我有头盔图(https://github.com/codecentric/helm-charts/tree/master/charts/keycloak)配置,如下所示:
keycloak:
basepath: auth/
username: admin
password: password
route:
tls:
enabled: false
extraEnv: |
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_IMPORT
value: keycloak/master-realm.json
- name: JAVA_OPTS
value: >-
-Djboss.socket.binding.port-offset=1000
extraVolumes: |
- name: realm-secret
secret:
secretName: realm-secret
extraVolumeMounts: |
- name: realm-secret
mountPath: "keycloak"
readOnly: true
extraArgs: "-Dkeycloak.migration.action=import -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/keycloak -Dkeycloak.migration.strategy=IGNORE_EXISTING"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
path: /auth/?(.*)
hosts:
- keycloak.localtest.me
keycloak是文件夹,其中所有内容都通过master-realm.json配置,我在其中设置"sslRequired" : "NONE"
我在创建这样的k8s集群中设置了包含master-realm.json的机密:
kubectl create secret generic realm-secret --from-file=./keycloak/master-realm.json
我看到的是:
$ kubectl describe secrets/realm-secret
Name: realm-secret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
master-realm.json: 62288 bytes
但是在我的入口控制器中,我仍然看到错误并且没有任何作用:
W0829 13:44:44.838998 7 controller.go:1387] Error getting SSL certificate "default/keycloak-tls": local SSL certificate default/keycloak-tls was not found
如何禁用此keycloak-tls?
答案 0 :(得分:0)
看起来像在部署头盔图时使用它创建的密钥斗篷的默认入口,它指向并寻找TLS机密。
尝试列出所有入口,并找到使用TLS密码的默认入口。
列表进入依据
Kubectl get ingress
默认名称类似于
{{ .Release.Name }}.keycloak.example.com