Hello there, If you came here I guess you are also tired of finding the solution to Deploy KeyCloak with Ingress(Nginx) in Kubernetes (K8s), I have faced the some issue that are not available very openly, so I'm here to make sure you didn't go through the pain I have gone through 😅 so let's start.
Kubernetes Cluster(can create with KOps), Ingress Controller (Nginx)
Select Which chart you want to use, there are 2 helm chart
Feel Free to Use anyone of these you can just google them or click on the link provided above. For this Example we'll use the Bitnami KeyCloak, personally I think it's easier to deploy with this chart.
So I guess you decided to use the Bitnami Chart too, so there are few thing you need to take care otherwise the deployment will fail.
Make sure you have set the password for the external database by passing into values.yaml
These 2 field should have same value otherwise you'll run into postgres error and pod will go crashback-loop
And Since we are using Nginx as Ingress-Controller we are going to to enable the ingress
I hope you are finding these value in values.yaml and overwriting them, now most Important thing since we are using Application Load Balancer in our case (I'll attach the link how to do that too soon.)
I have configure it in such a way that Before ALB all traffic is in HTTPS and from there in HTTP if you have the same case
make sure you have done this change.
And You can configure the username and its password as well I hope you'll find the values.
Now You can deploy the helm chart with updated values and the wait for few seconds as it will take some time grab a water bottle for yourself 🍾.
Confirmation that it's running successfully try the kube-proxy command to proxy the port to you're local system and see if it's running if yes then we can move forward, if not 🥺 plz check the configuration that you have made or feel free to ask in comments.
If you have done this step while setting up the ingress it's well and good but if not you are like me😊.
KeyCloak needs some headers to work behind proxy as it's mentioned here
We need to configure our Nginx Ingress Controller to pass the headers so after digging for 5 Days I found this,
We need to create a configmap which contains the following data
and make sure the name is correct otherwise it will not work, to verify it's working see the logs of the pod
You'll see something like
Found the configmap needed to reload backend, reload complete
not exactly but something like this and you're done
Now go to your hostname that associated with keycloak you'll be able to access the admin-panel without issue.
First if you didn't set the password whenever you'll upgrade the helm chart you'll loose the connection with postgres as the by default password is randomly generated it will change after upgrade so make sure you have provided the password.
Second if the header are not making through Ingress You'll not be able to access the admin console rather than you'll be stuck with
if it's already configure you'll not face this error.
Third too many redirect
This is due the proxy=passthrough which lead to this error.
And its default value so make sure if your tls terminate at loadbalancer or proxy which is in front of keycloak then you have to use the
and it will start working
Feel Free to ask any question