Kong 1.3 and kong-ingress-controller 0.6.0 keycloak issue

Hello Guys,

Recently we did upgrade our kong-version from version 1.1 to version 1.3 and kong-ingress-controller-version from 0.3.0 to 0.6.0.
We are running keycloak behind the kong, so when we do hit to keycloak server, its getting below error:

Kong Error

An invalid response was received from the upstream server.

When we went through logs of kong pods,

under kong pod, below log occured:

kong-556cbdb888-khxvg kong-proxy] 2019/10/16 12:52:22 [error] 32#0: 4667106 upstream prematurely closed connection while reading response header from upstream, client: 10.0.5.53, server: kong, request: “GET / HTTP/1.1”, upstream: "http://...:/", host: ".."
[kong-556cbdb888-khxvg kong-proxy] 2019/10/16 12:52:22 [error] 32#0: 4667106 upstream prematurely closed connection while reading response header from upstream, client: 10.0.5.53, server: kong, request: “GET / HTTP/1.1”, upstream: "http://...:/", host: ".."
[kong-556cbdb888-khxvg kong-proxy] 2019/10/16 12:52:22 [error] 32#0: 4667106 upstream prematurely closed connection while reading response header from upstream, client: 10.0.5.53, server: kong, request: “GET / HTTP/1.1”, upstream: "http://...:/", host: ".."

Earlier with kong-1.1 and kong-ingress-controller-0.3.0 , keycloak was working as expected. after upgrading it, it stopped working.

Do you mind sharing the output of Kong routes, services and upstreams for Kong 1.1 and Kong 1.3?
Is there any difference for the values that you see?

HI hbagdi,

Thanks for replying on query.
Actually we are using same route , services and upstream for both kong versions:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/force-ssl-redirect: “true”
name: keycloak-ing
namespace: breeze
spec:
rules:

  • host: loginv1.test.com
    http:
    paths:
    • backend:
      serviceName: keycloak
      servicePort: 8443
      path: /auth
    • backend:
      serviceName: keycloak
      servicePort: 8443
      path: /

apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: keycloak-ing
namespace: breeze
proxy:
protocol: https
connect_timeout: 10000
retries: 10
read_timeout: 10000
write_timeout: 10000
route:
methods:

  • POST
  • GET
  • PUT
  • DELETE
    regex_priority: 0
    strip_path: false
    preserve_host: true
    protocols:
  • http
  • https

with kong-1.1 its working but kong-1.3 giving error

Thanks

This suggests that the upstream (Keycloak in your case) closed the connection while the response was being read from Kong.
Do you seen any logs in Keycloak which suggest why it is abruptly closing the connections?

HI Harry,

In keycloak logs, there is no incoming request is coming. like kong is not able to access keycloak-ingress.

Thanks,

I’m having this exact error. Any updates on this?

FYI I have this error with nginx + keycloak 11, so it’s not a kong issue (I just stumbled accross this thread).
I’m pretty sure it’s Keycloak/Undertows/Wildflys doing something wrong here.
Just wanted to throw in my two cents. I’m still trying to investigate this issue further.

Has anybody been able to get any further solving this issue?