Open CaptainKrby opened 1 month ago
Hi, we have observed a similar issue. With Helm Chart version 21.0.4, everything was functioning as expected. However, after updating to 21.1.0, the Admin WebApp can no longer be accessed because the "auth" part is being removed. When I try to access the URL https://mdomain.de/auth/, it redirects to https://mdomain.de/admin/ instead of https://mdomain.de/auth/admin/.
Here are the chart values used:
httpRelativePath: /auth/
ingress:
annotations:
kubernetes.io/ingress.class: nginx
nginx.org/location-snippets: |
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
nginx.org/proxy-buffer-size: 128k
nginx.org/proxy-buffers: 4 256k
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/issuer: cert-issuer
enabled: true
hostname: …
path: /
pathType: Prefix
tls:
- hosts:
- ...
secretName: cert-secret
adminIngress:
annotations:
kubernetes.io/ingress.class: nginx
enabled: true
hostname: …
path: /auth/admin
pathType: Prefix
tls:
- hosts:
- …
secretName: cert-secret
Thanks for your help.
I just reviewed the changes from 21.0.4 to 21.1.0 and saw that since then the env variables KC_HOSTNAME_URL
and KC_HOSTNAME_ADMIN_URL
are used instead of KC_HOSTNAME_ADMIN
in https://github.com/bitnami/charts/blob/e10625faaf986dc2fd691ccdd6ff67396001730f/bitnami/keycloak/templates/statefulset.yaml#L216
If I'm not mistaken, it seems that the path defined in the ingress or in httpRelativePath is not used in this context. Is this an oversight, or am I misunderstanding the configuration of the environment variables?
Any update ?
Thanks for the investigation you did, @bjsee. I can see this in Keycloak's documentation:
hostname-admin-url
Set the base URL for accessing the administration console, including scheme, host, port and path
CLI: --hostname-admin-url
Env: KC_HOSTNAME_ADMIN_URL
Have you tried adding your httpRelativePath
to the KC_HOSTNAME_ADMIN_URL
environment variable? Perhaps its missing there.
Hi @alemorcuq, I've been trying all morning to adjust the values but nothing works, even adjusting httpRelativePath to KC_HOSTNAME_ADMIN_URL... I reiterate that everything was working on chart 21.0.2 and then only 404 errors.
Can you reproduce my environment?
Hi, it is introduced by the commit: https://github.com/bitnami/charts/pull/25386. I'm impacted too. My use case is to serve the admin ingress on the same host but with the adminIngress as a subPath to allow ip restriction on this path only.
No updates?
Waiting too. In the meantime, Keycloak updates are blocked...
Can confirm, doing the following resolves the issue for us:
httpRelativePath: /auth/
adminIngress:
enabled: true
hostname: keycloak.example.com
extraEnvVars:
- name: KC_HOSTNAME_ADMIN_URL
value: 'https://{{ .Values.adminIngress.hostname }}{{ .Values.httpRelativePath }}'
$ curl -sI https://keycloak.example.com/auth/
HTTP/2 302
date: Thu, 13 Jun 2024 08:44:38 GMT
location: https://keycloak.example.com/auth/admin/
We're using Chart version 21.4.1
Hello @singhbaljit, thank you for your fix, I'll take a look on it asap
@CaptainKrby I don't think my fix will resolve your issue. I think we need to append the {{ .Values.httpRelativePath }}
for the full hostname URL.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
I don't think this is stale
Name and Version
bitnami/keycloak:21.2.1
What architecture are you using?
None
What steps will reproduce the bug?
Here is my values.yaml :
What do you see instead?
https://keycloak-dr-admin.company.net/admin/ returns :
404: Not Found
Additional information
I tried to upgrade from bitnami/keycloak:21.0.2 to bitnami/keycloak:21.2.1.
This added a new discovery port as well as a change on the tls part of the admin ingress, however I do not notice any typo.
Here are the pod startup logs :
Thanks for your help.