Hi team, can we use operator keycloak from Redhat to install keycloak below 17 version? we using ‘/auth’ endpoint in application to connect KeyCloak, to support it we need keycloak low version.
Platform: Openshift
Keycloak Operator: 22.0.13-opr.1 provided by Red Hat
Custom Image: Quay
I try to deploy yaml script:
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
name: example-keycloak
labels:
app: sso
spec:
proxy:
headers: xforwarded
http:
tlsSecret: example-tls-secret
hostname:
hostname: k...
instances: 1
image: 'quay.io/keycloak/keycloak:17.0.1-legacy'
startOptimized: false
then, got CrashLoopBackOff in example-keycloak-0 pods:
Name: example-keycloak-0
Namespace: default
Priority: 0
Service Account: default
Node: worker-1/176
Start Time: Sat, 21 Dec 2024 11:27:03 +0000
Labels: app=keycloak
app.kubernetes.io/instance=example-keycloak
app.kubernetes.io/managed-by=keycloak-operator
controller-revision-hash=example-keycloak-6d6c76c669
statefulset.kubernetes.io/pod-name=example-keycloak-0
Status: Running
SeccompProfile: RuntimeDefault
IP: 10
IPs:
IP: 10
Controlled By: StatefulSet/example-keycloak
Containers:
keycloak:
Container ID: cri-o://c7ed11c12b6a3ea916cb18b53c4a834e1f42bc6fddec686073273dbe815ef71b
Image: quay.io/keycloak/keycloak:17.0.1-legacy
Image ID: quay.io/keycloak/keycloak@sha256:242fa42ebd041f66cc73d888dce4c4c547aae7a0987fd841b063d06653b33557
Ports: 8443/TCP, 8080/TCP
Host Ports: 0/TCP, 0/TCP
Args:
start
--optimized
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Sat, 21 Dec 2024 11:54:04 +0000
Finished: Sat, 21 Dec 2024 11:54:05 +0000
Ready: False
Restart Count: 10
Liveness: http-get https://:8443/health/live delay=20s timeout=1s period=2s #success=1 #failure=150
Readiness: http-get https://:8443/health/ready delay=20s timeout=1s period=2s #success=1 #failure=250
Environment:
KC_HOSTNAME: k...
KC_HTTP_PORT: 8080
KC_HTTPS_PORT: 8443
KC_HTTPS_CERTIFICATE_FILE: /mnt/certificates/tls.crt
KC_HTTPS_CERTIFICATE_KEY_FILE: /mnt/certificates/tls.key
KC_HEALTH_ENABLED: true
KC_CACHE: ispn
KC_CACHE_STACK: kubernetes
KC_PROXY: passthrough
KEYCLOAK_ADMIN: <set to the key 'username' in secret 'example-keycloak-initial-admin'> Optional: false
KEYCLOAK_ADMIN_PASSWORD: <set to the key 'password' in secret 'example-keycloak-initial-admin'> Optional: false
jgroups.dns.query: example-keycloak-discovery.default
Mounts:
/mnt/certificates from keycloak-tls-certificates (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-9xpz9 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
keycloak-tls-certificates:
Type: Secret (a volume populated by a Secret)
SecretName: example-tls-secret
Optional: false
kube-api-access-9xpz9:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
ConfigMapName: openshift-service-ca.crt
ConfigMapOptional: <nil>
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 31m default-scheduler Successfully assigned default/example-keycloak-0 to worker-1
Normal AddedInterface 31m multus Add eth0 [10.] from ovn-kubernetes
Normal Pulled 30m kubelet Successfully pulled image "quay.io/keycloak/keycloak:17.0.1-legacy" in 2.579938345s (2.579949389s including waiting)
Normal Pulled 30m kubelet Successfully pulled image "quay.io/keycloak/keycloak:17.0.1-legacy" in 2.158817468s (2.158827831s including waiting)
Normal Pulled 30m kubelet Successfully pulled image "quay.io/keycloak/keycloak:17.0.1-legacy" in 2.271900291s (2.27191092s including waiting)
Normal Pulling 30m (x4 over 31m) kubelet Pulling image "quay.io/keycloak/keycloak:17.0.1-legacy"
Normal Created 30m (x4 over 30m) kubelet Created container keycloak
Normal Started 30m (x4 over 30m) kubelet Started container keycloak
Normal Pulled 30m kubelet Successfully pulled image "quay.io/keycloak/keycloak:17.0.1-legacy" in 2.880109575s (2.880120673s including waiting)
Warning BackOff 58s (x147 over 30m) kubelet Back-off restarting failed container keycloak in pod example-keycloak-0_default(3a4b837a-b9a3-41a4-a0f1-4e791d72672f)
Error logs:
start --optimized
=========================================================================
Using Embedded H2 database
=========================================================================
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /opt/jboss/keycloak
JAVA: java
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.desktop/sun.awt=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.management/javax.management=ALL-UNNAMED --add-opens=java.naming/javax.naming=ALL-UNNAMED
=========================================================================
e[0m11:28:01,457 INFO [org.jboss.modules] (main) JBoss Modules version 2.0.0.Final
e[0mWFLYSRV0073: Invalid option 'start'
Usage: standalone.sh [args...]
where args include:
--admin-only Set the server's running type to
ADMIN_ONLY causing it to open
administrative interfaces and accept
management requests but not start other
runtime services or accept end user
requests. Cannot be used in conjunction
with --start-mode. Deprecated; use
--start-mode=admin-only instead.
-b <value>, -b=<value> Set system property jboss.bind.address
to the given value
-b<interface>=<value> Set system property
jboss.bind.address.<interface> to the
given value
-c <config>, -c=<config> Name of the server configuration file
to use (default is "standalone.xml")
(Same as --server-config)
--debug [<port>] Activate debug mode with an optional
argument to specify the port. Only
works if the launch script supports it.
-D<name>[=<value>] Set a system property
-h, --help Display this message and exit
--read-only-server-config=<config> Name of the server configuration file
to use. This differs from
'--server-config' and '-c' in that the
original file is never overwritten.
-P <url>, -P=<url>, Load system properties from the given
--properties=<url> url
-S<name>[=<value>] Set a security property
--server-config=<config> Name of the server configuration file
to use (default is "standalone.xml")
(Same as -c)
-u <value>, -u=<value> Set system property
jboss.default.multicast.address to the
given value
-v, -V, --version Print version and exit
-secmgr Runs the server with a security manager
installed.
--start-mode Sets the start mode of the server, it
can be either 'normal','admin-only' or
'suspend'. If this is 'suspend' the
server will start in suspended mode,
and will not service requests until it
has been resumed. If this is started in
admin-only mode the server will only
open administrative interfaces and
accept management requests but not
start other runtime services or accept
end user requests. Cannot be used in
conjunction with --admin-only.
--graceful-startup=<value> Start the server gracefully, queuing or
cleanly rejecting requests until the
server is fully started
--git-repo <repo_url>, The git repository to clone to get the
--git-repo=<repo_url> server configuration.
--git-branch <branch>, The git branch to use to get the server
--git-branch=<branch> configuration. Default is 'master'
--git-auth <auth_config>, The elytron configuration file for
--git-auth=<auth_config> managing git credentials. Default is
'null'
e[31m11:28:02,215 FATAL [org.jboss.as.server] (main) WFLYSRV0239: Aborting with exit code 1
e[0m