K8s: 404 Error & Latest Documentation?

Hello Keycloak community,

I’m trying to deploy Keycloak on a k8s cluster and ran into a strange issue of “404 Page Not Found” when I try to access the admin console (see screenshot).

Some context, for what it’s worth: the cluster has an Nginx ingress controller and MetalLB, both of which work fine (tested with a JupyterHub deployment running on the same cluster). We want to deploy Keycloak as an authentication service for JupyterHub.

I deployed Keycloak using a modified version of the .yaml files in this guide: https://www.keycloak.org/getting-started/getting-started-kube. (e.g., the service type is “ClusterIP” instead of “LoadBalancer”, so it works with MetalLB). You can find their content at the end of this post.

On a related note, is there a place for the latest documentation for k8s configuration? The example config file linked in the aforementioned guide has deprecated values like “KC_PROXY”, where as this other guide seems to use a newer API.

=================

keycloak.yaml

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  namespace: jhub
  labels:
    app: keycloak
spec:
  ports:
    - name: http
      port: 443
      targetPort: 8080
  selector:
    app: keycloak
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: jhub
  labels:
    app: keycloak
spec:
  replicas: 2
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:25.0.4
          volumeMounts: 
          - name: tls
            mountPath: '/etc/ssl'
            readOnly: true
          args: ["start"]
          env:
            - name: KEYCLOAK_ADMIN
              value: 'admin'
            - name: KEYCLOAK_ADMIN_PASSWORD
              value: 'admin'
            - name: KC_PROXY
              value: 'edge'
            - name: KC_HOSTNAME
              value: 'some.hostname'
            - name: KC_HOSTNAME_STRCT_HTTPS
              value: 'true'
            - name: KC_LOG_LEVEL
              value: 'INFO'
            - name: KC_DB
              value: 'postgres'
            - name: KC_DB_URL
              value: 'jdbc:postgresql://some.db'
            - name: KC_DB_USERNAME
              value: 'kc-user'
            - name: KC_DB_PASSWORD
              value: 'kc-password'
            - name: KC_TRANSACTION_XA_ENABLE
              value: 'true'
            - name: KC_HEALTH_ENABLED
              value: 'true'
            - name: KC_METRICS_ENABLED
              value: 'true'
          ports:
            - name: http
              containerPort: 8080
          readinessProbe:
            httpGet:
              scheme: HTTP
              path: /realms/master
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 1
      volumes:
        - name: tls
          secret:
            secretName: secret-name
            optional: false      

=================

keycloak-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak
  namespace: jhub
spec:
  tls:
    - hosts:
        - some.hostname
      secretName: secret-name
  ingressClassName: nginx
  rules:
    - host: some.hostname
      http:
        paths:
          - path: /keycloak
            pathType: Prefix
            backend:
              service:
                name: keycloak
                port:
                  number: 443

I have solved the issue, which turns out to be a combination of multiple errors. A working set of config files can be found here on GitHub.