readinessProbe:
httpGet:
path: /auth/realms/master
port: 80
initialDelaySeconds: 30
timeoutSeconds: 30
NAME READY STATUS RESTARTS AGE IP
keycloak-69ff967c87-p9hp8 0/1 Running 0 20m 172.16.127.171
Events:
Type Reason Age From Message
Normal Scheduled 7m59s default-scheduler Successfully assigned default/keycloak-69ff967c87-p9hp8
Normal Pulling 7m58s kubelet Pulling image “quay.io/keycloak/keycloak:12.0.2 ”
Normal Pulled 7m58s kubelet Successfully pulled image “quay.io/keycloak/keycloak:12.0.2 ” in 197.052976ms
Normal Created 7m58s kubelet Created container keycloak
Normal Started 7m58s kubelet Started container keycloak
Warning Unhealthy 2m55s (x28 over 7m25s) kubelet Readiness probe failed: Get “80/auth/realms/master”: dial tcp 172.16.127.171:80: connect: connection refused
fidgi
February 13, 2021, 9:35am
2
Hi,
you can leverage on the built-in Microprofile endpoints for this but you need to bind the management.address to any interfaces.
Ex :
# Bind management addresses to any interface in order to get health and metrics Microprofile endpoints
args: ["-b", "0.0.0.0", "-Djboss.bind.address.management=0.0.0.0"]
imagePullPolicy: Always
readinessProbe:
failureThreshold: 3
httpGet:
path: /health/ready
port: admin
scheme: HTTP
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
initialDelaySeconds: 90
livenessProbe:
failureThreshold: 3
httpGet:
path: /health/live
port: admin
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
initialDelaySeconds: 90
ports:
- containerPort: 443
name: https
- containerPort: 8080
name: http
- containerPort: 9990
name: admin
Does not look anything like what the documentation has. So the placement of that arg is right before the redinessProbe in the YAML?
It does not appear to have made any difference:
LAST SEEN TYPE REASON OBJECT MESSAGE
2m9s Warning Unhealthy pod/keycloak-594f7b975b-9dhfc Readiness probe failed: Get “http://172.16.127.174:80/auth/realms/master ”: dial tcp 172.16.127.174:80: connect: connection refused
117s Warning Unhealthy pod/keycloak-64fccfdf44-n46k7 Readiness probe failed: Get “http://172.16.127.175:80/auth/realms/master ”: dial tcp 172.16.127.175:80: connect: connection refused
It is fixed. Configuration issues on my side.
Thanks
OmGraja
November 30, 2021, 3:25pm
6
Hello, I am facing the same configuration issue… Any hints how I can solve it?
Sometimes keycloak is simply taking too long to initialize.
Start the pod, follow the logs for keycloak.
The line marking a successful keycloak initialization looks like
INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
See if you can get to that line before you get a failed probe.
If the probe fails before that line, you’ll probably have too little resources on the server, or have a database problem.
You can try to increase probe times.