bKubernetes Developer Guide | Helm Development Guide | Reference Architecture
Introduction
This page details and example cloud based microservice architecture.
Spring boot based reference architecture - Reference Architecture, Spring boot jar running the spring embedded tomcat container - Spring Boot Microservice
Architecture
Deployment Diagram
DevOps
Originally on github https://github.com/obrienlabs/refarch- moved to gitlab
| site | url |
|---|---|
| git | |
| docker hub | https://hub.docker.com/repository/docker/obrienlabs/reference-nbi |
| gitlab CI/CD | |
| jenkins CI | http://jenkins.obrienlabs.cloud/job/ref-arch-java-gitlab/ Backup |
| base endpoint | http://services.obrienlabs.cloud:8888/nbi/api |
| Jira | https://gitlab.com/refarch/reference/-/issues/1 |
Quickstart
Technology Coverage - Technology
Clone
# using your ssh key (o*_r*) :wse_gitlab $ git clone git@gitlab.com:refarch/reference
Build
:reference $ mvn clean install -U -T 16 -DskipTests=true [INFO] Reactor Build Order: [INFO] [INFO] reference-nbi [jar] [INFO] reference [pom] [INFO] [INFO] Using the MultiThreadedBuilder implementation with a thread count of 16
Commit/Push
#
Build/Run Docker endpoint on RKE EC2 VM
Locally
cd reference-nbi/src/docker/
./build.sh
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 6.412 s
[INFO] Finished at: 2020-04-27T13:37:58-04:00
[INFO] ------------------------------------------------------------------------
Sending build context to Docker daemon 32.15MB
Step 1/6 : FROM openjdk:8
---> e890fe39c302
Step 2/6 : ARG USERVICE_HOME=/opt/app/
---> Running in 146aa23cf6a8
Removing intermediate container 146aa23cf6a8
---> b17a9e0d3ae6
Step 3/6 : RUN mkdir -p $USERVICE_HOME
---> Running in e3581d8e5d7a
Removing intermediate container e3581d8e5d7a
---> 48e719469a9f
Step 4/6 : ADD reference-nbi-*.jar $USERVICE_HOME/lib/reference-nbi.jar
---> bbae15d7b576
Step 5/6 : ADD startService.sh $USERVICE_HOME/bin/
---> 7f3a12fbf15a
Step 6/6 : CMD ["/opt/app/bin/startService.sh"]
---> Running in 6bddc74b8a77
Removing intermediate container 6bddc74b8a77
---> 067ab19c41c9
[Warning] One or more build-args [build-id] were not consumed
Successfully built 067ab19c41c9
Successfully tagged obrienlabs/reference-nbi:latest
The push refers to repository [docker.io/obrienlabs/reference-nbi]
3ed4cee3cd68: Pushed
44ca53031496: Pushed
626aa2565d15: Pushed
c601709dd5d2: Layer already exists
72ce39f2b7f6: Layer already exists
33783834b288: Layer already exists
5c813a85f7f0: Layer already exists
bdca38f94ff0: Layer already exists
faac394a1ad3: Layer already exists
ce8168f12337: Layer already exists
0.0.1: digest: sha256:6dc5082fa5dea76439b7d72b73d442cdeb2bf257798d257c5853093b0165be08 size: 2420
reference-nbi
reference-nbi
starting: reference-nbi
0e9ab09b8c4082e2f0859cac462c921b186084b019699d348bca1aa0a7c858db
On VM
ubuntu@ip-172-31-81-46:~$ docker run --name reference-nbi -d -p 8888:8080 obrienlabs/reference-nbi:0.0.1
ubuntu@ip-172-31-81-46:~$ curl http://127.0.0.1:8888/nbi/api
{"id":1,"content":"1 PASS cloud.containerization.reference.nbi.ApiController queryString: null decodedQueryString: "}
Design
Agenda:
Create initial spring boot maven project
Create a new project via the spring initializr https://start.spring.io/ see https://spring.io/guides/gs/serving-web-content/
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>cloud.dev9</groupId>
<artifactId>reference-sb-nbi</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>reference-sb-nbi</name>
<description>Reference sb NBI</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
<!--dependency><!-- user:user -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency-->
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-streams</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.oracle.ojdbc</groupId>
<artifactId>ojdbc8</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
Add Swagger and OpenAPI 3
API - OpenAPI - Swagger#OpenAPI-Swagger-AddSwagger2toanexistingMavenJavaproject
Configure IDEs for development
Add Lombok APT IDE tool
Use Java 16 Records via https://openjdk.java.net/jeps/395 instead of Lombok as of March 2021
https://www.baeldung.com/lombok-ide and https://search.maven.org/artifact/org.projectlombok/lombok-maven-plugin/1.18.12.0/maven-plugin
Download and run the latest jar to adjust your eclipse.ini and eclipse/sts runtime - https://search.maven.org/remotecontent?filepath=org/projectlombok/lombok/1.18.12/lombok-1.18.12.jar
# add to ini file
-javaagent:lombok-1.18.12
# copy jar to show packet contentsContents/MacOS// add to pom.xml<lombok.version>1.18.12</lombok.version><dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
</dependency>
// add to your classes
@Data
Lombok in IntelliJ
for 2020.03 -
| 2020.03 | File | Settings | Build, Execution, Deployment | Compiler | Build process VM options add : -Djps.track.ap.dependencies=false |
Add eclEmma code coverage
Add a default REST endpoint to spring boot
Add the context root to application.properties
server.servlet.context-path=/sb-nbi
Add the convenience annotation to the Application class
@SpringBootApplication
package cloud.containerization.reference.nbi;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.RequestMapping;
@RestController
public class DefaultRestController {
@RequestMapping("/")
public String index() {
return "Greetings from Spring Boot!";
}
}
Verify the endpoint
http://127.0.0.1:8180/sb-nbi/actuator/health
Add a JPA 2.2 Hibernate provider repository bean to spring boot
https://mvnrepository.com/artifact/org.eclipse.persistence/javax.persistence/2.2.0
pom.xml
# pom.xml changes
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
<version>2.2.0</version>
</dependency>
# mysql
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.42</version>
<scope>runtime</scope>
</dependency>
# postgreSQL
# oracle
<oracle.driver.version>12.1.0.2</oracle.driver.version>
<dependency>
<groupId>com.oracle.ojdbc</groupId>
<artifactId>ojdbc8</artifactId>
<version>${oracle.driver.version}</version>
</dependency>
remember to Databases#AddingtheOracleojdbc7.jarmanually only if you use ojdbc.jdbc7
Add spring jpa starter
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
Add JPA Schema to Entity code generation via hbm2java
Add JPA Entity to Schema DDL generation via hbm2ddl
Add Spring Profiles to spring boot
Add External configuration to spring boot
To reference an external properties file, put the file in the current dir, in a config subdir or reference directly with --spring.config.location
biometric:bin michaelobrien$ ls application.properties config field-0.0.1-SNAPSHOT.jar biometric:bin michaelobrien$ java -jar field-0.0.1-SNAPSHOT.jar
Add spring.xml XML config to spring boot project
The default spring boot template no longer comes with XML config as it relies solely on annotations. You can however add a mix of XML and annotation based config.
Add the following spring.xml - for example to reference external Thymeleaf templates out of the current spring boot jar classpath - trailing slash is required.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<bean id="templateResolver" class="org.thymeleaf.templateresolver.FileTemplateResolver">
<property name="prefix" value="${template_path}/eventstream/deployment/routes/welcome/" />
<property name="suffix" value=".html" />
<property name="templateMode" value="HTML5" />
<property name="cacheable" value="false" />
</bean>
</beans>
Add the following extra spring configuration bean to load the xml file
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;
@Configuration
@ImportResource({"classpath*:spring.xml"})
public class XmlConfiguration {
}
Add Environment Variables inside spring xml configuration
Add the following property-placeholder to enable environment variables from your application.properties overrides - with no hardcoded parameters.
Or use a PropertySourcesPlaceholderConfigurer - see https://github.com/obrienlabs/biometric/blob/master/biometric.web/src/main/webapp/WEB-INF/spring.xml#L50
spring.xml
<context:property-placeholder />// usage
<property name="prefix" value="${thymleaf.templates.prefix}" />
application.properties
thymleaf.templates.prefix=${template_path}/eventstream/deployment/routes/welcome/
Add Thymeleaf to spring boot
https://github.com/obrienlabs/eventstream/commit/f1e2dac2eb1cdf1536d3eb36c565ccf64bcb0260
Add thymeleaf start to the pom
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
Add static resources to main/resources/static/css
Add FileTemplateResolver around possible external templates via a spring.xml file
Add properties overrides
Add Junit to spring boot
Add Sonar to spring boot
Add a spring aspect based logging framework to spring boot
Add spring security to your REST endpoints in spring boot
https://www.baeldung.com/spring-boot-https-self-signed-certificate
Create a Dockerfile framework
Build/Run Docker endpoint on RKE EC2 VM
see REF-2 - Getting issue details... STATUS
see https://github.com/obrienlabs/refarch/tree/master/reference-nbi/src/docker
Locally
cd reference-nbi/src/docker/
./build.sh
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 6.412 s
[INFO] Finished at: 2020-04-27T13:37:58-04:00
[INFO] ------------------------------------------------------------------------
Sending build context to Docker daemon 32.15MB
Step 1/6 : FROM openjdk:8
---> e890fe39c302
Step 2/6 : ARG USERVICE_HOME=/opt/app/
---> Running in 146aa23cf6a8
Removing intermediate container 146aa23cf6a8
---> b17a9e0d3ae6
Step 3/6 : RUN mkdir -p $USERVICE_HOME
---> Running in e3581d8e5d7a
Removing intermediate container e3581d8e5d7a
---> 48e719469a9f
Step 4/6 : ADD reference-nbi-*.jar $USERVICE_HOME/lib/reference-nbi.jar
---> bbae15d7b576
Step 5/6 : ADD startService.sh $USERVICE_HOME/bin/
---> 7f3a12fbf15a
Step 6/6 : CMD ["/opt/app/bin/startService.sh"]
---> Running in 6bddc74b8a77
Removing intermediate container 6bddc74b8a77
---> 067ab19c41c9
[Warning] One or more build-args [build-id] were not consumed
Successfully built 067ab19c41c9
Successfully tagged obrienlabs/reference-nbi:latest
The push refers to repository [docker.io/obrienlabs/reference-nbi]
3ed4cee3cd68: Pushed
44ca53031496: Pushed
626aa2565d15: Pushed
c601709dd5d2: Layer already exists
72ce39f2b7f6: Layer already exists
33783834b288: Layer already exists
5c813a85f7f0: Layer already exists
bdca38f94ff0: Layer already exists
faac394a1ad3: Layer already exists
ce8168f12337: Layer already exists
0.0.1: digest: sha256:6dc5082fa5dea76439b7d72b73d442cdeb2bf257798d257c5853093b0165be08 size: 2420
reference-nbi
reference-nbi
starting: reference-nbi
0e9ab09b8c4082e2f0859cac462c921b186084b019699d348bca1aa0a7c858db
On VM
ubuntu@ip-172-31-81-46:~$ docker run --name reference-nbi -d -p 8888:8080 obrienlabs/reference-nbi:0.0.1
ubuntu@ip-172-31-81-46:~$ curl http://127.0.0.1:8888/nbi/api
{"id":1,"content":"1 PASS cloud.containerization.reference.nbi.ApiController queryString: null decodedQueryString: "}
Create a Helm/Kubernetes deployment framework
see REF-3 - Getting issue details... STATUS
Helm Development Guide#HelmLifecycle
see https://github.com/obrienlabs/refarch/commit/b255db3d2a7c6975f8a68d587617de7c2ef74411
Helm package and install chart
helm package reference-nbi helm install --name reference-nbi reference-nbi-0.1.0.tgz
Deployment
Kubernetes Cluster
Kubernetes on Docker Desktop OSX
Kubernetes on Docker Desktop Windows
Kubernetes on Minikube OSX VMware Fusion
Kubernetes on RKE Bare Metal Ubuntu 16
Kubernetes on RKE VMware OSX or Windows
Kubernetes on RKE on AWS EC2
Kubernetes Platform Services Infrastructure
Kubernetes Platform Services
| service | Kubernetes | chart | artifacts | notes | links |
|---|---|---|---|---|---|
| dns | |||||
| namespaces | |||||
| storage | storageclass | ||||
| security | certificate-manager | ||||
Network
API Gateway
An ingress/proxy that can act as an SSL terminator, load balancer, proxy, URL rewriter or ingress/egress traffic conditioner.
Storage
Default Storage Class
Security
Single Sign On
Keycloak
MFA/2FA in Keycloak - https://www.keycloak.org/docs/latest/server_admin/index.html#_webauthn
Add 2nd realm, group and 2 roles to keycloak
Don't use older more mature SAML 2.0 - Use OpenID Connect OIDC https://www.keycloak.org/docs/latest/securing_apps/ (JWT) - extract email from the token.
MFA support is only for google authenticator (no SMS or phone support)
Workout SMTP config (link with SES or vice-versa)
Replace self-signed cert
https://www.keycloak.org/docs/latest/getting_started/index.html
https://github.com/keycloak/keycloak-quickstarts
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-jee-html5/src/main/webapp
Keycloak Helm chart
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ sudo snap install helm --classic helm 3.5.4 from Snapcrafters installed
https://github.com/codecentric/helm-charts/tree/master/charts/keycloak
Keycloak Kubernetes Yamls
Clone the keycloak quickstarts repo https://github.com/keycloak/keycloak-quickstarts
We are running a clean Rancher/SUSE RKE kubernetes cluster without ingress setup. We will switch the LoadBalancer to a NodePort
We will also switch out the container from quay.io to dockerhub under redhat https://hub.docker.com/r/jboss/keycloak
ubuntu@ip-172-31-91-213:~/keycloak$ git clone https://github.com/keycloak/keycloak-quickstarts.git
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ git diff
diff --git a/kubernetes-examples/keycloak.yaml b/kubernetes-examples/keycloak.yaml
index 91fcf7b6..5b6d0c8b 100644
--- a/kubernetes-examples/keycloak.yaml
+++ b/kubernetes-examples/keycloak.yaml
@@ -9,15 +9,16 @@ spec:
- name: http
port: 8080
targetPort: 8080
+ nodePort: 30090
selector:
app: keycloak
- type: LoadBalancer
+ type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
- namespace: default
+ namespace: keycloak
labels:
app: keycloak
spec:
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl create -f kubernetes-examples/keycloak.yaml -n keycloak
service/keycloak created
deployment.apps/keycloak created
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl get services -n keycloak
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
keycloak NodePort 10.43.154.96 <none> 8080:30090/TCP 5m36s
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl get pods -n keycloak
NAME READY STATUS RESTARTS AGE
keycloak-74bfc86784-zjq2l 1/1 Running 0 5m44s
set the admin account
buntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl exec -it -n keycloak keycloak-6d7dd4fb47-9v2r4 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
bash-4.4$ /opt/jboss/keycloak/bin/add-user-keycloak.sh -u admin -p pw
Added 'admin2' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
bash-4.4$ exit
restart the container by scaling the deployment
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl scale deployment keycloak --replicas=0 -n keycloak
deployment.apps/keycloak scaled
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl get pods -n keycloak
No resources found in keycloak namespace.
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl scale deployment keycloak --replicas=1 -n keycloak
deployment.apps/keycloak scaled
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl get pods -n keycloak
NAME READY STATUS RESTARTS AGE
keycloak-6d7dd4fb47-l8xmr 1/1 Running 0 52s
Keycloak here
http://services.obrienlabs.cloud:30090/auth/
Run KeyCloak via Docker
https is not working in most browsers - disable it - see https://github.com/codecentric/helm-charts/issues/271
Fix the https certificate error in most browsers
https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/admin-cli.html
https://stackoverflow.com/questions/38337895/globally-disable-https-keycloak
ubuntu@ip-172-31-91-213:~/keycloak/helm-charts/charts/keycloak$ docker run -d --name keycloak -p:9080:8080 -e KEYCLOAK_USER=admin2 -e KEYCLOAK_PASSWORD=pw quay.io/keycloak/keycloak:12.0.4 9e38db0cec18875a8e7692898cb5835004eda6088652c60fc98bb939ef71cba6 ubuntu@ip-172-31-91-213:~/keycloak/helm-charts/charts/keycloak$ docker exec -it keycloak bash bash-4.4$ cd /opt/jboss/keycloak/bin bash-4.4$ ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin2 Logging into http://localhost:8080/auth as user admin2 of realm master Enter password: ********** bash-4.4$ ./kcadm.sh update realms/master -s sslRequired=NONE
With sslRequired off - we can get past
Jboss/Keycloak
docker stop keycloak
docker rm keycloak
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ docker run -d --name keycloak -p:9443:8443 -p:9080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=pw jboss/keycloak
501ebf286f8cb0eb85209536fd2756ece4a317a7f27f834c0c988272a9534a5e
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ docker ps | grep keycloak
501ebf286f8c jboss/keycloak "/opt/jboss/tools/do…" 26 seconds ago Up 26 seconds 8443/tcp, 0.0.0.0:9080->8080/tcp keycloak
to see the logs
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ docker run -e KEYCLOAK_USER=admin2 -e KEYCLOAK_PASSWORD=mspassword jboss/keycloak
Unable to find image 'jboss/keycloak:latest' locally
latest: Pulling from jboss/keycloak
8f403cb21126: Already exists
65c0f2178ac8: Already exists
4937bde7f4a8: Pull complete
ea6b683ade7b: Pull complete
d5c86773c112: Pull complete
Digest: sha256:32ddf76b14addeebb4d775205fe274911e10325e17bd5610d8534041593ab370
Status: Downloaded newer image for jboss/keycloak:latest
Added 'admin2' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
-b 0.0.0.0
=========================================================================
Using Embedded H2 database
=========================================================================
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /opt/jboss/keycloak
JAVA: java
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED
=========================================================================
18:43:15,518 INFO [org.jboss.modules] (main) JBoss Modules version 1.10.2.Final
18:43:16,635 INFO [org.jboss.msc] (main) JBoss MSC version 1.4.12.Final
18:43:16,658 INFO [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final
18:43:16,925 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) starting
18:43:17,214 INFO [org.jboss.vfs] (MSC service thread 1-4) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
18:43:18,874 INFO [org.wildfly.security] (ServerService Thread Pool -- 22) ELY00001: WildFly Elytron version 1.13.1.Final
18:43:20,737 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
18:43:20,842 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 5) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
18:43:21,230 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
18:43:21,273 INFO [org.xnio] (MSC service thread 1-3) XNIO version 3.8.2.Final
18:43:21,287 INFO [org.xnio.nio] (MSC service thread 1-3) XNIO NIO Implementation Version 3.8.2.Final
18:43:21,358 INFO [org.jboss.remoting] (MSC service thread 1-2) JBoss Remoting version 5.0.19.Final
18:43:21,404 INFO [org.wildfly.extension.microprofile.config.smallrye._private] (ServerService Thread Pool -- 48) WFLYCONF0001: Activating WildFly MicroProfile Config Subsystem
18:43:21,419 INFO [org.jboss.as.clustering.jgroups] (ServerService Thread Pool -- 43) WFLYCLJG0001: Activating JGroups subsystem. JGroups version 4.2.5
18:43:21,442 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 52) WFLYNAM0001: Activating Naming Subsystem
18:43:21,472 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 39) WFLYCLINF0001: Activating Infinispan subsystem.
18:43:21,483 INFO [org.jboss.as.security] (ServerService Thread Pool -- 55) WFLYSEC0002: Activating Security Subsystem
18:43:21,543 WARN [org.jboss.as.txn] (ServerService Thread Pool -- 57) WFLYTX0013: The node-identifier attribute on the /subsystem=transactions is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.
18:43:21,606 INFO [org.jboss.as.connector] (MSC service thread 1-4) WFLYJCA0009: Starting JCA Subsystem (WildFly/IronJacamar 1.4.23.Final)
18:43:21,621 INFO [org.wildfly.extension.microprofile.metrics.smallrye] (ServerService Thread Pool -- 50) WFLYMETRICS0001: Activating Eclipse MicroProfile Metrics Subsystem
18:43:21,621 INFO [org.wildfly.extension.microprofile.health.smallrye] (ServerService Thread Pool -- 49) WFLYHEALTH0001: Activating Eclipse MicroProfile Health Subsystem
18:43:21,637 INFO [org.jboss.as.security] (MSC service thread 1-2) WFLYSEC0001: Current PicketBox version=5.0.3.Final-redhat-00006
18:43:21,631 INFO [org.wildfly.extension.io] (ServerService Thread Pool -- 40) WFLYIO001: Worker 'default' has auto-configured to 4 IO threads with 32 max task threads based on your 2 available processors
18:43:21,660 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 34) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4)
18:43:21,661 INFO [org.jboss.as.jaxrs] (ServerService Thread Pool -- 41) WFLYRS0016: RESTEasy version 3.13.2.Final
18:43:21,947 WARN [org.wildfly.clustering.web.undertow] (ServerService Thread Pool -- 58) WFLYCLWEBUT0007: No routing provider found for default-server; using legacy provider based on static configuration
18:43:22,004 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0003: Undertow 2.2.2.Final starting
18:43:22,075 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = h2
18:43:22,151 INFO [org.jboss.as.naming] (MSC service thread 1-2) WFLYNAM0003: Starting Naming Service
18:43:22,198 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 58) WFLYUT0014: Creating file handler for path '/opt/jboss/keycloak/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]']
18:43:22,220 INFO [org.jboss.as.mail.extension] (MSC service thread 1-4) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default]
18:43:22,422 INFO [org.jboss.as.ejb3] (MSC service thread 1-4) WFLYEJB0482: Strict pool mdb-strict-max-pool is using a max instance size of 8 (per class), which is derived from the number of CPUs on this host.
18:43:22,430 INFO [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0012: Started server default-server.
18:43:22,420 INFO [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0481: Strict pool slsb-strict-max-pool is using a max instance size of 32 (per class), which is derived from thread worker pool sizing.
18:43:22,714 INFO [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0006: Undertow AJP listener ajp listening on 0.0.0.0:8009
18:43:22,715 INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:8080
18:43:22,726 INFO [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0018: Host default-host starting
18:43:22,757 INFO [org.jboss.modcluster] (ServerService Thread Pool -- 60) MODCLUSTER000001: Initializing mod_cluster version 1.4.1.Final
18:43:22,812 INFO [org.jboss.modcluster] (ServerService Thread Pool -- 60) MODCLUSTER000032: Listening to proxy advertisements on /224.0.1.105:23364
18:43:23,017 INFO [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0493: EJB subsystem suspension complete
18:43:23,150 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-3) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]
18:43:23,154 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-4) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
18:43:23,357 INFO [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
18:43:23,388 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-3) WFLYDM0111: Keystore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
18:43:23,422 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/jboss/keycloak/standalone/deployments
18:43:23,476 INFO [org.jboss.as.server.deployment] (MSC service thread 1-4) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
18:43:23,650 INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443
18:43:24,727 WARN [org.jgroups.protocols.UDP] (ServerService Thread Pool -- 60) JGRP000015: the send buffer of socket ManagedMulticastSocketBinding was set to 1.00MB, but the OS only allocated 212.99KB
18:43:24,727 WARN [org.jgroups.protocols.UDP] (ServerService Thread Pool -- 60) JGRP000015: the receive buffer of socket ManagedMulticastSocketBinding was set to 20.00MB, but the OS only allocated 212.99KB
18:43:24,728 WARN [org.jgroups.protocols.UDP] (ServerService Thread Pool -- 60) JGRP000015: the send buffer of socket ManagedMulticastSocketBinding was set to 1.00MB, but the OS only allocated 212.99KB
18:43:24,729 WARN [org.jgroups.protocols.UDP] (ServerService Thread Pool -- 60) JGRP000015: the receive buffer of socket ManagedMulticastSocketBinding was set to 25.00MB, but the OS only allocated 212.99KB
18:43:27,749 INFO [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 60) b9ba21acbd91: no members discovered after 3011 ms: creating cluster as coordinator
18:43:28,777 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 61) ISPN000128: Infinispan version: Infinispan 'Corona Extra' 11.0.4.Final
18:43:28,826 INFO [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 60) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
18:43:28,920 INFO [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 61) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
18:43:28,920 INFO [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 64) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
18:43:28,916 INFO [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 62) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
18:43:28,923 INFO [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 63) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
18:43:29,130 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000078: Starting JGroups channel ejb
18:43:29,133 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 64) ISPN000078: Starting JGroups channel ejb
18:43:29,134 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 62) ISPN000078: Starting JGroups channel ejb
18:43:29,133 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000078: Starting JGroups channel ejb
18:43:29,133 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 63) ISPN000078: Starting JGroups channel ejb
18:43:29,138 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,142 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,143 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 62) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,145 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 63) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,145 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 64) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,160 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,162 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 63) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,196 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 62) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,203 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 64) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,223 INFO [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,321 INFO [org.infinispan.CONFIG] (MSC service thread 1-3) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
18:43:29,323 INFO [org.infinispan.CONFIG] (MSC service thread 1-3) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
18:43:29,793 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started http-remoting-connector cache from ejb container
18:43:30,122 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started work cache from keycloak container
18:43:30,170 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0002: Started offlineSessions cache from keycloak container
18:43:30,171 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container
18:43:30,172 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started actionTokens cache from keycloak container
18:43:30,173 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started authenticationSessions cache from keycloak container
18:43:30,179 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0002: Started loginFailures cache from keycloak container
18:43:30,190 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 70) WFLYCLINF0002: Started sessions cache from keycloak container
18:43:30,228 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0002: Started clientSessions cache from keycloak container
18:43:30,240 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 68) WFLYCLINF0002: Started keys cache from keycloak container
18:43:30,241 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started authorization cache from keycloak container
18:43:30,244 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0002: Started realms cache from keycloak container
18:43:30,245 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0002: Started users cache from keycloak container
18:43:30,517 WARN [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
18:43:31,784 INFO [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
18:43:31,886 INFO [org.keycloak.url.DefaultHostnameProviderFactory] (ServerService Thread Pool -- 71) Frontend: <request>, Admin: <frontend>, Backend: <request>
18:43:32,562 WARN [org.infinispan.encoding.impl.StorageConfigurationManager] (ServerService Thread Pool -- 71) ISPN000599: Configuration for cache 'realmRevisions' does not define the encoding for keys or values. If you use operations that require data conversion or queries, you should configure the cache with a specific MediaType for keys or values.
18:43:32,577 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0002: Started realmRevisions cache from keycloak container
18:43:32,584 WARN [org.infinispan.encoding.impl.StorageConfigurationManager] (ServerService Thread Pool -- 71) ISPN000599: Configuration for cache 'userRevisions' does not define the encoding for keys or values. If you use operations that require data conversion or queries, you should configure the cache with a specific MediaType for keys or values.
18:43:32,590 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0002: Started userRevisions cache from keycloak container
18:43:32,592 WARN [org.infinispan.encoding.impl.StorageConfigurationManager] (ServerService Thread Pool -- 71) ISPN000599: Configuration for cache 'authorizationRevisions' does not define the encoding for keys or values. If you use operations that require data conversion or queries, you should configure the cache with a specific MediaType for keys or values.
18:43:32,598 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container
18:43:32,600 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 71) Node name: b9ba21acbd91, Site name: null
18:43:34,044 INFO [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (ServerService Thread Pool -- 71) Database info: {databaseUrl=jdbc:h2:/opt/jboss/keycloak/standalone/data/keycloak, databaseUser=SA, databaseProduct=H2 1.4.197 (2018-03-18), databaseDriver=H2 JDBC Driver 1.4.197 (2018-03-18)}
18:43:40,966 INFO [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 71) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
18:43:45,726 INFO [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 71) HHH000204: Processing PersistenceUnitInfo [
name: keycloak-default
...]
18:43:45,833 INFO [org.hibernate.Version] (ServerService Thread Pool -- 71) HHH000412: Hibernate Core {5.3.20.Final}
18:43:45,835 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 71) HHH000206: hibernate.properties not found
18:43:46,024 INFO [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 71) HCANN000001: Hibernate Commons Annotations {5.0.5.Final}
18:43:46,322 INFO [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 71) HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
18:43:46,340 WARN [org.hibernate.dialect.H2Dialect] (ServerService Thread Pool -- 71) HHH000431: Unable to determine H2 database version, certain features may not work
18:43:46,396 INFO [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 71) Envers integration enabled? : true
18:43:47,317 INFO [org.hibernate.orm.beans] (ServerService Thread Pool -- 71) HHH10005002: No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
18:43:47,513 INFO [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 71) HV000001: Hibernate Validator 6.0.21.Final
18:43:50,034 INFO [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 71) HHH000397: Using ASTQueryTranslatorFactory
18:43:51,672 INFO [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0050: Initializing master realm
18:43:53,542 INFO [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0006: Importing users from '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'
18:43:54,473 INFO [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0009: Added user 'admin2' to realm 'master'
18:43:54,569 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication
18:43:54,572 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,573 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,576 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,576 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,578 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,579 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,580 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,581 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,581 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,794 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 71) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
18:43:55,023 INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
18:43:55,260 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
18:43:55,276 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) started in 40496ms - Started 687 of 972 services (687 services are lazy, passive or on-demand)
18:43:55,280 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
18:43:55,288 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
With https off - keycloak loads in a browser with a domain name - until we add a self signed certificate
login to keycloak admin
Add a user to keycloak
Certificate Management
Certificate Manager
The chart repo works at https://cert-manager.io/docs/installation/kubernetes/
there are issues with a couple of the docker images in https://github.com/jetstack/cert-manager defaulting to an older v0.1.0 - see a fix I posted to override with v0.15.2 in https://github.com/jetstack/cert-manager/issues/3104
git clone https://github.com/jetstack/cert-manager.git cd cert-manager/deploy/charts kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.2/cert-manager.crds.yaml sudo helm install --name cert-manager cert-manager/ --set installCRDs=true --set cainjector.image.tag=v0.15.1 --set webhook.image.tag=v0.15.1 --set image.tag=v0.15.1 --version v0.15.1 --namespace cert-manager cert-manager cert-manager-5c4c99cf54-cn7z7 1/1 Running 0 35s cert-manager cert-manager-cainjector-748895cb8f-84jc8 1/1 Running 0 35s cert-manager cert-manager-webhook-784bb44b6-lqldv 1/1 Running 0 35s :charts $ kubectl apply -f test-resources.yaml namespace/cert-manager-test created issuer.cert-manager.io/test-selfsigned created certificate.cert-manager.io/selfsigned-cert created
or an example without cloning the chart
Example adding cert-manager to an RKE kubernetes cluster on VMware Fusion
dont use the stable helm chart - it is deprecated
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
for helm 2 add --name
helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.15.1
# --set installCRDs=true
or directly using kubernetes
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.1/cert-manager.yaml
$ cat <<EOF > test-resources.yaml
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager-test
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: test-selfsigned
namespace: cert-manager-test
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: selfsigned-cert
namespace: cert-manager-test
spec:
dnsNames:
- example.com
secretName: selfsigned-cert-tls
issuerRef:
name: test-selfsigned
EOF
$ kubectl apply -f test-resources.yaml
namespace/cert-manager-test created
issuer.cert-manager.io/test-selfsigned created
certificate.cert-manager.io/selfsigned-cert created
$ kubectl describe certificate -n cert-manager-test
Name: selfsigned-cert
Namespace: cert-manager-test
Labels: <none>
Annotations: API Version: cert-manager.io/v1alpha3
Kind: Certificate
Metadata:
Creation Timestamp: 2020-07-16T18:32:11Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1alpha2
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:notAfter:
Manager: controller
Operation: Update
Time: 2020-07-16T18:32:11Z
API Version: cert-manager.io/v1alpha2
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:dnsNames:
f:issuerRef:
.:
f:name:
f:secretName:
Manager: kubectl
Operation: Update
Time: 2020-07-16T18:32:11Z
Resource Version: 297235
Self Link: /apis/cert-manager.io/v1alpha3/namespaces/cert-manager-test/certificates/selfsigned-cert
UID: 507931ff-6f6a-46fc-8364-2582884029bc
Spec:
Dns Names:
example.com
Issuer Ref:
Name: test-selfsigned
Secret Name: selfsigned-cert-tls
Status:
Conditions:
Last Transition Time: 2020-07-16T18:32:11Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2020-10-14T18:32:11Z
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal GeneratedKey 10s cert-manager Generated a new private key
Normal Requested 10s cert-manager Created new CertificateRequest resource "selfsigned-cert-504566127"
Normal Issued 10s cert-manager Certificate issued successfully
Monitoring
Prometheus
Grafana
Logging
https://platform9.com/blog/kubernetes-logging-comparing-fluentd-vs-logstash/
ElasticSearch
Logstash/FluentD
Kibana
Filebeat
Infrastructure
Gerrit
Jenkins
Sonar
Nexus / Repository
see
Confluence
Jira
Messaging
Kafka / Zookeeper Queue
Persistence
Relational Database: MariaDB / MySQL
Key Value Store : etcd
CI/CD
Gitlab CI/CD
Add a kubernetes cluster
I am running the gitlab service and not my own gitlab instance so I am limited to to the GKE instead of Azure AKS or AWS EKS.
https://gitlab.com/help/topics/autodevops/quick_start_guide
https://gitlab.com/refarch/reference/-/settings/ci_cd#autodevops-settings
Kubernetes RKE Cluster on 4 Intel NUC machines with 64G RAM
Work Items
| WI | Task | Jira |
|---|---|---|
| Add terraform infrastructure | ||
Investigate Tech
neem
nodejs + arangoDB
