Issue while deploying keycloak on kubernetes - postgresql

I am trying to deploy keycloak on kubernetes cluster using Postgres as the database which is already present . This is the exception i am finding in the logs of keycloak.
"message":"Failed to create a XA-enabled DataSource from PostgreSQL JDBC Driver 42.3.3 for keycloak at jdbc:postgresql://postgres-pgpool.kube-tools.svc.cluster.local:5432/keycloak?``.
Here is my env variables attached

Related

External Vault Authentication Permission denied

I am a beginner in vault and I am trying to set up an external vault for the Kubernetes application using https://learn.hashicorp.com/tutorials/vault/kubernetes-external-vault It is working completely fine if everything is on a local machine same as a tutorial but In my case, I have setup vault HA on AWS EC2 and I have a separate Kubernetes cluster in which I have set up sidecar container using Helm chart as mentioned in the tutorial. I already set up Kubernetes configuration, roles, and policy on vault server but when my application starts with annotation to get secret from vault I am getting error permisson denied from vault init container.
Does anyone please help with this? Thank you in advance.

Connect to RDS instance with PostgreSQL with AWS Secrets Manager?

I have an RDS instance utilizing PostgreSQL in a VPC. This DB uses Secrets Manager for authentication. I created an EC2 within the same VPC and subnet as my RDS instance. I have attached policies to give full access to my EC2 instance.
I have verified I can access Secrets Manager through this EC2 instance by getting a json response of the secretstring and other details.
I use this information to try and access my aurora-postgresql cluster to no avail. connection timed out.
DB accepts inbound traffic to port 5432.
Any tips on what to diagnose next?

Using Grafana Agent to monitor Posgres on AWS

How can I use the Grafana Agent to collect metrics and logs from Postgres? Postgres instance is on AWS. What agent configuration needs to be made? The agent is installed successfully. See screenshots.Grafana installation Tab

Unable to connect to mysql in Istio environment

We have configured the Kubernetes cluster on bare-metal server with v1.15.1 and Istio-1.4.0 (demo) with mTLS enabled.
And our mysql server is outside the K8s cluster on Azure VM's.
Now when we inject istio-proxy while deploying the application we are unable to connect to mysql server via jdbc and also tried my mysql client. But when remove the istio-proxy by re-deploying we are able to connect instantly with out any issue.
When through many blogs wrt istio and mysql, tried with removing the default mesh policy but tht didnt work. The case in istio faq's is when the mysql is in k8s cluster with istio injected.
You can configure auto-mtls for istio by configuring values.global.mtls.auto=true (ie it uses mtls when possible and falls back for other connections
https://istio.io/docs/tasks/security/authentication/auto-mtls/
Serviceentry and destionation rule does the work form my case

Using RDS instead of mysql containers in kubernetes

I used this tutorial to install wordpress using kubernetes.
https://kubernetes.io/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/
It is working as expected. But I will prefer to use Amazon RDS instead of mysql pods. I am not sure what changes are required.
In the wordpress deployment you just need to update the host and credentials for your amazon db
you don't need to deploy any of the mysql resources from the tutorial.