Keycloak oauth-proxy with mocked server mocklab on Kubernetes

When trying to setup keycloak oauth2 on local machine with minikube (virtualbox driver)

with mocked server from: The OAuth2 / OpenID Connect Mock | MockLab

I get error from :

[2022/11/04 15:09:14] [provider.go:55] Performing OIDC Discovery...
[2022/11/04 15:09:17] [main.go:60] ERROR: Failed to initialise OAuth2 Proxy: error intiailising provider: could not create provider data: error building OIDC ProviderVerifier: could not get verifier builder: error while discovery OIDC configuration: failed to discover OIDC configuration: error performing request: Get "https://keycloak.192.168.59.103.nip.io/realms/skyrealm/.well-known/openid-configuration": dial tcp 192.168.59.103:443: connect: no route to host

Basic auth with generated password is working.

minikube version: v1.27.1 Kubernetes version: v1.25.2 Docker version: 20.10.18 Operating System: Ubuntu 22.04

Keycloak deployment

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: default
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:19.0.3
          args: ["start"]
          imagePullPolicy: Always
          env:
            - name: KEYCLOAK_ADMIN
              value: null
              valueFrom:
                secretKeyRef:
                  key: keycloakuser
                  name: skysecrets
            - name: KEYCLOAK_ADMIN_PASSWORD
              value: null
              valueFrom:
                secretKeyRef:
                  key: keycloakpass
                  name: skysecrets
            - name: KC_PROXY
              value: "edge"
            - name: KC_HOSTNAME_STRICT
              value: "false"
          ports:
            - name: http
              containerPort: 8080
          readinessProbe:
            httpGet:
              path: /realms/master
              port: 8080

service:

---
apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
    - name: http
      port: 8080
      targetPort: 8080
  selector:
    app: keycloak
  type: LoadBalancer

keycloak ingress:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2
#    konghq.com/strip-path: "true"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - keycloak.192.168.59.104.nip.io
  rules:
    - host: keycloak.192.168.59.104.nip.io
      http:
        paths:
          - path: /keycloak(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: keycloak
                port:
                  number: 8080

oauth-proxy setup:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: oauth2-proxy
  name: oauth2-proxy
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: oauth2-proxy
  template:
    metadata:
      labels:
        k8s-app: oauth2-proxy
    spec:
      containers:
        - args:
            - --provider=keycloak-oidc
            - --client-id=YYY
            - --client-secret=XXX
            - --redirect-url=https://oauth.mocklab.io/oauth/authorize
            - --oidc-issuer-url=https://keycloak.192.168.59.103.nip.io/realms/skyrealm
#            for supporting PKCE methods from keycloak
            - --code-challenge-method="S256"
#            for error with x509 certificates
            - --ssl-insecure-skip-verify=true
            - --ssl-upstream-insecure-skip-verify=true

#            additional required parameters
            - --email-domain=*
            - --cookie-secure=false
            - --cookie-secret=ZZZ

          image: quay.io/oauth2-proxy/oauth2-proxy:latest
          imagePullPolicy: Always
          name: oauth2-proxy
          ports:
            - containerPort: 4180
              protocol: TCP

---

apiVersion: v1
kind: Service
metadata:
  labels:
    k8s-app: oauth2-proxy
  name: oauth2-proxy
  namespace: kube-system
spec:
  ports:
    - name: http
      port: 4180
      protocol: TCP
      targetPort: 4180
  selector:
    k8s-app: oauth2-proxy

service ingress:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sky-oauth-ingress
  namespace: default
  annotations:

    nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
    nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"

    nginx.ingress.kubernetes.io/rewrite-target: /$2

spec:
  ingressClassName: nginx
  rules:
    - http:
        paths:
          - path: /oauth/offer(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: sky-offer-service
                port:
                  number: 5552
          - path: /oauth/message(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: sky-message-service
                port:
                  number: 5553
          - path: /oauth/auth(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: auth-service
                port:
                  number: 9100

I setup second ingresses for basic auth with generated passwortd and it is working:

spec:
  ingressClassName: nginx
  rules:
     - http:
        paths:
          - path: /offer(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: sky-offer-service
                port:
                  number: 5552
          - path: /message(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: sky-message-service
                port:
                  number: 5553
          - path: /auth(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: auth-service
                port:
                  number: 9100

I want be able to test oauth2 before I deploy it on cloud.

How to setup it correctly ?