Good stuff! Everything pretty much works as expected. Personally, I ran into some issues with deploying the ingress as my subdomain had multiple certificates and the autodiscovery wasn't picking one by default. Just had to add an annotation to define the certificate-arn and everything worked as expected.
Thanks for sharing. I can see my pod is up and running and also db connection is healthy, but when I am checking pod describe i can see readiness probe connection refused.
You need ingress controller in Kubernetes. Please review the steps: github.com/lukaszbudnik/keycloak-kubernetes/blob/main/aws-eks-deployment.md I use ingress controller which exposes Keycloak using Application Load Balancer. Then you can add custom Route53 entry for a custom domain name.
You don't need clusterrolebinding for Keycloak itself. Regarding the database part: Keycloak needs a database to store all realms, clients, users, configs, etc. So having a database is mandatory. helm install postgresql is of course not mandatory, you can install postgresql yourself or in case of AWS use AWS RDS PostgreSQL. But in my example I decided to use helm.
Hi Mrad, Good question. I used Deployment to show how easy it is to setup Keycloak cluster on Kubernetes. No special configuration is required, just DB properties and jgroups ping strategy is all you need to have Keycloak cluster up & running. I didn't use helm chart (are you talking about bitnami - I can try it out and see what additional features/benefits it has). I always deployed Keycloak clusters using my simple setup.
Have you ever gotten the error "supplied authentication is invalid" for Keycloak? I get this when I retrieve an authorization bearer token from Keycloak and use it in an API call against an application I have set up in my cluster. I don't get very verbose logs at all. Where should I look for configuration errors?
Good stuff! Everything pretty much works as expected. Personally, I ran into some issues with deploying the ingress as my subdomain had multiple certificates and the autodiscovery wasn't picking one by default. Just had to add an annotation to define the certificate-arn and everything worked as expected.
Good stuff! Maybe you could create a pull request for this case? ;)
Great stuff, continue with keycloak stuff
That's the plan!
Thanks for sharing.
I can see my pod is up and running and also db connection is healthy, but when I am checking pod describe i can see readiness probe connection refused.
Well, how to make it without helm? Or with RDS Postgress??
I was thinking about the same thing. I struggle to find free time, but I'm open to pull requests :)
Hello Lukasz,
How Can I access to the keycloak admin console from public ip or in other words outside of the localhost ? thanks in advance :)
You need ingress controller in Kubernetes. Please review the steps: github.com/lukaszbudnik/keycloak-kubernetes/blob/main/aws-eks-deployment.md I use ingress controller which exposes Keycloak using Application Load Balancer. Then you can add custom Route53 entry for a custom domain name.
what about clusterrolebinding? helm install postresql mandatory?
You don't need clusterrolebinding for Keycloak itself. Regarding the database part: Keycloak needs a database to store all realms, clients, users, configs, etc. So having a database is mandatory. helm install postgresql is of course not mandatory, you can install postgresql yourself or in case of AWS use AWS RDS PostgreSQL. But in my example I decided to use helm.
Why you changed keycloak from sts to deployment , why you dont use helm chart to deploy it ?
Hi Mrad, Good question. I used Deployment to show how easy it is to setup Keycloak cluster on Kubernetes. No special configuration is required, just DB properties and jgroups ping strategy is all you need to have Keycloak cluster up & running. I didn't use helm chart (are you talking about bitnami - I can try it out and see what additional features/benefits it has). I always deployed Keycloak clusters using my simple setup.
Have you ever gotten the error "supplied authentication is invalid" for Keycloak? I get this when I retrieve an authorization bearer token from Keycloak and use it in an API call against an application I have set up in my cluster. I don't get very verbose logs at all. Where should I look for configuration errors?
You can use jwt.io to decode your token and see if everything is correct there.