search

codecentric / helm-charts

A curated set of Helm charts brought to you by codecentric
Apache License 2.0
621 stars 605 forks source link

Kubernetes ingress controller fake certificate #689

Closed vyom-soft closed 1 year ago

vyom-soft commented 1 year ago

Hello,

I am using cert-manager and keycloak. keycloak-chart version: 18.4.1 appVersion: 17.0.1-legacy.

When accessed over metallb LB -> nginx ingress I see that fake certificate.

Used helm install to install the keycloak

here is my nginx-ingress Please can you give some hint what else I should look for.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: vyomsoft-prod-ca-issuer
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/client-max-body-size: "4"
    nginx.ingress.kubernetes.io/forwarded-for-header: X-Forwarded-For
    nginx.ingress.kubernetes.io/proxy-body-size: 25m
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-buffering: "on"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
    nginx.ingress.kubernetes.io/proxy-max-temp-file-size: 1024m
    nginx.ingress.kubernetes.io/proxy-read-timeout: "20"
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
  creationTimestamp: "2023-02-13T19:44:56Z"
  generation: 1
  name: keycloak
  namespace: kvib
  resourceVersion: "56101995"
  uid: 33ad5227-0f6a-4513-af01-29a410830499
spec:
  ingressClassName: nginx
  rules:
  - host: keycloak.vyomsoft.devlab.tech
    http:
      paths:
      - backend:
          service:
            name: keycloak-http
            port:
              name: https
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - keycloak.vyomsoft.devlab.tech
    secretName: vyomsoft-prod-ca-tech
status:
  loadBalancer:
    ingress:
    - ip: 10.10.45.211

# Additional environment variables for Keycloak
extraEnv: |
  - name: KEYCLOAK_LOGLEVEL
    value: INFO
  # - name: WILDFLY_LOGLEVEL
  #   value: DEBUG
  - name: CACHE_OWNERS_COUNT
    value: "2"
  - name: CACHE_OWNERS_AUTH_SESSIONS_COUNT
    value: "2"
  - name: KEYCLOAK_STATISTICS
    value: all
  - name: CACHE_OWNERS
    value: "3"
  - name: DB_QUERY_TIMEOUT
    value: "60"
  - name: DB_VENDOR
    value: postgres
  - name: DB_ADDR
    value: postgresdb-postgresql
  - name: DB_PORT
    value: "5432"
  - name: DB_DATABASE
    value: keycloak
  - name: DB_USER
    value: postgres
  - name: DB_PASSWORD_FILE
    value: /secrets/db-creds/postgres-password
  - name: KEYCLOAK_USER
    value: admin
  - name: KEYCLOAK_PASSWORD
    value: mypassword
  - name: PROXY_ADDRESS_FORWARDING
    value: 'true'
image

nginx ingress information

➜ ~ kubectl describe ingressclasses Name: nginx Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.5.1 helm.sh/chart=ingress-nginx-4.4.0 helm.toolkit.fluxcd.io/name=ingress-nginx helm.toolkit.fluxcd.io/namespace=ingress-nginx Annotations: meta.helm.sh/release-name: ingress-nginx meta.helm.sh/release-namespace: ingress-nginx Controller: k8s.io/ingress-nginx Events:

github-actions[bot] commented 1 year ago

This issue has been marked as stale because it has been open for 30 days with no activity. It will be automatically closed in 10 days if no further activity occurs.