HTTPS on kubernetes
78 views
Skip to first unread message
Eren Atolgan
Mar 11, 2025, 4:03:10 PM3/11/25
to Keycloak User
Hello
Sorry I dont find solution. I try to use keycloak on kubernetes but dont work on https (http is okay)
Somebody have a solution ? Where is my mistake / forget ?
apiVersion: v1
kind: Namespace
metadata:
name: keycloak
---
apiVersion: v1
kind: Secret
metadata:
name: keycloak-secret
type: kubernetes.io/tls
data:
tls.crt:
tls.key:
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: keycloak-pv
namespace: keycloak
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: "/mnt/data"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: keycloak-pvc
namespace: keycloak
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-http
namespace: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8888
targetPort: 8888
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-https
namespace: keycloak
labels:
app: keycloak
spec:
ports:
- name: https
port: 8443
targetPort: 8443
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: keycloak
namespace: keycloak
labels:
app: keycloak
spec:
serviceName: "keycloak"
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:26.1.3
args: ["start-dev"]
env:
- name: KC_BOOTSTRAP_ADMIN_USERNAME
value: "admin"
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
value: "admin"
- name: KC_HEALTH_ENABLED
value: "true"
- name: KC_HTTP_PORT
value: "8888"
- name: KC_HTTP_RELATIVE_PATH
value: "/auth"
- name: KC_HTTPS_PORT
value: "8443"
- name: KC_PROXY_HEADERS
value: "xforwarded"
- name: KC_HOSTNAME
value: 10.227.10.196
ports:
- name: http
containerPort: 8888
- name: https
containerPort: 8443
volumeMounts:
- name: keycloak-storage
mountPath: /opt/keycloak/data
volumes:
- name: keycloak-storage
persistentVolumeClaim:
claimName: keycloak-pvc
kind: Namespace
metadata:
name: keycloak
---
apiVersion: v1
kind: Secret
metadata:
name: keycloak-secret
type: kubernetes.io/tls
data:
tls.crt:
tls.key:
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: keycloak-pv
namespace: keycloak
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: "/mnt/data"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: keycloak-pvc
namespace: keycloak
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-http
namespace: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8888
targetPort: 8888
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-https
namespace: keycloak
labels:
app: keycloak
spec:
ports:
- name: https
port: 8443
targetPort: 8443
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: keycloak
namespace: keycloak
labels:
app: keycloak
spec:
serviceName: "keycloak"
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:26.1.3
args: ["start-dev"]
env:
- name: KC_BOOTSTRAP_ADMIN_USERNAME
value: "admin"
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
value: "admin"
- name: KC_HEALTH_ENABLED
value: "true"
- name: KC_HTTP_PORT
value: "8888"
- name: KC_HTTP_RELATIVE_PATH
value: "/auth"
- name: KC_HTTPS_PORT
value: "8443"
- name: KC_PROXY_HEADERS
value: "xforwarded"
- name: KC_HOSTNAME
value: 10.227.10.196
ports:
- name: http
containerPort: 8888
- name: https
containerPort: 8443
volumeMounts:
- name: keycloak-storage
mountPath: /opt/keycloak/data
volumes:
- name: keycloak-storage
persistentVolumeClaim:
claimName: keycloak-pvc
Thank you
Best Regards
Eren Atolgan
Best Regards
Eren Atolgan
Björn Pedersen
Mar 13, 2025, 7:25:16 AM3/13/25
to Keycloak User
You never mount and use your tls secret and keys...
Reply all
Reply to author
Forward
0 new messages