Hello everyone , i have tried clustering keycloak onk8s for over 1 year and this keeps failing , for instance I now get 401 errors with instances of successful login versus others of failed logins .
please advice what may be the issue
if you are here you’ve probably tried everything out there, bow I can share how I solved it
I am using jboss/keycloak:16.1.1 image
add k8s level keycloak service account
apiVersion: v1
kind: ServiceAccount
metadata:
name: keycloak
namespace: keycloak
add k8s level role
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: keycloak
namespace: keycloak
rules:
- verbs:
- get
- list
- watch
apiGroups:
- ''
resources:
- pods
add k8s level rolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
name: keycloak
name: keycloak-podread
namespace: keycloak
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: keycloak
subjects:
- kind: ServiceAccount
name: keycloak
namespace: keycloak
had to add the below clustering configs
- name: JGROUPS_DISCOVERY_PROTOCOL
value: kubernetes.KUBE_PING
- name: KEYCLOAK_SIGNUP_THEME
value: nova-signup
- name: JAVA_OPTS
value: "-Xms1024m -Xmx5120m"
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: CACHE_OWNERS_COUNT
value: 2
- name: CACHE_OWNERS_AUTH_SESSIONS_COUNT
value: 2
rem to add these port definitions
ports:
- name: http
containerPort: 8080
- name: infinispan
containerPort: 7800
protocol: UDP
also add these
spec:
serviceAccountName: {{ .Values.serviceaccount_name }}
serviceAccount: {{ .Values.serviceaccount_name }}
these should sort you out , took me months to make this work