy: {}
f:name: {}
f:resources: {}
f:terminationMessagePath: {}
f:terminationMessagePolicy: {}
f:dnsPolicy: {}
f:restartPolicy: {}
f:schedulerName: {}
f:securityContext: {}
f:serviceAccount: {}
f:serviceAccountName: {}
f:terminationGracePeriodSeconds: {}
manager: kubectl-client-side-apply
operation: Update
time: "2021-08-30T13:36:57Z"
- apiVersion: apps/v1
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:template:
f:spec:
f:containers:
k:{"name":"keycloak-operator"}:
f:env:
k:{"name":"KEYCLOAK_DEFAULT_THEME"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"RELATED_IMAGE_KEYCLOAK"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"RELATED_IMAGE_KEYCLOAK_INIT_CONTAINER"}:
.: {}
f:name: {}
f:value: {}
f:image: {}
manager: kubectl-edit
operation: Update
time: "2021-12-22T10:56:09Z"
- apiVersion: apps/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
f:deployment.kubernetes.io/revision: {}
f:status:
f:availableReplicas: {}
f:conditions:
.: {}
k:{"type":"Available"}:
.: {}
f:lastTransitionTime: {}
f:lastUpdateTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
k:{"type":"Progressing"}:
.: {}
f:lastTransitionTime: {}
f:lastUpdateTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
f:observedGeneration: {}
f:readyReplicas: {}
f:replicas: {}
f:updatedReplicas: {}
manager: kube-controller-manager
operation: Update
time: "2021-12-22T10:56:11Z"
name: keycloak-operator
namespace: keycloak-operator
resourceVersion: "311786793"
uid: 58eb67d7-434e-4c81-93ad-3450fe23a636
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: keycloak-operator
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
name: keycloak-operator
spec:
containers:
- command:
- keycloak-operator
env:
- name: RELATED_IMAGE_KEYCLOAK
value: quay.io/keycloak/keycloak:16.0.0
- name: RELATED_IMAGE_KEYCLOAK_INIT_CONTAINER
value: quay.io/keycloak/keycloak-init-container:16.0.0
- name: KEYCLOAK_DEFAULT_THEME
value: theme
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: OPERATOR_NAME
value: keycloak-operator
image: quay.io/keycloak/keycloak-operator:16.0.0
imagePullPolicy: Always
name: keycloak-operator
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: keycloak-operator
serviceAccountName: keycloak-operator
terminationGracePeriodSeconds: 30
status:
availableReplicas: 1
conditions:
- lastTransitionTime: "2021-12-21T16:03:14Z"
lastUpdateTime: "2021-12-21T16:03:14Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitionTime: "2021-08-30T13:36:57Z"
lastUpdateTime: "2021-12-22T10:56:11Z"
message: ReplicaSet "keycloak-operator-54c79f864" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 6
readyReplicas: 1
replicas: 1
updatedReplicas: 1
and the instance (I have commented out the extension):
apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
name: keycloak-test
labels:
app: sso
namespace: keycloak-operator
spec:
instances: 1
#extensions:
#- https://sourcecode.domain.de/sysadmin-public/keycloack-theme/-/raw/master/theme.jar
migration:
strategy: recreate
backups:
enabled: True
externalAccess:
enabled: true
host: "auth-test.ktest.domain.de"
externalDatabase:
enabled: true
keycloakDeploymentSpec:
experimental:
env:
- name: PROXY_ADDRESS_FORWARDING
value: "true"
from keycloak-operator.
Hi @titansmc , can you confirm that after some minutes the problem persists ? I tested this approach and in the end it worked #431 (comment)
from keycloak-operator.
Hi @jonathanvila ! Thank you for looking into the issue.
Sorry for not specifying this originally - the extension I'm loading is a theme (which is successfully deployed, but unfortunately does not show up to be selected either at the realm or the client level, and I cannot find log-output helping with determining the cause of this. I was thinking of opening a feature-enhancement request for some log-output of the validation/registration/loading of theme-extensions - but that's a different issue).
At the time where I created this issue, the first container had been stuck in a not-ready state with failed liveness and readiness probes for ~2.5 hours already and the system had been unreachable for that time (fortunately the project is not yet in production).
I deleted and recreated the pods several times to no avail (though waiting a maximum of 15 minutes for readiness). Each time, the log showed a correct startup (as above).
Out of desparation, I also added the -L
flag to the curl
-line of the readiness probe script in the configmap. Then, after two more deletions of the first pod, it finally showed up as ready after ~2.5-3 minutes. I cannot say whether setting the flag made a difference - but I can confirm that manually executing the curl-statements in the KC-containers without the -L
flag still returns a 303, which would not be followed with the flags in the default probes.
As developers are currently programming against the instance, I cannot just take it offline during the day (nor do I have the spare k8s resources to recreate the entire cluster for further testing). I might be able to do some more testing at night though.
Seeing as I got it working, we might close this issue - but since it caused a downtime of several hours and it is not clear where the actual issue was (could it have something to do with the old, invalid certificates as mentioned here?) - and since it appears at least one other party has the issue as well - it might be good to keep it open for the time being.
from keycloak-operator.
Thank you for the explanation @MBauerDC
Definetely this is something we need to take a look. So keeping it open.
Regarding the invalid certificates, I am also investigating .
from keycloak-operator.
Hi @titansmc , can you confirm that after some minutes the problem persists ? I tested this approach and in the end it worked #431 (comment)
[root@ops-k1m01t ~]# kubectl get pods -n keycloak-operator
NAME READY STATUS RESTARTS AGE
keycloak-0 0/1 Running 0 36m
keycloak-operator-54c79f864-bv8vb 1/1 Running 0 120m
postgresql-ha-postgresql-primary-0 1/1 Running 0 32d
postgresql-ha-read-0 1/1 Running 0 27d
I have manually added the -L
to the curl commands but still not success.
from keycloak-operator.
I have the exact same issue after upgrading to 16.0.0. I removed the Liveness- and -readiness probes from the statefulset for now. Keycloak is running fine after removing the probes.
from keycloak-operator.
Hi,
Same issue here on a fresh install. Pod is never ready.
OC 4.9.5
from keycloak-operator.
Hi,
I know it is Christmas time, but is there any update on this?
from keycloak-operator.
Hi,
By my side, I have downgraded the image in the operator to 15.1.1 instead of 16.0.0 and it works (without changing anything else). Can't figure out what is wrong with 16.0.0 however.
from keycloak-operator.
Modify keycloak-probe
ConfigMap to set readiness_probe.sh
same as liveness_probe.sh
as walk around.
data:
liveness_probe.sh: |
#!/bin/bash
set -e
curl -s --max-time 10 --fail http://$(hostname -i):8080/auth > /dev/null
readiness_probe.sh: |
#!/bin/bash
set -e
curl -s --max-time 10 --fail http://$(hostname -i):8080/auth > /dev/null
`
from keycloak-operator.
Hi
Today we have released Keycloak Operator 16.1.0 that containes Wildfly 26.0.0.
Apparently the probes were failing with 16.0.0 due to the usage of Wildfly 25.0.1 and weird issue with admin users and the need to reboot WF.
Please could you let your operator to upgrade and use KC 16.1.0 and check again ?
Thank you very much.
from keycloak-operator.
Hi , I have the same problem with liveness and readiness probes fail . Keycloak operator is updated to 16.1.0
from keycloak-operator.
For me the issue seems to be fixed in 16.1.0. (New install)
from keycloak-operator.
@LolloChicco are you using the metrics extension ? if so, please use the latest release https://github.com/aerogear/keycloak-metrics-spi/releases/tag/2.5.3
from keycloak-operator.
Seems this issue is resolved, please feel free to re-open if that's not the case.
from keycloak-operator.
Related Issues (20)
- Proper way of updating existing keycloak instance via related resource handled by operator HOT 4
- OLM release 18.0.2
- Operator cannot reconcile StatefulSet if Selector is misconfigured
- keycloak integration error: failed to discover OIDC configuration HOT 1
- RH-SSO Deployment doesn't reflect `serviceAccountName`
- Include ARM64 in release HOT 3
- Context root for external Keycloak instances HOT 2
- OLM release 19.0.0
- OLM release 19.0.1
- Prometheus pulling metric https keycloak HOT 1
- Theme downloaded but not deployed as expected HOT 1
- Support priorityClassName HOT 1
- customized ingress resource is deleted as soon as a Keycloak pod is killed.
- OLM release 19.0.2
- Cannot reach Keycloak using the internalURL HOT 6
- scopemapping issue HOT 1
- User update conflicts with Password Policy HOT 1
- Reconciliation deletes default mappers HOT 1
- keycloakClient - serviceAccountClientRoles is not a recognized property? HOT 1
- Keycloak Operator creates ServiceMonitor to scrape port/endpoint that doesn't exist HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keycloak-operator.