Keycloak Admin infinite loop "Loading the Admin UI" with Minikube and Keycloak 22.0.1 (Keycloak Operator)

Question

I'm trying to install a keycloak instance locally with minikube, OLM and keycloak-operator. Here is my config:

  1 apiVersion: k8s.keycloak.org/v2alpha1
  2 kind: Keycloak
  3 metadata:
  4   name: example-keycloak
  5   namespace: my-keycloak-operator
  6   labels:
  7     app: sso
  8 spec:
  9   instances: 1
 10   image: bsctzz/dockerhub:groupaccess
 11   hostname:
 12     hostname: keycloak.local
 13   ingress:
 14     enabled: false
 15   http:
 16     httpEnabled: false
 17     tlsSecret: root-secret

When I launch my config I have my instance that doesn't launch completely it blocks on the admin page is loads without limit.

2023-08-04 14:44:17,894 INFO [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'

In the k8s container logs, I have these logs that are stuck at this stage, I don't know why.

2023-08-07 09:07:21,064 INFO  [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, vertx]
2023-08-07 09:07:21,200 INFO  [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'

Finally this the description of my pod.

Name:         example-keycloak-0
Namespace:    my-keycloak-operator
Priority:     0
Node:         minikube/192.168.49.2
Start Time:   Mon, 07 Aug 2023 11:31:02 +0200
Labels:       app=keycloak
              app.kubernetes.io/instance=example-keycloak
              app.kubernetes.io/managed-by=keycloak-operator
              controller-revision-hash=example-keycloak-dc5544cf9
              statefulset.kubernetes.io/pod-name=example-keycloak-0
Annotations:  <none>
Status:       Running
IP:           10.244.1.232
IPs:
  IP:           10.244.1.232
Controlled By:  StatefulSet/example-keycloak
Containers:
  keycloak:
    Container ID:  docker://6bf8d1dcc7df0db016904905d8a073430924f881caae50b0ce58b78c1b66f2a2
    Image:         bsctzz/dockerhub:groupaccess
    Image ID:      docker-pullable://bsctzz/dockerhub@sha256:e3c3d4c99a26ed1b8fb54432194f939e0d86a87561bd949b14df22f745fe281c
    Ports:         8443/TCP, 8080/TCP
    Host Ports:    0/TCP, 0/TCP
    Args:
      start
      --optimized
    State:          Running
      Started:      Mon, 07 Aug 2023 11:31:05 +0200
    Ready:          False
    Restart Count:  0
    Liveness:       http-get https://:8443/health/live delay=20s timeout=1s period=2s #success=1 #failure=150
    Readiness:      http-get https://:8443/health/ready delay=20s timeout=1s period=2s #success=1 #failure=250
    Environment:
      KC_HOSTNAME:                    localhost
      KC_HTTP_ENABLED:                false
      KC_HTTP_PORT:                   8080
      KC_HTTPS_PORT:                  8443
      KC_HTTPS_CERTIFICATE_FILE:      /mnt/certificates/tls.crt
      KC_HTTPS_CERTIFICATE_KEY_FILE:  /mnt/certificates/tls.key
      KC_HEALTH_ENABLED:              true
      KC_CACHE:                       ispn
      KC_CACHE_STACK:                 kubernetes
      KC_PROXY:                       passthrough
      KEYCLOAK_ADMIN:                 <set to the key 'username' in secret 'example-keycloak-initial-admin'>  Optional: false
      KEYCLOAK_ADMIN_PASSWORD:        <set to the key 'password' in secret 'example-keycloak-initial-admin'>  Optional: false
      jgroups.dns.query:              example-keycloak-discovery.my-keycloak-operator
    Mounts:
      /mnt/certificates from keycloak-tls-certificates (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-fwxnx (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  keycloak-tls-certificates:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  root-secret
    Optional:    false
  kube-api-access-fwxnx:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  43s                default-scheduler  Successfully assigned my-keycloak-operator/example-keycloak-0 to minikube
  Normal   Pulling    43s                kubelet            Pulling image "bsctzz/dockerhub:groupaccess"
  Normal   Pulled     42s                kubelet            Successfully pulled image "bsctzz/dockerhub:groupaccess" in 1.301906831s (1.301917466s including waiting)
  Normal   Created    42s                kubelet            Created container keycloak
  Normal   Started    41s                kubelet            Started container keycloak
  Warning  Unhealthy  2s (x10 over 19s)  kubelet            Readiness probe failed: HTTP probe failed with statuscode: 404
  Warning  Unhealthy  2s (x10 over 19s)  kubelet            Liveness probe failed: HTTP probe failed with statuscode: 404

If anyone has any ideas, thank you in advance.

Answer 1

What you have used is a fundamental example. This file provides an idea of how to assemble your yaml file. Your deployment has no database or any env in which keycloak needs to work. If you want to run the keycloak you need to add a lot more details via the value.yaml file or add env directly. You are missing Database info which should look like this,

 spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak
          ports:
            - containerPort: 8080
              name: http
            - containerPort: 8443
              name: https
          env:
            - name: "KC_DB"
              value: "POSTGRES"
            - name: "KC_DB_URL_HOST"
              value: "yourDBConnection"
            - name: "KC_DB_URL_PORT"
              value: "YourPort"
            - name: "KC_DB_URL_DATABASE"
              value: "yourDbName"
            - name: KC_DB_USER
              value: yourUserName
            - name: KC_DB_PASSWORD
              value: yourPassword
            - name: KC_TRANSACTION_XA_ENABLED
              value: 'true'
            - name: KC_HEALTH_ENABLED
              value: 'true'
            - name: KC_METRICS_ENABLED
              value: 'true'

Also you need to add more env for your admin console and username and password. such as

                - name: KC_USER
                  value: user
                - name: KC_PASSWORD
                  value: password
                - name: KC_TRANSACTION_XA_ENABLED
                  value: 'true'
                - name: KC_PROXY
                  value: edge
                - name: KC_HOSTNAME_URL
                  value: anyhost.io
                - name: KC_HOSTNAME_ADMIN_URL
                  value: https://anyhost.io/auth
                - name: KC_HOSTNAME_PORT
                  value: '8443'
                - name: KEYCLOAK_FORCE_HTTPS
                  value: 'true'
                - name: KC_HOSTNAME_STRICT
                  value: 'true'
                - name: KC_LOG_LEVEL
                  value: INFO

These settings depend upon your requirements. You can follow the office docs for more info or this link. I hope this helps you