Cannot reach Keycloak using the internalURL

[droslean]

Describe the bug

I am using the keycloak-operator in Kubernetes

My Keycloak object holds

    externalURL: https://keycloak.local
    internalURL: https://keycloak.keycloak-operator.svc:8443

But other pods can't reach Keycloak using the internalURL because they are getting the following error:

For example: https://keycloak.keycloak-operator.svc:8443/auth/realms/master/protocol/openid-connect/token

x509: certificate is not valid for any names, but wanted to match keycloak.keycloak-operator.svc

Version

quay.io/keycloak/keycloak:19.0.2-legacy

Expected behavior

No error

Actual behavior

No response

How to Reproduce?

Just deploy keycloak-operator in Kubernetes

Anything else?

No response

[lexcao]

If it is an internal url, could it be HTTP?

[droslean]

@lexcao I can't use http because I get another error:

net/http: HTTP/1.x transport connection broken: malformed HTTP response \"\\x15\\x03\\x03\\x00\\x02\\x02P\

[droslean]

@lexcao Also, is there any way to change the internalURL in keycloak?

[lexcao]

Have you tried this http url? http://keycloak.keycloak-operator.svc:8080

I think there it no way to change the internal URL in keycloak. It depends on the deployment method for it.

[droslean]

@lexcao The keycloak service is only for the 8443 port. This is being generated by the operator. I can't change it. Either way, I tried to use the keycloak-discovery service, and it seems to be working.

[stianst]

Thanks (again) for reporting this issue. Keycloak 19 was the last version that included this legacy Operator, and with the release of Keycloak 20 the Operator reached EOL and this repository will be archived, please see our blog post on this topic. If this issue is still valid for the Realm Operator, please re-open it there. Thanks for your understanding. And be sure to check out our new Operator!