本文介绍了无法通过Kong Ingress Controller后面的密钥斗来访问管理控制台页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在Kong Ingress Controller后面有Keycloak.我可以在我的{url}/auth/上看到keycloak欢迎页面.但是,当我单击管理控制台时,我将重定向到{url}:8443/auth/admin/master/console/

I have Keycloak behind Kong Ingress Controller.I 'm able to see keycloak welcome page at my {url}/auth/. However, when I click at Administration Console I am redirected to {url}:8443/auth/admin/master/console/

当我在管理控制台上单击时,应重定向到{url}/auth/admin/master/console/

When I click at Administration Console I should be redirect to {url}/auth/admin/master/console/

当我在minikube上安装keycloak(带有头盔)时,不使用入口和负载平衡器就将该服务作为NodePort服务公开时,我可以访问管理控制台页面.

When I install keycloak (with helm) on minikube exposing the the service as a NodePort service without using ingress and load balancer I'm able to access Administration Console page.

我在此链接中有关于此问题的详细信息-> https://github .com/codecentric/helm-charts/issues/17

I have detailed information about this problem in this link -> https://github.com/codecentric/helm-charts/issues/17

我陷入了困境,不知道如何解决问题.

I'm stuck in this and have no idea how to solve the problem.

推荐答案

我可能在一年前就遇到了这个问题,我记得那是愚蠢的重定向,但我没有使用Kong Ingress Controller,而只是使用了普通的Kong.我面临的问题是Kong以非特权用户身份运行,并且无法绑定到低号端口.因此,Kong绑定到8443 ssl,并将愚蠢的重定向从443重定向到8443.我通常无法解决此问题,并重新发明了轮子.

I have faced this issue may be a year ago, I remember that stupid redirect but I was not using Kong Ingress Controller, just a plain Kong. The problem I faced is that Kong runs as unprivileged user and cannot bind to low number ports. So Kong binds to 8443 ssl and places stupid redirect from 443 to 8443. I could not normally fix that and reinvented the wheel.

我将80和443端口用于Kong:

I used ports 80 and 443 for Kong:

    ports:
    - name: kong-proxy
      containerPort: 80
    - name: kong-proxy-ssl
      containerPort: 443
    - name: kong-admin
      containerPort: 8001
    - name: kong-admin-ssl
      containerPort: 8444

然后定义新的端口和功能:

Then defined new ports and capability:

securityContext:
  capabilities:
    add:
    - NET_BIND_SERVICE
env:
  - name: KONG_PROXY_LISTEN
    value: 0.0.0.0:80, 0.0.0.0:443 ssl
  - name: KONG_ADMIN_LISTEN
    value: 0.0.0.0:8001, 0.0.0.0:8444 ssl

那之后,那个愚蠢的重定向消失了.

After that that stupid redirect disappeared.

希望有帮助.

更新

对不起,忘了提及要使端口80和443正常工作,我用以下代码行构建自定义Docker映像:

Sorry, forgot to mention that for ports 80 and 443 to work I build custom Docker image with that lines:

FROM  kong:1.1.1-centos
RUN chown -R kong:kong /usr/local/kong \
    && setcap 'cap_net_bind_service=+ep' /usr/local/bin/kong \
    && setcap 'cap_net_bind_service=+ep' /usr/local/openresty/nginx/sbin/nginx

这篇关于无法通过Kong Ingress Controller后面的密钥斗来访问管理控制台页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-15 09:58