Hi,
I try to deploy keycloack as docker container with these files:
–Dockerfile–
FROM Quay
– render,yaml.–
services:
type: web
name: keycloack
env: docker
region: frankfurt # optional (defaults to oregon)
plan: free # optional (defaults to starter instance type)
dockerCommand: ./keycloack.sh
–keycloack.sh–
docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:latest start-dev
any suggestions??
Thanks
Hi Marcos,
When running Docker images on Render, there is no need for the docker run part. The Render platform essentially does this for you. I think you would only need to have start-dev as your dockerCommand in the render.yaml. You would also need to define the KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD as environment variables as they are being used to start the Docker container if you run it locally.
Regards,
Keith
Thanks ,
I followed your suggestions, but it didnt work.
Keycloack image is loaded and then exited with status 128.
There is a issue: “(Private service fails to deploy with no feedback: "Exited with status 128")” where al_ps said :
“I think the issue may be with the dockerCommand set in the Blueprint. The Docker Command in a service notes:”
Add an optional command to override the Docker
CMDfor this service. This will also override theENTRYPOINTif defined in your Dockerfile.
“As it’s overriding the CMD and ENTRYPOINT , the command you’ve set in the screenshot doesn’t appear to run anything…”
Any workaround???
Thanks
Hi Keith,
I was able to run keycloack as docker container with these files:
-----Dockerfile------
FROM Quay
EXPOSE 8080
ENTRYPOINT [“/opt/keycloak/bin/kc.sh”]
CMD [“start-dev”]
------render.yaml------
services:
The output message of the conole is: " Running the server in development mode. DO NOT use this configuration in production",but the DEPLOY FAILED with “Timed out after waiting for internal health check to return a successful response code at:…”
any suggestion??
Hi Marcos,
I don’t think the health check endpoints are enabled by default. I would take a look at the information here:
https://www.keycloak.org/server/containers
This link also shows you how to run the container no in dev mode.
Regards,
Keith
Hi Keith,
Thanks in advance for your help.
I followed your suggestion and I was able to DEPLOY keycloack , the service is LIVE.
BUT when i hit the url https://keycloack-booe.onrender.com i receive a HTTP ERROR 502.
----dockerfile----
FROM Quay as builder
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_DB=postgres
WORKDIR /opt/keycloak
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname “CN=server” -alias server -ext “SAN:c=DNS:localhost,IP:0.0.0.0” -keystore conf/server.keystore
RUN /opt/keycloak/bin/kc.sh build
FROM Quay
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ARG ADMIN
ARG ADMIN_PASSWORD
ARG DB_PASSWORD
ARG DB_SCHEMA
ARG DB_URL_HOST
ARG DB_USERNAME
ENV KC_DB_NAME=$DB_SCHEMA
ENV KC_DB_USERNAME=$DB_USERNAME
ENV KC_DB_PASSWORD=$DB_PASSWORD
ENV KC_HOSTNAME=$DB_URL_HOST
ENV KC_HOSTNAME_PORT=10000
ENV KEYCLOAK_ADMIN=$ADMIN
ENV KEYCLOAK_ADMIN_PASSWORD=$ADMIN_PASSWORD
ENV KC_DB_URL=jdbc:postgresql://${KC_HOSTNAME}.frankfurt-postgres.render.com:5432/${KC_DB_NAME}
ENTRYPOINT [“/opt/keycloak/bin/kc.sh”]
CMD [“start”,“–optimized”]
----RENDER.YAML—
services:
databases: # BBDD POSTGRESQL nativa
This could be the problem???
" RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname “CN=server” -alias server -ext “SAN:c=DNS:localhost,IP:0.0.0.0” -keystore "
Thanks
Hi there,
It’s hard to say at this point, a 502 response can happen for a number of reasons. The RUN keytool the command isn’t failing because your service would build and deploy.
I think it might be best if you open a ticket directly with us so we can discuss this further in private.
Thanks,
Keith
Hi Keith,
i opened a ticket.
Thanks
Hello,
Was a solution ever found for this problem? I am interested in deploying keycloak on render.com as well.
Could the problem be related to the disk/memory requirements of running the container? Found this thread, but it is slightly outdated. But if true, the free tier won’t work :/.
Also, is your instance of postgres running at the time of deployment? if not, would putting the database before the keycloak webservice in render.yaml, similarly to how it is done in some of the quickstart guides. Also, if you are using the native postgres on render, the connection string is for internal connections is formatted differently than in your latest version of the Dockerfile, as per the render docs.
Maybe one of these will work?
Hi there,
I believe the 502 issue was related to Keycloak running on 2 ports which will have issues with our port detection. The solution was for the port which is to be exposed through our proxy to the public internet, as an PORT environment variable. You should see logs of which port Keycloak is using:
[io.quarkus] (main) Keycloak 21.1.1 on JVM (powered by Quarkus 2.13.7.Final) started in 150.390s. Listening on: https://0.0.0.0:8443
You need to add 8443 is the PORT environment variable.
As for the full solution to get this working Macros will need to provide this.
Regards,
Keith
Render Support, UTC+10 
I see, thank you for the explanation.
How does the port detection work on render for a web service?
Hi Benjamin,
The process is documented here: https://render.com/docs/web-services#host-and-port-configuration
Regards,
Keith
Render Support, UTC+10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.