Automation
terraform
Cloud-IAM Keycloak deployments are compatible with Keycloak terraform providers because deployed Keycloaks expose the full Keycloak REST admin API.
TIP
terraform
might be rate limited during the process. You should add the IP of where terraform is running to the admin allow list.
pulumi
Cloud-IAM Keycloak deployments are compatible with Keycloak pulumi provider because deployed Keycloaks expose the full Keycloak REST admin API.
Troubleshooting
Sometimes when adding a new realm pulumi gets a timeout within seconds as api response.
keycloak:index:Realm (REALM_NAME):
error: 1 error occurred:
error sending request: Post "https://YOUR_DOMAIN.cloud-iam.com/auth/admin/realms": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Resources:
1 unchanged
Duration: 7s
keycloak:index:Realm (REALM_NAME):
error: 1 error occurred:
error sending request: Post "https://YOUR_DOMAIN.cloud-iam.com/auth/admin/realms": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Resources:
1 unchanged
Duration: 7s
Increasing the request timeout will solve the issue. The pulumi native customTimeouts flag does not seem to work but setting KEYCLOAK_CLIENT_TIMEOUT=60
environment variable to 60 seconds will work.