[ISSUE] Keycloak Pod won't start up as the admin password secret is missing #4478
Description
Describe the issue:
Installed Camunda 8.8 (Helm Chart v 13.0.0) with identity.enabled and indentityKeycloak.enabled and identitKeycloak.postgresql.enabled, charts created the "camunda-credentials" secret with all the passwords in it, Keycloak pod fails to start up with a warning that it cannot use the KC_BOOTSTRAP_ADMIN_PASSWORD as it is not set.
camunda-credentials secret does not contain "identity-keycloak-admin-password". Needs to be added to the secret via "kubectl patcht secret ....".
bootstrap-admin-username available only when bootstrap admin password is set
WARN ==> Skipping export of 'KC_BOOTSTRAP_ADMIN_PASSWORD'. '/opt/bitnami/keycloak/secrets/identity-keycloak-admin-password' is not readable.
Actual behavior:
"identity-keycloak-admin-password" not set in camunda-credentials, thus Keycloak Pod fails to startup (without error but just a warning).
Expected behavior:
"identity-keycloak-admin-password" set in camunda-credentials.
How to reproduce:
Install Camunda 8.8/13.0.0 helm charts with the default values using values-local.yaml and enable identity, identityKeycloak, identityPostgresql:
#
# This values file is used for local development and testing.
# It disables some features and reduces the resource requirements to run the Camunda Platform locally.
#
global:
secrets:
autoGenerated: true
identity:
auth:
# Disable the Identity authentication for local development
# it will fall back to basic-auth: demo/demo as default user
enabled: false
identity:
enabled: true
identityPostgresql:
enabled: true
identityKeycloak:
enabled: true
postgresql:
enabled: true
#
# Orchestration Cluster.
#
connectors:
inbound:
mode: disabled
orchestration:
replicas: 1
clusterSize: "1"
partitionCount: "1"
replicationFactor: "1"
pvcSize: 10Gi
optimize:
enabled: false
elasticsearch:
master:
replicaCount: 1
persistence:
size: 10Gi
Check camunda-credentials secret:
kubectl get secret --namespace "your-namespace" camunda-credentials -o jsonpath="{.data}"
This should return a JSON object containing the key "identity-keycloak-admin-password"
Logs:
2025-10-15 11:00:13.275 bootstrap-admin-username available only when bootstrap admin password is set
2025-10-15 11:00:11.990 Appending additional Java properties to JAVA_OPTS
2025-10-15 11:00:11.974 keycloak 09:00:11.97 INFO ==> ** Starting Keycloak **
2025-10-15 11:00:11.968 keycloak 09:00:11.96 WARN ==> Skipping export of 'KC_BOOTSTRAP_ADMIN_PASSWORD'. '/opt/bitnami/keycloak/secrets/identity-keycloak-admin-password' is not readable.
2025-10-15 11:00:11.954
2025-10-15 11:00:11.954 keycloak 09:00:11.95 INFO ==> ** keycloak setup finished! **
2025-10-15 11:00:11.939 keycloak 09:00:11.93 INFO ==> Configuring database settings
2025-10-15 11:00:11.931 keycloak 09:00:11.93 INFO ==> Found PostgreSQL server listening at camunda-platform-postgresql:5432
2025-10-15 11:00:11.921 keycloak 09:00:11.92 INFO ==> Trying to connect to PostgreSQL server camunda-platform-postgresql...
2025-10-15 11:00:11.898 keycloak 09:00:11.89 INFO ==> Validating settings in KEYCLOAK_*,KC_* env vars...
2025-10-15 11:00:11.894 keycloak 09:00:11.89 WARN ==> Skipping export of 'KC_BOOTSTRAP_ADMIN_PASSWORD'. '/opt/bitnami/keycloak/secrets/identity-keycloak-admin-password' is not readable.
2025-10-15 11:00:11.881 keycloak 09:00:11.88 INFO ==> ** Starting keycloak setup **
2025-10-15 11:00:11.876 keycloak 09:00:11.87 INFO ==>
2025-10-15 11:00:11.874 keycloak 09:00:11.87 INFO ==> NOTICE: Starting August 28th, 2025, only a limited subset of images/charts will remain available for free. Backup will be available for some time at the 'Bitnami Legacy' repository. More info at https://github.com/bitnami/containers/issues/83267
2025-10-15 11:00:11.872 keycloak 09:00:11.87 INFO ==> Subscribe to project updates by watching https://github.com/bitnami/containers
2025-10-15 11:00:11.870 keycloak 09:00:11.86 INFO ==> Welcome to the Bitnami keycloak container
Environment:
Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.
- Platform: Kubernetes
- Helm CLI version: V3.19.0
- Chart version: 13.0.0
- Values file: see above