Keycloak deployment with the Operator (with the official guide) - Infinite spinner in Administration Console

Getting advice
1

Hello!

I’m trying to install Keycloak using the Operator locally on minikube and I’ve the problem with it.

What am I doing wrong? Where is the best place to start troubleshooting?

I’m using these guides and doing doing exactly what is written in them:

Step by step

I added this record to hosts:
127.0.0.1 test.keycloak.org

kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/20.0.1/kubernetes/keycloaks.k8s.keycloak.org-v1.yml
kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/20.0.1/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml

kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/20.0.1/kubernetes/kubernetes.yml 

cat <<EOF >> example-postgres.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgresql-db
spec:
  serviceName: postgresql-db-service
  selector:
    matchLabels:
      app: postgresql-db
  replicas: 1
  template:
    metadata:
      labels:
        app: postgresql-db
    spec:
      containers:
        - name: postgresql-db
          image: postgres:latest
          env:
            - name: POSTGRES_PASSWORD
              value: testpassword
            - name: PGDATA
              value: /data/pgdata
            - name: POSTGRES_DB
              value: keycloak
---
apiVersion: v1
kind: Service
metadata:
  name: postgres-db
spec:
  selector:
    app: postgresql-db
  type: LoadBalancer
  ports:
  - port: 5432
    targetPort: 5432
EOF
kubectl apply -f example-postgres.yaml

openssl req -subj '/CN=test.keycloak.org/O=Test Keycloak./C=US' -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

kubectl create secret tls example-tls-secret --cert certificate.pem --key key.pem

kubectl create secret generic keycloak-db-secret --from-literal=username=postgres --from-literal=password=testpassword

cat <<EOF >> example-kc.yaml
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  name: example-kc
spec:
  instances: 1
  db:
    vendor: postgres
    host: postgres-db
    usernameSecret:
      name: keycloak-db-secret
      key: username
    passwordSecret:
      name: keycloak-db-secret
      key: password
  http:
    tlsSecret: example-tls-secret
  hostname:
    hostname: test.keycloak.org
EOF
kubectl apply -f example-kc.yaml

kubectl port-forward service/example-kc-service 8443:8443

I open a link https://test.keycloak.org:8443 and see the Page “Welcome to Keycloak” with a link to Administration Console https://test.keycloak.org:8443/admin/master/console/

But after clicking to link I see an infinity spinner “Loading the admin console”.

Screenshot_1

The same with Account Management Console https://test.keycloak.org:8443/realms/master/account/

The minikube dashboard does not show any errors.

What am I doing wrong? Where is the best place to start troubleshooting?

1 Like
2

I see that there is a problem with loading the page step1.html.

Bez tytułu
Bez tytułu1185×577 48.6 KB

3

Confirming this, reproducing here too.
Reinstalled the CRDs and Operator version 20.0.0, the same behavior.

1 Like
4

Is there a resolution for this. I hit the same issue and admin console doesn’t open.

5

I’ve just tried this today with the help of a very friendly and helpful colleague of mine.

We found there’s a couple of problems when following the basic guide and deploying to GKE.

  1. The Ingress created attempts to perform health checks against http://:80/ and fails, stating the back-end is unhealthy and not accepting traffic (502). This means we cannot access keycloak using the ingress created in GKE.

image
image1233×126 13.1 KB

  1. When port-forwarding as suggested in the basic guide (and as reported here), there are errors loading resources reported in the console (as shown by @bandarlogen above).

I’m very new to using keycloak (and a GKE / k8s novice) but I suspect the reason for the network errors is that the configuration is just setting the hostname to be test.keycloak.org and not the port, so the resources are included in the pages in the url with no port specified (e.g. https://test.keycloak.org/js/keycloak.js). This cannot be loaded if you disable ingress (as per guide) or when ingress is not working (as per point 1 above).

I haven’t tried a solution to this yet but I think that if you set the following properties it might work ok with port-forwarding:

  http:
    httpsPort: 8443
    tlsSecret: example-tls-secret
  hostname:
    hostname: test.keycloak.org
    adminUrl: https://test.keycloak.org:8443

I’ve not tried this solution myself so I cannot verify it, but I really need to provide my own ingress so I’m not planning to follow this up. I just thought it might be worth adding my own findings here.

6

Finally in my case as suggested at Admin console not loading and hostname related issues · Issue #14666 · keycloak/keycloak · GitHub below content for example-kc.yaml worked for me

apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  name: example-kc
spec:
  instances: 1
  db:
    vendor: postgres
    host: postgres-db
    usernameSecret:
      name: keycloak-db-secret
      key: username
    passwordSecret:
      name: keycloak-db-secret
      key: password
  ingress:
    enabled: false
  http:
    tlsSecret: example-tls-secret
    httpEnabled: true
  hostname:
    hostname: test.keycloak.org
    strict: false
    strictBackchannel: false
  additionalOptions:
    - name: hostname-strict-https
      value: "false"
    - name: hostname-port
      value: "8443"