Can't deploy quay.io/keycloak/keycloak:21.1.1 on Openshift Developer's Sandbox

Latest response

I'm trying to deploy Keycloak on Openshift Developer's Sandbox and I'm using the attached yaml file. The pod starts, as well as the associated service, route, etc.
Now I'm trying to execute the following command:

/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
Logging into http://localhost:8080 as user admin of realm master
Failed to create config file: /.keycloak/kcadm.config

It doesn't work as it tries to create the /.keycloak directory and it lacks write access in the / directory, which is normal. The "id" commands displays the following output:

bash-5.1$ id
uid=1012700000(1012700000) gid=0(root) groups=0(root),1012700000

and the content of the /etc/passwd is as follows:

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
keycloak:x:1000:0:keycloak user:/opt/keycloak:/sbin/nologin
1012700000:x:1012700000:0:1012700000 user:/:/sbin/nologin

However, the UID that is backed in the image file is keycloak (1000). For example, running the image locally:

docker run --name mykeycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.1 start-dev

and executing the id command in the running container displays:

$ docker exec -ti mykeycloak id
uid=1000(keycloak) gid=0(root) groups=0(root)

and the content of the /etc/passwd file is, this time, as follows:

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
keycloak:x:1000:0:keycloak user:/opt/keycloak:/sbin/nologin

So, I don't understand how come executing the image locally it runs as user "keycloak" while executing it in Openshift Developer's Sandbox runs as user 1012700000 ?

What should I do such that the pod UID be 1000 instead of 1012700000 ? I tried to use

securityContext:
  priviledged: true

or

securityContext:
  runAsUser: 1000

but then no pod is created, as shown below:

$ oc new-app -f keycloak-template.yaml -p KEYCLOAK_ADMIN=admin -p KEYCLOAK_ADMIN_PASSWORD=admin -p NAMESPACE=keycloak
--> Deploying template "nicolasduminil-dev/keycloak" for "keycloak-template.yaml" to project nicolasduminil-dev

     Keycloak
     ---------
     Keycloak on OpenShift

     * With parameters:
        * Application Name=keycloak
        * Keycloak Administrator Username=admin
        * Keycloak Administrator Password=admin
        * Custom Route Hostname=
        * Namespace used for DNS discovery=keycloak

--> Creating resources ...
    service "keycloak" created
    route.route.openshift.io "keycloak" created
Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+
    deploymentconfig.apps.openshift.io "keycloak" created
--> Success
    Access your application via route 'keycloak-nicolasduminil-dev.apps.sandbox-m3.1530.p1.openshiftapps.com' 
    Run 'oc status' to view your app.

$ oc get pods
NAME                READY   STATUS    RESTARTS   AGE
keycloak-1-deploy   1/1     Running   0

Here, what seems to happen is that only the deployment pod is created, but not the keyclaok one. And the deployment pod seems to run for ever, trying unsuccessfully to deploy keycloak. The "status" command shows:

$ oc status
Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+
In project nicolasduminil-dev on server https://api.sandbox-m3.1530.p1.openshiftapps.com:6443

https://keycloak-nicolasduminil-dev.apps.sandbox-m3.1530.p1.openshiftapps.com     (svc/keycloak)
  dc/keycloak deploys quay.io/keycloak/keycloak:21.1.1 
    deployment #1 running for about a minute - 0/1 pods growing to 1

svc/modelmesh-serving (headless) ports 8033, 8008, 8443, 2112

There is no any other error message and the deployment log file displays:

$ oc logs keycloak-1-deploy
--> Scaling keycloak-1 to 1

Could anyone help please ?

Many thanks in advance.

Kind regards,

Nicolas

Attachments

Nicolas DUMINIL's picture

Responses