Open sblair-metrostar opened 7 months ago
Thanks for reporting @sblair-metrostar.
I think the recommendation for now would be to change your nebari-config.yaml to
security:
keycloak:
initial_root_password: "" # <--- blank string here
authentication:
type: password
but this should be tested before trusting this advice.
I would support a PR to the docs to make this more clear or a PR to allow the behavior you initially expected. Chime in if you (or others) are interested in working on this issue.
Describe the bug
Following the guidance in the Nebari documentation that says to remove the Keycloak
initial_root_password
after initial deployment should have no effect on the environment. However, the Nebari CLI appears to fill in this blank with a random password on eachnebari deploy
which results in a change to the helm chart and causes the keycloak-0 pod to be restarted. This doesn't appear to break anything but can cause upwards of a minute of downtime while Keycloak comes back up.Expected behavior
Removing the
initial_root_password
key/value fromnebari-config.yaml
should not have any side effects on the environment.OS and architecture in which you are running Nebari
Linux, x64
How to Reproduce the problem?
Change
nebari-config.yaml
after initial deployment.Before:
After:
Run
nebari deploy -c nebari-config.yaml
and terraform applies a change the Keycloak helm chart. When complete, check the age of the keycloak-0 pod to confirm it is new.Command output
Versions and dependencies used.
Nebari: 2023.11.1
Compute environment
AWS
Integrations
No response
Anything else?
No response