New operator failing on health checks (#30709)
Closes #30355 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
This commit is contained in:
Martin Bartoš
GitHub
parent
cd0dbdf264
commit
0a888512a8
2 changed files with 12 additions and 8 deletions
|
|
@ -118,7 +118,7 @@ The `unsupported` field of the CR contains highly experimental configuration opt
|
|||
==== Pod Template
|
||||
|
||||
The Pod Template is a raw API representation that is used for the Deployment Template.
|
||||
This field is a temporary workaround in case no supported field exists at the top level of the CR for your use case.
|
||||
This field is a temporary workaround in case no supported field exists at the top level of the CR for your use case.
|
||||
|
||||
The Operator merges the fields of the provided template with the values generated by the Operator for the specific Deployment.
|
||||
With this feature, you have access to a high level of customizations. However, no guarantee exists that the Deployment will work as expected.
|
||||
|
|
@ -204,7 +204,7 @@ It is achieved by providing certain JVM options.
|
|||
|
||||
For more details, see <@links.server id="containers" />.
|
||||
|
||||
== Management Interface
|
||||
=== Management Interface
|
||||
|
||||
To change the port of the management interface, use the first-class citizen field `httpManagement.port` in the Keycloak CR.
|
||||
To change the properties of the management interface, you can do it by providing `additionalOptions` field.
|
||||
|
|
@ -225,6 +225,10 @@ spec:
|
|||
value: /management
|
||||
----
|
||||
|
||||
NOTE: If you are using a custom image, the Operator is *unaware* of any configuration options that might've been specified there.
|
||||
For instance, it may cause that the management interface uses the `https` schema, but the Operator accesses it via `http` when the TLS settings is specified in the custom image.
|
||||
To ensure proper TLS configuration, use the `tlsSecret` and `truststores` fields in the Keycloak CR so that the Operator can reflect that.
|
||||
|
||||
=== Truststores
|
||||
|
||||
If you need to provide trusted certificates, the Keycloak CR provides a top level feature for configuring the server's truststore as discussed in <@links.server id="keycloak-truststore"/>.
|
||||
|
|
@ -259,7 +263,7 @@ stringData:
|
|||
...
|
||||
------
|
||||
|
||||
When running on a Kubernetes or OpenShift environment well-known locations of trusted certificates are included automatically.
|
||||
This includes /var/run/secrets/kubernetes.io/serviceaccount/ca.crt and the /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt when present.
|
||||
When running on a Kubernetes or OpenShift environment well-known locations of trusted certificates are included automatically.
|
||||
This includes `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt` and the `/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt` when present.
|
||||
|
||||
</@tmpl.guide>
|
||||
|
|
|
|||
|
|
@ -43,10 +43,10 @@ spec:
|
|||
hostname: test.keycloak.org
|
||||
----
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
With custom images, every build time option passed either through a dedicated field or the `additionalOptions` is ignored.
|
||||
====
|
||||
NOTE: With custom images, every build time option passed either through a dedicated field or the `additionalOptions` is ignored.
|
||||
|
||||
NOTE: The Operator is *unaware* of any configuration options that are specified in a custom image.
|
||||
Use the Keycloak CR for any configuration that requires Operator awareness, namely the TLS and HTTP(S) settings reflected when configuring services and probes.
|
||||
|
||||
=== Non-optimized custom image
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue