libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

New operator failing on health checks (#30709)

Browse source 
Closes #30355

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
This commit is contained in:
Martin Bartoš 2024-06-26 17:46:48 +02:00 committed by GitHub
parent cd0dbdf264
commit 0a888512a8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docs/guides/operator/advanced-configuration.adoc
View file

@ -204,7 +204,7 @@ It is achieved by providing certain JVM options.
For more details, see <@links.server id="containers" />.
== Management Interface
=== Management Interface
To change the port of the management interface, use the first-class citizen field `httpManagement.port` in the Keycloak CR.
To change the properties of the management interface, you can do it by providing `additionalOptions` field.
@ -225,6 +225,10 @@ spec:
value: /management
----
NOTE: If you are using a custom image, the Operator is *unaware* of any configuration options that might've been specified there.
For instance, it may cause that the management interface uses the `https` schema, but the Operator accesses it via `http` when the TLS settings is specified in the custom image.
To ensure proper TLS configuration, use the `tlsSecret` and `truststores` fields in the Keycloak CR so that the Operator can reflect that.
=== Truststores
If you need to provide trusted certificates, the Keycloak CR provides a top level feature for configuring the server's truststore as discussed in <@links.server id="keycloak-truststore"/>.
@ -260,6 +264,6 @@ stringData:
------
When running on a Kubernetes or OpenShift environment well-known locations of trusted certificates are included automatically.
This includes /var/run/secrets/kubernetes.io/serviceaccount/ca.crt and the /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt when present.
This includes `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt` and the `/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt` when present.
</@tmpl.guide>

8
docs/guides/operator/customizing-keycloak.adoc
View file

@ -43,10 +43,10 @@ spec:
hostname: test.keycloak.org
----
[NOTE]
====
With custom images, every build time option passed either through a dedicated field or the `additionalOptions` is ignored.
====
NOTE: With custom images, every build time option passed either through a dedicated field or the `additionalOptions` is ignored.
NOTE: The Operator is *unaware* of any configuration options that are specified in a custom image.
Use the Keycloak CR for any configuration that requires Operator awareness, namely the TLS and HTTP(S) settings reflected when configuring services and probes.
=== Non-optimized custom image