Hi,
I’m a new with Kubernetes and Keycloak. I have a problem with opening welcome page of Keycloak run in a Kubernetes (EKS)
So I have a Service and Deployment:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: profitowi-dev
spec:
selector:
matchLabels:
app.kubernetes.io/name: keycloak
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: keycloak
spec:
nodeSelector:
kubernetes.io/arch: arm64
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:17.0.1
args: ["start", "--auto-build", "--log-level=DEBUG", "--proxy=passthrough"]
imagePullPolicy: Always
env:
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
name: keycloak-security
key: keycloak.user
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-security
key: keycloak.password
- name: KC_DB_URL
valueFrom:
secretKeyRef:
name: keycloak-security
key: datasource.url
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
name: keycloak-security
key: datasource.user
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-security
key: datasource.password
- name: KC_DB
value: "postgres"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KC_HOSTNAME_STRICT
value: "false"
- name: KC_HOSTNAME_STRICT_HTTPS
value: "false"
- name: KC_METRICS_ENABLED
value: "true"
- name: KC_FEATURES
value: "token-exchange"
- name: KC_HTTP_ENABLED
value: "true"
- name: KC_HOSTNAME_STRICT_BACKCHANNEL
value: "false"
ports:
- name: http
containerPort: 8080
readinessProbe:
httpGet:
path: /realms/master
port: 8080
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: profitowi-dev
spec:
ports:
- name: http
port: 8080
targetPort: 8080
- name: https
port: 8443
targetPort: 8443
type: NodePort
selector:
app.kubernetes.io/name: keycloak
My Ingress config:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: dev
name: dev-ingress-alb
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/rewrite-target: /
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/subnets: subnet-0eeeb8a2a6228dc93, subnet-01de27cabc87ae6d3
alb.ingress.kubernetes.io/group.name: dev-alb
alb.ingress.kubernetes.io/tags: Environment=DEV
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-west-1:11111111:certificate/1111111
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
rules:
- host: my.domain
http:
paths:
- path: "/keycloak"
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 8080
The problem:
When I open https://my.domain/keycloak I got a page:
Keycloak
We are sorry...
Page not found
And I see in a keycloak logs something like:
2022-04-26 11:00:55,663 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper end
2022-04-26 11:00:58,259 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) new JtaTransactionWrapper
2022-04-26 11:00:58,260 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) was existing? false
2022-04-26 11:00:58,261 DEBUG [io.quarkus.vertx.http.runtime.ForwardedParser] (executor-thread-0) Recalculated absoluteURI to https://my.domain/keycloak
2022-04-26 11:00:58,269 DEBUG [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-0) Error response 404: javax.ws.rs.NotFoundException: RESTEASY003210: Could not find resource for full path: https://my.domain/keycloak
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:152)
at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:74)
at org.jboss.resteasy.core.registry.RootClassNode.match(RootClassNode.java:47)
at org.jboss.resteasy.core.ResourceMethodRegistry.getResourceInvoker(ResourceMethodRegistry.java:480)
at org.jboss.resteasy.core.SynchronousDispatcher.getInvoker(SynchronousDispatcher.java:332)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:253)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:71)
at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
in a console in my browser I see
Did not parse stylesheet at 'https://my.domain/resources/mrvrx/common/keycloak/web_modules/@patternfly/react-core/dist/styles/base.css' because non CSS MIME types are not allowed in strict mode.
...
When I create a service as LoadBalancer and I go by externalIP the welcome page is loading properly.
Do you know what I’ve missed?
thanks in advance