Search code examples
kuberneteshttp-status-code-404keycloakkubernetes-ingress

Keycloak with Kubernetes with Ingress returns 404 Not Found in browser

I try to spin up a Keycloak server with K8s, and seemingly everything works fine, at least by the logs. But when trying to reach the server via browser, I get a 404 Not Found error.

Here're the two yaml files I use to start the service:

keycloak.yaml

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
    - name: http
      port: 8080
      targetPort: 8080
  selector:
    app: keycloak
  type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:19.0.1
          args: ["start-dev"]
          env:
            - name: KEYCLOAK_ADMIN
              value: "admin"
            - name: KEYCLOAK_ADMIN_PASSWORD
              value: "admin"
            - name: KC_PROXY
              value: "edge"
          ports:
            - name: http
              containerPort: 8080
          readinessProbe:
            httpGet:
              path: /realms/master
              port: 8080
      volumes:
        - name: keycloak-volume
          configMap:
            name: keycloak-configmap

keycloak-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak
spec:
  tls:
    - hosts:
        - keycloak-host
  rules:
    - host: keycloak-host
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: keycloak
                port:
                  number: 8080

For the service I see in the logs:

kubectl logs keycloak-9554778fc-dcpdf
Updating the configuration and installing your custom providers, if any. Please wait.
2022-08-08 12:21:34,721 INFO  [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 14845ms
2022-08-08 12:21:38,542 INFO  [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin: <request>, Port: -1, Proxied: true
2022-08-08 12:21:40,207 INFO  [org.keycloak.common.crypto.CryptoIntegration] (main) Detected crypto provider: org.keycloak.crypto.def.DefaultCryptoProvider
2022-08-08 12:21:42,365 WARN  [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2022-08-08 12:21:42,502 WARN  [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2022-08-08 12:21:42,565 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2022-08-08 12:21:43,003 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.9.Final
2022-08-08 12:21:43,339 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_552327, Site name: null
2022-08-08 12:21:44,887 INFO  [org.keycloak.quarkus.runtime.storage.legacy.liquibase.QuarkusJpaUpdaterProvider] (main) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
2022-08-08 12:21:46,740 INFO  [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm
2022-08-08 12:21:48,758 INFO  [io.quarkus] (main) Keycloak 19.0.1 on JVM (powered by Quarkus 2.7.6.Final) started in 13.477s. Listening on: http://0.0.0.0:8080
2022-08-08 12:21:48,758 INFO  [io.quarkus] (main) Profile dev activated. 
2022-08-08 12:21:48,759 INFO  [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx]
2022-08-08 12:21:49,056 INFO  [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'
2022-08-08 12:21:49,059 WARN  [org.keycloak.quarkus.runtime.KeycloakMain] (main) Running the server in development mode. DO NOT use this configuration in production.

For the Ingress I see:

kubectl get ingress
NAME       CLASS   HOSTS           ADDRESS        PORTS     AGE
keycloak   nginx   keycloak-host   192.168.49.2   80, 443   4m40s

So, in the browser I try to navigate to : 192.168.49.2/auth and I get :

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

I get the same with other endpoints as well, like '/', '/auth/reams/master'..

What do I wrong here?

Solution

  • you have mentioned the host : keycloak-host in the ingress section.

    Go to you /etc/host file if in linux or in windows and add one entry like

    keycloak-host 192.168.49.2

    after just go to browser and try again, opening the http://keycloak-host

    also, you have added the TLS in ingress so make you are attaching the right TLS/SSL certificate to ingress.

    If you are using the Ingress you might need to mention that and enable proxy at Keycloak.

    Use my config as ref : https://github.com/harsh4870/Keycloack-postgres-kubernetes-deployment/blob/main/keycload-deployment.yaml