search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.83k stars 9.12k forks source link

Keycloak returns 404 when configuring adminIngress #29091

Open brunopadz opened 2 weeks ago

brunopadz commented 2 weeks ago

Name and Version

bitnami/keycloak 21.8.0

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Provision a new Keycloak instance using bitnami/keycloak 21.8.0
  2. Configure adminIngress and ingress with AWS LB Controller

I've also tried messing with the httpRelativePath to /auth/ and / and the results are the same.

Are you using any custom parameters or values?

production: true
proxy: edge
proxyHeaders: forwarded

httpRelativePath: /auth/
extraEnvVars:
  - name: KC_HOSTNAME_URL
    value: "https://keycloak.external.dns"
  - name: KC_ADMIN_HOSTNAME_URL
    value: "https://adminkc.internal.dns"
service:
  type: ClusterIP

adminIngress:
  enabled: true
  ingressClassName: "alb-internal"
  hostname: "adminkc.internal.dns"
  pathType: ImplementationSpecific
  annotations:
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/ssl-redirect: "443"
    alb.ingress.kubernetes.io/backend-protocol: "HTTP"
    alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-FS-1-2-Res-2019-08"
    alb.ingress.kubernetes.io/healthcheck-protocol: "HTTP"
    alb.ingress.kubernetes.io/healthcheck-path: "/"
ingress:
  enabled: true
  ingressClassName: "alb-external"
  hostname: "keycloak.external.dns"
  path: "/*"
  pathType: ImplementationSpecific
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/group.name: auth
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/ssl-redirect: "443"
    alb.ingress.kubernetes.io/backend-protocol: "HTTP"
    alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-FS-1-2-Res-2019-08"
    alb.ingress.kubernetes.io/healthcheck-protocol: "HTTP"
    alb.ingress.kubernetes.io/healthcheck-path: "/"
    alb.ingress.kubernetes.io/load-balancer-attributes: routing.http.preserve_host_header.enabled=true,routing.http.xff_header_processing.mode=preserve
    alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=false,stickiness.lb_cookie.duration_seconds=300
    alb.ingress.kubernetes.io/wafv2-acl-arn: "arn:aws:wafv2:us-east-1:xxx:regional/webacl/xxx/xxx"

What is the expected behavior?

Access the admin panel through a dedicated URL.

What do you see instead?

404 error

Additional information

When configuring only the ingress param with the KEYCLOAK_HOSTNAME_URL works flawlessly, the error behavior is only when the adminIngress is also configured.

carrodher commented 2 weeks ago

The issue may not be directly related to the Bitnami container image/Helm chart, but rather to how the application is being utilized, configured in your specific environment, or tied to a specific scenario that is not easy to reproduce on our side.

If you think that's not the case and are interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

Suppose you have any questions about the application, customizing its content, or technology and infrastructure usage. In that case, we highly recommend that you refer to the forums and user guides provided by the project responsible for the application or technology.

With that said, we'll keep this ticket open until the stale bot automatically closes it, in case someone from the community contributes valuable insights.

xlejakx commented 2 weeks ago

hi mate I had the same error, maybe it will be useful

ingress:
  enabled: true
  ingressClassName: alb
  annotations:
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/group.name: internal-dev
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/ssl-redirect: "443"
    alb.ingress.kubernetes.io/certificate-arn: "${acm_arn}"
  hostname: ${url}
  path: /*
rbac:
  create: true
extraEnvVars:
  - name: KC_HEALTH_ENABLED
    value: "true"
  - name: KEYCLOAK_PRODUCTION
    value: "true"
  - name: KEYCLOAK_PROXY
    value: "edge"
auth:
  createAdminUser: true
  adminUser: admin
  adminPassword: "${password}"
serviceMonitor:
  enabled: true
postgresql:
  enabled: false
externalDatabase:
  host: retail-dev-shared-postgres.xxx.eu-west-1.rds.amazonaws.com
  user: keycloak
  database: keycloak
  existingSecret: keycloak-rds-credentials #checkov:skip=CKV_SECRET_6
cache:
  enabled: true
akoyaxd commented 2 weeks ago

For me the chart creates the adminingress only with http:// instead of https://

    adminIngress:
      enabled: true
      ingressClassName: nginx
      hostname: iam.${IAM_BASE_DOMAIN}
      path: /admin
      tls: true
brunopadz commented 1 week ago

Hey @xlejakx and @akoyaxd thanks for the input.

I'll take a look into it and let you guys know.