Following the sample at https://github.com/thomasdarimont/helm-charts/blob/master/charts/keycloakx/examples/postgresql, I'm trying to install Keycloak and Postrgresql with helm charts on OVH managed Kubernetes but the database initialisation fails.
Here are the logs on Postgresql pod:
2023-04-14 07:22:21.638 GMT [1] LOG: database system is ready to accept connections
2023-04-14 07:23:04.073 GMT [195] ERROR: relation "migration_model" does not exist at character 25
2023-04-14 07:23:04.073 GMT [195] STATEMENT: SELECT ID, VERSION FROM MIGRATION_MODEL ORDER BY UPDATE_TIME DESC
2023-04-14 07:23:05.364 GMT [195] ERROR: relation "public.databasechangelog" does not exist at character 22
2023-04-14 07:23:05.364 GMT [195] STATEMENT: SELECT COUNT(*) FROM public.databasechangelog
2023-04-14 07:23:06.423 GMT [210] ERROR: relation "public.databasechangeloglock" does not exist at character 22
2023-04-14 07:23:06.423 GMT [210] STATEMENT: SELECT COUNT(*) FROM public.databasechangeloglock
2023-04-14 07:23:06.831 GMT [195] ERROR: relation "public.databasechangelog" does not exist at character 22
2023-04-14 07:23:06.831 GMT [195] STATEMENT: SELECT COUNT(*) FROM public.databasechangelog
I've read somewhere that it could be related to a PVC issue, so I tried to force it, but no more luck.
Here is the script I run:
kubectl create namespace keycloak
kubectl apply -f keycloak-postgresql-pvc.yml
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add codecentric https://codecentric.github.io/helm-charts
helm repo update
helm install keycloak-db bitnami/postgresql -n keycloak --values ./keycloak-postgresql-properties.yaml
helm install keycloak codecentric/keycloakx -n keycloak -f keycloak-install-properties.yml
kubectl apply -f ingress-nginx.yaml
and here are the files referenced:
keycloak-postgresql-pvc.ymlkind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: postgresql-keycloak
namespace: keycloak
labels:
app: postgresql
spec:
storageClassName: csi-cinder-classic
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
keycloak-postgresql-properties.yaml:# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
global:
postgresql:
auth:
username: keycloak
password: change-me
database: keycloak
primary:
persistence:
existingClaim: postgresql-keycloak
keycloak-install-properties.yml# See https://www.keycloak.org/server/configuration
# See https://www.keycloak.org/server/all-config
image:
tag: 21.0.2
command:
- "/opt/keycloak/bin/kc.sh"
- "--verbose"
- "start"
- "--auto-build"
- "--http-enabled=true"
- "--http-port=8080"
- "--hostname-strict=false"
- "--hostname-strict-https=false"
- "--spi-events-listener-jboss-logging-success-level=info"
- "--spi-events-listener-jboss-logging-error-level=warn"
extraEnv: |
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-admin-creds
key: user
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-admin-creds
key: password
- name: JAVA_OPTS_APPEND
value: >-
-XX:+UseContainerSupport
-XX:MaxRAMPercentage=50.0
-Djava.awt.headless=true
-Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
dbchecker:
enabled: true
database:
vendor: postgres
hostname: keycloak-db-postgresql
port: 5432
username: keycloak
password: change-me
database: keycloak
secrets:
admin-creds:
annotations:
my-test-annotation: Test secret for {{ include "keycloak.fullname" . }}
stringData:
user: admin
password: change-me
replicas: 1
restartPolicy: "Always"
Any clue what I'm doing wrong?
Anyone managed to install a recent Keycloak instance (note I'm using codecentric/keycloakx and not codecentric/keycloak) on OVH managed Kubernetes (with a DB on a PV)?
So, the SQL errors during init are just some noise and the server was actually correctly installed. My issue was in the ingress rules to access it.
I temporarily exposed the DB and explored it with my favorite DB admin tool (I already have a local Postgres bound to 5432, so using 5431):
kubectl get all -n keycloak
kubectl port-forward --namespace keycloak service/keycloak-db-postgresql 5431:5432
The DB at jdbc:postgresql://localhost:5431/keycloak was there and correctly initialized.
I then did the same for the Keycloak server:
kubectl port-forward --namespace keycloak service/keycloak-keycloakx-http 8080:80
The server was up and running and accessible from: http://localhost:8080
codecentric/keycloakxWhen switching from codecentric/keycloak to codecentric/keycloakx, be aware that ports change from 8080 to 80 and 8443 to 443. Also, the service name changes from keycloak-http to keycloak-keycloakx-http. So if you picked a sample ingress rule for the older chart, you have to adapt it. Here is what I used:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
# This annotation indicates the issuer to use
cert-manager.io/cluster-issuer: letsencrypt-production
acme.cert-manager.io/http01-edit-in-place: "true"
name: keycloak
namespace: keycloak
spec:
rules:
- host: change-me.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak-keycloakx-http
port:
number: 80
tls:
- hosts:
- change-me.com
secretName: keycloak-tls