New to this and spend a day to figured out, perhaps this will help some of you.
1. Prepare your k8s template yaml.
apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/rewrite-target: /<CUSTOM_CONTEXT_PATH>/auth/ name: keycloak-ingress spec: rules: - host: myhost.com http: paths: - path: /<CUSTOM_CONTEXT_PATH>/auth/ backend: serviceName: keycloak-service servicePort: 9000 tls: - hosts: - myhost.com secretName: keycl-secret
2. Update web-context in <KEYCLOAK_HOME>/standalone/configuration/standalone.xml, standalone-ha.xml, or domain.xml depending on your operating mode.
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> ... <web-context><CUSTOM_CONTEXT_PATH>/auth/</web-context> <providers> <provider>classpath:${jboss.home.dir}/providers/*</provider> </providers> ... </subsystem
3. Add proxy-address-forwarding under http-listerner in <KEYCLOAK_HOME>/standalone/configuration/standalone.xml, standalone-ha.xml, or domain.xml depending on your operating mode.
<subsystem xmlns="urn:jboss:domain:undertow:6.0"> ... <http-listener name="default" socket-binding="http" proxy-address-forwarding="true"/> ... </subsystem>
4. Update index.html in <KEYCLOAK_HOME>welcome-content/index.html
<head> <meta http-equiv="refresh" content="0; url=/<CUSTOM_CONTEXT_PATH>/auth/" /> <meta name="robots" content="noindex, nofollow"> <script type="text/javascript"> window.location.href = "/<CUSTOM_CONTEXT_PATH>/auth/" </script> </head> <body> If you are not redirected automatically, follow this <a href='<CUSTOM_CONTEXT_PATH>/auth'>link</a>. </body> </html>
Thanks a lot! I couldn’t figure out where the /auth/ redirection was coming from 🙂 Best regards.
It’s from k8s ingress config @ line as below:
- path: /{CUSTOM_CONTEXT_PATH}/auth/
I had curious about where’re files from step 2? You get into pod and edit that? If yes, when service restart and this pod is replace or keycloak service scale up then this solution will fail?
It’s from {KEYCLOAK_HOME}/standalone/configuration/
you can checkout the file from distribution @ https://www.keycloak.org//downloads.html (download and extract it locally you will see).
That is prebuild keycloak docker image based on the configuration, what I did was, replace original xml config with updated version during docker build, then orchestrate using Kubernetes.
Hope that helps.