Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

external-usermanagement deployment example not working? #688

Open
d7oc opened this issue Aug 22, 2024 · 7 comments
Open

external-usermanagement deployment example not working? #688

d7oc opened this issue Aug 22, 2024 · 7 comments
Labels
Interaction:Question

Comments

@d7oc
Copy link
Contributor

d7oc commented Aug 22, 2024

The keycloak example configuration doesn't work anymore and needs to be fixed.
@d7oc d7oc mentioned this issue Aug 22, 2024
Merged
11 tasks
@wkloucek
Copy link
Contributor

I only ran the example for this PR #734, but it worked flawlessly for me in Minikube.

@d7oc What's the errors you get?

@wkloucek wkloucek changed the title Fix keycloak example external-usermanagement deployment example not working? Sep 10, 2024
@d7oc
Copy link
Contributor Author

d7oc commented Sep 11, 2024
edited
Loading 

curl -k https://keycloak.kube.owncloud.test/
Internal Server Error

So Keycloak is just responding with that error.

Only change to the code in here. I applied the following diff to make it "k3d-compliant":

diff --git a/deployments/external-user-management/helmfile.yaml b/deployments/external-user-management/helmfile.yaml
index 671f51b..786a80f 100644
--- a/deployments/external-user-management/helmfile.yaml
+++ b/deployments/external-user-management/helmfile.yaml
@@ -338,7 +338,7 @@ releases:
       - externalDomain: ocis.kube.owncloud.test
       - ingress:
           enabled: true
-          ingressClassName: nginx
+          #ingressClassName: nginx
           annotations:
             nginx.ingress.kubernetes.io/proxy-body-size: 1024m
       - insecure:
@@ -371,26 +371,38 @@ releases:
           nats:
             persistence:
               enabled: true
+              accessModes:
+                - ReadWriteOnce
 
           search:
             persistence:
               enabled: true
+              accessModes:
+                - ReadWriteOnce
 
           storagesystem:
             persistence:
               enabled: true
+              accessModes:
+                - ReadWriteOnce
 
           storageusers:
             persistence:
               enabled: true
+              accessModes:
+                - ReadWriteOnce
 
           thumbnails:
             persistence:
               enabled: true
+              accessModes:
+                - ReadWriteOnce
 
           web:
             persistence:
               enabled: true
+              accessModes:
+                - ReadWriteOnce
             config:
               oidc:
                 webClientID: web

@wkloucek
Copy link
Contributor

@d7oc Are all the pods up and running needed for Keycloak? Postgres operator, postgres pods, postgres pooler, ... ?

@d7oc
Copy link
Contributor Author

d7oc commented Sep 18, 2024

Yes everything is running:

> k -n keycloak get po
NAME                                 READY   STATUS      RESTARTS   AGE
keycloak-operator-84f7cd995c-xlb5s   1/1     Running     0          5m28s
ocis-keycloak-0                      1/1     Running     0          3m5s
ocis-keycloak-1                      1/1     Running     0          3m23s
ocis-keycloak-2                      1/1     Running     0          3m36s
ocis-realm-hkpmz                     0/1     Completed   0          4m2s
postgres-0                           1/1     Running     0          5m21s
postgres-1                           1/1     Running     0          5m15s
postgres-2                           1/1     Running     0          5m10s
postgres-pooler-54f5fcfd99-6kfml     1/1     Running     0          4m27s
postgres-pooler-54f5fcfd99-j4cf5     1/1     Running     0          4m27s
postgres-pooler-54f5fcfd99-pgppm     1/1     Running     0          4m27s

There is also no error logged when curl is triggered.

Only non-INFO in the log:

k -n keycloak logs -l app=keycloak | grep -v INFO
2024-09-18 09:46:05,696 WARN  [io.agroal.pool] (agroal-11) Datasource '<default>': FATAL: query_wait_timeout
2024-09-18 09:45:59,696 WARN  [io.agroal.pool] (agroal-11) Datasource '<default>': FATAL: query_wait_timeout

@d7oc
Copy link
Contributor Author

d7oc commented Sep 18, 2024

At least from the database I can also connect fine:

root@postgres-0:/home/postgres# psql -h postgres-pooler -U postgres
Password for user postgres:
psql (16.3 (Ubuntu 16.3-1.pgdg22.04+1), server 15.7 (Ubuntu 15.7-1.pgdg22.04+1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)
Type "help" for help.

@d7oc
Copy link
Contributor Author

d7oc commented Sep 18, 2024

Also works with a debug container spawned inside the keycloak pod.

@d7oc
Copy link
Contributor Author

d7oc commented Sep 18, 2024

This is somehow related to the pooler:

/ # psql -h postgres -U keycloak
Password for user keycloak:
psql (16.3, server 15.7 (Ubuntu 15.7-1.pgdg22.04+1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)
Type "help" for help.

keycloak=# \l
                                                       List of databases
   Name    |  Owner   | Encoding | Locale Provider |   Collate   |    Ctype    | ICU Locale | ICU Rules |   Access privileges
-----------+----------+----------+-----------------+-------------+-------------+------------+-----------+-----------------------
 keycloak  | keycloak | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           |
 postgres  | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           |
 template0 | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | =c/postgres          +
           |          |          |                 |             |             |            |           | postgres=CTc/postgres
 template1 | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | =c/postgres          +
           |          |          |                 |             |             |            |           | postgres=CTc/postgres
(4 rows)

keycloak=#
\q
/ # psql -h postgres-pooler -U keycloak
Password for user keycloak:
psql (16.3, server 15.7 (Ubuntu 15.7-1.pgdg22.04+1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)
Type "help" for help.

keycloak=# \l
<hanging here>

The same works for both hosts if user postgres is used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Interaction:Question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wkloucek @d7oc