feat: fix keycloak metrics issues, bump EFS memory as workarounf for OOM

This commit is contained in:
Stefan Reimer 2024-11-25 19:13:57 +00:00
parent e70822dd28
commit a13b062d38
6 changed files with 25 additions and 17 deletions

View File

@ -1,6 +1,6 @@
# kubezero-auth # kubezero-auth
![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 26.0.5](https://img.shields.io/badge/AppVersion-26.0.5-informational?style=flat-square) ![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 26.0.5](https://img.shields.io/badge/AppVersion-26.0.5-informational?style=flat-square)
KubeZero umbrella chart for all things Authentication and Identity management KubeZero umbrella chart for all things Authentication and Identity management
@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| oci://registry-1.docker.io/bitnamicharts | keycloak | 24.0.4 | | oci://registry-1.docker.io/bitnamicharts | keycloak | 24.2.1 |
# Keycloak # Keycloak
@ -38,9 +38,15 @@ https://github.com/keycloak/keycloak-benchmark/tree/main/provision/minikube/keyc
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| keycloak.auth.adminUser | string | `"admin"` | | | keycloak.auth.adminUser | string | `"admin"` | |
| keycloak.auth.existingSecret | string | `"kubezero-auth"` | | | keycloak.auth.existingSecret | string | `"keycloak-auth"` | |
| keycloak.auth.passwordSecretKey | string | `"admin-password"` | | | keycloak.auth.passwordSecretKey | string | `"admin-password"` | |
| keycloak.enabled | bool | `false` | | | keycloak.enabled | bool | `false` | |
| keycloak.externalDatabase.database | string | `"keycloak"` | |
| keycloak.externalDatabase.existingSecret | string | `"keycloak-pg"` | |
| keycloak.externalDatabase.existingSecretPasswordKey | string | `"password"` | |
| keycloak.externalDatabase.host | string | `"keycloak-pg-rw"` | |
| keycloak.externalDatabase.port | int | `5432` | |
| keycloak.externalDatabase.user | string | `"keycloak"` | |
| keycloak.hostnameStrict | bool | `false` | | | keycloak.hostnameStrict | bool | `false` | |
| keycloak.istio.admin.enabled | bool | `false` | | | keycloak.istio.admin.enabled | bool | `false` | |
| keycloak.istio.admin.gateway | string | `"istio-ingress/private-ingressgateway"` | | | keycloak.istio.admin.gateway | string | `"istio-ingress/private-ingressgateway"` | |
@ -52,15 +58,7 @@ https://github.com/keycloak/keycloak-benchmark/tree/main/provision/minikube/keyc
| keycloak.metrics.serviceMonitor.enabled | bool | `true` | | | keycloak.metrics.serviceMonitor.enabled | bool | `true` | |
| keycloak.pdb.create | bool | `false` | | | keycloak.pdb.create | bool | `false` | |
| keycloak.pdb.minAvailable | int | `1` | | | keycloak.pdb.minAvailable | int | `1` | |
| keycloak.postgresql.auth.database | string | `"keycloak"` | |
| keycloak.postgresql.auth.existingSecret | string | `"kubezero-auth"` | |
| keycloak.postgresql.auth.username | string | `"keycloak"` | |
| keycloak.postgresql.enabled | bool | `false` | | | keycloak.postgresql.enabled | bool | `false` | |
| keycloak.postgresql.primary.persistence.size | string | `"1Gi"` | |
| keycloak.postgresql.primary.resources.limits.memory | string | `"128Mi"` | |
| keycloak.postgresql.primary.resources.requests.cpu | string | `"100m"` | |
| keycloak.postgresql.primary.resources.requests.memory | string | `"64Mi"` | |
| keycloak.postgresql.readReplicas.replicaCount | int | `0` | |
| keycloak.production | bool | `true` | | | keycloak.production | bool | `true` | |
| keycloak.proxyHeaders | string | `"xforwarded"` | | | keycloak.proxyHeaders | string | `"xforwarded"` | |
| keycloak.replicaCount | int | `1` | | | keycloak.replicaCount | int | `1` | |

View File

@ -1,9 +1,9 @@
configmap: grafana-dashboards configmap: grafana-dashboards
condition: '.Values.keycloak.metrics.enabled' condition: '.Values.keycloak.metrics.enabled'
gzip: true gzip: true
# folder: folder: KubeZero
dashboards: dashboards:
- name: keycloak - name: keycloak
# url: https://grafana.com/api/dashboards/10441/revisions/2/download url: https://grafana.com/api/dashboards/19659/revisions/1/download
url: https://grafana.com/api/dashboards/17878/revisions/1/download # url: https://grafana.com/api/dashboards/17878/revisions/1/download
tags: ['Keycloak', 'Auth'] tags: ['Keycloak', 'Auth']

File diff suppressed because one or more lines are too long

View File

@ -16,6 +16,8 @@ spec:
- route: - route:
- destination: - destination:
host: {{ template "kubezero-lib.fullname" $ }}-keycloak host: {{ template "kubezero-lib.fullname" $ }}-keycloak
port:
number: 80
{{- end }} {{- end }}
--- ---
@ -41,4 +43,6 @@ spec:
route: route:
- destination: - destination:
host: {{ template "kubezero-lib.fullname" $ }}-keycloak host: {{ template "kubezero-lib.fullname" $ }}-keycloak
port:
number: 80
{{- end }} {{- end }}

View File

@ -0,0 +1,4 @@
{"time":"2024-11-21T10:32:42.652788Z","level":"warning","scope":"envoy main","msg":"Usage of the deprecated runtime key overload.global_downstream_max_connections, consider switching to `e │
│ nvoy.resource_monitors.downstream_connections` instead.This runtime key will be removed in future.","caller":"external/envoy/source/server/server.cc:843","thread":"8"} │
│ {"time":"2024-11-21T10:32:42.653492Z","level":"warning","scope":"envoy main","msg":"There is no configured limit to the number of allowed active downstream connections. Configure a limit i │
│ n `envoy.resource_monitors.downstream_connections` resource monitor.","caller":"external/envoy/source/server/server.cc:936","thread":"8"} │

View File

@ -245,9 +245,9 @@ aws-efs-csi-driver:
resources: resources:
requests: requests:
cpu: 20m cpu: 20m
memory: 96Mi memory: 128Mi
limits: limits:
memory: 256Mi memory: 512Mi
affinity: affinity:
nodeAffinity: nodeAffinity: