Keycloak container fails to start in Azure Container Apps #6004
Comments
davidfowl
added
area-integrations
|
Hi have you any solution? I have the same problem |
|
Any updates on this? Would be really helpful with an example on how to do run Keycloak in Aspire in a production ready setup. |
|
@DamianEdwards - do we have any keycloak contacts we could ask about this issue? |
|
I don't think we need a contact. The Keycloak integration is still in preview. In order for it to be successfully started in production mode it requires extra configuration which the hosting integration currently doesn't expose modeling for in a first-class way, e.g. the HTTPS certificate information. When run during local development we configure it to run in dev mode which removes these requirements. The work here is to update the Keycloak hosting integration to expose appropriate API that enables configuring it for production use when deployed. Whether we can make it work by default (with generated passwords, certificates/keys, etc.) is still an open question. |
|
Has anyone managed to get this working? |
|
Hello, i deployed a Keycloak instance to an Azure Container App, and i do get this problem. I understand we have to somehow give Keycloak the references to the SSL certificate for it to work with HTTPS. But does this still stands with an Ingress in front of the container? I expect that with an Ingress service configured for the container, i can simply run the Keycloak using HTTP mode, and even still for the connections outside the ACA, it will still serve everything in HTTPS, is this correct? If so, one point of attention, is that the Keycloak management interface calls some iframes, for which i get a CORS error (mixed http/https content) |
I think you can but you need to configure it specifically for running behind a reverse proxy, see https://www.keycloak.org/server/reverseproxy |
|
I would also be interested in any workaround while the integration is still in preview. |
|
I’m also exploring the possibility to run Keycloak in plain http behind Envoy in container apps…so basically with the tls termination at the proxy… |
|
I was able to put together a working version of keycloak container that runs on Azure Container Apps and supports custom domains. Here's the repo for anyone looking for a workaround: https://github.com/anderly/keycloak-azure-container-apps Key elements of the config that got it to work from the Dockerfile: Technically, If these env vars can be passed to the standard quay keycloak image for Aspire deployment to ACA, then it should be able to work. Main reason I went with a custom image is I have it setup where I can preload themes, realms, providers and custom config. Working on a basic PR to Keycloak Hosting integration to see if I can get this effort started. |
|
See #8478 for basic PR starting point for getting working in Azure Container Apps. |
|
Seems there is no solution to a problem while deploying keycloak in the container app, "The TargetPort 8080 does not match any of the listening ports. container crashed" Any solutiong, any one? |
Is there an existing issue for this?
Describe the bug
Deploying a container provisioned via the Keycloak integration won't start in Azure Container Apps (ACA).
ACA will try to activate it, but it continuously fails.
The container reports this in the logs:
Key material not provided to setup HTTPS. Please configure your keys/certificates or start the server in development mode.Expected Behavior
Keycloak should successfully deploy to ACA.
Steps To Reproduce
Aspire.Hosting.KeycloakNuGet packageazd upExceptions (if any)
Key material not provided to setup HTTPS. Please configure your keys/certificates or start the server in development mode.
.NET Version info
.NET SDK:
Version: 8.0.400
Commit: 36fe6dda56
Workload version: 8.0.400-manifests.2772ffde
MSBuild version: 17.11.3+0c8610977
Runtime Environment:
OS Name: Windows
OS Version: 10.0.22631
OS Platform: Windows
RID: win-x64
Base Path: C:\Program Files\dotnet\sdk\8.0.400\
.NET workloads installed:
Configured to use loose manifests when installing new manifests.
[aspire]
Installation Source: SDK 8.0.400, VS 17.11.35303.130
Manifest Version: 8.2.1/8.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.sdk.aspire\8.2.1\WorkloadManifest.json
Install Type: Msi
Host:
Version: 8.0.8
Architecture: x64
Commit: 08338fcaa5
.NET SDKs installed:
8.0.108 [C:\Program Files\dotnet\sdk]
8.0.206 [C:\Program Files\dotnet\sdk]
8.0.304 [C:\Program Files\dotnet\sdk]
8.0.400 [C:\Program Files\dotnet\sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 8.0.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 8.0.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 8.0.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.8 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 8.0.6 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 8.0.8 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Other architectures found:
x86 [C:\Program Files (x86)\dotnet]
registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation]
Environment variables:
Not set
global.json file:
Not found
Learn more:
https://aka.ms/dotnet/info
Download .NET:
https://aka.ms/dotnet/download
Anything else?
When deploying to Azure, the Keycloak integration adds just this parameter:
startHowever to run Keycloak in prod requires multiple other parameters as described here.
Something like this:
The text was updated successfully, but these errors were encountered: