Question 415340 in Nginx Question posted in
The official documentation can be found here.

Nginx – How to run Nextjs Backend with NextAuth alongside Keycloak in Local Kubernetes

I have the following services deployed to a Kubernetes cluster running locally on my machine:

  • Keycloak
  • NextJS
  • Ingress-nginx

The NextJS app is basic: it uses NextAuth and the NextAuth Keycloak provider to allow the user to log in and view a protected page.

I have configured Keycloak with a realm and a web client. This all works fine.

Both services have ingress configurations:

  • Keycloak is available via auth.starter.local
  • The NextJS app is available via starter.local

These DNS names are manually configured in my /etc/hosts file to resolve to 127.0.0.1.

When I attempt to log in via the NextJS app (auth.starter.local), I get an error. This is caused because the backend NextJS app is attempting to retrieve the .well-known config from Keycloak at its DNS name, which it cannot resolve inside the Kubernetes cluster.

How do I get this to work? Can I configure Kubernetes coredns somehow to get the domain names to resolve from an inside service?

Tags:

2

Answers


  1. 0

    If you run Keycloak (KC) in Kubernetes (k8s), it is typically exposed through an ingress so that applications outside the cluster can interact with it. For applications inside the cluster, the same configuration is usually required, except when you use network services to avoid an additional hop (e.g., ingress controller) in network traffic.

    Keycloak may also be sensitive to the X-Forwarded-Host header, which is used to enable it to work behind proxies (though you can hardcode the hostname FQDN through one of the configuration options). This is useful when configuring different URLs, such as a separate URL for the admin console. Additionally, many companies use split DNS configurations to meet the requirements of the iss claim.

    Login or Signup to reply.
  2. 0

    First thing first, the /etc/hosts on your local machine is not shared nor cascaded to the pods/containers inside your Kubernetes clusters. They each has their own /etc/hosts files. To add custom entries to each of those /etc/hosts inside the pod/container, you need to use HostAliases.

    You have to map the auth.starter.local custom domain inside the pod/container of your NextJS app to the IP of the service for the Keycloak. Run a kubectl describe on the service to obtain its IP.

    Next, add the HostAliases setting to the deployment of your NextJS app (under .spec.template.spec):

    hostAliases:
- ip: "x.x.x.x" # replace with the service's cluster IP
  hostnames:
  - "auth.starter.local"

    Repeat in reverse if your Keycloak needs to connect to your NextJS app.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search