I need to implement keycloak on k8s using ingress

Getting advice
1

My configuration

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:23.0.1
        ports:
        - name: "http"
          containerPort: 8080
        args: ["start","--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true"]
        env:
        - name: PROXY_ADDRESS_FORWARDING
          value: "true"
        - name: KC_HOSTNAME_STRICT
          value: "false"
        - name: KEYCLOAK_ADMIN
          value: "user"
        - name: KEYCLOAK_ADMIN_PASSWORD       
          value: "password"
        - name: KC_DB_USERNAME
          value: user
        - name: KC_DB_PASSWORD
          value: password
        - name: KC_HTTP_ENABLED
          value: "true"
        - name: KC_DB_URL_HOST
          value: db_host
        - name: KC_DB_SCHEMA
          value: keycloak
        - name: KC_DB
          value: mariadb
        - name: KC_HEALTH_ENABLED
          value: "true"
        - name: KC_HOSTNAME_STRICT_HTTPS
          value: "false"
        - name: KC_METRICS_ENABLED
          value: "true"
        - name: KC_PROXY
          value: edge

        resources:
          limits:
            cpu: "2"
            memory: "4Gi"
          requests:
            cpu: "1"
            memory: "1Gi"

        livenessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 120
          periodSeconds: 10

        readinessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 30
          periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
  namespace: keycloak
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  selector:
    app: keycloak
  type: ClusterIP
  clusterIP: None
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak-ingress
  namespace: keycloak
spec:
  ingressClassName: nginx
  rules:
  - host: keycloak.domain.com
    http:
      paths:
      - backend:
          service:
            name: keycloak
            port:
              number: 8080
        path: "/"
        pathType: Prefix

I get the following error

SSL_ERROR_RX_RECORD_TOO_LONG

image
image1920Ă—997 50.6 KB

2

I don’t see any TLS configuration in your ingress. I would use cert-manager to automatically issue certificates. Try getting a “dummy” service like Echo-Server running with working TLS on the ingress to debug that without the complications of Keycloak. Also, I would recommend installing Keycloak with a Helm chart, for example the codecentric one.

3

Thanks for the help

.

1 Like