K
Q

Keycloak can't connect to Postgres: "SSL connection is required"

4/18/2019

I'm setting up KeyCloak on my Azure-Kubernetes-Cluster. KeyCloak is supposed to connect to my Azure-Postgres Database. It Fails with: "FATAL: SSL connection is required. Please specify SSL options and retry."

Without Postgres (deleting all DB-Attributes) Keycloak works fine (using default h2) , including the ingress. Couldn't find any other information on how to configure it correct.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak-deployment
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      restartPolicy: Always
      containers:
      - name: keycloak
        image: jboss/keycloak
        imagePullPolicy: IfNotPresent          
        env:
          - name:  PROXY_ADDRESS_FORWARDING
            value: "true"
          - name: KEYCLOAK_USER
            value: "admin"
          - name: KEYCLOAK_PASSWORD
            value: "password"
          - name: JDBC_PARAMS
            value: "true"
          - name: DB_VENDOR
            value: "postgres"
          - name: DB_DATABASE
            value: "keycloak"
          - name: DB_ADDR
            value: "adress"
          - name: DB_PORT
            value: "5432"
          - name: DB_USER
            value: "keycloak@db"
          - name: DB_PASSWORD
            value: "password"
          - name: JDBC_PARAMS
            value: "ssl=true"
---

apiVersion: v1
kind: Service
metadata:
  name: keycloak
spec:
  ports:
    - name: https
      protocol: TCP
      port: 443
      targetPort: 8080
  selector:
    app: keycloak        
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: keycloak
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  tls:
  - hosts:
    - host.de
    secretName: secret-name
  rules:
  - host: host.de
    http:
      paths:
      - path: /
        backend:
          serviceName: keycloak
          servicePort: 8080

I expect keycloak to connect to the Postgres-DB.

-- Andreas Burghardt
docker
keycloak
kubernetes
postgresql
ssl

Similar Questions

Size list with helm
Container port pos vs container port service
how to add persistent volume for Maven in Gitlab with Kubernetes runner
OKD 3.11 Installation failed "Control plane pods didn't come up" "network plugin is not ready: cni config uninitialized"

2 Answers

10/30/2019

just add:

- name: JDBC_PARAMS
            value: "sslfactory=org.postgresql.ssl.NonValidatingFactory"
-- Zhao Yihai
Source: StackOverflow
4/18/2019

As we can read on Configure SSL connectivity in Azure Database for PostgreSQL.

Azure Database for PostgreSQL prefers connecting your client applications to the PostgreSQL service using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and your application.

By default, the PostgreSQL database service is configured to require SSL connection. Optionally, you can disable requiring SSL to connect to your database service if your client application does not support SSL connectivity.

If you do not want to use SSL you can disable it using CLI:

az postgres server  update --resource-group myresourcegroup --name mydemoserver --ssl-enforcement Disabled

Maybe this guide Kubernetes, Keycloak, PostgreSQL & Dirigible will be of help for You.

-- Crou
Source: StackOverflow