3

I am trying to create a Keycloak deployment having its configuration imported from a local file located at ./import/realm.json.

Folder structure:

  • keycloak-deploy.yml
  • import/realm.json

However, when applying the deployment I get this error:

 FATAL [org.keycloak.services] (ServerService Thread Pool -- 59) Error during startup: java.lang.RuntimeException: java.io.FileNotFoundException: /import/realm.json (No such file or directory)

This is the deployment (keycloak-deploy.yml) I'm trying to create:

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: keycloak-deployment
  name: keycloak-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak-deployment
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: keycloak-deployment
    spec:
      containers:
      - image: jboss/keycloak:latest
        name: keycloak
        env:
          - name: KEYCLOAK_USER
            value: admin
          - name: KEYCLOAK_PASSWORD
            value: superSecret
          - name: KEYCLOAK_IMPORT
            value: /import/realm.json
        ports:
          - containerPort: 8081
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8081
        resources: {}
status: {}

I'm a beginner with Kubernetes so any help is apreciated, thanks !

happy songs
  • 835
  • 8
  • 21
  • Where is your file located? – Thomas Apr 04 '22 at 15:53
  • The file is located in the same folder where the deployment yml file is, under this path: `./import/realm.json`. I edited the post to include the folder structure. – happy songs Apr 04 '22 at 15:55
  • What version of keycloak are using and did you get it to work? – IfTrue Apr 05 '22 at 00:56
  • I'm using the latest version, it's still not working – happy songs Apr 05 '22 at 06:54
  • 3
    You cannot use just `value: /import/realm.json` . You need to mount this file to your pod as Volume. Other possible solution is to create ConfigMap `--from-file`. You can check [this answer](https://stackoverflow.com/a/61654051/16559292). Then create the `KEYCLOAK_IMPORT` env variable with reference to ConfigMap. See how to create [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#use-configmap-defined-environment-variables-in-pod-commands) Smth like this: - name: KEYCLOAK_IMPORT valueFrom: configMapKeyRef: name: configmap-name key: realm.json – Andrew Skorkin Apr 05 '22 at 16:02

2 Answers2

5

I followed what was said in the comments (thanks @Andrew Skorkin). It worked like this:

  • deployment & service:
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: keycloak-deployment
  name: keycloak-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak-deployment
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: keycloak-deployment
    spec:
      containers:
      - image: jboss/keycloak:latest
        name: keycloak
        env:
          - name: KEYCLOAK_USER
            value: admin
          - name: KEYCLOAK_PASSWORD
            value: superSecret
          - name: KEYCLOAK_IMPORT
            value: /import/realm.json
        ports:
          - name: http
            containerPort: 8081
        volumeMounts:
          - name: keycloak-volume
            mountPath: /import
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8081
          initialDelaySeconds: 30
          timeoutSeconds: 30
        resources: {}
      volumes:
        - name: keycloak-volume
          configMap:
            name: keycloak-configmap
status: {}
---
apiVersion: v1
kind: Service
metadata:
  name: keycloak-service
spec:
  selector:
    app: keycloak-service
  ports:
    - protocol: TCP
      port: 8081
      targetPort: 8081
  • config map:
apiVersion: v1
data:
  realm.json: |
    {json_content}
kind: ConfigMap
metadata:
  name: keycloak-configmap

json_content contains the realm.json data. I exported the data from a working keycloak instance (made with docker-compose).

happy songs
  • 835
  • 8
  • 21
4

Extending the solution of "Happy Songs":

My 2 cents, as I switched to a newer Keycloak Version using Quarkus (and I did not use the env KEYCLOAK_IMPORT).

kind: Deployment
image: quay.io/keycloak/keycloak:20.0.2
args: ["start-dev --import-realm"]
          volumeMounts:
            - name: keycloak-volume
              mountPath: /opt/keycloak/data/import

According to the documentation the mount path on containers is: /opt/keycloak/data/import. See here: https://www.keycloak.org/server/importExport

kind: ConfigMap
data:
  jhipster-realm.json: |
    {
      "id": "jhipster",
      "realm": "jhipster",
      "notBefore": 0,

In earlier keycloak examples I needed to use the ID of the realm as filename. So the filename xyz.json matches the "id": xyz. Not sure if this is still necessary.

Btw: When exporting, the passwords will not be exported.

Bernd Waibel
  • 41
  • 2