Hello,
I’m trying to deploy Keycloak into our test cluster on DigitalOcean Kubernetes (DOKS).
My manifest yaml looks like this:
apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
name: mykeycloak
labels:
app: mykeycloak
spec:
instances: 1
externalDatabase:
enabled: False
The deploy looks okay at first, but the postgres pod fails to start, and this causes the keycloak pod to fail as well.
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
keycloak-0 0/1 CrashLoopBackOff 4 7m6s
keycloak-operator-6687dfcbb5-jqb95 1/1 Running 0 100m
keycloak-postgresql-cf5f98bd-24d7m 0/1 CrashLoopBackOff 6 7m6s
Getting the logs shows that it’s a permissions problem with the volume Postgres is trying to use for data:
$ kubectl logs keycloak-postgresql-cf5f98bd-24d7m -p
mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied
Some googling finds results like this one, that indicate the problem is likely with the PersistentVolumeClaim and/or SELinux.
Here’s the pv in question:
$ kubectl describe pv pvc-64eb7143-300e-4c31-9089-99af1732b194
Name: pvc-64eb7143-300e-4c31-9089-99af1732b194
Labels: <none>
Annotations: pv.kubernetes.io/provisioned-by: dobs.csi.digitalocean.com
Finalizers: [kubernetes.io/pv-protection external-attacher/dobs-csi-digitalocean-com]
StorageClass: do-block-storage
Status: Bound
Claim: keycloak/keycloak-postgresql-claim
Reclaim Policy: Delete
Access Modes: RWO
VolumeMode: Filesystem
Capacity: 1Gi
Node Affinity: <none>
Message:
Source:
Type: CSI (a Container Storage Interface (CSI) volume source)
Driver: dobs.csi.digitalocean.com
FSType: ext4
VolumeHandle: 137d2b18-d8bf-11ea-9cdd-0a58ac14c099
ReadOnly: false
VolumeAttributes: storage.kubernetes.io/csiProvisionerIdentity=1596724002504-8081-dobs.csi.digitalocean.com
Events: <none>
Can somebody help figure out what I need to change in order to allow Postgres and Keycloak to start properly in a DO Kubernetes cluster?
Thanks in advance for any help.