如何使用入口路径 url 访问 keycloak 管理页面
How to access keycloak admin page with ingress path url
我已经在 kubernetes 集群上部署了 keycloak,我想通过入口路径 url 访问它,但是在尝试访问时我得到 503 服务不可用。但是使用 cluster-ip 我可以访问 keycloak。使用 /auth 我可以访问 keycloak 的主页,即 https://my-server.com/keycloak-development/auth/,但是当我尝试访问管理控制台时,它会出现 503 错误。
deployment.yaml
---
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
name: "keycloak-development"
namespace: "development"
spec:
selector:
matchLabels:
app: "keycloak-development"
replicas: 1
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: "keycloak-development"
spec:
containers:
-
name: "keycloak-development"
image: "mykeycloak-image:latest"
imagePullPolicy: "Always"
env:
-
name: "NODE_ENV"
value: "development"
-
name: "PROXY_ADDRESS_FORWARDING"
value: "true"
-
name: "KEYCLOAK_URL"
value: "https://my-server.com/keycloak-development/"
ports:
-
containerPort: 53582
imagePullSecrets:
-
name: "keycloak"
service.yaml
--
apiVersion: "v1"
kind: "Service"
metadata:
name: "keycloak-development"
namespace: "development"
labels:
app: "keycloak-development"
spec:
ports:
-
port: 53582
targetPort: 8080
selector:
app: "keycloak-development"
ingress.yaml
---
apiVersion: "networking.k8s.io/v1beta1"
kind: "Ingress"
metadata:
name: "keycloak-development-ingress"
namespace: "development"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
spec:
rules:
-
host: "my-server.com"
http:
paths:
-
backend:
serviceName: "keycloak-development"
servicePort: 53582
path: "/keycloak-development/(.*)"
码头文件
FROM registry.access.redhat.com/ubi8-minimal
ENV KEYCLOAK_VERSION 12.0.1
ENV JDBC_POSTGRES_VERSION 42.2.5
ENV JDBC_MYSQL_VERSION 8.0.22
ENV JDBC_MARIADB_VERSION 2.5.4
ENV JDBC_MSSQL_VERSION 8.2.2.jre11
ENV LAUNCH_JBOSS_IN_BACKGROUND 1
ENV PROXY_ADDRESS_FORWARDING false
ENV JBOSS_HOME /opt/jboss/keycloak
ENV LANG en_US.UTF-8
ARG GIT_REPO
ARG GIT_BRANCH
ARG KEYCLOAK_DIST=https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
USER root
RUN microdnf update -y && microdnf install -y glibc-langpack-en gzip hostname java-11-openjdk-headless openssl tar which && microdnf clean all
ADD tools /opt/jboss/tools
ENV KEYCLOAK_USER admin
ENV KEYCLOAK_PASSWORD admin
RUN /opt/jboss/tools/build-keycloak.sh
USER 1000
EXPOSE 8080
EXPOSE 8443
ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]
CMD ["-b", "0.0.0.0"]
注意:- 我可以使用 cluster-ip 访问 keycloak 和管理页面
找了很多之后我找到了解决方案,我们需要将这些环境变量添加到我们的 deployment.yaml 文件中才能工作
- KEYCLOAK_USER
- KEYCLOAK_PASSWORD
- PROXY_ADDRESS_FORWARDING(值:“真”)
- KEYCLOAK_FRONTEND_URL(在我的例子中是这样的:- https://my-server.com/keycloak-development/auth/)
- KEYCLOAK_ADMIN_URL(在我的例子中,它的值是这样的:- https://my-server.com/keycloak-development/auth/realms/master/admin/)
对于 Docker 图像,您可以使用 (quay.io/keycloak/keycloak:8.0.2)
在访问 key-cloak 应用程序时,如果您使用的是基于入口的路由,则需要将 /auth/ 添加到入口路径 url 才能访问(类似这样的事情:- https://my-server.com/keycloak-development/auth/ )
我已经在 kubernetes 集群上部署了 keycloak,我想通过入口路径 url 访问它,但是在尝试访问时我得到 503 服务不可用。但是使用 cluster-ip 我可以访问 keycloak。使用 /auth 我可以访问 keycloak 的主页,即 https://my-server.com/keycloak-development/auth/,但是当我尝试访问管理控制台时,它会出现 503 错误。
deployment.yaml
---
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
name: "keycloak-development"
namespace: "development"
spec:
selector:
matchLabels:
app: "keycloak-development"
replicas: 1
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: "keycloak-development"
spec:
containers:
-
name: "keycloak-development"
image: "mykeycloak-image:latest"
imagePullPolicy: "Always"
env:
-
name: "NODE_ENV"
value: "development"
-
name: "PROXY_ADDRESS_FORWARDING"
value: "true"
-
name: "KEYCLOAK_URL"
value: "https://my-server.com/keycloak-development/"
ports:
-
containerPort: 53582
imagePullSecrets:
-
name: "keycloak"
service.yaml
--
apiVersion: "v1"
kind: "Service"
metadata:
name: "keycloak-development"
namespace: "development"
labels:
app: "keycloak-development"
spec:
ports:
-
port: 53582
targetPort: 8080
selector:
app: "keycloak-development"
ingress.yaml
---
apiVersion: "networking.k8s.io/v1beta1"
kind: "Ingress"
metadata:
name: "keycloak-development-ingress"
namespace: "development"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
spec:
rules:
-
host: "my-server.com"
http:
paths:
-
backend:
serviceName: "keycloak-development"
servicePort: 53582
path: "/keycloak-development/(.*)"
码头文件
FROM registry.access.redhat.com/ubi8-minimal
ENV KEYCLOAK_VERSION 12.0.1
ENV JDBC_POSTGRES_VERSION 42.2.5
ENV JDBC_MYSQL_VERSION 8.0.22
ENV JDBC_MARIADB_VERSION 2.5.4
ENV JDBC_MSSQL_VERSION 8.2.2.jre11
ENV LAUNCH_JBOSS_IN_BACKGROUND 1
ENV PROXY_ADDRESS_FORWARDING false
ENV JBOSS_HOME /opt/jboss/keycloak
ENV LANG en_US.UTF-8
ARG GIT_REPO
ARG GIT_BRANCH
ARG KEYCLOAK_DIST=https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
USER root
RUN microdnf update -y && microdnf install -y glibc-langpack-en gzip hostname java-11-openjdk-headless openssl tar which && microdnf clean all
ADD tools /opt/jboss/tools
ENV KEYCLOAK_USER admin
ENV KEYCLOAK_PASSWORD admin
RUN /opt/jboss/tools/build-keycloak.sh
USER 1000
EXPOSE 8080
EXPOSE 8443
ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]
CMD ["-b", "0.0.0.0"]
注意:- 我可以使用 cluster-ip 访问 keycloak 和管理页面
找了很多之后我找到了解决方案,我们需要将这些环境变量添加到我们的 deployment.yaml 文件中才能工作
- KEYCLOAK_USER
- KEYCLOAK_PASSWORD
- PROXY_ADDRESS_FORWARDING(值:“真”)
- KEYCLOAK_FRONTEND_URL(在我的例子中是这样的:- https://my-server.com/keycloak-development/auth/)
- KEYCLOAK_ADMIN_URL(在我的例子中,它的值是这样的:- https://my-server.com/keycloak-development/auth/realms/master/admin/)
对于 Docker 图像,您可以使用 (quay.io/keycloak/keycloak:8.0.2)
在访问 key-cloak 应用程序时,如果您使用的是基于入口的路由,则需要将 /auth/ 添加到入口路径 url 才能访问(类似这样的事情:- https://my-server.com/keycloak-development/auth/ )