Hello,
I have been trying to deploy keycloak on AWS EKS cluster.
However, I am getting a 404 Not found error. I have created a secret using cert and key.
Below is the yaml file i am using to deploy
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keyclaok:latest
args: ["start"]
env:
- name: KEYCLOAK_ADMIN
value: "admin"
- name: KEYCLOAK_ADMIN_PASSWORD
value: "admin"
- name: KC_HEALTH_ENABLED
value: "true"
- name: KC_METRICS_ENABLED
value: "true"
- name: KC_HOSTNAME
value: "<placeholder>"
- name: KC_PROXY
value: "edge"
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /realms/master
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: default
name: ingress-keycloak
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($request_uri ~* "^/([^?]*)(\?.*)?$") {
set $path_slug $1;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Path $path_slug;
proxy_set_header X-Forwarded-Uri $request_uri;
labels:
app: app-keycloak
spec:
tls:
- hosts:
- <placeholder>
secretName: kc-tls-secret # Replace with the actual secret containing the SSL certificate
rules:
- host: <placeholder>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 8443
Please let me know what is going wrong here
ThoreKr
February 22, 2024, 9:26am
2
Does the deployment start? What is in the container logs?
There is a typo in the image name.
The deployment starts with the following logs in the keycloak pod
UPDATE SUMMARY
Run: 117
Previously run: 0
Filtered out: 0
-------------------------------
Total change sets: 117
2024-02-22 06:41:19,117 INFO [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm
2024-02-22 06:41:22,529 INFO [io.quarkus] (main) Keycloak 23.0.6 on JVM (powered by Quarkus 3.2.10.Final) started in 30.397s. Listening on: http://0.0.0.0:8080
2024-02-22 06:41:22,529 INFO [io.quarkus] (main) Profile prod activated.
2024-02-22 06:41:22,530 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, smallrye-health, vertx]
2024-02-22 06:41:23,094 INFO [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'
2024-02-22 09:08:16,932 ERROR [io.vertx.ext.web.RoutingContext] (vert.x-eventloop-thread-0) Unhandled exception in router
2024-02-22 09:18:16,360 ERROR [io.vertx.ext.web.RoutingContext] (vert.x-eventloop-thread-0) Unhandled exception in router
Also the ingress logs are as follows
192.168.51.38 - - [22/Feb/2024:08:33:11 +0000] "\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03\xEAuQ\xC6_jO?\x9F\xA0yN\xF8 \xE3]\x88\xF2\xFB\x99\x02\x92\x99\xEE\x87\xAF\x00<;y\xA8\x07 \xC0`v\xED\x87\x0C\xC7\xA2^\x10\x99s\x8D\x1Bd\x86\x14\xC92\x7FF\xB5\xB7\x06\xED!/\x1BP\xF8Ce\x00&\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x09\xC0\x13\xC0" 400 150 "-" "-" 0 0.717 [] [] - - - - df31b0bb7d6dea2ec73f3ee4815d9135
192.168.0.240 - - [22/Feb/2024:08:51:43 +0000] "MGLNDD_50.18.193.25_443" 400 150 "-" "-" 0 0.002 [] [] - - - - 37a80415cb56c25ff0a167e2c343ef02
192.168.51.38 - - [22/Feb/2024:09:17:24 +0000] "\x15\x03\x03\x00\x02\x02F" 400 150 "-" "-" 0 0.005 [] [] - - - - e6b230a893aabf5aff0981a2b7177d1b
192.168.51.38 - - [22/Feb/2024:09:17:25 +0000] "\x15\x03\x03\x00\x02\x02F" 400 150 "-" "-" 0 0.005 [] [] - - - - 535a5646711d917a8171e6d75635a436
192.168.0.240 - - [22/Feb/2024:09:38:14 +0000] "CONNECT api.ipify.org:443 HTTP/1.1" 400 150 "-" "-" 0 0.227 [] [] - - - - f955d434238f24d32d262f5f81fcd0e7
192.168.0.240 - - [22/Feb/2024:09:38:19 +0000] "\x04\x01\x00P\xBCrc\xEA0\x00" 400 150 "-" "-" 0 0.440 [] [] - - - - ae64f6d2c5dd6f34b4833aacf7558b8b
192.168.0.240 - - [22/Feb/2024:09:38:29 +0000] "\x05\x01\x00" 400 150 "-" "-" 0 0.439 [] [] - - - - eed1dee69fd04bfa1c008a80a1284d6a
ThoreKr
February 22, 2024, 9:56am
4
Are the manifests you provided really the deployed config?
Apart from the typo in the image, it lacks the ssl configuration for the backend.
The ingress is supposed to use port 8443, but the service doesn’t expose it?
And if the cluster internal connection is supposed to be via https, then the keycloak deploayment needs to mount certificates and additonal config options to actually utilize them.
That typo has been rectified
I have exposed the port in the service
I have created a secret using the cert data and deployed it in the namespace where keycloak is deployed