search

keycloak / keycloak-quickstarts

Apache License 2.0
1.98k stars 984 forks source link

K8s Service.type: ClusterIP Does Not Redirect Correctly #576

Open chr0n1x opened 4 months ago

chr0n1x commented 4 months ago

Describe the bug

Hello, Im trying out keyclock on my local cluster via these docs: https://www.keycloak.org/getting-started/getting-started-kube

What Im Doing

I use kustomize to change the keycloak Service into a ClusterIP type.

# kustomization.yaml
resources:
- https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes/keycloak.yaml
- ingress.yaml

patches:
- path: ./patch-svc.yaml
  target:
    kind: Service
    name: keycloak

patch-svc.yaml

---
kind: Service
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    app: keycloak
spec:
  selector:
    app: keycloak
  # I kinda just...did things until the end `kustomization build` works
  $patch: replace
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  type: ClusterIP

Im then using this ingress w/ the nginx ingress k8s controller

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak-ingress
  namespace: keycloak
  labels:
    app.kubernetes.io/name: keycloak
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  ingressClassName: nginx
  rules:
    - host: keycloak.home.k8s
      http:
        paths:
          - path: "/"
            pathType: ImplementationSpecific
            backend:
              service:
                name: keycloak
                port:
                  name: http

I then have a simple local dns (pihole) pointing at my cluster.

Version

25.0.1 rev cb84415be470af85c99821d8a9a7b47ed96dc376

Expected behavior

The ingress above is what I use for all of my services. I expect the page to load, but the only way that I can load anything at all is by proxying the svc

kubectl -n keycloak port-forward svc/keycloak 8080:80

Actual behavior

When using the ingress above and going to https://keycloak.home.k8s:<nginx https port> the application hangs for a few seconds. but then redirects to https://keycloak.home.k8s/admin. NOTE that the port was stripped.

How to Reproduce?

install the nginx-ingress controller https://github.com/kubernetes/ingress-nginx apply the configs above

Anything else?

No response