Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FAILED create credential secret for user myuser in realm keycloak #16

Open
nuwang opened this issue May 3, 2023 · 0 comments
Open

FAILED create credential secret for user myuser in realm keycloak #16

nuwang opened this issue May 3, 2023 · 0 comments

Comments

@nuwang
Copy link

nuwang commented May 3, 2023

Describe the bug

The log is being spammed with repeated attempts to create the secret for a KeycloakUser CR, even when a password is specified: FAILED create credential secret for user myuser in realm keycloak/myrealm : secrets "credential-myrealm-myuser-keycloak" already exists". The CR status also contains this error.

First reported here: #6 (comment)

Version

1.0.0

Expected behavior

  1. No repeated attempts to create the credential secret if it already exists.
  2. Sync the credential secret with the user.

Actual behavior

  1. Repeated attempts to create the credential secret if it already exists.
  2. Does not sync the credential secret with the user.

How to Reproduce?

The last time I reported this issue, there was no clear way to reproduce the issue. I now believe it only occurs when the operator is running clusterwide. Please apply following kustomization to reproduce:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: keycloak

resources:
- https://raw.githubusercontent.com/keycloak/keycloak-realm-operator/main/deploy/crds/legacy.k8s.keycloak.org_externalkeycloaks_crd.yaml
- https://raw.githubusercontent.com/keycloak/keycloak-realm-operator/main/deploy/crds/legacy.k8s.keycloak.org_keycloakclients_crd.yaml
- https://raw.githubusercontent.com/keycloak/keycloak-realm-operator/main/deploy/crds/legacy.k8s.keycloak.org_keycloakrealms_crd.yaml
- https://raw.githubusercontent.com/keycloak/keycloak-realm-operator/main/deploy/crds/legacy.k8s.keycloak.org_keycloakusers_crd.yaml
- https://raw.githubusercontent.com/keycloak/keycloak-realm-operator/main/deploy/role.yaml
- https://raw.githubusercontent.com/keycloak/keycloak-realm-operator/main/deploy/role_binding.yaml
- https://raw.githubusercontent.com/keycloak/keycloak-realm-operator/main/deploy/service_account.yaml
- https://raw.githubusercontent.com/keycloak/keycloak-realm-operator/main/deploy/operator.yaml

# Patch operator to work cluster-wide
patchesJSON6902:
- target:
    group: apps
    version: v1
    kind: Deployment
    name: keycloak-realm-operator
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/env/0
      value:
        name: WATCH_NAMESPACE
        value: ""
- target:
    group: rbac.authorization.k8s.io
    kind: RoleBinding
    name: keycloak-realm-operator
  patch: |-
    - op: replace
      path: /kind
      value: ClusterRoleBinding
    - op: replace
      path: /roleRef/kind
      value: ClusterRole
    - op: remove
      path: /metadata/namespace
- target:
    group: rbac.authorization.k8s.io
    kind: Role
    name: keycloak-realm-operator
  patch: |-
    - op: replace
      path: /kind
      value: ClusterRole
    - op: remove
      path: /metadata/namespace

Anything else?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nuwang