kubernetes 上的 Keycloak:入口 HTTPS 需要错误

问题描述 投票:0回答:1

我有一个 Kubernetes 集群,在其中部署了以下部署和服务:

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
    name: keycloak
spec:
  type: NodePort
  ports:
    - name: http
      protocol: TCP
      port: 8080
  selector:
    app: keycloak
    name: keycloak
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  labels:
    name: keycloak
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      name: keycloak
      labels:
        app: keycloak
        name: keycloak
    spec:
      restartPolicy: Always
      containers:
      - name: keycloak
        image: jboss/keycloak
        ports:
          - containerPort: 8080
            protocol: TCP
        resources:
          requests:
            cpu: 200m
            memory: 256Mi
          limits:
            cpu: 400m
            memory: 512Mi
        env:
          - name: KEYCLOAK_LOGLEVEL
            value: "DEBUG"
          - name: PROXY_ADDRESS_FORWARDING
            value: "true"
          - name: KEYCLOAK_USER
            value: "admin"
          - name: KEYCLOAK_PASSWORD
            value: "password"
          - name: DB_USER
            valueFrom:
              secretKeyRef:
                name: postgres-secret
                key: username
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: postgres-secret
                key: password
          - name: DB_ADDR
            valueFrom:
              configMapKeyRef:
                name: postgres-configmap
                key: HOST
          - name: DB_PORT
            valueFrom:
              configMapKeyRef:
                name: postgres-configmap
                key: PORT
          - name: DB_DATABASE
            valueFrom:
              configMapKeyRef:
                name: postgres-configmap
                key: DATABASE
          - name: DB_VENDOR
            value: "postgres"

我的 pod 中运行 keycloak 的日志确认我的 keycloak 正在运行并使用提供的 Postgres 数据库。我尝试添加以下入口规则:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: keycloak
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  rules:
  - host: auth.mydomain.com
    http:
      paths:
      - path: /
        backend:
          serviceName: keycloak
          servicePort: 8080
      - path: /auth
        backend:
          serviceName: keycloak
          servicePort: 8080

并且我能够访问 Keycloak 主页,但是一旦我单击管理控制台,我不断收到错误:

We're sorry .... HTTPS required
。将 PROXY_ADDRESS_FORWARDING 变量设置为“true”并没有帮助使其正确。我不只是想在端口 8443 上运行 keycloak,所以我真的在寻找除此之外的另一种解决方案。

kubernetes keycloak kubernetes-ingress
1个回答
0
投票

您需要在入口内设置TLS终止

spec:
  tls:
    - hosts:
      - auth.mydomain.com
      secretName: tls-secret

创建的秘密,其中包含

auth.mydomain.com
的证书:

apiVersion: v1
kind: Secret
metadata:
  name: tls-secret
  namespace: default
type: kubernetes.io/tls
data:
  tls.crt:LS0S[...]0tLhsrQo=
  tls.key:LS0t[...]LS1CRUdJ=

这将使您的入口控制器使用提供的 TLS 证书终止流量,并将未加密的 HTTP 流量转发到您的

keycloak
服务。

© www.soinside.com 2019 - 2024. All rights reserved.