Kubernetes KeyCloak 和 Traefik 配置

tag-icon tag-icon proxy kubernetes
Kubernetes KeyCloak 和 Traefik 配置

我使用 helm 和service.type: ClusterIP此 Hub 的默认设置配置了 KeyCloak

https://hub.kubeapps.com/charts/codecentric/keycloak

我还使用 Traefik 2.2 向外部公开 Keycloak

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: isp-ingress
  namespace: isp
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.tls.certresolver: default
spec:
  rules:
    - host: my-domain-url
      http:
        paths:
          - backend:
              serviceName: keycloak-http
              servicePort: 80

这使我陷入死机白屏并出现以下错误:

Mixed Content: The page at 'https://my-domain-url/auth/admin/master/console/' was loaded over HTTPS, but requested an insecure script 'http://my-domain-url/auth/js/keycloak.js?version=keulg'. This request has been blocked; the content must be served over HTTPS.

在 KeyCloak 中文档我发现:

Configuring your proxy to generate the X-Forwarded-For and X-Forwarded-Proto HTTP headers and preserving the original Host HTTP header is beyond the scope of this guide.

我认为我需要配置 Traefik 来使用中间件,如下所述这里。我尝试把这个从文档中摘取的:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: keycloack-header
spec:
  headers:
    sslRedirect: true

并以这样的方式应用到我的集群:

kubectl apply -f namefile.yaml

这是回复:

middleware.traefik.containo.us/keycloack-header configured

现在呢?我在 Traefik 控制台的哪里可以找到这个中间件?

尝试放入注释 Ingress

 annotations:
    traefik.ingress.kubernetes.io/router.middlewares: keycloack-header

我收到此错误:

middleware "keycloack-header@kubernetes" does not exist

如何实现这一点?有人能给我指出正确的方向吗?

答案1

我绝对不是这个领域的专家,但你试过在中间件名称之前指定命名空间吗?在我的 Helm yaml:s 中,我有以下内容为我解决了这个问题(我猜在你的情况下{{ Release.Namespace }}会改为isp):

traefik.ingress.kubernetes.io/router.middlewares: isp-keycloak-header@kubernetescrd

请注意:@kubernetes记录

希望这可以帮助!

干杯

相关内容