viniciusdc
commented
1 month ago keycloak deployment occurs in two different stages, kuberntes_keycloak and kubernetes_keycloak_configuration
- The first stage is responsible for setting up the pod and running the service, and creates the master realm. At the end of the state, we make a request using the keycloak python lib to validate the realm exists. https://github.com/nebari-dev/nebari/blob/b2afe1a21c7ba03940f8df360ddced24d5ee08f6/src/_nebari/stages/kubernetes_keycloak/__init__.py#L246
- The second stage heavily depends on HTTPS requests, as its uses a custom provider that leverages terraform into API requests. (that't where the above error is coming from), this stage similar to the one above, also have a final deploy check: https://github.com/nebari-dev/nebari/blob/b2afe1a21c7ba03940f8df360ddced24d5ee08f6/src/_nebari/stages/kubernetes_keycloak_configuration/__init__.py#L93-L107
Though, the error you are seen is coming from this part: https://github.com/nebari-dev/nebari/blob/b2afe1a21c7ba03940f8df360ddced24d5ee08f6/src/_nebari/stages/kubernetes_keycloak_configuration/template/main.tf#L84-L90
While the workaround above is a good short-term fix it would be important for us to understand why the realm is not created when the resource assumes so... one suggestion is to start by check the keycloak logs for any warnings/errors (they do appear in case a request is incorrectly made)
Describe the bug
Occasionally when deploying I've seen the error
[terraform]: │ Error: error sending GET request to /auth/admin/realms/nebari/default-groups: 404 Not Found. Response body: {"error":"Realm not found."}
from Keycloak. I believe I've seen this when terraform fails during a deploy then I redeploy. I think it has something to do with terraform thinking the nebari realm should already exist, but it wasn't created yet.
I am able to get around the error most of the time by manually creating the realm. I've gotten around this by manually adding the "nebari" realm in Keycloak then redeploying.
We should add this to the docs.