Add support for Keycloak deployment to ACA #8478
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
needs-area-label
dotnet-policy-service
bot
added
the
community-contribution
1 task
|
@dotnet-policy-service agree |
anderly
changed the title
anderly
changed the title
eerhardt
added
area-integrations
| .WithHttpEndpoint(targetPort: ManagementInterfaceContainerPort, name: ManagementEndpointName) | ||
| .WithHttpHealthCheck(endpointName: ManagementEndpointName, path: "/health/ready") | ||
| .WithEnvironment(context => | ||
| { | ||
| context.EnvironmentVariables[AdminEnvVarName] = resource.AdminReference; | ||
| context.EnvironmentVariables[AdminPasswordEnvVarName] = resource.AdminPasswordParameter; | ||
| context.EnvironmentVariables[HealthCheckEnvVarName] = "true"; | ||
| if (port == HttpsContainerPort) { |
There was a problem hiding this comment.
I'm not following why this is the predicate for setting all the config to setup Keycloak for running behind a reverse proxy. My reading of this is that when the user specifies the port to be 8443, we configure the Keycloak container as if it's running behind a reverse proxy, but also enable non-HTTPS? How is it expected this will be used, i.e. what will the app host code look like?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Per #6004, deploying a container provisioned via the Keycloak integration won't start in Azure Container Apps (ACA).
ACA will try to activate it, but it continuously fails.
The container reports this in the logs:
Key material not provided to setup HTTPS. Please configure your keys/certificates or start the server in development mode.This PR includes a basic starting point for changes required to get Keycloak working in Azure Container Apps.
See my comment on #6004 showing what is necessary to get Keycloak working on ACA.
Currently, this only outputs the additional env vars if the passed port is 8443. Otherwise, it behaves as before for local dev scenarios. Open to making additional changes based on review and suggestions, but wanted to show bare minimum to get it working and be able to support ACA and SSL.
To opt-in to this configuration for deployment to ACA, users would simply specify port 8443 in the call to AddKeycloak like so:
OR
Another option would be an explicit Publish extension method similar to
PublishAsAzurePostgresFlexibleServeronIResourceBuilder<KeycloakResource>builder for more fine-grained control over these settings.Fixes #6004
Checklist
<remarks />and<code />elements on your triple slash comments?breaking-changetemplate):doc-ideatemplate):