Keycloak 20.x docker image does not start (docker-compose)

Sam
December 30, 2022
203 views
0 votes
2 Answers

I’m using docker swarm and setting up a fresh copy of keycloak 20 and ran into some issues.
I’ve been using an older version of Keycloak but seems that the startup configuration etc has changed, especially for docker.

My docker-compose.yml looks like this current ly:

keycloak:
  image: quay.io/keycloak/keycloak:20.0
  environment:
    TZ: '...'
    KC_HOSTNAME: localhost
    KC_HOSTNAME_PORT: 80
    KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
    KC_DB: mysql
    KC_DB_URL: jdbc:mysql://mysql:3306/keycloak
    KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
    KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
    KEYCLOAK_ADMIN: admin
    KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD}
    KC_HEALTH_ENABLED: "true"
    KC_LOG_LEVEL: info
  volumes:
    - ./keycloak_realms:/realm-config # <- Unclear???
  depends_on:
    - mysql-db
  networks:
    - mysql-net
    - web
  healthcheck:
    test: [ "CMD", "curl", "-f", "http://localhost:8080/health/ready" ]
    interval: 15s
    timeout: 2s
    retries: 15
  deploy:
    resources:
      limits:
        cpus: '0.50'
        memory: 512m

When I start the container, all I see is an documentation for a kc.sh shell script.

I also cannot find a documentation about the new volume location etc.

In total I have an issue with lack of documentation and how to debug.

Has anyone more information about the config and how what is wrong here?

Answers

Your configuration is substantially correct, but you need to provide an argument to the kc.sh command. As you see from the help output, your options are:

build                   Creates a new and optimized server image.
start                   Start the server.
start-dev               Start the server in development mode.
export                  Export data from realms to a file or directory.
import                  Import data from a directory or a file.
show-config             Print out the current configuration.
tools                   Utilities for use and interaction with the server.

You probably want start-dev, so:

services:
  keycloak:
    image: quay.io/keycloak/keycloak:20.0
    command: start-dev
    .
    .
    .

I wasn’t able to get things running using KC_DB: mysql (this resulted in the error Unknown database: MySQL), but using MariaDB worked fine. The following configuration successfully starts Keycloak:

services:
  mysql:
    image: docker.io/mariadb:10
    environment:
      MARIADB_DATABASE: ${KEYCLOAK_DB_NAME}
      MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
      MARIADB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
      MARIADB_USER: ${KEYCLOAK_DB_USER}

  keycloak:
    image: quay.io/keycloak/keycloak:20.0
    environment:
      KC_HOSTNAME: localhost
      KC_HOSTNAME_PORT: 8080
      KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
      KC_DB: mariadb
      KC_DB_URL: jdbc:mariadb://mysql:3306/${KEYCLOAK_DB_NAME}?characterEncoding=UTF-8
      KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD}
      KC_HEALTH_ENABLED: "true"
      KC_LOG_LEVEL: info
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:8080/health/ready" ]
      interval: 15s
      timeout: 2s
      retries: 15
    command: start-dev
    ports:
      - 8080:8080

With that configuration, I can access keycloak at http://localhost:8080 and log into the admin console.

- bruegth
- March 7, 2023 at 11:13 am
- 0 votes
0
FYI: In Keycloak 21 new micro base image is used , so ‘curl’ no longer included in Image so healthcheck will not work anymore.

If Keycloak configured without HTTPS my workaround is this:
```
#!/bin/bash
exec 3<>/dev/tcp/localhost/8080

echo -e "GET /auth/health/ready HTTP/1.1nhost: localhost:8080n" >&3

timeout --preserve-status 1 cat <&3 | grep -m 1 status | grep -m 1 UP
ERROR=$?

exec 3<&-
exec 3>&-

exit $ERROR
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.