fix: adding the jgroups bind address for ipv6 support (keycloak#36504)

shawkins · ahus1 · web-flow · commit 6a3177702400 · 2025-01-16T13:38:46.000+01:00
* fix: adding the jgroups bind address closes: keycloak#36383 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
diff --git a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java
@@ -75,6 +75,8 @@
 
 public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependentResource<StatefulSet, Keycloak> {
 
+    public static final String POD_IP = "POD_IP";
+
     private static final List<String> COPY_ENV = Arrays.asList("HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY");
 
     private static final String ZONE_KEY = "topology.kubernetes.io/zone";
@@ -296,6 +298,8 @@ private StatefulSet createBaseDeployment(Keycloak keycloakCR, Context<Keycloak>
                         && (customImage.isPresent() || operatorConfig.keycloak().startOptimized())) {
             containerBuilder.addToArgs(OPTIMIZED_ARG);
         }
+        // Set bind address as this is required for JGroups to form a cluster in IPv6 envionments
+        containerBuilder.addToArgs(0, "-Djgroups.bind.address=$(%s)".formatted(POD_IP));
         containerBuilder.addToArgs(0, getJGroupsParameter(keycloakCR));
 
         // probes
@@ -500,6 +504,9 @@ private List<EnvVar> getDefaultAndAdditionalEnvVars(Keycloak keycloakCR) {
             }
         }
 
+        envVars.add(new EnvVarBuilder().withName(POD_IP).withNewValueFrom().withNewFieldRef()
+                .withFieldPath("status.podIP").endFieldRef().endValueFrom().build());
+
         return envVars;
     }
 
diff --git a/operator/src/test/java/org/keycloak/operator/testsuite/unit/PodTemplateTest.java b/operator/src/test/java/org/keycloak/operator/testsuite/unit/PodTemplateTest.java
@@ -218,8 +218,8 @@ public void testCommandsAndArgsAreMerged() {
         // Assert
         assertEquals(1, podTemplate.getSpec().getContainers().get(0).getCommand().size());
         assertEquals(command, podTemplate.getSpec().getContainers().get(0).getCommand().get(0));
-        assertEquals(2, podTemplate.getSpec().getContainers().get(0).getArgs().size());
-        assertEquals(arg, podTemplate.getSpec().getContainers().get(0).getArgs().get(1));
+        assertEquals(3, podTemplate.getSpec().getContainers().get(0).getArgs().size());
+        assertEquals(arg, podTemplate.getSpec().getContainers().get(0).getArgs().get(2));
     }
 
     @Test
@@ -402,11 +402,13 @@ public void testDefaults() {
         // Assert
         assertNotNull(container);
         assertThat(container.getArgs()).doesNotContain(KeycloakDeploymentDependentResource.OPTIMIZED_ARG);
+        assertThat(container.getArgs()).contains("-Djgroups.bind.address=$(POD_IP)");
 
         var envVars = container.getEnv();
         assertThat(envVars.stream()).anyMatch(envVar -> envVar.getName().equals(KeycloakDeploymentDependentResource.KC_TRUSTSTORE_PATHS));
         assertThat(envVars.stream()).anyMatch(envVar -> envVar.getName().equals(KeycloakDeploymentDependentResource.KC_TRACING_SERVICE_NAME));
         assertThat(envVars.stream()).anyMatch(envVar -> envVar.getName().equals(KeycloakDeploymentDependentResource.KC_TRACING_RESOURCE_ATTRIBUTES));
+        assertThat(envVars.stream()).anyMatch(envVar -> envVar.getName().equals(KeycloakDeploymentDependentResource.POD_IP));
 
         var readiness = container.getReadinessProbe().getHttpGet();
         assertNotNull(readiness);
diff --git a/operator/src/test/java/org/keycloak/operator/testsuite/utils/CRAssert.java b/operator/src/test/java/org/keycloak/operator/testsuite/utils/CRAssert.java
@@ -35,6 +35,7 @@
 import io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.fabric8.kubernetes.client.utils.Serialization;
+import io.netty.util.NetUtil;
 import io.quarkus.logging.Log;
 import org.assertj.core.api.ObjectAssert;
 import org.awaitility.Awaitility;
@@ -197,7 +198,7 @@ public static void assertConnection(KubernetesClient client, String hostname, in
                 "--connect-timeout",
                 "2",
                 "-s",
-                "telnet://%s:%s".formatted(hostname, port));
+                "telnet://%s:%s".formatted(NetUtil.isValidIpV6Address(hostname)?"["+hostname+"]":hostname, port));
         // Relevant exit codes:
         // 28-Operation timeout.
         // 48-Unknown option specified to libcurl (BOGUS=1 is not a valid option, but the connection is successful).

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,8 @@`
`75`	`75`
`76`	`76`	`public class KeycloakDeploymentDependentResource extends CRUDKubernetesDependentResource<StatefulSet, Keycloak> {`
`77`	`77`
	`78`	`+ public static final String POD_IP = "POD_IP";`
	`79`	`+`
`78`	`80`	`private static final List<String> COPY_ENV = Arrays.asList("HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY");`
`79`	`81`
`80`	`82`	`private static final String ZONE_KEY = "topology.kubernetes.io/zone";`
`@@ -296,6 +298,8 @@ private StatefulSet createBaseDeployment(Keycloak keycloakCR, Context<Keycloak>`
`296`	`298`	`&& (customImage.isPresent() \|\| operatorConfig.keycloak().startOptimized())) {`
`297`	`299`	`containerBuilder.addToArgs(OPTIMIZED_ARG);`
`298`	`300`	`}`
	`301`	`+ // Set bind address as this is required for JGroups to form a cluster in IPv6 envionments`
	`302`	`+ containerBuilder.addToArgs(0, "-Djgroups.bind.address=$(%s)".formatted(POD_IP));`
`299`	`303`	`containerBuilder.addToArgs(0, getJGroupsParameter(keycloakCR));`
`300`	`304`
`301`	`305`	`// probes`
`@@ -500,6 +504,9 @@ private List<EnvVar> getDefaultAndAdditionalEnvVars(Keycloak keycloakCR) {`
`500`	`504`	`}`
`501`	`505`	`}`
`502`	`506`
	`507`	`+ envVars.add(new EnvVarBuilder().withName(POD_IP).withNewValueFrom().withNewFieldRef()`
	`508`	`+ .withFieldPath("status.podIP").endFieldRef().endValueFrom().build());`
	`509`	`+`
`503`	`510`	`return envVars;`
`504`	`511`	`}`
`505`	`512`