Keycloak-operator crashing with external database configuration

robw-nominet · December 23, 2020, 3:59pm

I’ve configured the keycloak-db-secret as per the instructions at Server Installation and Configuration Guide (keycloak.org)

I’ve configured a postgresql instance using the CrunchyData PostgreSQL operator

the keycloak-db-secret:

robert.williams@Mac0259:~/work/pdns% kubectl get -n iam secrets keycloak-db-secret -o yaml
apiVersion: v1
data:
  POSTGRES_DATABASE: cGRucw==
  POSTGRES_EXTERNAL_ADDRESS: cGRucy1rZXljbG9hay5wZ28uc3ZjLmNsdXN0ZXIubG9jYWwu
  POSTGRES_EXTERNAL_PORT: NTQzMg==
  POSTGRES_HOST: cGRucy1wb3N0Z3Jlc3Fs
  POSTGRES_PASSWORD: <redacted>
  POSTGRES_SUPERUSER: dHJ1ZQ==
  POSTGRES_USERNAME: a2V5Y2xvYWs=
kind: Secret
metadata:
  annotations:
    meta.helm.sh/release-name: keycloak-instance
    meta.helm.sh/release-namespace: iam
  creationTimestamp: "2020-12-23T15:45:40Z"
  labels:
    app.kubernetes.io/managed-by: Helm
  name: keycloak-db-secret
  namespace: iam
  resourceVersion: "4768975"
  selfLink: /api/v1/namespaces/iam/secrets/keycloak-db-secret
  uid: d5fcc355-0eda-49a6-b6d3-00f3b5ee48fd
type: Opaque

I’ve configured it with an internal .svc.cluster.local
POSTGRES_EXTERNAL_ADDRESS value. I couldn’t quite figure out what the POSTGRES_HOST should be as the docs aren’t particularly clear. It looks like it doesn’t actually matter.

The keycloak-operator pod tries to configure the keycloak and crashes with:

{"level":"info","ts":1608738352.898817,"logger":"controller_keycloak","msg":"Reconciling Keycloak","Request.Namespace":"iam","Request.Name":"pdns"}
E1223 15:45:53.909435       1 runtime.go:78] Observed a panic: "assignment to entry in nil map" (assignment to entry in nil map)
goroutine 2324 [running]:
k8s.io/apimachinery/pkg/util/runtime.logPanic(0x152bd80, 0x18e6c20)
        /src/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:74 +0xa3
k8s.io/apimachinery/pkg/util/runtime.HandleCrash(0x0, 0x0, 0x0)
        /src/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:48 +0x82
panic(0x152bd80, 0x18e6c20)
        /usr/local/go/src/runtime/panic.go:679 +0x1b2
github.com/keycloak/keycloak-operator/pkg/model.DatabaseSecretReconciled(0xc00081f600, 0xc0000d9180, 0xc0000c28f0)
        /src/pkg/model/database_secret.go:53 +0x1c2
github.com/keycloak/keycloak-operator/pkg/controller/keycloak.(*KeycloakReconciler).getDatabaseSecretDesiredState(0xc000d23b68, 0xc000d23bd0, 0xc00081f600, 0x0, 0x0)
        /src/pkg/controller/keycloak/keycloak_reconciler.go:293 +0x5f
github.com/keycloak/keycloak-operator/pkg/controller/keycloak.(*KeycloakReconciler).Reconcile(0xc000d23b68, 0xc000d23bd0, 0xc00081f600, 0xc00081f600, 0x1950f60, 0xc00069c6f0)
        /src/pkg/controller/keycloak/keycloak_reconciler.go:34 +0xf0e
github.com/keycloak/keycloak-operator/pkg/controller/keycloak.(*ReconcileKeycloak).Reconcile(0xc000679e80, 0xc0008eaafd, 0x3, 0xc0008eaaf0, 0x4, 0xc00080dcd8, 0xc0005ceb40, 0xc0000cc488, 0x190f5e0)
        /src/pkg/controller/keycloak/keycloak_controller.go:185 +0x37f
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc0007ec480, 0x1584040, 0xc000466e60, 0xc0008d6200)
        /src/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:256 +0x162
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc0007ec480, 0x0)
        /src/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232 +0xcb
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker(0xc0007ec480)
        /src/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211 +0x2b
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1(0xc0004acc10)
        /src/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:152 +0x5e
k8s.io/apimachinery/pkg/util/wait.JitterUntil(0xc0004acc10, 0x3b9aca00, 0x0, 0x45b601, 0xc000508c00)
        /src/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:153 +0xf8
k8s.io/apimachinery/pkg/util/wait.Until(0xc0004acc10, 0x3b9aca00, 0xc000508c00)
        /src/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88 +0x4d
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1
        /src/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:193 +0x328
panic: assignment to entry in nil map [recovered]
        panic: assignment to entry in nil map

goroutine 2324 [running]:
k8s.io/apimachinery/pkg/util/runtime.HandleCrash(0x0, 0x0, 0x0)
        /src/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:55 +0x105
panic(0x152bd80, 0x18e6c20)
        /usr/local/go/src/runtime/panic.go:679 +0x1b2
github.com/keycloak/keycloak-operator/pkg/model.DatabaseSecretReconciled(0xc00081f600, 0xc0000d9180, 0xc0000c28f0)
        /src/pkg/model/database_secret.go:53 +0x1c2
github.com/keycloak/keycloak-operator/pkg/controller/keycloak.(*KeycloakReconciler).getDatabaseSecretDesiredState(0xc000d23b68, 0xc000d23bd0, 0xc00081f600, 0x0, 0x0)
        /src/pkg/controller/keycloak/keycloak_reconciler.go:293 +0x5f
github.com/keycloak/keycloak-operator/pkg/controller/keycloak.(*KeycloakReconciler).Reconcile(0xc000d23b68, 0xc000d23bd0, 0xc00081f600, 0xc00081f600, 0x1950f60, 0xc00069c6f0)
        /src/pkg/controller/keycloak/keycloak_reconciler.go:34 +0xf0e
github.com/keycloak/keycloak-operator/pkg/controller/keycloak.(*ReconcileKeycloak).Reconcile(0xc000679e80, 0xc0008eaafd, 0x3, 0xc0008eaaf0, 0x4, 0xc00080dcd8, 0xc0005ceb40, 0xc0000cc488, 0x190f5e0)
        /src/pkg/controller/keycloak/keycloak_controller.go:185 +0x37f
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc0007ec480, 0x1584040, 0xc000466e60, 0xc0008d6200)
        /src/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:256 +0x162
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc0007ec480, 0x0)
        /src/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232 +0xcb
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker(0xc0007ec480)
        /src/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211 +0x2b
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1(0xc0004acc10)
        /src/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:152 +0x5e
k8s.io/apimachinery/pkg/util/wait.JitterUntil(0xc0004acc10, 0x3b9aca00, 0x0, 0x45b601, 0xc000508c00)
        /src/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:153 +0xf8
k8s.io/apimachinery/pkg/util/wait.Until(0xc0004acc10, 0x3b9aca00, 0xc000508c00)
        /src/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88 +0x4d
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1
        /src/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:193 +0x328

It looks like it’s this bug: [KEYCLOAK-14316] upgrade to version 10 for the Operator installation fails - Red Hat Issue Tracker not fixed until version 12.0.0 and I’m running 11.0.0 from OperatorHub.

Topic		Replies	Views
Keycloak-db-secret dynamic pic credentials from external postgres operators secret Configuring the server admin-console	1	835	December 7, 2021
External Database (PostgreSQL) not working with latest keycloak CRDs Configuring the server database	2	1341	February 3, 2022
Keycloak deployment with the Operator (with the official guide) - Infinite spinner in Administration Console Getting advice admin-console	5	3185	March 15, 2023
Keycloak Docker database connection Configuring the server	2	1754	February 23, 2023
External mysql on Percona-XtraDB-Cluster Configuring the server	0	1133	March 22, 2021

Keycloak-operator crashing with external database configuration

Related Topics