How to configure AWS Classic load balancer for keycloak service?

Hi
I have installed Keycloak with postgress enabled on AWS EKS / K8s using helm chart install with std defaults. The service is running fine with an ingress rule and SSL disabled. However, we want to use load balancers ext/internal instead of ingress rules and enable https. I am trying to setup a classic load balancer on AWS for this purpose using k8s and running into an issue. The load balancer stands up but the healtcheck fails and instances show as out of service. See the below details. Can someone point to the documentation link to setup this load balancer properly? or this is not supported by keycloak? Please advice.

sample yaml used for creating the load balancer

kind: Service
metadata:
  name: keycloak-ilb
  namespace: keycloak
  annotations: {}
spec:
  selector:
    app: release-name
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
  type: LoadBalancer```

Keycloak http service description:: release-name-keycloa-http
```Name:              release-name-keycloa-http
Namespace:         keycloak
Labels:            app.kubernetes.io/instance=release-name
                   app.kubernetes.io/managed-by=Tiller
                   app.kubernetes.io/name=keycloak
                   helm.sh/chart=keycloak-5.1.6
Annotations:       kubectl.kubernetes.io/last-applied-configuration:
                     {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"release-name","app.kubernetes.io/...
Selector:          app.kubernetes.io/instance=release-name,app.kubernetes.io/name=keycloak
Type:              ClusterIP
IP:                xxxxx
Port:              http  80/TCP
TargetPort:        http/TCP
Endpoints:         xxxx:8080
Session Affinity:  None
Events:            <none>```

Have you resolve the above? I’m running into the same.

Hi Jobro,

Yes I resolved this using the aws classic load balancer with the below annotations. Just make sure you have running keycloak in backend on 8080 and 8443. Additionally add “app selector label” for keycloak pods to match your app selector definitions in the yaml below.

apiVersion: v1
kind: Service
metadata:
name: keycloak-ilb
namespace: keycloak
labels:
ilb: keycloak-ilb
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: “xxx”
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “https”
spec:
selector:
app: keycloak
ports:

  • name: http
    protocol: TCP
    port: 80
    targetPort: 8080
  • name: https
    protocol: TCP
    port: 443
    targetPort: 8443
    type: LoadBalancer

Thank you :slight_smile: