Question 97201 in Nginx Question posted in
The official documentation can be found here.

keycloak not working with nginx ingress controller

We’ve deployed nginx ingress controller without changing any default value. Now when we are trying to access keycloak service using this nginx proxy it’s responding but not able to access admin console. It keeps ‘loading the admin console’.

here is the configuration of keycloak:
service and deployment: https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes-examples/keycloak.yaml
ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: keycloak.mydomain.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: keycloak
            port:
              number: 8080

Due to unchanged default value server-snippets and location-snippets are disabled. But if it is mandatory then please provide suggestion along with it.
Any help would be appreciated.

[EDIT] Service.type is already set to ClusterIP

ERROR in console: Refused to frame 'http://keycloak.mydomain.com/' because it violates the following Content Security Policy directive: "frame-src 'self'".

Here is the describe output of ingress:

Name:             keycloak
Labels:           <none>
Namespace:        default
Address:          <AWSLoadBalancerIP>.elb.amazonaws.com
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                          Path  Backends
  ----                          ----  --------
  keycloak.prod-pl.qritive.com  
                                /   keycloak:8080 (172.24.28.112:8080)
Annotations:                    <none>
Events:                         <none>
Tags:

2

Answers


  1. 0

    Try adding the env var : KEYCLOAK_HOSTNAME & PROXY_ADDRESS_FORWARDING i was also trying to use Nginx ingress.

    Check below configuration once

    apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  selector:
    app: keycloak
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: default
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:10.0.0
        env:
        - name: KEYCLOAK_USER
          value: "admin"
        - name: KEYCLOAK_PASSWORD
          value: "admin"
        - name: PROXY_ADDRESS_FORWARDING
          value: "true"
        - name: DB_VENDOR
          value: POSTGRES
        - name: DB_ADDR
          value: postgres
        - name: DB_DATABASE
          value: keycloak
        - name: DB_USER
          value: root
        - name: DB_PASSWORD
          value: password
        - name : KEYCLOAK_HTTP_PORT
          value : "80"
        - name: KEYCLOAK_HTTPS_PORT
          value: "443"
        - name : KEYCLOAK_HOSTNAME
          value : keycloak.harshmanvar.tk #replace with ingress URL
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8443
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8080

    My GitHub ref

    Login or Signup to reply.
  2. 0

    By looking into the yaml file of keycloak service, its type is Loadbalancer. Change it to clusterIP and then deploy it. also make sure that

    kubectl describe ingress <NAME>

    connect the ingress to the respective pod port. if not then run the following command to see the problem

    kubectl describe service keycloak

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search