无法通过Kong Ingress Controller后面的密钥斗来访问管理控制台页面 [英] Can't access Administration Console page with keycloak behind Kong Ingress Controller

问题描述

我在Kong Ingress Controller后面有Keycloak. 我可以在我的{url}/auth/上看到keycloak欢迎页面.但是，当我单击管理控制台时，我将重定向到{url}:8443/auth/admin/master/console/

I have Keycloak behind Kong Ingress Controller. I 'm able to see keycloak welcome page at my {url}/auth/. However, when I click at Administration Console I am redirected to {url}:8443/auth/admin/master/console/

当我在管理控制台上单击时，应重定向到{url}/auth/admin/master/console/

When I click at Administration Console I should be redirect to {url}/auth/admin/master/console/

当我在minikube上安装keycloak(带有头盔)时，不使用入口和负载平衡器就将该服务作为NodePort服务公开时，我可以访问管理控制台页面.

When I install keycloak (with helm) on minikube exposing the the service as a NodePort service without using ingress and load balancer I'm able to access Administration Console page.

我在此链接中有关于此问题的详细信息-> https://github .com/codecentric/helm-charts/issues/17

I have detailed information about this problem in this link -> https://github.com/codecentric/helm-charts/issues/17

我陷入了困境，不知道如何解决问题.

I'm stuck in this and have no idea how to solve the problem.

推荐答案

我可能在一年前就遇到了这个问题，我记得那是愚蠢的重定向，但我没有使用Kong Ingress Controller，而只是使用了普通的Kong.我面临的问题是Kong以非特权用户身份运行，并且无法绑定到低号端口.因此，Kong绑定到8443 ssl，并将愚蠢的重定向从443重定向到8443.我通常无法解决此问题，并重新发明了轮子.

I have faced this issue may be a year ago, I remember that stupid redirect but I was not using Kong Ingress Controller, just a plain Kong. The problem I faced is that Kong runs as unprivileged user and cannot bind to low number ports. So Kong binds to 8443 ssl and places stupid redirect from 443 to 8443. I could not normally fix that and reinvented the wheel.

我将80和443端口用于Kong:

I used ports 80 and 443 for Kong:

    ports:
    - name: kong-proxy
      containerPort: 80
    - name: kong-proxy-ssl
      containerPort: 443
    - name: kong-admin
      containerPort: 8001
    - name: kong-admin-ssl
      containerPort: 8444

然后定义新的端口和功能:

Then defined new ports and capability:

securityContext:
  capabilities:
    add:
    - NET_BIND_SERVICE
env:
  - name: KONG_PROXY_LISTEN
    value: 0.0.0.0:80, 0.0.0.0:443 ssl
  - name: KONG_ADMIN_LISTEN
    value: 0.0.0.0:8001, 0.0.0.0:8444 ssl

那之后，那个愚蠢的重定向消失了.

After that that stupid redirect disappeared.

希望有帮助.

更新

对不起，忘了提及要使端口80和443正常工作，我用以下代码行构建自定义Docker映像:

Sorry, forgot to mention that for ports 80 and 443 to work I build custom Docker image with that lines:

FROM  kong:1.1.1-centos
RUN chown -R kong:kong /usr/local/kong \
    && setcap 'cap_net_bind_service=+ep' /usr/local/bin/kong \
    && setcap 'cap_net_bind_service=+ep' /usr/local/openresty/nginx/sbin/nginx

这篇关于无法通过Kong Ingress Controller后面的密钥斗来访问管理控制台页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！