I have a bit of a problem, I am trying to access a Keycloak pod through an ingress and I keep getting a 504 error I have tried other deployments (nginx, apache, pg-admin) and they all work. The common aspect is that those pods run on port 80 and keycloak runs on port 8080. I have also tried to deploy apache airflow and by default port 8080 is used. I can't set port 80 or 443 on the Keycloak deployment, I get the following error:
keycloak 06:23:59.51 ERROR ==> An invalid port was specified in the environment variable KEYCLOAK_HTTP_PORT: privileged port requested.
keycloak 06:23:59.51 ERROR ==> An invalid port was specified in the environment variable KEYCLOAK_HTTPS_PORT: privileged port requested.
ingress-nginx-controller pod log:
10.7.211.10 - - [06/Jan/2022:05:57:42 +0000] "GET /favicon.ico HTTP/1.1" 504 562 "http://api.cp.ca/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36" 367 15.003 [default-kcd-8080] [] 10.244.1.59:8080, 10.244.1.59:8080, 10.244.1.59:8080 0, 0, 0 5.001, 5.000, 5.004 504, 504, 504 8c0c75ee66bebace840c4f77e5722c77
I have not firewall set anywhere, my cluster is made up 3 worker nodes, I am not using the cloud, just 4 virtual machines.
current configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cp-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
defaultBackend:
service:
name: tools-pgadmin
port:
number: 80
rules:
- host: api.cp.ca
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kcd
port:
number: 8080
# service:
# kubectl expose deployment kcd
# kcd ClusterIP 10.109.12.99 <none> 8080/TCP,8443/TCP 8m18s
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kcd
spec:
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: bitnami/keycloak
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
env:
- name: DB_VENDOR
value: "postgres"
- name: KEYCLOAK_DATABASE_HOST
value: "10.7.211.100"
- name: KEYCLOAK_DATABASE_NAME
value: "keycloak"
- name: KEYCLOAK_DATABASE_USER
value: "postgres"
- name: KEYCLOAK_DATABASE_PASSWORD
value: "postgres"
- name: KEYCLOAK_DATABASE_SCHEMA
value: "public"
What can cause port 8080 not to be reached? Are there any other settings to enable when building a stack from scratch? thanks
i am not sure that might due to you are using the bitnami image, still i would suggest trying with below deployment file.
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:10.0.0
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: POSTGRES
- name: DB_ADDR
value: postgres
- name: DB_DATABASE
value: keycloak
- name: DB_USER
value: root
- name: DB_PASSWORD
value: password
- name : KEYCLOAK_HTTP_PORT
value : "80"
- name: KEYCLOAK_HTTPS_PORT
value: "443"
- name : KEYCLOAK_HOSTNAME
value : keycloak.harshmanvar.tk #replace with ingress URL
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
File link : https://github.com/harsh4870/Keycloack-postgres-kubernetes-deployment/blob/main/keycload-deployment.yaml