Hello there!
I am trying to run a keycloak server on my kubernetes cluster as OIDC authority for the kube-api. But I am not able to access keycloak via HTTPS. I am using HA Proxy Ingress Controller which is working perfectly fine for some other applications, but I am not able to bring keycloak up an running. My database is accessible and working as expected. Do you have any clue what I am doing wrong?
Please find my yaml definitions below. Thanks in advance!
ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-ingress
annotations:
haproxy.org/forwarded-for: "true"
spec:
tls:
- hosts:
- "oidc.mydomain.com"
secretName: my-tls
rules:
- host: "oidc.mydomain.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak-service
port:
number: 443
keycloak.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-deployment
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:21.1.1
volumeMounts:
- name: tls
mountPath: "/etc/ssl"
readOnly: true
args: ["start"]
env:
- name: KEYCLOAK_ADMIN
value: 'admin'
- name: KEYCLOAK_ADMIN_PASSWORD
value: 'adminPW'
- name: KC_PROXY
value: 'edge'
- name: KC_HOSTNAME
value: 'oidc.mydomain.com'
- name: KC_HOSTNAME_STRICT_HTTPS
value: 'true'
- name: KC_DB
value: 'postgres'
- name: KC_DB_URL
value: 'jdbc:postgresql://postgres.postgres-namespace.svc.cluster.local/keycloak'
- name: KC_DB_USERNAME
value: 'postgres'
- name: KC_DB_PASSWORD
value: 'postgres'
- name: KC_TRANSACTION_XA_ENABLED
value: 'true'
- name: KC_HEALTH_ENABLED
value: 'true'
- name: KC_HTTPS_CERTIFICATE_FILE
value: '/etc/ssl/tls.crt'
- name: KC_HTTPS_CERTIFICATE_KEY_FILE
value: '/etc/ssl/tls.crt'
ports:
- name: https
containerPort: 8443
volumes:
- name: tls
secret:
secretName: my-tls
optional: false
service.yaml
apiVersion: v1
kind: Service
metadata:
name: keycloak-service
labels:
app: keycloak
spec:
ports:
- name: https
port: 443
targetPort: 8443
selector:
app: keycloak
type: LoadBalancer
Firefox error message:
Unable to connect
An error occurred during a connection to oidc.mydomain.com.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox Developer Edition is permitted to access the web.