Keycloak is not accessible behind Kong Ingress Controller on Kubernetes cluster

Hi,

I am trying to access K8 Pod based Keycloak service through Kong Ingress controller:

Keycloak runs on port 8443 and 8080 and I want to access keycloak on 8443 only behind Kong.

But its not accessible

what changes I need to do on kong level or keycloak level?

Version of Kong I am using:
Kong: 2.0
Kong-ingress-controller- 0.9.1

Version of keycloak : keycloak:6.0.1

Kong Deployment YAML: https://github.com/Kong/kubernetes-ingress-controller/blob/master/deploy/single/all-in-one-postgres.yaml

Keycloak Deployment YAML:
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
io.kompose.service: keycloak
name: keycloak
spec:
ports:

  • port: 8443
    selector:
    io.kompose.service: keycloak
    type: NodePort

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
creationTimestamp: null
labels:
io.kompose.service: keycloak
name: keycloak
spec:
replicas: 1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: keycloak
spec:
containers:
- name: keycloak
env:
- name: DB_ADDR
value: postgres-keycloak
- name: DB_DATABASE
value: “keycloak”
- name: DB_PASSWORD
value: password
- name: DB_USER
value: keycloak
- name: DB_VENDOR
value: POSTGRES
- name: KEYCLOAK_PASSWORD
value: Pa55w0rd
- name: KEYCLOAK_USER
value: admin
- name: PROXY_ADDRESS_FORWARDING
value: “false”
image: **************.dkr.ecr.us-west-2.amazonaws.com/breeze/keycloak:latest
ports:
- containerPort: 8443
resources: {}
initContainers:
- name: init-postgres-keycloak-service
image: busybox
command: [‘sh’, ‘-c’, ‘until nslookup postgres-keycloak; do echo waiting for postgres-keycloak; sleep 2; done;’]
restartPolicy: Always

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/force-ssl-redirect: “true”
name: keycloak-ing
namespace: breeze
spec:
rules:

  • host:
    http:
    paths:
    • backend:
      serviceName: keycloak
      servicePort: 8443
      path: /auth
    • backend:
      serviceName: keycloak
      servicePort: 8443
      path: /

apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: keycloak-ing
namespace: breeze
proxy:
protocol: https
connect_timeout: 10000
retries: 10
read_timeout: 10000
write_timeout: 10000
route:
methods:

  • POST
  • GET
  • PUT
  • DELETE
    regex_priority: 0
    strip_path: false
    preserve_host: true
    protocols:
  • http
  • https

Thanks and regards,
Rahul Salunke


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ