Troubleshooting Keycloak CrashLoopBackOff
🤔 Problem
Failing Keycloak Kubernetes pod. This can happen when existing keycloak users refer to entities no longer existing in the latest realm configuration upon migration such as clients.
The Keycloak container keeps on restarting and manual actions on that pod are impossible
🌱 Solution
Manual migration is necessary. However, to do so it is necessary to bring the pod into a stable state.
Edit the Keycloak deployment configuration from
command: [ "/bin/bash" ]
args: [ "-c",
"/opt/keycloak/bin/kc.sh start \
-Dkeycloak.migration.action=import \
-Dkeycloak.migration.provider=dir \
-Dkeycloak.migration.dir=/opt/keycloak/imports \
-Dkeycloak.migration.strategy=IGNORE_EXISTING"]
command: [ "/bin/bash" ]
args: [ "-c", "/opt/keycloak/bin/kc.sh start"]
This will start keycloak on the previous stable state.
Remove old references either from the keycloak admin console or in the configuration files. lissi-cloud-realm.json
or lissi-cloud-users-0.json
.
Modify the the configuration files from the container:
Connect and run a bash in the Keycloak container
Export the current configuration
cd opt/keycloak bin/kc.sh export --dir <dir> --users same_file
CODECreate a migration folder and copy the user configuration file
mkdir migration cp <dir>/lissi-cloud-users-0.json
CODECopy the realm configuration in the migration folder
cp imports/lissi-cloud-realm.json
CODESync the user configuration file with the realm configuration file
Run the migration script
bin/kc.sh start \ -Dkeycloak.migration.action=import \ -Dkeycloak.migration.provider=dir \ -Dkeycloak.migration.dir=/opt/keycloak/migration
CODE
Edit back the Keycloak deployment configuration
Stabilise the Keycloak container with ArgoCD
Deactivate the Auto-Sync policy
Edit the deployment from configuration from the ArgoCD admin console
Follow the steps described earlier
Reactivate the Auto-Sync policy