Deploying Keycloak on Kubernetes (Connection refused)

[Rami Khalyleh]

Hi,

I need to deploy the Keycloak on Kubernetes, used for authentication/authorization, and verifying tokens for set of microservices also deployed on Kubernetes.

I'm facing connectivity issue (connection refused exception) when a microservice  that is deployed on Kubernetes tries to forward into Keycloak login page to get the user authenticated, through issuer URL (using oauth2) provided in below code snippet.

Form browser, I'm able to access Keycloak through "http://localhost:8080/auth/". But internally from Kubernetes, microservices are not able to access it, through issuer URL as following:

spring:

  application:

    name: api-gateway

  main:

    web-application-type: reactive

    allow-bean-definition-overriding: true

  security:

    oauth2:

      client:

        registration:

          keycloak:

            client-id: ****

            client-secret: *****

            scope: openid, profile, roles

            authorization-grant-type: authorization_code

            redirect-uri: http://localhost:8084/login/oauth2/code/keycloak

            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"

        provider:

          keycloak:

            issuer-uri: http://localhost:8080/auth/realms/shopping-cart-realm

Kubernetes keycloak deployment files that I'm using are attached.

Any idea what is the issue? How to get microservices forwards/opens keycloak login and verify tokens.

Appreciate your help on this

Thanks,

Rami