The administration console does not load for me. The code looks like this:
<script src="${resourceCommonUrl}/lib/ui-ace/min/ace.js"></script>
<script src="${resourceCommonUrl}/lib/ui-ace/ui-ace.min.js"></script>
<script src="${authUrl}/js/keycloak.js?version=${resourceVersion}" type="text/javascript"></script>
<script src="${resourceUrl}/js/app.js" type="text/javascript"></script>
<script src="${resourceUrl}/js/controllers/realm.js" type="text/javascript"></script>
The whole page is only accessible by https but ${authurl} insists of pointing to plain http.
I run an AWS with the loadbalancer terminating TLS.
The loadbalancer seems to set headers fine:
x-forwarded-for=93.104.xx.xx
x-forwarded-port=443
x-forwarded-proto=https
I also set PROXY_ADDRESS_FORWARDING and even PROXY_ADDRESS_FORWARDING, but it did not make a difference…
Here is the complete eks config:
apiVersion: v1
kind: Service
metadata:
annotations:
external-dns.alpha.kubernetes.io/hostname: keycloak.eks.company.com
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-north-1:xxx:certificate/xxx
service.beta.kubernetes.io/aws-load-balancer-type: nlb
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 443
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:17.0.0
args: ["start-dev"]
env:
- name: KEYCLOAK_ADMIN
value: "admin"
- name: KEYCLOAK_ADMIN_PASSWORD
value: "admin"
- name: KC_PROXY
value: "edge"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_FRONTEND_URL
value: "https://keycloak.eks.company.com/"
ports:
- name: http
containerPort: 8080
readinessProbe:
httpGet:
path: /realms/master
port: 8080
Any idea, what might be wrong?