Keycloak nginx ingress 504 Gateway Time-out

Question

Keycloak nginx ingress 504 Gateway Time-out

usersina opened this issue a year ago · comments

I installed the Keycloak helm chart with ingress enabled, hoping to reach https://auth.my-domain.com. However, the ingress route always timeouts with:

504 Gateway Time-out

On the other hand, kubectl port forwarding works without issues and I'm able to access Keycloak over the server IP.

Here's the command I install the chart with as well as the config file:

helm upgrade -f config.yaml \
    --install \
    --namespace staging \
    --set kcUser='admin' \
    --set kcPassword='admin' \
    --set dbHost='192.168.1.3' \
    --set dbUser='keycloak_user' \
    --set dbPassword='123456' \
    keycloak codecentric/keycloak

config.yaml

image:
  repository: "quay.io/keycloak/keycloak"
  tag: 13.0.1

# Keycloak interface credentials
kcUser: admin
kcPassword: admin

# Database credentials
dbHost: "postgres-db-host"
dbUser: keycloak_user
dbPassword: "123456"

# Disable PostgreSQL chart dependency since we use an external db
postgresql:
  enabled: false
  postgresqlDatabase: "keycloak"

# Environment variables
extraEnv: |
  - name: DB_VENDOR
    value: postgres
  - name: DB_ADDR
    value: "{{ .Values.dbHost }}"
  - name: DB_PORT
    value: "5432"
  - name: DB_DATABASE
    value: keycloak
  - name: PROXY_ADDRESS_FORWARDING
    value: "true"

extraEnvFrom: |
  - secretRef:
      name: '{{ include "keycloak.fullname" . }}-db'

secrets:
  db:
    stringData:
      KEYCLOAK_USER: "{{ .Values.kcUser }}"
      KEYCLOAK_PASSWORD: "{{ .Values.kcPassword }}"
      DB_USER: "{{ .Values.dbUser }}"
      DB_PASSWORD: "{{ .Values.dbPassword }}"

ingress:
  enabled: true
  annotations:
    cert-manager.io/cluster-issuer: app-clusterissuer
  rules:
    - host: auth.my-domain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - auth.my-domain.com
      secretName: app-certificate-secret

One thing to mention is that I use Keycloak 13.0.1. Other than that, I tried a bunch of configuration to make it work. To name a few:

What am I missing? Thanks.

Anis Benna · Answer 1 · Tue Mar 14 2023 16:31:01 GMT+0800 (China Standard Time)

I also tried overriding the JVM Options by changing the jboss.bind.address as follows but to no avail.

extraEnv: |
  ...
  - name: JAVA_OPTS
    value: >-
      -XX:+UseContainerSupport
      -XX:MaxRAMPercentage=50.0
      -Djava.net.preferIPv4Stack=true
      -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS
      -Djboss.bind.address=0.0.0.0
      -Djboss.bind.address.management=0.0.0.0
      -Djava.awt.headless=true

Anis Benna · Answer 2 · Tue Mar 14 2023 22:04:59 GMT+0800 (China Standard Time)

Looks like this wasn't Keycloak specific but it's happening for all of my pods actually.

Basically, the Pods cannot access each other due to a CoreDNS and Ubuntu 22.04 issue. I tested that by having Keycloak and the Ingress controller Pod run on the same node then the ingress for that specific node worked.