Hello, I am trying to deploy keycloak using Mysql, the charts works

This issue came up in the past and should have been fixed. See <a class="issue-link js

Too many redirects when replicas is set to more than one about helm-charts HOT 5 CLOSED

codecentric commented on July 17, 2024 3

Too many redirects when replicas is set to more than one

from helm-charts.

Comments (5)

harishreddy-m commented on July 17, 2024 2

I had the same problem. Solved it with adding these two in values file

keycloak:
  extraEnv: |
    - name: PROXY_ADDRESS_FORWARDING
      value: "true"
  ingress:
    annotations:
      ingress.kubernetes.io/affinity: cookie

Sticky sessions is only a temporary fix. the JGroups clustering issue needs to be addressed.

from helm-charts.

unguiculus commented on July 17, 2024

This issue came up in the past and should have been fixed. See helm/charts#8355.

Proxy address fowarding is set anyway. The env var doesn't have any effect:

https://github.com/codecentric/helm-charts/blob/master/charts/keycloak/scripts/reverse-proxy.cli#L3

Since you're using MySql, I'm curious regarding your configuration because some folks seem to have an issue with it. See #9.

from helm-charts.

hichamuntitled commented on July 17, 2024

Thank you for your answer.

I am using aws rds to provision MySQL.

The only thing I have changed is ingress.yaml file :

{{- $ingress := .Values.keycloak.ingress -}}
{{- $releaseName := .Release.Name -}}

{{- if $ingress.enabled -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: {{ template "keycloak.fullname" . }}
{{- with $ingress.annotations }}
  annotations:
{{ toYaml . | indent 4 }}
{{- end }}
  labels:
    app: {{ template "keycloak.name" . }}
    chart: {{ template "keycloak.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
spec:
{{- if $ingress.tls }}
  tls:
  {{- range $ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
{{- end }}
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: {{ template "keycloak.fullname" $ }}-http
          servicePort: http
{{- end -}}

And here is the values.yaml I am using :

keycloak:
  replicas: 3

  image:
    repository: jboss/keycloak
    tag: 5.0.0
    pullPolicy: IfNotPresent

    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    pullSecrets: []
    # - myRegistrKeySecretName

  hostAliases: []
  #  - ip: "1.2.3.4"
  #    hostnames:
  #      - "my.host.com"

  securityContext:
    runAsUser: 1000
    fsGroup: 1000
    runAsNonRoot: true

  ## The path keycloak will be served from. To serve keycloak from the root path, use two quotes (e.g. "").
  basepath: auth

  ## Additional init containers, e. g. for providing custom themes
  extraInitContainers: |

  ## Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy
  extraContainers: |

  ## Custom script that is run before Keycloak is started.
  preStartScript:

  ## lifecycleHooks defines the container lifecycle hooks
  lifecycleHooks: |
    # postStart:
    #   exec:
    #     command: ["/bin/sh", "-c", "ls"]

  ## Additional arguments to start command e.g. -Dkeycloak.import= to load a realm
  extraArgs: ""

  ## Username for the initial Keycloak admin user
  username: admin

  ## Password for the initial Keycloak admin user. Applicable only if existingSecret is not set.
  ## If not set, a random 10 characters password will be used
  password: admPwd

  # Specifies an existing secret to be used for the admin password
  existingSecret: ""

  # The key in the existing secret that stores the password
  existingSecretKey: password

  ## Allows the specification of additional environment variables for Keycloak
  extraEnv: |
    # - name: KEYCLOAK_LOGLEVEL
    #   value: DEBUG
    # - name: WILDFLY_LOGLEVEL
    #   value: DEBUG
    # - name: CACHE_OWNERS
    #   value: "2"
    # - name: DB_QUERY_TIMEOUT
    #   value: "60"
    # - name: DB_VALIDATE_ON_MATCH
    #   value: true
    # - name: DB_USE_CAST_FAIL
    #   value: false

  affinity: |
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app:  {{ template "keycloak.name" . }}
              release: "{{ .Release.Name }}"
            matchExpressions:
              - key: role
                operator: NotIn
                values:
                  - test
          topologyKey: kubernetes.io/hostname
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchLabels:
                app:  {{ template "keycloak.name" . }}
                release: "{{ .Release.Name }}"
              matchExpressions:
                - key: role
                  operator: NotIn
                  values:
                    - test
            topologyKey: failure-domain.beta.kubernetes.io/zone

  nodeSelector: {
    name: cicd
  }
  priorityClassName: ""
  tolerations: []

  ## Additional pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  podLabels: {}

  ## Extra Annotations to be added to pod
  podAnnotations: {}

  livenessProbe:
    initialDelaySeconds: 120
    timeoutSeconds: 5
  readinessProbe:
    initialDelaySeconds: 30
    timeoutSeconds: 1

  resources: {}
    # limits:
    #   cpu: "100m"
    #   memory: "1024Mi"
    # requests:
    #   cpu: "100m"
    #   memory: "1024Mi"

  ## WildFly CLI configurations. They all end up in the file 'keycloak.cli' configured in the configmap which is
  ## executed on server startup.
  cli:
    nodeIdentifier: |
      {{ .Files.Get "scripts/node-identifier.cli" }}

    logging: |
      {{ .Files.Get "scripts/logging.cli" }}

    reverseProxy: |
      {{ .Files.Get "scripts/reverse-proxy.cli" }}

    ha: |
      {{ .Files.Get "scripts/ha.cli" }}

    datasource: |
      {{ .Files.Get "scripts/datasource.cli" }}

    # Custom CLI script
    custom: |

  ## Add additional volumes and mounts, e. g. for custom themes
  extraVolumes: |
  extraVolumeMounts: |

  ## Add additional ports, eg. for custom admin console
  extraPorts: |

  podDisruptionBudget: {}
    # maxUnavailable: 1
    # minAvailable: 1

  service:
    annotations: {}
    # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"

    labels: {}
    # key: value

    ## ServiceType
    ## ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
    type: ClusterIP

    ## Optional static port assignment for service type NodePort.
    # nodePort: 30000

    port: 8080

    # Optional: jGroups port for high availability clustering
    jgroupsPort: 7600

  ## Ingress configuration.
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ingress:
    enabled: true

    annotations :
      kubernetes.io/ingress.class: nginx
    path: /auth
    hosts:
      - keycloak-prod.ourIntra.com
    tls:
      - hosts:
          - keycloak-prod.ourIntra.com
        secretName: testsecret


  ## Persistence configuration
  persistence:
    # If true, the Postgres chart is deployed
    deployPostgres: false

    # The database vendor. Can be either "postgres", "mysql", "mariadb", or "h2"
    dbVendor: mysql

    ## The following values only apply if "deployPostgres" is set to "false"

    # Specifies an existing secret to be used for the database password
    existingSecret: rds-keycloak

    # The key in the existing secret that stores the password
    existingSecretKey: password

    dbName: rds_master_keycloak
    dbHost: db-endpoint.rds.amazonaws.com
    dbPort: 3306
    dbUser: admin

    # Only used if no existing secret is specified. In this case a new secret is created
    dbPassword: ""

from helm-charts.

hichamuntitled commented on July 17, 2024

After analyzing logs, it appears that the pods cannot communicate and each pod only sees itself:

logs from pod-0

12:44:45,174 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000078: Starting JGroups channel ejb
12:44:45,179 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-2) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
12:44:45,179 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-1) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
12:44:45,184 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.38.0.7:7600]
12:44:45,184 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.38.0.7:7600]
12:44:45,234 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000078: Starting JGroups channel ejb
12:44:45,234 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-2) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
12:44:45,234 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000078: Starting JGroups channel ejb
12:44:45,235 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-1) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
12:44:45,235 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.38.0.7:7600]
12:44:45,251 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.38.0.7:7600]
12:44:45,294 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000078: Starting JGroups channel ejb
12:44:45,294 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-2) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
12:44:45,305 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.38.0.7:7600]

logs from pod-1

12:44:45,179 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000078: Starting JGroups channel ejb
12:44:45,184 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-2) ISPN000094: Received new cluster view for channel ejb: [keycloak-1|0] (1) [keycloak-1]
12:44:45,192 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-1) ISPN000094: Received new cluster view for channel ejb: [keycloak-1|0] (1) [keycloak-1]
12:44:45,205 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000079: Channel ejb local address is keycloak-1, physical addresses are [10.32.0.14:7600]
12:44:45,225 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000079: Channel ejb local address is keycloak-1, physical addresses are [10.32.0.14:7600]
12:44:45,242 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000078: Starting JGroups channel ejb
12:44:45,261 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-1) ISPN000094: Received new cluster view for channel ejb: [keycloak-1|0] (1) [keycloak-1]
12:44:45,277 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000078: Starting JGroups channel ejb
12:44:45,285 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-2) ISPN000094: Received new cluster view for channel ejb: [keycloak-1|0] (1) [keycloak-1]
12:44:45,293 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000079: Channel ejb local address is keycloak-1, physical addresses are [10.32.0.14:7600]
12:44:45,301 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000079: Channel ejb local address is keycloak-1, physical addresses are [10.32.0.14:7600]
12:44:45,312 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000078: Starting JGroups channel ejb
12:44:45,318 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-1) ISPN000094: Received new cluster view for channel ejb: [keycloak-1|0] (1) [keycloak-1]
12:44:45,324 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000079: Channel ejb local address is keycloak-1, physical addresses are [10.32.0.14:7600]
```

from helm-charts.

hichamuntitled commented on July 17, 2024

My bad, When I removed the init part I also removed clusterDomain: cluster.local part.
Now it's working fine while adding it back.

from helm-charts.

Too many redirects when replicas is set to more than one about helm-charts HOT 5 CLOSED

Comments (5)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent