Production setting for Keycloak 18 from Bitnami helm chart on Kubernetes-CodePudding

I'm trying to run Keycloak 18.0.1 as a StatefulSet with the bitnami Helm chart on my Azure AKS Kubernetes cluster. Traefik 2.7 is the Ingress Controller and an external Postgres Database is used. Keycloak is in "proxy"-mode "edge" and doesn't need to handle SSL, because it's handled by traefik, cert-manager & Let's encrypt.

I'm trying to switch it to production mode:

2022-07-29 22:43:21,460 INFO  [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx]
2022-07-29 22:43:21,466 WARN  [org.keycloak.quarkus.runtime.KeycloakMain] (main) Running the server in development mode. DO NOT use this configuration in production.

Therefore I tried using the following values during helm chart installation:


cache:
  enabled: true

auth:
  adminUser: ****
  adminPassword: ****
  managementUser: ****
  managementPassword: ****

proxy: edge

postgresql:
  enabled: false

externalDatabase:
  host: ****
  port: 5432
  user: ****
  password: ****
  database: keycloak

resources:
  requests:
    cpu: 0.5
    memory: 512Mi
  limits:
    cpu: 1
    memory: 1Gi

extraEnvVars:
  - name: KEYCLOAK_PRODUCTION
    value: "true"
  - name: KC_HOSTNAME
    value: "<external host name>"
  - name: KC_HOSTNAME_STRICT_HTTPS
    value: "false"

As soon as I add the env vars for production, I'm getting the following error:

at org.h2.jdbcx.JdbcDataSource.getXAConnection(JdbcDataSource.java:352)
 at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:216)
 at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:513)
 at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:494)
 at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
 at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:75)
 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1126)
 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
 at java.base/java.lang.Thread.run(Thread.java:829)
2022-07-29 18:27:20,885 WARN  [io.agroal.pool] (agroal-11) Datasource '<default>': No suitable driver found for jdbc:postgresql://***********:5432/keycloak?currentSchema=public

It seems that the chart wants to go back to the integrated H2 database?

The second problem is the Infinispan cache:

[org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled

How can I enable this cache to make the chart work with multiple replicas?

Any help is appreciated!

Thanks, Pascal

CodePudding user response：

Found the solution to enable production mode:

  - name: KEYCLOAK_EXTRA_ARGS
    value: "--auto-build"

The error:

[org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled

however still remains.