Kubernetes DNS unable to resolve "keycloak.local" when creating realm using keycloak operator

1

Issue link

I tried deploying the examples from the documentation but the realm is never created in Keycloak. The status of the KeycloakRealm CR has the following error when external access is enabled.

error performing token request: Post https://keycloak.local/auth/realms/master/protocol/openid-connect/token: dial tcp 10.100.0.150:8443: connect: connection refused

This error can be reproduced on Minikube 1.16.0 kubernetes v1.19.0 following the instructions and CRs on official keycloak operator hub page

I can solve this by ssh to the keycloak operator container and add this line to /etc/hosts “$(minikube ip) keycloak.local”. Seems keycloak registered the keycloak service to the kubernetes DNS but keycloak operator try to invoke the service with keycloak.local which the kubernetes DNS doesn’t recognize.

Any better solutions like somehow I can change the configruation for keycloak operator to invoke the service “keycloak” instead of “keycloak.local”?

2

Hi, this seems to be the same issue as reported in KEYCLOAK-16220.

3

I’m experiencing the same issue as well, simply following the example getting started guide at Keycloak - Guide - Keycloak Operator on Kubernetes.

$ kubectl get keycloakrealms/myrealm -o yaml -n keycloak | tail -n 14
spec:
  instanceSelector:
    matchLabels:
      app: mykeycloak
  realm:
    displayName: My Realm
    enabled: true
    realm: myrealm
status:
  loginURL: ""
  message: 'error performing token request: Post https://keycloak.local/auth/realms/master/protocol/openid-connect/token:
    dial tcp: lookup keycloak.local on 172.20.0.10:53: no such host'
  phase: failing
  ready: false

I don’t suppose there’s any reasonable work around here, preferably that doesn’t require manually patching the operator golang and custom building the image?