0

We've deployed nginx ingress controller without changing any default value. Now when we are trying to access keycloak service using this nginx proxy it's responding but not able to access admin console. It keeps 'loading the admin console'.

here is the configuration of keycloak:
service and deployment: https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes-examples/keycloak.yaml
ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: keycloak.mydomain.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: keycloak
            port:
              number: 8080

Due to unchanged default value server-snippets and location-snippets are disabled. But if it is mandatory then please provide suggestion along with it. Any help would be appreciated.

[EDIT] Service.type is already set to ClusterIP

ERROR in console: Refused to frame 'http://keycloak.mydomain.com/' because it violates the following Content Security Policy directive: "frame-src 'self'".

Here is the describe output of ingress:

Name:             keycloak
Labels:           <none>
Namespace:        default
Address:          <AWSLoadBalancerIP>.elb.amazonaws.com
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                          Path  Backends
  ----                          ----  --------
  keycloak.prod-pl.qritive.com  
                                /   keycloak:8080 (172.24.28.112:8080)
Annotations:                    <none>
Events:                         <none>
Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
Andrew
  • 124
  • 1
  • 12

2 Answers2

0

Try adding the env var : KEYCLOAK_HOSTNAME & PROXY_ADDRESS_FORWARDING i was also trying to use Nginx ingress.

Check below configuration once

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  selector:
    app: keycloak
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: default
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:10.0.0
        env:
        - name: KEYCLOAK_USER
          value: "admin"
        - name: KEYCLOAK_PASSWORD
          value: "admin"
        - name: PROXY_ADDRESS_FORWARDING
          value: "true"
        - name: DB_VENDOR
          value: POSTGRES
        - name: DB_ADDR
          value: postgres
        - name: DB_DATABASE
          value: keycloak
        - name: DB_USER
          value: root
        - name: DB_PASSWORD
          value: password
        - name : KEYCLOAK_HTTP_PORT
          value : "80"
        - name: KEYCLOAK_HTTPS_PORT
          value: "443"
        - name : KEYCLOAK_HOSTNAME
          value : keycloak.harshmanvar.tk #replace with ingress URL
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8443
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8080

My GitHub ref

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
0

By looking into the yaml file of keycloak service, its type is Loadbalancer. Change it to clusterIP and then deploy it. also make sure that

kubectl describe ingress <NAME>

connect the ingress to the respective pod port. if not then run the following command to see the problem

kubectl describe service keycloak

Najmus Siraj
  • 17
  • 5