Troubleshooting

Verify proper operation

Run the command below to list the Keycloak component pods:

kubectl -n kosmos-iam get pod -l app.kubernetes.io/instance=keycloak-cluster

The pods keycloak-cluster-0 and keycloak-cluster-1 should be in the Running state.

NAME READY STATUS RESTARTS AGE
keycloak-cluster-0 1/1 Running 0 9d
keycloak-cluster-1 1/1 Running 0 9d <- if in HA mode
keycloak-cluster-readiness-job-5p5sw 0/1 Completed 0 9d

Health check

From the platform administration client machine, calling the following URLs returns 200 if the component is available

curl -o /dev/null -s -k -w "%{http_code}" https://auth-admin.technique.artemis/auth/realms/master
200
curl -o /dev/null -s -k -w "%{http_code}" https://auth.technique.artemis/auth/realms/kosmos
200

Check the Redis service

Run the following commands:

kubectl -n kosmos-iam get pods -l app.kubernetes.io/name=redis

If no line is displayed, the service is stopped.

If in normal mode, one line should be displayed:

NAME READY STATUS RESTARTS AGE
redis-master-0 1/1 Running 0 42d

If in HA mode, three lines containing the status "Running" should be displayed, as shown below, indicating that the service is started.

NAME READY STATUS RESTARTS AGE
redis-node-0 2/2 Running 3 (31d ago) 59d
redis-node-1 2/2 Running 0 21d
redis-node-2 2/2 Running 0 10d

Check the logs

Verify that there are no errors in the last few log lines.

kubectl -n kosmos-iam logs -l app.kubernetes.io/name=redis -c redis

kubectl -n kosmos-iam logs -l app.kubernetes.io/name=redis -c sentinel

LDAP Synchronization

This procedure describes the steps to force synchronization of users (Keycloak group) and LDAP if needed. Currently, the synchronization is automatic.

In the main menu (left side), select "User Federation," then select the federation.

Click Action, then Sync all Users.

The message Sync of users finished successfully confirms the LDAP update.