azure - keycloak - Aks - can't access admin path - Stack Overflow

admin管理员组

文章数量:1332896

I'm trying to configure an AKS installation of keycloak - 13.0.1.2 with 2 replicas.

The keycloak server is up and running. I've tested the page using port-forward to connect directly to the pod, but when i try to access the service through the ingress i got

404 - Not Found

this is my Keycloak setup :

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  namespace: default
spec:
  ports:
    - port: 8080
      targetPort: 8080
      name: "http"
    - port: 8443
      targetPort: 8443
      name: "https"
  clusterIP: None
  selector:
    app: keycloak

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  replicas: 2
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - name: keycloak
          image: openremote/keycloak:13.0.1.2
          env:
            - name: DB_ADDR
              value: "my-db-addr"
            - name: DB_DATABASE
              value: "my-db"
            - name: DB_PASSWORD
              value: "my-pass"
            - name: DB_SCHEMA
              value: "public"
            - name: DB_USER
              value: "my-db"
            - name: DB_VENDOR
              value: "POSTGRES"
            - name: KEYCLOAK_ADMIN
              value: "my-admin"
            - name: KEYCLOAK_ADMIN_PASSWORD
              value: "my-pass"
            - name: KEYCLOAK_HOSTNAME
              value: "my-url"
            - name: PROXY_ADDRESS_FORWARDING
              value: "true"
            - name: KC_HTTPS_CERTIFICATE_FILE
              value: "/etc/x509/https/tls.crt"
            - name: KC_HTTPS_CERTIFICATE_KEY_FILE
              value: "/etc/x509/https/tls.key"
            - name: KC_PROXY
              value: "edge"
            - name: KC_EXTRA_ARGS
              value: "--proxy edge"
            - name: KC_HOSTNAME_PATH
              value: "/auth"
            - name: KC_LOG_LEVEL
              value: DEBUG
          volumeMounts:
            - name: certs
              mountPath: /etc/x509/https
          ports:
            - name: https
              containerPort: 8443
      nodeSelector:
        agentpool: infra
      volumes:
      - name: certs
        secret:
          secretName:  keycloak-cert

and this is the ingress :

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak
  annotations:
    nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
    cert-manager.io/cluster-issuer: letsencrypt-infra
    nginx.ingress.kubernetes.io/backend-protocol: "https"
    nginx.ingkress.kubernetes.io/rewrite-target: "/auth"
spec:
  ingressClassName: infra-nginx
  tls:
  - hosts:
    - my-url #Use your domain
    secretName: keycloak-cert
  rules:
  - host: my-host
    http:
      paths:
      - path: /keycloak
        pathType: Prefix
        backend:
          service:
            name: keycloak
            port:
              number: 8443

in the ingress-controller log I found :

151.68.55.116 - - [20/Nov/2024:17:00:54 +0000] "GET /keycloak HTTP/2.0" 404 74 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0" 319 0.019 [default-keycloak-8443] [] 10.30.1.167:8443 74 0.018 404 29536c909757e4bb635e12a039845677

redirection seems to work cause

10.30.1.167:8443

is one of the keycloak pods ip.

thanks

Update

changed the setup :

 - name: KC_HOSTNAME_PATH
   value: "/keycloak"

and removed

nginx.ingress.kubernetes.io/rewrite-target: "/auth"

from ingress

but got same result :

109.118.34.65 - - [21/Nov/2024:10:08:35 +0000] "GET /keycloak/ HTTP/2.0" 404 74 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" 28 0.002 [default-keycloak-8443] [] 10.30.1.159:8443 74 0.002 404 074d1cd2cd891103599dfb262196d425

I've even tried to use

    nginx.ingress.kubernetes.io/rewrite-target: "/auth"

...

     - name: KC_HOSTNAME_PATH
       value: "/auth"

but got same result

本文标签： azurekeycloakAkscan39t access admin pathStack Overflow