Open zaikinlv opened 4 years ago
Hi @zaikinlv and sorry for the delayed response. You're right, the controller is not resilient in this case. But actually we were not aware of this, as we never faced an unavailable keycloak (we're running HA setups and performing RollingUpdates).
We would be glad to receive a PR for this!
We are creating Keycloak clients with
keycloak-controller
for existing Keycloak server (7.0.0). For that to happen, first we're creating Keycloak object pointing to the Keycloak server(url points to internal kubernetes service here, which works great by the way):Output shows it is connected:
While keycloak is availabe/ready, clients are created succefully and available via keycloak UI. Example of KeycloakClient object:
Error occurs when we are creating
KeycloakClient
, while keycloak is not available. There may be several reasons for that e.g. keycloak pod restart due to upgrade procedures either of keycloak itself or other pieces of infrastructure.The error itself is obvious - keycloak is not avilable during
KeycloakClient
object creation:What we are missing here is a sort of resilience - while Keycloak is down,
KeycloakClient
object is created by controller, but no actual client is created in the Keycloak even when it is up again. The only fix we've found is either to restart keycloak-controller or to delete/applyKeycloakClient
again once Keycloak server is ready.Would be nice to have a feature when keycloak-controller tries to recover connection to keycloak on attempt to create
KeycloakClient
, if keycloak is not available at that moment. Same approach is used when controller tries to connect to keycloak on start and logging WARN each 60s:What do you think about this / how you're solving this?