Comments (2)
busyboy77
commented on June 27, 2024
addming full --debug output here
root@devops218:/tmp/keycloak# helm upgrade --install=true --namespace ef-external --values ./values.yaml --debug --render-subchart-notes keycloak .
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /etc/rancher/rke2/rke2.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /etc/rancher/rke2/rke2.yaml
history.go:56: [debug] getting history for release keycloak
Release "keycloak" does not exist. Installing it now.
install.go:214: [debug] Original chart version: ""
install.go:231: [debug] CHART PATH: /tmp/keycloak
client.go:142: [debug] creating 10 resource(s)
W0310 14:09:55.618977 3895208 warnings.go:70] spec.template.spec.containers[0].env[12].name: duplicate name "KEYCLOAK_LOGLEVEL"
NAME: keycloak
LAST DEPLOYED: Sun Mar 10 14:09:53 2024
NAMESPACE: ef-external
STATUS: deployed
REVISION: 1
TEST SUITE: None
USER-SUPPLIED VALUES:
adminIngress:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.org/server-snippets: |
location / {
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
apiVersion: ""
enabled: true
extraHosts: []
extraPaths: []
extraRules: []
extraTls:
- hosts:
- devops218.ef.com
secretName: ef-ingress-tls-secret
hostname: devops218.ef.com
ingressClassName: nginx
labels: {}
path: /keyadmin
pathType: ImplementationSpecific
secrets: []
selfSigned: false
servicePort: http
tls: true
affinity: {}
args: []
auth:
adminPassword: admin
adminUser: admin
annotations: {}
existingSecret: ""
passwordSecretKey: ""
automountServiceAccountToken: true
autoscaling:
enabled: false
maxReplicas: 11
minReplicas: 1
targetCPU: ""
targetMemory: ""
cache:
enabled: true
stackFile: ""
stackName: kubernetes
clusterDomain: cluster.local
command: []
commonAnnotations: {}
commonLabels: {}
configuration: ""
containerPorts:
http: 8080
https: 8443
infinispan: 7800
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
enabled: true
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: null
seccompProfile:
type: RuntimeDefault
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
diagnosticMode:
args:
- infinity
command:
- sleep
enabled: false
dnsConfig: {}
dnsPolicy: ""
enableServiceLinks: true
existingConfigmap: ""
externalDatabase:
annotations: {}
database: keycloak_db
existingSecret: ""
existingSecretDatabaseKey: ""
existingSecretHostKey: ""
existingSecretPasswordKey: ""
existingSecretPortKey: ""
existingSecretUserKey: ""
host: ef-cx-postgresql.ef-external.svc.cluster.local
password: Expertflow123
port: 5432
user: sa
extraContainerPorts: []
extraDeploy: []
extraEnvVars:
- name: KC_LOG_LEVEL
value: DEBUG
- name: KEYCLOAK_LOGLEVEL
value: DEBUG
- name: ROOT_LOGLEVEL
value: DEBUG
- name: KEYCLOAK_ADMIN_URL
value: https://devops218.ef.com/keyadmin
- name: KEYCLOAK_EXTRA_ARGS
value: -Dkeycloak.frontendUrl=https://devops218.ef.com/keyadmin -Dkeycloak.profile.feature.upload_scripts=enabled
- name: KEYCLOAK_FRONTEND_URL
value: https://devpos218.ef.com/keyadmin
- name: KEYCLOAK_LOGLEVEL
value: DEBUG
- name: KEYCLOAK_PASSWORD
value: admin
- name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_USER
value: admin
- name: NODE_ENV
value: development
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
extraStartupArgs: ""
extraVolumeMounts: []
extraVolumes: []
fullnameOverride: ""
global:
compatibility:
openshift:
adaptSecurityContext: disabled
imagePullSecrets: []
imageRegistry: ""
storageClass: ""
hostAliases: []
httpRelativePath: /auth/
image:
debug: false
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
registry: docker.io
repository: bitnami/keycloak
tag: 23.0.7-debian-12-r1
ingress:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.org/server-snippets: |
location / {
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
apiVersion: ""
enabled: true
extraHosts: []
extraPaths: []
extraRules: []
extraTls:
- hosts:
- devops218.ef.com
secretName: ef-ingress-tls-secret
hostname: devops218.ef.com
ingressClassName: nginx
labels: {}
path: '{{ .Values.httpRelativePath }}'
pathType: ImplementationSpecific
secrets: []
selfSigned: false
servicePort: http
tls: true
initContainers: []
initdbScripts: {}
initdbScriptsConfigMap: ""
keycloakConfigCli:
annotations:
helm.sh/hook: post-install,post-upgrade,post-rollback
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
helm.sh/hook-weight: "5"
args: []
automountServiceAccountToken: true
backoffLimit: 1
cleanupAfterFinished:
enabled: false
seconds: 600
command: []
configuration: {}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
enabled: true
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: null
seccompProfile:
type: RuntimeDefault
enabled: false
existingConfigmap: ""
extraEnvVars: []
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
extraVolumeMounts: []
extraVolumes: []
hostAliases: []
image:
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
registry: docker.io
repository: bitnami/keycloak-config-cli
tag: 5.10.0-debian-12-r9
initContainers: []
nodeSelector: {}
podAnnotations: {}
podLabels: {}
podSecurityContext:
enabled: true
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
podTolerations: []
resources: {}
resourcesPreset: none
sidecars: []
kubeVersion: ""
lifecycleHooks: {}
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 300
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 5
logging:
level: INFO
output: default
metrics:
enabled: false
prometheusRule:
enabled: false
groups: []
labels: {}
namespace: ""
service:
annotations:
prometheus.io/port: '{{ .Values.metrics.service.ports.http }}'
prometheus.io/scrape: "true"
extraPorts: []
ports:
http: 8080
serviceMonitor:
enabled: false
endpoints:
- path: '{{ include "keycloak.httpPath" . }}metrics'
- path: '{{ include "keycloak.httpPath" . }}realms/master/metrics'
honorLabels: false
interval: 30s
jobLabel: ""
labels: {}
metricRelabelings: []
namespace: ""
path: ""
port: http
relabelings: []
scrapeTimeout: ""
selector: {}
nameOverride: ""
namespaceOverride: ""
networkPolicy:
allowExternal: true
allowExternalEgress: true
enabled: true
extraEgress: []
extraIngress: []
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
kubeAPIServerPorts:
- 443
- 6443
- 8443
nodeAffinityPreset:
key: ""
type: ""
values: []
nodeSelector: {}
pdb:
create: false
maxUnavailable: ""
minAvailable: 1
podAffinityPreset: ""
podAnnotations: {}
podAntiAffinityPreset: soft
podLabels: {}
podManagementPolicy: Parallel
podSecurityContext:
enabled: true
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
postgresql:
architecture: standalone
auth:
database: bitnami_keycloak
existingSecret: ""
password: Expertflow123$
postgresPassword: Expertflow123$
username: bn_keycloak
enabled: false
priorityClassName: ""
production: false
proxy: passthrough
rbac:
create: false
rules: []
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
replicaCount: 1
resources: {}
resourcesPreset: none
revisionHistoryLimitCount: 10
schedulerName: ""
service:
annotations: {}
clusterIP: ""
externalTrafficPolicy: Cluster
extraHeadlessPorts: []
extraPorts: []
headless:
annotations: {}
extraPorts: []
http:
enabled: true
loadBalancerIP: ""
loadBalancerSourceRanges: []
nodePorts:
http: ""
https: ""
ports:
http: 80
https: 443
sessionAffinity: None
sessionAffinityConfig: {}
type: ClusterIP
serviceAccount:
annotations: {}
automountServiceAccountToken: false
create: true
extraLabels: {}
name: ""
sidecars: []
spi:
existingSecret: ""
hostnameVerificationPolicy: ""
passwordsSecret: ""
truststoreFilename: keycloak-spi.truststore.jks
truststorePassword: ""
startupProbe:
enabled: false
failureThreshold: 60
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
statefulsetAnnotations: {}
terminationGracePeriodSeconds: ""
tls:
autoGenerated: false
enabled: false
existingSecret: ""
keystoreFilename: keycloak.keystore.jks
keystorePassword: ""
passwordsSecret: ""
truststoreFilename: keycloak.truststore.jks
truststorePassword: ""
usePem: false
tolerations: []
topologySpreadConstraints: []
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
COMPUTED VALUES:
adminIngress:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.org/server-snippets: |
location / {
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
apiVersion: ""
enabled: true
extraHosts: []
extraPaths: []
extraRules: []
extraTls:
- hosts:
- devops218.ef.com
secretName: ef-ingress-tls-secret
hostname: devops218.ef.com
ingressClassName: nginx
labels: {}
path: /keyadmin
pathType: ImplementationSpecific
secrets: []
selfSigned: false
servicePort: http
tls: true
affinity: {}
args: []
auth:
adminPassword: admin
adminUser: admin
annotations: {}
existingSecret: ""
passwordSecretKey: ""
automountServiceAccountToken: true
autoscaling:
enabled: false
maxReplicas: 11
minReplicas: 1
targetCPU: ""
targetMemory: ""
cache:
enabled: true
stackFile: ""
stackName: kubernetes
clusterDomain: cluster.local
command: []
common:
exampleValue: common-chart
global:
compatibility:
openshift:
adaptSecurityContext: disabled
imagePullSecrets: []
imageRegistry: ""
storageClass: ""
commonAnnotations: {}
commonLabels: {}
configuration: ""
containerPorts:
http: 8080
https: 8443
infinispan: 7800
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
enabled: true
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
diagnosticMode:
args:
- infinity
command:
- sleep
enabled: false
dnsConfig: {}
dnsPolicy: ""
enableServiceLinks: true
existingConfigmap: ""
externalDatabase:
annotations: {}
database: keycloak_db
existingSecret: ""
existingSecretDatabaseKey: ""
existingSecretHostKey: ""
existingSecretPasswordKey: ""
existingSecretPortKey: ""
existingSecretUserKey: ""
host: postgresql
password: SamplePassword123$
port: 5432
user: sa
extraContainerPorts: []
extraDeploy: []
extraEnvVars:
- name: KC_LOG_LEVEL
value: DEBUG
- name: KEYCLOAK_LOGLEVEL
value: DEBUG
- name: ROOT_LOGLEVEL
value: DEBUG
- name: KEYCLOAK_ADMIN_URL
value: https://devops218.ef.com/keyadmin
- name: KEYCLOAK_EXTRA_ARGS
value: -Dkeycloak.frontendUrl=https://devops218.ef.com/keyadmin -Dkeycloak.profile.feature.upload_scripts=enabled
- name: KEYCLOAK_FRONTEND_URL
value: https://devpos218.ef.com/keyadmin
- name: KEYCLOAK_LOGLEVEL
value: DEBUG
- name: KEYCLOAK_PASSWORD
value: admin
- name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_USER
value: admin
- name: NODE_ENV
value: development
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
extraStartupArgs: ""
extraVolumeMounts: []
extraVolumes: []
fullnameOverride: ""
global:
compatibility:
openshift:
adaptSecurityContext: disabled
imagePullSecrets: []
imageRegistry: ""
storageClass: ""
hostAliases: []
httpRelativePath: /auth
image:
debug: false
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
registry: docker.io
repository: bitnami/keycloak
tag: 23.0.7-debian-12-r1
ingress:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.org/server-snippets: |
location / {
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
apiVersion: ""
enabled: true
extraHosts: []
extraPaths: []
extraRules: []
extraTls:
- hosts:
- devops218.ef.com
secretName: ef-ingress-tls-secret
hostname: devops218.ef.com
ingressClassName: nginx
labels: {}
path: '{{ .Values.httpRelativePath }}'
pathType: ImplementationSpecific
secrets: []
selfSigned: false
servicePort: http
tls: true
initContainers: []
initdbScripts: {}
initdbScriptsConfigMap: ""
keycloakConfigCli:
annotations:
helm.sh/hook: post-install,post-upgrade,post-rollback
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
helm.sh/hook-weight: "5"
args: []
automountServiceAccountToken: true
backoffLimit: 1
cleanupAfterFinished:
enabled: false
seconds: 600
command: []
configuration: {}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
enabled: true
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
enabled: false
existingConfigmap: ""
extraEnvVars: []
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
extraVolumeMounts: []
extraVolumes: []
hostAliases: []
image:
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
registry: docker.io
repository: bitnami/keycloak-config-cli
tag: 5.10.0-debian-12-r9
initContainers: []
nodeSelector: {}
podAnnotations: {}
podLabels: {}
podSecurityContext:
enabled: true
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
podTolerations: []
resources: {}
resourcesPreset: none
sidecars: []
kubeVersion: ""
lifecycleHooks: {}
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 300
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 5
logging:
level: INFO
output: default
metrics:
enabled: false
prometheusRule:
enabled: false
groups: []
labels: {}
namespace: ""
service:
annotations:
prometheus.io/port: '{{ .Values.metrics.service.ports.http }}'
prometheus.io/scrape: "true"
extraPorts: []
ports:
http: 8080
serviceMonitor:
enabled: false
endpoints:
- path: '{{ include "keycloak.httpPath" . }}metrics'
- path: '{{ include "keycloak.httpPath" . }}realms/master/metrics'
honorLabels: false
interval: 30s
jobLabel: ""
labels: {}
metricRelabelings: []
namespace: ""
path: ""
port: http
relabelings: []
scrapeTimeout: ""
selector: {}
nameOverride: ""
namespaceOverride: ""
networkPolicy:
allowExternal: true
allowExternalEgress: true
enabled: true
extraEgress: []
extraIngress: []
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
kubeAPIServerPorts:
- 443
- 6443
- 8443
nodeAffinityPreset:
key: ""
type: ""
values: []
nodeSelector: {}
pdb:
create: false
maxUnavailable: ""
minAvailable: 1
podAffinityPreset: ""
podAnnotations: {}
podAntiAffinityPreset: soft
podLabels: {}
podManagementPolicy: Parallel
podSecurityContext:
enabled: true
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
postgresql:
architecture: standalone
auth:
database: bitnami_keycloak
existingSecret: ""
password: samplePassword
postgresPassword: SamplePassword$
username: bn_keycloak
enabled: false
priorityClassName: ""
production: false
proxy: passthrough
rbac:
create: false
rules: []
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
replicaCount: 1
resources: {}
resourcesPreset: none
revisionHistoryLimitCount: 10
schedulerName: ""
service:
annotations: {}
clusterIP: ""
externalTrafficPolicy: Cluster
extraHeadlessPorts: []
extraPorts: []
headless:
annotations: {}
extraPorts: []
http:
enabled: true
loadBalancerIP: ""
loadBalancerSourceRanges: []
nodePorts:
http: ""
https: ""
ports:
http: 80
https: 443
sessionAffinity: None
sessionAffinityConfig: {}
type: ClusterIP
serviceAccount:
annotations: {}
automountServiceAccountToken: false
create: true
extraLabels: {}
name: ""
sidecars: []
spi:
existingSecret: ""
hostnameVerificationPolicy: ""
passwordsSecret: ""
truststoreFilename: keycloak-spi.truststore.jks
truststorePassword: ""
startupProbe:
enabled: false
failureThreshold: 60
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
statefulsetAnnotations: {}
terminationGracePeriodSeconds: ""
tls:
autoGenerated: false
enabled: false
existingSecret: ""
keystoreFilename: keycloak.keystore.jks
keystorePassword: ""
passwordsSecret: ""
truststoreFilename: keycloak.truststore.jks
truststorePassword: ""
usePem: false
tolerations: []
topologySpreadConstraints: []
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
HOOKS:
MANIFEST:
---
# Source: keycloak/templates/networkpolicy.yaml
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: keycloak
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/component: keycloak
policyTypes:
- Ingress
- Egress
egress:
- {}
ingress:
- ports:
- port: 7800
- port: 8080
---
# Source: keycloak/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: keycloak
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
automountServiceAccountToken: false
---
# Source: keycloak/templates/secret-external-db.yaml
apiVersion: v1
kind: Secret
metadata:
name: keycloak-externaldb
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
type: Opaque
data:
db-password: "ripped"
---
# Source: keycloak/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: keycloak
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
type: Opaque
data:
admin-password: "YWRtaW4="
---
# Source: keycloak/templates/configmap-env-vars.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-env-vars
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
data:
KEYCLOAK_ADMIN: "admin"
KEYCLOAK_HTTP_PORT: "8080"
KEYCLOAK_PROXY: "passthrough"
KEYCLOAK_ENABLE_STATISTICS: "false"
KEYCLOAK_DATABASE_HOST: "postgresql"
KEYCLOAK_DATABASE_PORT: "5432"
KEYCLOAK_DATABASE_NAME: "keycloak_db"
KEYCLOAK_DATABASE_USER: "sa"
KEYCLOAK_PRODUCTION: "false"
KEYCLOAK_ENABLE_HTTPS: "false"
KEYCLOAK_CACHE_TYPE: "ispn"
KEYCLOAK_CACHE_STACK: "kubernetes"
JAVA_OPTS_APPEND: "-Djgroups.dns.query=keycloak-headless.ef-external.svc.cluster.local"
KEYCLOAK_LOG_OUTPUT: "default"
KEYCLOAK_LOG_LEVEL: "INFO"
---
# Source: keycloak/templates/headless-service.yaml
apiVersion: v1
kind: Service
metadata:
name: keycloak-headless
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
publishNotReadyAddresses: true
selector:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/component: keycloak
---
# Source: keycloak/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
spec:
type: ClusterIP
sessionAffinity: None
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
nodePort: null
selector:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/component: keycloak
---
# Source: keycloak/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: keycloak
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
spec:
replicas: 1
revisionHistoryLimit: 10
podManagementPolicy: Parallel
serviceName: keycloak-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/component: keycloak
template:
metadata:
annotations:
checksum/configmap-env-vars: 105b6b62fde9660ef97d33b13a25ebbc2f6178f6abc8c5acd3eb05205a3ea1ed
checksum/secrets: 18571c8b2f020072e18478074f3a619490440d8b8e21688490a528f57f2b1edd
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
spec:
serviceAccountName: keycloak
automountServiceAccountToken: true
affinity:
podAffinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
enableServiceLinks: true
initContainers:
- name: init-quarkus-directory
image: docker.io/bitnami/keycloak:23.0.7-debian-12-r1
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -ec
- |
#!/bin/bash
cp -r /opt/bitnami/keycloak/lib/quarkus/* /quarkus
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /quarkus
subPath: app-quarkus-dir
containers:
- name: keycloak
image: docker.io/bitnami/keycloak:23.0.7-debian-12-r1
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: BITNAMI_DEBUG
value: "false"
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak
key: admin-password
- name: KEYCLOAK_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-externaldb
key: db-password
- name: KEYCLOAK_HTTP_RELATIVE_PATH
value: "/auth"
- name: KC_HOSTNAME_ADMIN
value: devops218.ef.com
- name: KC_LOG_LEVEL
value: DEBUG
- name: KEYCLOAK_LOGLEVEL
value: DEBUG
- name: ROOT_LOGLEVEL
value: DEBUG
- name: KEYCLOAK_ADMIN_URL
value: https://devops218.ef.com/keyadmin
- name: KEYCLOAK_EXTRA_ARGS
value: -Dkeycloak.frontendUrl=https://devops218.ef.com/keyadmin -Dkeycloak.profile.feature.upload_scripts=enabled
- name: KEYCLOAK_FRONTEND_URL
value: https://devpos218.ef.com/keyadmin
- name: KEYCLOAK_LOGLEVEL
value: DEBUG
- name: KEYCLOAK_PASSWORD
value: admin
- name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_USER
value: admin
- name: NODE_ENV
value: development
envFrom:
- configMapRef:
name: keycloak-env-vars
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: infinispan
containerPort: 7800
protocol: TCP
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 300
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /auth
port: http
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
httpGet:
path: /authrealms/master
port: http
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/keycloak/conf
subPath: app-conf-dir
- name: empty-dir
mountPath: /opt/bitnami/keycloak/lib/quarkus
subPath: app-quarkus-dir
volumes:
- name: empty-dir
emptyDir: {}
---
# Source: keycloak/templates/admin-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-admin
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.org/server-snippets: |-
location / {
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
spec:
ingressClassName: "nginx"
rules:
- host: "devops218.ef.com"
http:
paths:
- path: /keyadmin
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
name: http
tls:
- hosts:
- devops218.ef.com
secretName: ef-ingress-tls-secret
---
# Source: keycloak/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: "ef-external"
labels:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 23.0.7
helm.sh/chart: keycloak-19.3.0
app.kubernetes.io/component: keycloak
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.org/server-snippets: |-
location / {
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
spec:
ingressClassName: "nginx"
rules:
- host: "devops218.ef.com"
http:
paths:
- path: /auth
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
name: http
tls:
- hosts:
- devops218.ef.com
secretName: ef-ingress-tls-secret
NOTES:
CHART NAME: keycloak
CHART VERSION: 19.3.0
APP VERSION: 23.0.7
** Please be patient while the chart is being deployed **
Keycloak can be accessed through the following DNS name from within your cluster:
keycloak.ef-external.svc.cluster.local (port 80)
To access Keycloak from outside the cluster execute the following commands:
1. Get the Keycloak URL and associate its hostname to your cluster external IP:
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
echo "Keycloak URL: https://devops218.ef.com/"
echo "$CLUSTER_IP devops218.ef.com" | sudo tee -a /etc/hosts
The admin area of Keycloak has been configured to point to a different domain (devops218.ef.com). Please remember to update the `frontendUrl` property of the `master` (or any other) realm for it to work properly (see README for an example) :
echo "Keycloak admin URL: https://devops218.ef.com/"
echo "$CLUSTER_IP devops218.ef.com" | sudo tee -a /etc/hosts
2. Access Keycloak using the obtained URL.
3. Access the Administration Console using the following credentials:
echo Username: admin
echo Password: $(kubectl get secret --namespace ef-external keycloak -o jsonpath="{.data.admin-password}" | base64 -d)
WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
- resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
from charts.
carrodher
commented on June 27, 2024
Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.
Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.
from charts.
Related Issues (20)
- Access Airflow Web UI using a context path HOT 1
- [bitnami/elasticsearch]: How to add user id and password authentication in http?
- [bitnami/keycloak] External RDS connection with multiple hosts instead of one HOT 1
- [bitnami/logstash] Plugin installation via env var suddenly stopped working HOT 9
- [bitnami/grafana-operator] New release is broken (new CRDs) HOT 2
- [bitnami/mongodb] TLS without specifying a chain of trust is no longer supported HOT 1
- [bitnami/nats] enable system_account HOT 2
- airflow task using sparkKubernetesOperator succeeds even if sparkjob is failed. HOT 1
- [redis] redis pod get port param error
- [bitnami/influxdb] no imagePullSecrets in backup cronjob HOT 1
- The keycloak-init container is missing the compatilbility-fix for openshift HOT 2
- [bitnami/jupyterhub] Wrong extraVolumes templating HOT 3
- Add support for OCI IAM Instance Principall and OCI IAM Workload Identity HOT 1
- mastodon-sidekiq has errors when pulling posts/media due to missing temporary folder HOT 2
- [bitnami/spark] with reverse proxy and ssl
- [bitnami/grafana] Read only filesystem error when any init scripts are present HOT 4
- [bitnami/spring-cloud-dataflow] externalRabbit does not provide an `existingSecretPasswordKey` HOT 1
- [bitnami/spring-cloud-dataflow] externalRabbit requires `rabbit.auth` to be entered HOT 1
- [bitnami/kafka] Can not mount existing PVs HOT 2
- [bitnami/keycloak] Keycloak helm chart uses incompatible keycloak-config-cli
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charts.