Page tree
Skip to end of metadata
Go to start of metadata

bKubernetes Developer Guide | Helm Development Guide | Reference Architecture

Introduction

This page details and example cloud based microservice architecture.

Spring boot based reference architecture - Reference Architecture, Spring boot jar running the spring embedded tomcat container - Spring Boot Microservice

Architecture

Deployment Diagram

Kubernetes Reference Architecture


DevOps

Originally on github https://github.com/obrienlabs/refarch- moved to gitlab

Quickstart

Technology Coverage - Technology

Clone

# using your ssh key (o*_r*)
:wse_gitlab $ git clone git@gitlab.com:refarch/reference

Build

:reference $ mvn clean install -U -T 16 -DskipTests=true
[INFO] Reactor Build Order:
[INFO] 
[INFO] reference-nbi                                                      [jar]
[INFO] reference                                                          [pom]
[INFO] 
[INFO] Using the MultiThreadedBuilder implementation with a thread count of 16

Commit/Push

#


Build/Run Docker endpoint on RKE EC2 VM


Locally
cd reference-nbi/src/docker/
./build.sh 
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  6.412 s
[INFO] Finished at: 2020-04-27T13:37:58-04:00
[INFO] ------------------------------------------------------------------------
Sending build context to Docker daemon  32.15MB
Step 1/6 : FROM openjdk:8
 ---> e890fe39c302
Step 2/6 : ARG USERVICE_HOME=/opt/app/
 ---> Running in 146aa23cf6a8
Removing intermediate container 146aa23cf6a8
 ---> b17a9e0d3ae6
Step 3/6 : RUN mkdir -p $USERVICE_HOME
 ---> Running in e3581d8e5d7a
Removing intermediate container e3581d8e5d7a
 ---> 48e719469a9f
Step 4/6 : ADD reference-nbi-*.jar $USERVICE_HOME/lib/reference-nbi.jar
 ---> bbae15d7b576
Step 5/6 : ADD startService.sh $USERVICE_HOME/bin/
 ---> 7f3a12fbf15a
Step 6/6 : CMD ["/opt/app/bin/startService.sh"]
 ---> Running in 6bddc74b8a77
Removing intermediate container 6bddc74b8a77
 ---> 067ab19c41c9
[Warning] One or more build-args [build-id] were not consumed
Successfully built 067ab19c41c9
Successfully tagged obrienlabs/reference-nbi:latest
The push refers to repository [docker.io/obrienlabs/reference-nbi]
3ed4cee3cd68: Pushed 
44ca53031496: Pushed 
626aa2565d15: Pushed 
c601709dd5d2: Layer already exists 
72ce39f2b7f6: Layer already exists 
33783834b288: Layer already exists 
5c813a85f7f0: Layer already exists 
bdca38f94ff0: Layer already exists 
faac394a1ad3: Layer already exists 
ce8168f12337: Layer already exists 
0.0.1: digest: sha256:6dc5082fa5dea76439b7d72b73d442cdeb2bf257798d257c5853093b0165be08 size: 2420
reference-nbi
reference-nbi
starting: reference-nbi
0e9ab09b8c4082e2f0859cac462c921b186084b019699d348bca1aa0a7c858db

On VM
ubuntu@ip-172-31-81-46:~$ docker run --name reference-nbi -d -p 8888:8080 obrienlabs/reference-nbi:0.0.1
ubuntu@ip-172-31-81-46:~$ curl http://127.0.0.1:8888/nbi/api
{"id":1,"content":"1 PASS cloud.containerization.reference.nbi.ApiController queryString: null decodedQueryString: "}

Design

Agenda: 

Create initial spring boot maven project

Create a new project via the spring initializr https://start.spring.io/ see https://spring.io/guides/gs/serving-web-content/


pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.2.6.RELEASE</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>cloud.dev9</groupId>
	<artifactId>reference-sb-nbi</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>reference-sb-nbi</name>
	<description>Reference sb NBI</description>

	<properties>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-actuator</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-jersey</artifactId>
		</dependency>
		<!--dependency><!-- user:user -->
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency-->
		<dependency>
			<groupId>org.apache.kafka</groupId>
			<artifactId>kafka-streams</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.kafka</groupId>
			<artifactId>spring-kafka</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-devtools</artifactId>
			<scope>runtime</scope>
			<optional>true</optional>
		</dependency>
		<dependency>
			<groupId>com.oracle.ojdbc</groupId>
			<artifactId>ojdbc8</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.projectlombok</groupId>
			<artifactId>lombok</artifactId>
			<optional>true</optional>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
			<exclusions>
				<exclusion>
					<groupId>org.junit.vintage</groupId>
					<artifactId>junit-vintage-engine</artifactId>
				</exclusion>
			</exclusions>
		</dependency>
		<dependency>
			<groupId>org.springframework.kafka</groupId>
			<artifactId>spring-kafka-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

Add Swagger and OpenAPI 3 

API - OpenAPI - Swagger#OpenAPI-Swagger-AddSwagger2toanexistingMavenJavaproject

Configure IDEs for development

Add Lombok APT IDE tool

Use Java 16 Records via https://openjdk.java.net/jeps/395 instead of Lombok as of March 2021

https://www.baeldung.com/lombok-ide and https://search.maven.org/artifact/org.projectlombok/lombok-maven-plugin/1.18.12.0/maven-plugin

Download and run the latest jar to adjust your eclipse.ini and eclipse/sts runtime - https://search.maven.org/remotecontent?filepath=org/projectlombok/lombok/1.18.12/lombok-1.18.12.jar

# add to ini file
-javaagent:lombok-1.18.12

# copy jar to show packet contentsContents/MacOS// add to pom.xml<lombok.version>1.18.12</lombok.version><dependency>
  <groupId>org.projectlombok</groupId>
  <artifactId>lombok</artifactId>
  <version>${lombok.version}</version>
</dependency>

// add to your classes
@Data

Lombok in IntelliJ

for 2020.03 - 



2020.03

File | Settings | Build, Execution, Deployment | Compiler | Build process VM options add : -Djps.track.ap.dependencies=false
https://github.com/mplushnikov/lombok-intellij-plugin/issues/988

Add eclEmma code coverage



Add a default REST endpoint to spring boot

Add the context root to application.properties

server.servlet.context-path=/sb-nbi

Add the convenience annotation to the Application class

@SpringBootApplication

package cloud.containerization.reference.nbi;

import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.RequestMapping;

@RestController
public class DefaultRestController {

	@RequestMapping("/")
	public String index() {
		return "Greetings from Spring Boot!";
	}
}


Verify the endpoint

http://127.0.0.1:8180/sb-nbi/actuator/health


Add a JPA 2.2 Hibernate provider repository bean to spring boot

see Object Relational Mapping

https://mvnrepository.com/artifact/org.eclipse.persistence/javax.persistence/2.2.0

pom.xml

# pom.xml changes
	    <dependency>
            <groupId>org.eclipse.persistence</groupId>
            <artifactId>javax.persistence</artifactId>
            <version>2.2.0</version>
        </dependency>

# mysql
	    <groupId>mysql</groupId>
	    <artifactId>mysql-connector-java</artifactId>
	    <version>5.1.42</version>
	    <scope>runtime</scope>
	</dependency>

# postgreSQL

# oracle
<oracle.driver.version>12.1.0.2</oracle.driver.version>

        <dependency>
            <groupId>com.oracle.ojdbc</groupId>                                                                                                   
            <artifactId>ojdbc8</artifactId>    
            <version>${oracle.driver.version}</version>
        </dependency> 

remember to Databases#AddingtheOracleojdbc7.jarmanually only if you use ojdbc.jdbc7


Add spring jpa starter


        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>


Add JPA Schema to Entity code generation via hbm2java

Add JPA Entity to Schema DDL generation via hbm2ddl


Add Spring Profiles to spring boot 

Add External configuration to spring boot

https://docs.spring.io/spring-boot/docs/2.4.3/reference/html/spring-boot-features.html#boot-features-external-config

https://docs-stage.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-external-config

To reference an external properties file, put the file in the current dir, in a config subdir or reference directly with --spring.config.location

biometric:bin michaelobrien$ ls
application.properties		config				field-0.0.1-SNAPSHOT.jar
biometric:bin michaelobrien$ java -jar field-0.0.1-SNAPSHOT.jar


Add spring.xml XML config to spring boot project

The default spring boot template no longer comes with XML config as it relies solely on annotations.  You can however add a mix of XML and annotation based config.

Add the following spring.xml - for example to reference external Thymeleaf templates out of the current spring boot jar classpath - trailing slash is required.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd">

  <bean id="templateResolver" class="org.thymeleaf.templateresolver.FileTemplateResolver">
    <property name="prefix" value="${template_path}/eventstream/deployment/routes/welcome/" />
    <property name="suffix" value=".html" />
    <property name="templateMode" value="HTML5" />
    <property name="cacheable" value="false" />
  </bean>
</beans>


Add the following extra spring configuration bean to load the xml file

import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;

@Configuration
@ImportResource({"classpath*:spring.xml"})
public class XmlConfiguration {
}

Add Environment Variables inside spring xml configuration

Add the following property-placeholder to enable environment variables from your application.properties overrides - with no hardcoded parameters.

Or use a PropertySourcesPlaceholderConfigurer - see https://github.com/obrienlabs/biometric/blob/master/biometric.web/src/main/webapp/WEB-INF/spring.xml#L50

spring.xml
<context:property-placeholder />// usage
<property name="prefix" value="${thymleaf.templates.prefix}" />

application.properties
thymleaf.templates.prefix=${template_path}/eventstream/deployment/routes/welcome/


Add Thymeleaf to spring boot

https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-spring-mvc-static-content

https://github.com/obrienlabs/eventstream/commit/f1e2dac2eb1cdf1536d3eb36c565ccf64bcb0260

Add thymeleaf start to the pom

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>


Add static resources to main/resources/static/css

Add FileTemplateResolver around possible external templates via a spring.xml file

Add properties overrides


Add Junit to spring boot

Add Sonar to spring boot


Add a spring aspect based logging framework to spring boot

Add spring security to your REST endpoints in spring boot

https://www.baeldung.com/spring-boot-https-self-signed-certificate


Create a Dockerfile framework

Build/Run Docker endpoint on RKE EC2 VM

see  REF-2 - Getting issue details... STATUS

see https://github.com/obrienlabs/refarch/tree/master/reference-nbi/src/docker

Locally
cd reference-nbi/src/docker/
./build.sh 
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  6.412 s
[INFO] Finished at: 2020-04-27T13:37:58-04:00
[INFO] ------------------------------------------------------------------------
Sending build context to Docker daemon  32.15MB
Step 1/6 : FROM openjdk:8
 ---> e890fe39c302
Step 2/6 : ARG USERVICE_HOME=/opt/app/
 ---> Running in 146aa23cf6a8
Removing intermediate container 146aa23cf6a8
 ---> b17a9e0d3ae6
Step 3/6 : RUN mkdir -p $USERVICE_HOME
 ---> Running in e3581d8e5d7a
Removing intermediate container e3581d8e5d7a
 ---> 48e719469a9f
Step 4/6 : ADD reference-nbi-*.jar $USERVICE_HOME/lib/reference-nbi.jar
 ---> bbae15d7b576
Step 5/6 : ADD startService.sh $USERVICE_HOME/bin/
 ---> 7f3a12fbf15a
Step 6/6 : CMD ["/opt/app/bin/startService.sh"]
 ---> Running in 6bddc74b8a77
Removing intermediate container 6bddc74b8a77
 ---> 067ab19c41c9
[Warning] One or more build-args [build-id] were not consumed
Successfully built 067ab19c41c9
Successfully tagged obrienlabs/reference-nbi:latest
The push refers to repository [docker.io/obrienlabs/reference-nbi]
3ed4cee3cd68: Pushed 
44ca53031496: Pushed 
626aa2565d15: Pushed 
c601709dd5d2: Layer already exists 
72ce39f2b7f6: Layer already exists 
33783834b288: Layer already exists 
5c813a85f7f0: Layer already exists 
bdca38f94ff0: Layer already exists 
faac394a1ad3: Layer already exists 
ce8168f12337: Layer already exists 
0.0.1: digest: sha256:6dc5082fa5dea76439b7d72b73d442cdeb2bf257798d257c5853093b0165be08 size: 2420
reference-nbi
reference-nbi
starting: reference-nbi
0e9ab09b8c4082e2f0859cac462c921b186084b019699d348bca1aa0a7c858db

On VM
ubuntu@ip-172-31-81-46:~$ docker run --name reference-nbi -d -p 8888:8080 obrienlabs/reference-nbi:0.0.1
ubuntu@ip-172-31-81-46:~$ curl http://127.0.0.1:8888/nbi/api
{"id":1,"content":"1 PASS cloud.containerization.reference.nbi.ApiController queryString: null decodedQueryString: "}

Create a Helm/Kubernetes deployment framework

see  REF-3 - Getting issue details... STATUS

Helm Development Guide#HelmLifecycle

see https://github.com/obrienlabs/refarch/commit/b255db3d2a7c6975f8a68d587617de7c2ef74411

Helm package and install chart

helm package reference-nbi
helm install --name reference-nbi reference-nbi-0.1.0.tgz 



Deployment

Kubernetes Cluster

Kubernetes on Docker Desktop OSX

Kubernetes on Docker Desktop Windows

Kubernetes on Minikube OSX VMware Fusion

Kubernetes on RKE Bare Metal Ubuntu 16

Kubernetes on RKE VMware OSX or Windows

Kubernetes on RKE on AWS EC2


Kubernetes Platform Services Infrastructure

Kubernetes Platform Services 

serviceKuberneteschartartifactsnoteslinks
dns




namespaces




storage
storageclass


security
certificate-manager





















Network

API Gateway

An ingress/proxy that can act as an SSL terminator, load balancer, proxy, URL rewriter or ingress/egress traffic conditioner.

Storage

Default Storage Class

Security

Single Sign On

Keycloak

https://www.keycloak.org/

MFA/2FA in Keycloak - https://www.keycloak.org/docs/latest/server_admin/index.html#_webauthn

Add 2nd realm, group and 2 roles to keycloak

Don't use older more mature SAML 2.0 - Use OpenID Connect OIDC https://www.keycloak.org/docs/latest/securing_apps/ (JWT) - extract email from the token.
MFA support is only for google authenticator (no SMS or phone support)
Workout SMTP config (link with SES or vice-versa)

Replace self-signed cert

https://www.keycloak.org/docs/latest/getting_started/index.html

https://github.com/keycloak/keycloak-quickstarts

https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-jee-html5/src/main/webapp

Keycloak Helm chart


ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ sudo snap install helm --classic
helm 3.5.4 from Snapcrafters installed

https://github.com/codecentric/helm-charts/tree/master/charts/keycloak




Keycloak Kubernetes Yamls

Clone the keycloak quickstarts repo https://github.com/keycloak/keycloak-quickstarts

We are running a clean Rancher/SUSE RKE kubernetes cluster without ingress setup.  We will switch the LoadBalancer to a NodePort 

We will also switch out the container from quay.io to dockerhub under redhat https://hub.docker.com/r/jboss/keycloak

ubuntu@ip-172-31-91-213:~/keycloak$ git clone https://github.com/keycloak/keycloak-quickstarts.git

ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ git diff
diff --git a/kubernetes-examples/keycloak.yaml b/kubernetes-examples/keycloak.yaml
index 91fcf7b6..5b6d0c8b 100644
--- a/kubernetes-examples/keycloak.yaml
+++ b/kubernetes-examples/keycloak.yaml
@@ -9,15 +9,16 @@ spec:
   - name: http
     port: 8080
     targetPort: 8080
+    nodePort: 30090
   selector:
     app: keycloak
-  type: LoadBalancer
+  type: NodePort
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: keycloak
-  namespace: default
+  namespace: keycloak
   labels:
     app: keycloak
 spec:

ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl create -f kubernetes-examples/keycloak.yaml -n keycloak
service/keycloak created
deployment.apps/keycloak created
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl get services -n keycloak
NAME       TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
keycloak   NodePort   10.43.154.96   <none>        8080:30090/TCP   5m36s
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl get pods -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
keycloak-74bfc86784-zjq2l   1/1     Running   0          5m44s


set the admin account
buntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl exec -it -n keycloak keycloak-6d7dd4fb47-9v2r4 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
bash-4.4$ /opt/jboss/keycloak/bin/add-user-keycloak.sh -u admin -p pw
Added 'admin2' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
bash-4.4$ exit

restart the container by scaling the deployment
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl scale deployment keycloak --replicas=0 -n keycloak
deployment.apps/keycloak scaled
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl get pods -n keycloak
No resources found in keycloak namespace.
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl scale deployment keycloak --replicas=1 -n keycloak
deployment.apps/keycloak scaled
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ kubectl get pods -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
keycloak-6d7dd4fb47-l8xmr   1/1     Running   0          52s


Keycloak here
http://services.obrienlabs.cloud:30090/auth/

http://services.obrienlabs.cloud:30090/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=http%3A%2F%2Fservices.obrienlabs.cloud%3A30090%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state=8a9687e6-3c70-451e-810b-cd7e17796b73&response_mode=fragment&response_type=code&scope=openid&nonce=e4d04458-7d7a-4189-b121-b4e7589d923c&code_challenge=Qv-CSmqZNTwx3yHIjDQSS8crssnBnFsdYcu5Nvp3nnc&code_challenge_method=S256

Run KeyCloak via Docker

https is not working in most browsers - disable it - see https://github.com/codecentric/helm-charts/issues/271

Fix the https certificate error in most browsers

https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/admin-cli.html

https://stackoverflow.com/questions/38337895/globally-disable-https-keycloak

ubuntu@ip-172-31-91-213:~/keycloak/helm-charts/charts/keycloak$ docker run -d --name keycloak -p:9080:8080 -e KEYCLOAK_USER=admin2 -e KEYCLOAK_PASSWORD=pw quay.io/keycloak/keycloak:12.0.4
9e38db0cec18875a8e7692898cb5835004eda6088652c60fc98bb939ef71cba6
ubuntu@ip-172-31-91-213:~/keycloak/helm-charts/charts/keycloak$ docker exec -it keycloak bash
bash-4.4$ cd /opt/jboss/keycloak/bin
bash-4.4$ ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin2
Logging into http://localhost:8080/auth as user admin2 of realm master
Enter password: **********
bash-4.4$ ./kcadm.sh update realms/master -s sslRequired=NONE

With sslRequired off - we can get past


Jboss/Keycloak

docker stop keycloak
docker rm keycloak

ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ docker run -d --name keycloak -p:9443:8443 -p:9080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=pw jboss/keycloak
501ebf286f8cb0eb85209536fd2756ece4a317a7f27f834c0c988272a9534a5e

ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ docker ps | grep keycloak
501ebf286f8c        jboss/keycloak                                    "/opt/jboss/tools/do…"   26 seconds ago      Up 26 seconds       8443/tcp, 0.0.0.0:9080->8080/tcp    keycloak

to see the logs
ubuntu@ip-172-31-91-213:~/keycloak/keycloak-quickstarts$ docker run -e KEYCLOAK_USER=admin2 -e KEYCLOAK_PASSWORD=mspassword jboss/keycloak
Unable to find image 'jboss/keycloak:latest' locally
latest: Pulling from jboss/keycloak
8f403cb21126: Already exists 
65c0f2178ac8: Already exists 
4937bde7f4a8: Pull complete 
ea6b683ade7b: Pull complete 
d5c86773c112: Pull complete 
Digest: sha256:32ddf76b14addeebb4d775205fe274911e10325e17bd5610d8534041593ab370
Status: Downloaded newer image for jboss/keycloak:latest
Added 'admin2' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
-b 0.0.0.0
=========================================================================

  Using Embedded H2 database

=========================================================================

=========================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: /opt/jboss/keycloak

  JAVA: java

  JAVA_OPTS:  -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true   --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED

=========================================================================

18:43:15,518 INFO  [org.jboss.modules] (main) JBoss Modules version 1.10.2.Final
18:43:16,635 INFO  [org.jboss.msc] (main) JBoss MSC version 1.4.12.Final
18:43:16,658 INFO  [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final
18:43:16,925 INFO  [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) starting
18:43:17,214 INFO  [org.jboss.vfs] (MSC service thread 1-4) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
18:43:18,874 INFO  [org.wildfly.security] (ServerService Thread Pool -- 22) ELY00001: WildFly Elytron version 1.13.1.Final
18:43:20,737 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
18:43:20,842 INFO  [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 5) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
18:43:21,230 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
18:43:21,273 INFO  [org.xnio] (MSC service thread 1-3) XNIO version 3.8.2.Final
18:43:21,287 INFO  [org.xnio.nio] (MSC service thread 1-3) XNIO NIO Implementation Version 3.8.2.Final
18:43:21,358 INFO  [org.jboss.remoting] (MSC service thread 1-2) JBoss Remoting version 5.0.19.Final
18:43:21,404 INFO  [org.wildfly.extension.microprofile.config.smallrye._private] (ServerService Thread Pool -- 48) WFLYCONF0001: Activating WildFly MicroProfile Config Subsystem
18:43:21,419 INFO  [org.jboss.as.clustering.jgroups] (ServerService Thread Pool -- 43) WFLYCLJG0001: Activating JGroups subsystem. JGroups version 4.2.5
18:43:21,442 INFO  [org.jboss.as.naming] (ServerService Thread Pool -- 52) WFLYNAM0001: Activating Naming Subsystem
18:43:21,472 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 39) WFLYCLINF0001: Activating Infinispan subsystem.
18:43:21,483 INFO  [org.jboss.as.security] (ServerService Thread Pool -- 55) WFLYSEC0002: Activating Security Subsystem
18:43:21,543 WARN  [org.jboss.as.txn] (ServerService Thread Pool -- 57) WFLYTX0013: The node-identifier attribute on the /subsystem=transactions is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.
18:43:21,606 INFO  [org.jboss.as.connector] (MSC service thread 1-4) WFLYJCA0009: Starting JCA Subsystem (WildFly/IronJacamar 1.4.23.Final)
18:43:21,621 INFO  [org.wildfly.extension.microprofile.metrics.smallrye] (ServerService Thread Pool -- 50) WFLYMETRICS0001: Activating Eclipse MicroProfile Metrics Subsystem
18:43:21,621 INFO  [org.wildfly.extension.microprofile.health.smallrye] (ServerService Thread Pool -- 49) WFLYHEALTH0001: Activating Eclipse MicroProfile Health Subsystem
18:43:21,637 INFO  [org.jboss.as.security] (MSC service thread 1-2) WFLYSEC0001: Current PicketBox version=5.0.3.Final-redhat-00006
18:43:21,631 INFO  [org.wildfly.extension.io] (ServerService Thread Pool -- 40) WFLYIO001: Worker 'default' has auto-configured to 4 IO threads with 32 max task threads based on your 2 available processors
18:43:21,660 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 34) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4)
18:43:21,661 INFO  [org.jboss.as.jaxrs] (ServerService Thread Pool -- 41) WFLYRS0016: RESTEasy version 3.13.2.Final
18:43:21,947 WARN  [org.wildfly.clustering.web.undertow] (ServerService Thread Pool -- 58) WFLYCLWEBUT0007: No routing provider found for default-server; using legacy provider based on static configuration
18:43:22,004 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0003: Undertow 2.2.2.Final starting
18:43:22,075 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = h2
18:43:22,151 INFO  [org.jboss.as.naming] (MSC service thread 1-2) WFLYNAM0003: Starting Naming Service
18:43:22,198 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 58) WFLYUT0014: Creating file handler for path '/opt/jboss/keycloak/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]']
18:43:22,220 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-4) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default]
18:43:22,422 INFO  [org.jboss.as.ejb3] (MSC service thread 1-4) WFLYEJB0482: Strict pool mdb-strict-max-pool is using a max instance size of 8 (per class), which is derived from the number of CPUs on this host.
18:43:22,430 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0012: Started server default-server.
18:43:22,420 INFO  [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0481: Strict pool slsb-strict-max-pool is using a max instance size of 32 (per class), which is derived from thread worker pool sizing.
18:43:22,714 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0006: Undertow AJP listener ajp listening on 0.0.0.0:8009
18:43:22,715 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:8080
18:43:22,726 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0018: Host default-host starting
18:43:22,757 INFO  [org.jboss.modcluster] (ServerService Thread Pool -- 60) MODCLUSTER000001: Initializing mod_cluster version 1.4.1.Final
18:43:22,812 INFO  [org.jboss.modcluster] (ServerService Thread Pool -- 60) MODCLUSTER000032: Listening to proxy advertisements on /224.0.1.105:23364
18:43:23,017 INFO  [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0493: EJB subsystem suspension complete
18:43:23,150 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-3) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]
18:43:23,154 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-4) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
18:43:23,357 INFO  [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
18:43:23,388 WARN  [org.jboss.as.domain.management.security] (MSC service thread 1-3) WFLYDM0111: Keystore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
18:43:23,422 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/jboss/keycloak/standalone/deployments
18:43:23,476 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
18:43:23,650 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443
18:43:24,727 WARN  [org.jgroups.protocols.UDP] (ServerService Thread Pool -- 60) JGRP000015: the send buffer of socket ManagedMulticastSocketBinding was set to 1.00MB, but the OS only allocated 212.99KB
18:43:24,727 WARN  [org.jgroups.protocols.UDP] (ServerService Thread Pool -- 60) JGRP000015: the receive buffer of socket ManagedMulticastSocketBinding was set to 20.00MB, but the OS only allocated 212.99KB
18:43:24,728 WARN  [org.jgroups.protocols.UDP] (ServerService Thread Pool -- 60) JGRP000015: the send buffer of socket ManagedMulticastSocketBinding was set to 1.00MB, but the OS only allocated 212.99KB
18:43:24,729 WARN  [org.jgroups.protocols.UDP] (ServerService Thread Pool -- 60) JGRP000015: the receive buffer of socket ManagedMulticastSocketBinding was set to 25.00MB, but the OS only allocated 212.99KB
18:43:27,749 INFO  [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 60) b9ba21acbd91: no members discovered after 3011 ms: creating cluster as coordinator
18:43:28,777 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 61) ISPN000128: Infinispan version: Infinispan 'Corona Extra' 11.0.4.Final
18:43:28,826 INFO  [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 60) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
18:43:28,920 INFO  [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 61) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
18:43:28,920 INFO  [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 64) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
18:43:28,916 INFO  [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 62) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
18:43:28,923 INFO  [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 63) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
18:43:29,130 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000078: Starting JGroups channel ejb
18:43:29,133 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 64) ISPN000078: Starting JGroups channel ejb
18:43:29,134 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 62) ISPN000078: Starting JGroups channel ejb
18:43:29,133 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000078: Starting JGroups channel ejb
18:43:29,133 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 63) ISPN000078: Starting JGroups channel ejb
18:43:29,138 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,142 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,143 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 62) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,145 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 63) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,145 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 64) ISPN000094: Received new cluster view for channel ejb: [b9ba21acbd91|0] (1) [b9ba21acbd91]
18:43:29,160 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,162 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 63) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,196 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 62) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,203 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 64) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,223 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000079: Channel ejb local address is b9ba21acbd91, physical addresses are [172.17.0.3:55200]
18:43:29,321 INFO  [org.infinispan.CONFIG] (MSC service thread 1-3) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
18:43:29,323 INFO  [org.infinispan.CONFIG] (MSC service thread 1-3) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
18:43:29,793 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started http-remoting-connector cache from ejb container
18:43:30,122 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started work cache from keycloak container
18:43:30,170 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0002: Started offlineSessions cache from keycloak container
18:43:30,171 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container
18:43:30,172 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started actionTokens cache from keycloak container
18:43:30,173 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started authenticationSessions cache from keycloak container
18:43:30,179 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0002: Started loginFailures cache from keycloak container
18:43:30,190 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 70) WFLYCLINF0002: Started sessions cache from keycloak container
18:43:30,228 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0002: Started clientSessions cache from keycloak container
18:43:30,240 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 68) WFLYCLINF0002: Started keys cache from keycloak container
18:43:30,241 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started authorization cache from keycloak container
18:43:30,244 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0002: Started realms cache from keycloak container
18:43:30,245 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0002: Started users cache from keycloak container
18:43:30,517 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
18:43:31,784 INFO  [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
18:43:31,886 INFO  [org.keycloak.url.DefaultHostnameProviderFactory] (ServerService Thread Pool -- 71) Frontend: <request>, Admin: <frontend>, Backend: <request>
18:43:32,562 WARN  [org.infinispan.encoding.impl.StorageConfigurationManager] (ServerService Thread Pool -- 71) ISPN000599: Configuration for cache 'realmRevisions' does not define the encoding for keys or values. If you use operations that require data conversion or queries, you should configure the cache with a specific MediaType for keys or values.
18:43:32,577 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0002: Started realmRevisions cache from keycloak container
18:43:32,584 WARN  [org.infinispan.encoding.impl.StorageConfigurationManager] (ServerService Thread Pool -- 71) ISPN000599: Configuration for cache 'userRevisions' does not define the encoding for keys or values. If you use operations that require data conversion or queries, you should configure the cache with a specific MediaType for keys or values.
18:43:32,590 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0002: Started userRevisions cache from keycloak container
18:43:32,592 WARN  [org.infinispan.encoding.impl.StorageConfigurationManager] (ServerService Thread Pool -- 71) ISPN000599: Configuration for cache 'authorizationRevisions' does not define the encoding for keys or values. If you use operations that require data conversion or queries, you should configure the cache with a specific MediaType for keys or values.
18:43:32,598 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container
18:43:32,600 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 71) Node name: b9ba21acbd91, Site name: null
18:43:34,044 INFO  [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (ServerService Thread Pool -- 71) Database info: {databaseUrl=jdbc:h2:/opt/jboss/keycloak/standalone/data/keycloak, databaseUser=SA, databaseProduct=H2 1.4.197 (2018-03-18), databaseDriver=H2 JDBC Driver 1.4.197 (2018-03-18)}
18:43:40,966 INFO  [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 71) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
18:43:45,726 INFO  [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 71) HHH000204: Processing PersistenceUnitInfo [
	name: keycloak-default
	...]
18:43:45,833 INFO  [org.hibernate.Version] (ServerService Thread Pool -- 71) HHH000412: Hibernate Core {5.3.20.Final}
18:43:45,835 INFO  [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 71) HHH000206: hibernate.properties not found
18:43:46,024 INFO  [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 71) HCANN000001: Hibernate Commons Annotations {5.0.5.Final}
18:43:46,322 INFO  [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 71) HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
18:43:46,340 WARN  [org.hibernate.dialect.H2Dialect] (ServerService Thread Pool -- 71) HHH000431: Unable to determine H2 database version, certain features may not work
18:43:46,396 INFO  [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 71) Envers integration enabled? : true
18:43:47,317 INFO  [org.hibernate.orm.beans] (ServerService Thread Pool -- 71) HHH10005002: No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
18:43:47,513 INFO  [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 71) HV000001: Hibernate Validator 6.0.21.Final
18:43:50,034 INFO  [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 71) HHH000397: Using ASTQueryTranslatorFactory
18:43:51,672 INFO  [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0050: Initializing master realm
18:43:53,542 INFO  [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0006: Importing users from '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'
18:43:54,473 INFO  [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0009: Added user 'admin2' to realm 'master'
18:43:54,569 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication
18:43:54,572 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,573 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,576 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,576 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,578 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,579 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,580 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,581 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,581 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 71) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication
18:43:54,794 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 71) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
18:43:55,023 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
18:43:55,260 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
18:43:55,276 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) started in 40496ms - Started 687 of 972 services (687 services are lazy, passive or on-demand)
18:43:55,280 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
18:43:55,288 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990

With https off - keycloak loads in a browser with a domain name - until we add a self signed certificate

login to keycloak admin

Add a user to keycloak

Certificate Management

Certificate Manager

The chart repo works at https://cert-manager.io/docs/installation/kubernetes/

there are issues with a couple of the docker images in https://github.com/jetstack/cert-manager defaulting to an older v0.1.0 - see a fix I posted to override with v0.15.2 in https://github.com/jetstack/cert-manager/issues/3104

git clone https://github.com/jetstack/cert-manager.git
cd cert-manager/deploy/charts
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.2/cert-manager.crds.yaml
sudo helm install --name cert-manager cert-manager/ --set installCRDs=true --set cainjector.image.tag=v0.15.1 --set webhook.image.tag=v0.15.1 --set image.tag=v0.15.1 --version v0.15.1 --namespace cert-manager

cert-manager   cert-manager-5c4c99cf54-cn7z7              1/1     Running   0          35s
cert-manager   cert-manager-cainjector-748895cb8f-84jc8   1/1     Running   0          35s
cert-manager   cert-manager-webhook-784bb44b6-lqldv       1/1     Running   0          35s

:charts $ kubectl apply -f test-resources.yaml 
namespace/cert-manager-test created
issuer.cert-manager.io/test-selfsigned created
certificate.cert-manager.io/selfsigned-cert created


or an example without cloning the chart
Example adding cert-manager to an RKE kubernetes cluster on VMware Fusion
dont use the stable helm chart - it is deprecated

kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update

for helm 2 add --name
helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.15.1
  # --set installCRDs=true

or directly using kubernetes
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.1/cert-manager.yaml

$ cat <<EOF > test-resources.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: cert-manager-test
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: test-selfsigned
  namespace: cert-manager-test
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: selfsigned-cert
  namespace: cert-manager-test
spec:
  dnsNames:
    - example.com
  secretName: selfsigned-cert-tls
  issuerRef:
    name: test-selfsigned
EOF

$ kubectl apply -f test-resources.yaml
namespace/cert-manager-test created
issuer.cert-manager.io/test-selfsigned created
certificate.cert-manager.io/selfsigned-cert created
$ kubectl describe certificate -n cert-manager-test
Name:         selfsigned-cert
Namespace:    cert-manager-test
Labels:       <none>
Annotations:  API Version:  cert-manager.io/v1alpha3
Kind:         Certificate
Metadata:
  Creation Timestamp:  2020-07-16T18:32:11Z
  Generation:          1
  Managed Fields:
    API Version:  cert-manager.io/v1alpha2
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        .:
        f:conditions:
        f:notAfter:
    Manager:      controller
    Operation:    Update
    Time:         2020-07-16T18:32:11Z
    API Version:  cert-manager.io/v1alpha2
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        .:
        f:dnsNames:
        f:issuerRef:
          .:
          f:name:
        f:secretName:
    Manager:         kubectl
    Operation:       Update
    Time:            2020-07-16T18:32:11Z
  Resource Version:  297235
  Self Link:         /apis/cert-manager.io/v1alpha3/namespaces/cert-manager-test/certificates/selfsigned-cert
  UID:               507931ff-6f6a-46fc-8364-2582884029bc
Spec:
  Dns Names:
    example.com
  Issuer Ref:
    Name:       test-selfsigned
  Secret Name:  selfsigned-cert-tls
Status:
  Conditions:
    Last Transition Time:  2020-07-16T18:32:11Z
    Message:               Certificate is up to date and has not expired
    Reason:                Ready
    Status:                True
    Type:                  Ready
  Not After:               2020-10-14T18:32:11Z
Events:
  Type    Reason        Age   From          Message
  ----    ------        ----  ----          -------
  Normal  GeneratedKey  10s   cert-manager  Generated a new private key
  Normal  Requested     10s   cert-manager  Created new CertificateRequest resource "selfsigned-cert-504566127"
  Normal  Issued        10s   cert-manager  Certificate issued successfully


Monitoring

Prometheus

Grafana

Logging

https://platform9.com/blog/kubernetes-logging-comparing-fluentd-vs-logstash/

ElasticSearch

Logstash/FluentD

Kibana

Filebeat

Infrastructure

Gerrit

Jenkins

Sonar

Nexus / Repository

see 

Confluence

Jira

Messaging

Kafka / Zookeeper Queue

Persistence

Relational Database: MariaDB / MySQL

Key Value Store : etcd


CI/CD

Gitlab CI/CD

Add a kubernetes cluster

I am running the gitlab service and not my own gitlab instance so I am limited to to the GKE instead of Azure AKS or AWS EKS.
 https://gitlab.com/help/topics/autodevops/quick_start_guide

https://gitlab.com/refarch/reference/-/settings/ci_cd#autodevops-settings

Kubernetes RKE Cluster on 4 Intel NUC machines with 64G RAM


Work Items

WITaskJira

Add terraform infrastructure 






Investigate Tech

neem

nodejs + arangoDB



  • No labels