Successfully Deployed OpenRemote on Local Rancher RKE2 Cluster

Application best practices
1

Hi everyone! :wave:

I wanted to share my experience successfully deploying OpenRemote on a local Rancher RKE2 cluster, hoping it helps others who might be attempting the same setup.

Overview

The deployment mostly follows the official Kubernetes documentation from openremote/kubernetes at master 路 openremote/openremote 路 GitHub, but I encountered a few specific issues that required additional steps.

Prerequisites

  • Rancher RKE2 cluster running locally
  • Ingress controller already configured in Rancher
  • Created a dedicated namespace for OpenRemote

Main Issues Encountered & Solutions

1. Persistent Volume Path Issues

The biggest hurdle was with the persistent volumes for both manager and PostgreSQL:

  • Problem: Paths from openremote-manager-pv and openremote-psql-pv were not created or had insufficient permissions
  • Solution: Ensure the host paths exist and have proper permissions before applying the PV manifests (as it was sayed in readme)

2. Ingress Configuration for Manager

Instead of manually configuring ingress, I used Helm with a custom values file:

bash

helm install manager manager -f values-openremote.yaml

Note: Adjust the values file according to your domain and ingress setup

This approach automatically handles ingress creation, assuming you already have an ingress controller configured in Rancher.

3. Keycloak Domain Configuration

After deployment, Keycloak was redirecting to localhost instead of the proper domain. Fixed this with:

bash

kubectl patch deployment keycloak -n openremote --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "KEYCLOAK_FRONTEND_URL", "value": "https://your-domain.com/auth"}}, {"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "KC_HOSTNAME", "value": "your-domain.com"}}, {"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "KC_HOSTNAME_STRICT", "value": "false"}}, {"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "KC_HOSTNAME_STRICT_HTTPS", "value": "true"}}, {"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "KC_PROXY", "value": "edge"}}, {"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "KC_HTTP_RELATIVE_PATH", "value": "/auth"}}]'

Replace your-domain.com with your actual domain

Questions for the Community

Now that I have OpenRemote running successfully, I have a few questions about best practices:

  1. Version Migration: What鈥檚 the recommended approach for migrating to newer OpenRemote versions (with minimal downtime)? Any specific procedures or gotchas to watch out for?
  2. PostgreSQL Scaling: Is it safe to scale the PostgreSQL deployment up and down without issues? Are there any considerations for data consistency?
  3. Production Readiness: What additional configurations or considerations should I implement for a production deployment? Any monitoring, backup, or security recommendations?
  4. Keycloak Themes: Any possibility in feature to upload keycloak themes via manager ui?

I鈥檓 also experiencing a mysterious issue where some users get stuck at /manager with a blank screen right after logging in - still investigating this one! (might be DNS issues)

Final Thoughts

Overall, the deployment went quite smoothly once I worked through the persistent volume permissions and Keycloak configuration. The official Kubernetes documentation is quite comprehensive, and using Helm for the manager component definitely simplified the ingress setup.

Hope this helps others attempting similar deployments!