Hello Keycloak community,
I’m trying to deploy Keycloak on a k8s cluster and ran into a strange issue of “404 Page Not Found” when I try to access the admin console (see screenshot).
Some context, for what it’s worth: the cluster has an Nginx ingress controller and MetalLB, both of which work fine (tested with a JupyterHub deployment running on the same cluster). We want to deploy Keycloak as an authentication service for JupyterHub.
I deployed Keycloak using a modified version of the .yaml
files in this guide: https://www.keycloak.org/getting-started/getting-started-kube
. (e.g., the service type is “ClusterIP” instead of “LoadBalancer”, so it works with MetalLB). You can find their content at the end of this post.
On a related note, is there a place for the latest documentation for k8s configuration? The example config file linked in the aforementioned guide has deprecated values like “KC_PROXY”, where as this other guide seems to use a newer API.
=================
keycloak.yaml
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: jhub
labels:
app: keycloak
spec:
ports:
- name: http
port: 443
targetPort: 8080
selector:
app: keycloak
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: jhub
labels:
app: keycloak
spec:
replicas: 2
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:25.0.4
volumeMounts:
- name: tls
mountPath: '/etc/ssl'
readOnly: true
args: ["start"]
env:
- name: KEYCLOAK_ADMIN
value: 'admin'
- name: KEYCLOAK_ADMIN_PASSWORD
value: 'admin'
- name: KC_PROXY
value: 'edge'
- name: KC_HOSTNAME
value: 'some.hostname'
- name: KC_HOSTNAME_STRCT_HTTPS
value: 'true'
- name: KC_LOG_LEVEL
value: 'INFO'
- name: KC_DB
value: 'postgres'
- name: KC_DB_URL
value: 'jdbc:postgresql://some.db'
- name: KC_DB_USERNAME
value: 'kc-user'
- name: KC_DB_PASSWORD
value: 'kc-password'
- name: KC_TRANSACTION_XA_ENABLE
value: 'true'
- name: KC_HEALTH_ENABLED
value: 'true'
- name: KC_METRICS_ENABLED
value: 'true'
ports:
- name: http
containerPort: 8080
readinessProbe:
httpGet:
scheme: HTTP
path: /realms/master
port: 8080
initialDelaySeconds: 60
periodSeconds: 1
volumes:
- name: tls
secret:
secretName: secret-name
optional: false
=================
keycloak-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: jhub
spec:
tls:
- hosts:
- some.hostname
secretName: secret-name
ingressClassName: nginx
rules:
- host: some.hostname
http:
paths:
- path: /keycloak
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 443