• 网关路由
  • 如何使用kubesphere 内置的应用路由?官网的介绍相当的简单

环境:

kubesphere 4.1.3

问题:

step 1.使用 Keycloak Operator 安装 keycloak ,创建的容器组的yaml 内容如下:

kind: Pod

apiVersion: v1

metadata:

  name: keycloak-0

  generateName: keycloak-

  namespace: keycloak

  creationTimestamp: '2025-06-18T05:45:02Z'

  labels:

    app: keycloak

    app.kubernetes.io/component: server

    app.kubernetes.io/instance: keycloak

    app.kubernetes.io/managed-by: keycloak-operator

    apps.kubernetes.io/pod-index: '0'

    controller-revision-hash: keycloak-68b6bd47bc

    ippool.network.kubesphere.io/name: default-ipv4-ippool

    statefulset.kubernetes.io/pod-name: keycloak-0

  annotations:

    cni.projectcalico.org/containerID: 2f54285014351d1a6c18f7b09665bfe8ab1ae5dc7d724e1c469d9dd1fe624427

    cni.projectcalico.org/podIP: 10.233.101.142/32

    cni.projectcalico.org/podIPs: 10.233.101.142/32

    operator.keycloak.org/watched-secret-hash: 603e7d0d4b057956286a56a9156c809a334c8743094991f2f040f47ad03f406

spec:

  volumes:

    - name: keycloak-tls-certificates

      secret:

        secretName: keycloak-tls

        defaultMode: 420

        optional: false

    - name: kube-api-access-9tqnb

      projected:

        sources:

          - serviceAccountToken:

              expirationSeconds: 3607

              path: token

          - configMap:

              name: kube-root-ca.crt

              items:

                - key: ca.crt

                  path: ca.crt

          - downwardAPI:

              items:

                - path: namespace

                  fieldRef:

                    apiVersion: v1

                    fieldPath: metadata.namespace

        defaultMode: 420

  containers:

    - name: keycloak

      image: 'hub.registry.local/keycloak/keycloak:26.2.0'

      args:

        - '-Djgroups.dns.query=keycloak-discovery.keycloak'

        - '-Djgroups.bind.address=$(POD_IP)'

        - '--verbose'

        - start

      ports:

        - name: https

          containerPort: 8443

          protocol: TCP

        - name: http

          containerPort: 8080

          protocol: TCP

        - name: management

          containerPort: 9000

          protocol: TCP

      env:

        - name: KC_HOSTNAME

          value: keycloak.xiangxun.org

        - name: KC_HTTP_PORT

          value: '8080'

        - name: KC_HTTPS_PORT

          value: '8443'

        - name: KC_HTTPS_CERTIFICATE_FILE

          value: /mnt/certificates/tls.crt

        - name: KC_HTTPS_CERTIFICATE_KEY_FILE

          value: /mnt/certificates/tls.key

        - name: KC_DB

          value: postgres

        - name: KC_DB_USERNAME

          valueFrom:

            secretKeyRef:

              name: postgresql-db-credentials

              key: username

        - name: KC_DB_PASSWORD

          valueFrom:

            secretKeyRef:

              name: postgresql-db-credentials

              key: password

        - name: KC_DB_URL_HOST

          value: postgres-service

        - name: KC_PROXY_HEADERS

          value: xforwarded

        - name: KC_BOOTSTRAP_ADMIN_USERNAME

          valueFrom:

            secretKeyRef:

              name: keycloak-initial-admin

              key: username

        - name: KC_BOOTSTRAP_ADMIN_PASSWORD

          valueFrom:

            secretKeyRef:

              name: keycloak-initial-admin

              key: password

        - name: KC_HEALTH_ENABLED

          value: 'true'

        - name: KC_CACHE

          value: ispn

        - name: KC_CACHE_STACK

          value: kubernetes

        - name: POD_IP

          valueFrom:

            fieldRef:

              apiVersion: v1

              fieldPath: status.podIP

        - name: KC_TRUSTSTORE_PATHS

          value: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

        - name: KC_TRACING_SERVICE_NAME

          value: keycloak

        - name: KC_TRACING_RESOURCE_ATTRIBUTES

          value: k8s.namespace.name=keycloak

      resources:

        limits:

          memory: 2Gi

        requests:

          memory: 1700Mi

      volumeMounts:

        - name: keycloak-tls-certificates

          mountPath: /mnt/certificates

        - name: kube-api-access-9tqnb

          readOnly: true

          mountPath: /var/run/secrets/kubernetes.io/serviceaccount

      livenessProbe:

        httpGet:

          path: /health/live

          port: 9000

          scheme: HTTPS

        timeoutSeconds: 1

        periodSeconds: 10

        successThreshold: 1

        failureThreshold: 3

      readinessProbe:

        httpGet:

          path: /health/ready

          port: 9000

          scheme: HTTPS

        timeoutSeconds: 1

        periodSeconds: 10

        successThreshold: 1

        failureThreshold: 3

      startupProbe:

        httpGet:

          path: /health/started

          port: 9000

          scheme: HTTPS

        timeoutSeconds: 1

        periodSeconds: 1

        successThreshold: 1

        failureThreshold: 600

      terminationMessagePath: /dev/termination-log

      terminationMessagePolicy: File

      imagePullPolicy: Always

  restartPolicy: Always

  terminationGracePeriodSeconds: 30

  dnsPolicy: ClusterFirst

  serviceAccountName: default

  serviceAccount: default

  nodeName: luban-worker3

  securityContext: {}

  hostname: keycloak-0

  affinity:

    podAffinity:

      preferredDuringSchedulingIgnoredDuringExecution:

        - weight: 10

          podAffinityTerm:

            labelSelector:

              matchLabels:

                app: keycloak

                app.kubernetes.io/component: server

                app.kubernetes.io/instance: keycloak

                app.kubernetes.io/managed-by: keycloak-operator

            topologyKey: topology.kubernetes.io/zone

    podAntiAffinity:

      preferredDuringSchedulingIgnoredDuringExecution:

        - weight: 50

          podAffinityTerm:

            labelSelector:

              matchLabels:

                app: keycloak

                app.kubernetes.io/component: server

                app.kubernetes.io/instance: keycloak

                app.kubernetes.io/managed-by: keycloak-operator

            topologyKey: kubernetes.io/hostname

  schedulerName: default-scheduler

  tolerations:

    - key: node.kubernetes.io/not-ready

      operator: Exists

      effect: NoExecute

      tolerationSeconds: 300

    - key: node.kubernetes.io/unreachable

      operator: Exists

      effect: NoExecute

      tolerationSeconds: 300

  priority: 0

  enableServiceLinks: true

  preemptionPolicy: PreemptLowerPriority

在web管理 容器组应用 字段无内容

创建的service使用nodeprot 访问正常

step 2.配置应用路由

kind: Ingress

apiVersion: networking.k8s.io/v1

metadata:

  name: keycloak-ingress

  namespace: keycloak

  creationTimestamp: '2025-06-18T06:17:05Z'

  annotations:

    kubesphere.io/creator: admin

    nginx.ingress.kubernetes.io/backend-protocol: HTTPS

    nginx.ingress.kubernetes.io/proxy-read-timeout: '120'

    nginx.ingress.kubernetes.io/proxy-send-timeout: '120'

    nginx.ingress.kubernetes.io/ssl-redirect: 'true'

spec:

  ingressClassName: kubesphere-router-namespace-keycloak

  tls:

    - hosts:

        - keycloak.xiangxun.org

      secretName: keycloak-tls

  rules:

    - host: keycloak.xiangxun.org

      http:

        paths:

          - path: /

            pathType: Prefix

            backend:

              service:

                name: keycloak-service

                port:

                  number: 8443

无法正常访问,且在web页面,应用路由,应用字段无内容

step 3.查看nginx ingress 日志

kubectl logs -f kubesphere-router-keycloak-6dc5d7cbdd-skx9d -n kubesphere-controls-system 日志内容如下:

I0618 06:58:15.748398       7 status.go:304] "updating Ingress status" namespace="keycloak" ingress="keycloak-ingress" currentValue=[{"ip":"192.168.10.168"}] newValue=[{"ip":"192.168.10.167"}]

I0618 06:58:16.165937       7 event.go:377] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"keycloak", Name:"keycloak-ingress", UID:"50df418f-307e-4487-a4ce-33a51aa1df98", APIVersion:"networking.k8s.io/v1", ResourceVersion:"3244198", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync

192.168.10.167 - - [18/Jun/2025:06:59:15 +0000] "GET / HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0" 329 0.017 [keycloak-keycloak-service-8443] [] 10.233.101.142:8443 0 0.017 302 cf6d756bf00614b2ae15630059c8c47a

问题

  1. 求指点如何使用 kubesphere 内置的应用路由?
  2. 创建的容器组 应用字段无内容的问题?
  3. 创建应用路由,应用字段无内容的问题?

# 1.查看关的资源配置

step 1.查看pod

root@luban-controlplane1 metallb]# kubectl describe pod keycloak-0  -n keycloak

Name:             keycloak-0

Namespace:        keycloak

Priority:         0

Service Account:  default

Node:             luban-worker3/192.168.10.169

Start Time:       Wed, 18 Jun 2025 13:45:07 +0800

Labels:           app=keycloak

              app.kubernetes.io/component=server

              app.kubernetes.io/instance=keycloak

              app.kubernetes.io/managed-by=keycloak-operator

              apps.kubernetes.io/pod-index=0

              controller-revision-hash=keycloak-68b6bd47bc

              ippool.network.kubesphere.io/name=default-ipv4-ippool

              statefulset.kubernetes.io/pod-name=keycloak-0

Annotations:      cni.projectcalico.org/containerID: 2f54285014351d1a6c18f7b09665bfe8ab1ae5dc7d724e1c469d9dd1fe624427

              cni.projectcalico.org/podIP: 10.233.101.142/32

              cni.projectcalico.org/podIPs: 10.233.101.142/32

              operator.keycloak.org/watched-secret-hash: 603e7d0d4b057956286a56a9156c809a334c8743094991f2f040f47ad03f406

Status:           Running

IP:               10.233.101.142

IPs:

IP:           10.233.101.142

Controlled By:  StatefulSet/keycloak

Containers:

keycloak:

Container ID:  containerd://1a3a8f34b351ed869bf56fd3023962f91aa99c4625c6becb9b769240ec548b86

Image:         hub.registry.local/keycloak/keycloak:26.2.0

Image ID:      hub.registry.local/keycloak/keycloak@sha256:526dd7595efd6b36ae4f3f513b5c68b546a8ae19df92fb7575df12296930ecd7

Ports:         8443/TCP, 8080/TCP, 9000/TCP

Host Ports:    0/TCP, 0/TCP, 0/TCP

Args:

  -Djgroups.dns.query=keycloak-discovery.keycloak

  -Djgroups.bind.address=$(POD_IP)

  --verbose

  start

State:          Running

  Started:      Wed, 18 Jun 2025 13:45:50 +0800

Ready:          True

Restart Count:  0

Limits:

  memory:  2Gi

Requests:

  memory:   1700Mi

Liveness:   http-get https://:9000/health/live delay=0s timeout=1s period=10s #success=1 #failure=3

Readiness:  http-get https://:9000/health/ready delay=0s timeout=1s period=10s #success=1 #failure=3

Startup:    http-get https://:9000/health/started delay=0s timeout=1s period=1s #success=1 #failure=600

Environment:

  KC_HOSTNAME:                     keycloak.xiangxun.org

  KC_HTTP_PORT:                    8080

  KC_HTTPS_PORT:                   8443

  KC_HTTPS_CERTIFICATE_FILE:       /mnt/certificates/tls.crt

  KC_HTTPS_CERTIFICATE_KEY_FILE:   /mnt/certificates/tls.key

  KC_DB:                           postgres

  KC_DB_USERNAME:                  <set to the key 'username' in secret 'postgresql-db-credentials'>  Optional: false

  KC_DB_PASSWORD:                  <set to the key 'password' in secret 'postgresql-db-credentials'>  Optional: false

  KC_DB_URL_HOST:                  postgres-service

  KC_PROXY_HEADERS:                xforwarded

  KC_BOOTSTRAP_ADMIN_USERNAME:     <set to the key 'username' in secret 'keycloak-initial-admin'>  Optional: false

  KC_BOOTSTRAP_ADMIN_PASSWORD:     <set to the key 'password' in secret 'keycloak-initial-admin'>  Optional: false

  KC_HEALTH_ENABLED:               true

  KC_CACHE:                        ispn

  KC_CACHE_STACK:                  kubernetes

  POD_IP:                           (v1:status.podIP)

  KC_TRUSTSTORE_PATHS:             /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

  KC_TRACING_SERVICE_NAME:         keycloak

  KC_TRACING_RESOURCE_ATTRIBUTES:  k8s.namespace.name=keycloak

Mounts:

  /mnt/certificates from keycloak-tls-certificates (rw)

  /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-9tqnb (ro)

Conditions:

Type                        Status

PodReadyToStartContainers   True

Initialized                 True

Ready                       True

ContainersReady             True

PodScheduled                True

Volumes:

keycloak-tls-certificates:

Type:        Secret (a volume populated by a Secret)

SecretName:  keycloak-tls

Optional:    false

kube-api-access-9tqnb:

Type:                    Projected (a volume that contains injected data from multiple sources)

TokenExpirationSeconds:  3607

ConfigMapName:           kube-root-ca.crt

ConfigMapOptional:       <nil>

DownwardAPI:             true

QoS Class:                   Burstable

Node-Selectors:              <none>

Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s

                         node.kubernetes.io/unreachable:NoExecute op=Exists for 300s

Events:                      <none>

[root@luban-controlplane1 metallb]#

````

该服务的后端容器组IP 10.233.101.142, 提供 8443 端口的服务

step 2.查看应用的svc

[root@luban-controlplane1 metallb]# kubectl describe svc keycloak-service  -n keycloak

Name:                     keycloak-service

Namespace:                keycloak

Labels:                   app=keycloak

                      app.kubernetes.io/instance=keycloak

                      app.kubernetes.io/managed-by=keycloak-operator

Annotations:              javaoperatorsdk.io/previous: ca2febc6-3be0-4dab-bd0b-f26f6319a16e,3234858

Selector:                 app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak

Type:                     ClusterIP

IP Family Policy:         SingleStack

IP Families:              IPv4

IP:                       10.233.28.225

IPs:                      10.233.28.225

Port:                     https  8443/TCP

TargetPort:               8443/TCP

Endpoints:                10.233.101.142:8443

Port:                     management  9000/TCP

TargetPort:               9000/TCP

Endpoints:                10.233.101.142:9000

Session Affinity:         None

Internal Traffic Policy:  Cluster

Events:                   <none>

[root@luban-controlplane1 metallb]#

后端服务的IP地址为 clusterip 10.233.28.225, 服务端口 8443

step 3.查看 ingress

[root@luban-controlplane1 metallb]# kubectl get ingress -n keycloak

NAME               CLASS                                  HOSTS                   ADDRESS          PORTS     AGE

keycloak-ingress   kubesphere-router-namespace-keycloak   keycloak.xiangxun.org   192.168.10.167   80, 443   14h

[root@luban-controlplane1 metallb]#

[root@luban-controlplane1 metallb]# kubectl describe ingress keycloak-ingress  -n keycloak

Name:             keycloak-ingress

Labels:           <none>

Namespace:        keycloak

Address:          192.168.10.167

Ingress Class:    kubesphere-router-namespace-keycloak

Default backend:  <default>

TLS:

keycloak-tls terminates keycloak.xiangxun.org

Rules:

Host                   Path  Backends

keycloak.xiangxun.org

                     /   keycloak-service:8443 (10.233.101.142:8443)

Annotations:             kubesphere.io/creator: admin

                     nginx.ingress.kubernetes.io/backend-protocol: https

Events:

Type    Reason  Age                     From                      Message

Normal  Sync    2m43s (x1703 over 14h)  nginx-ingress-controller  Scheduled for sync

Normal  Sync    2m43s (x1703 over 14h)  nginx-ingress-controller  Scheduled for sync

Normal  Sync    2m43s (x1703 over 14h)  nginx-ingress-controller  Scheduled for sync

[root@luban-controlplane1 metallb]#

ingree 获取到网关地址 192.168.10.167,代理到后端的 keycloak-service:8443

step 4.查看 Ingress Controller 配置

[root@luban-controlplane1 metallb]# kubectl get pods -n kubesphere-controls-system

NAME                                                   READY   STATUS    RESTARTS        AGE

kubesphere-router-extension-gateway-7c7dbfc46b-d9x4d   1/1     Running   1 (2d16h ago)   5d18h

kubesphere-router-keycloak-6dc5d7cbdd-r2jqz            1/1     Running   0               12h

kubesphere-router-zll-585f577855-wgbpk                 1/1     Running   0               42h

[root@luban-controlplane1 metallb]#
[root@luban-controlplane1 metallb]# kubectl describe pod kubesphere-router-keycloak-6dc5d7cbdd-r2jqz -n kubesphere-controls-system

Name:             kubesphere-router-keycloak-6dc5d7cbdd-r2jqz

Namespace:        kubesphere-controls-system

Priority:         0

Service Account:  kubesphere-router-keycloak

Node:             luban-worker1/192.168.10.167

Start Time:       Wed, 18 Jun 2025 19:57:56 +0800

Labels:           app.kubernetes.io/component=controller

              app.kubernetes.io/instance=kubesphere-router-keycloak

              app.kubernetes.io/managed-by=Helm

              app.kubernetes.io/name=ingress-nginx

              app.kubernetes.io/part-of=ingress-nginx

              app.kubernetes.io/version=1.12.1

              helm.sh/chart=ingress-nginx-4.12.1-ks

              ippool.network.kubesphere.io/name=default-ipv4-ippool

              pod-template-hash=6dc5d7cbdd

Annotations:      cni.projectcalico.org/containerID: 1950e775568ce3ad4bcb6c304a0d19f391771ceecc3eb2b8e97ea61108d6dfef

              cni.projectcalico.org/podIP: 10.233.100.149/32

              cni.projectcalico.org/podIPs: 10.233.100.149/32

              sidecar.istio.io/inject: false

Status:           Running

IP:               10.233.100.149

IPs:

IP:           10.233.100.149

Controlled By:  ReplicaSet/kubesphere-router-keycloak-6dc5d7cbdd

Containers:

controller:

Container ID:    containerd://0d16edd1836dfbb0fd8289d057fc8d363befd9148b5924d7cc7429e0a29bbbf1

Image:           hub.registry.local/ks/kubesphere/ingress-nginx-controller:v1.12.1

Image ID:        hub.registry.local/ks/kubesphere/ingress-nginx-controller@sha256:de50c2a78af53ffea2a5a96f11ba92a05e033266c0c270c33df837ae0311eeaf

Ports:           80/TCP, 443/TCP, 10254/TCP

Host Ports:      0/TCP, 0/TCP, 0/TCP

SeccompProfile:  RuntimeDefault

Args:

  /nginx-ingress-controller

  --election-id=kubesphere-router-namespace-keycloak

  --controller-class=k8s.io/ingress-nginx

  --ingress-class=nginx

  --configmap=$(POD_NAMESPACE)/kubesphere-router-keycloak

  --enable-metrics=true

State:          Running

  Started:      Wed, 18 Jun 2025 19:58:18 +0800

Ready:          True

Restart Count:  0

Liveness:       http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=5

Readiness:      http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=3

Environment:

  POD_NAME:       kubesphere-router-keycloak-6dc5d7cbdd-r2jqz (v1:metadata.name)

  POD_NAMESPACE:  kubesphere-controls-system (v1:metadata.namespace)

  LD_PRELOAD:     /usr/local/lib/libmimalloc.so

Mounts:

  /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tt4wv (ro)

Conditions:

Type                        Status

PodReadyToStartContainers   True

Initialized                 True

Ready                       True

ContainersReady             True

PodScheduled                True

Volumes:

kube-api-access-tt4wv:

Type:                    Projected (a volume that contains injected data from multiple sources)

TokenExpirationSeconds:  3607

ConfigMapName:           kube-root-ca.crt

ConfigMapOptional:       <nil>

DownwardAPI:             true

QoS Class:                   BestEffort

Node-Selectors:              kubernetes.io/os=linux

Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s

                         node.kubernetes.io/unreachable:NoExecute op=Exists for 300s

Events:                      <none>

[root@luban-controlplane1 metallb]#

step 5.查看 Ingress Controller svc

[root@luban-controlplane1 metallb]# kubectl get svc -n kubesphere-controls-system

NAME                                  TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE

kubesphere-router-extension-gateway   NodePort    10.233.48.56   <none>        80:30116/TCP,443:31834/TCP   5d21h

kubesphere-router-keycloak            NodePort    10.233.3.220   <none>        80:31993/TCP,443:30197/TCP   40h

kubesphere-router-keycloak-metrics    ClusterIP   10.233.21.75   <none>        10254/TCP                    40h

kubesphere-router-zll                 NodePort    10.233.3.78    <none>        80:32655/TCP,443:30834/TCP   45h

kubesphere-router-zll-metrics         ClusterIP   10.233.54.41   <none>        10254/TCP                    45h

[root@luban-controlplane1 metallb]#
[root@luban-controlplane1 metallb]# kubectl describe svc kubesphere-router-keycloak   -n kubesphere-controls-system

Name:                     kubesphere-router-keycloak

Namespace:                kubesphere-controls-system

Labels:                   app.kubernetes.io/component=controller

                      app.kubernetes.io/instance=kubesphere-router-keycloak

                      app.kubernetes.io/managed-by=Helm

                      app.kubernetes.io/name=ingress-nginx

                      app.kubernetes.io/part-of=ingress-nginx

                      app.kubernetes.io/version=1.12.1

                      helm.sh/chart=ingress-nginx-4.12.1-ks

Annotations:              meta.helm.sh/release-name: kubesphere-router-keycloak

                      meta.helm.sh/release-namespace: kubesphere-controls-system

Selector:                 app.kubernetes.io/component=controller,app.kubernetes.io/instance=kubesphere-router-keycloak,app.kubernetes.io/name=ingress-nginx

Type:                     NodePort

IP Family Policy:         SingleStack

IP Families:              IPv4

IP:                       10.233.3.220

IPs:                      10.233.3.220

Port:                     http  80/TCP

TargetPort:               http/TCP

NodePort:                 http  31993/TCP

Endpoints:                10.233.100.149:80

Port:                     https  443/TCP

TargetPort:               https/TCP

NodePort:                 https  30197/TCP

Endpoints:                10.233.100.149:443

Session Affinity:         None

External Traffic Policy:  Cluster

Internal Traffic Policy:  Cluster

Events:                   <none>

[root@luban-controlplane1 metallb]#

Ingress Controller Servic 的 type 为 NodePort

[root@luban-controlplane1 metallb]# kubectl get  svc kubesphere-router-keycloak -n kubesphere-controls-system

NAME                         TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)                      AGE

kubesphere-router-keycloak   NodePort   10.233.21.6   <none>        80:31871/TCP,443:30686/TCP   71s

[root@luban-controlplane1 metallb]#

step 6.配置域名 DNS 记录

在域名提供商控制台添加 A 记录:

cat >> /etc/hosts <<EOF

192.168.10.164	keycloak.xiangxun.org

EOF

# 2.更新 Ingress 规则

配置 HTTPS(推荐),HTTPS 使用标准端口 443,可自动隐藏端口号。

步骤 1:创建 TLS 证书(示例使用自签名)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \

-keyout tls.key \

-out tls.crt \

-subj "/CN=keycloak.xiangxun.org"

kubectl create secret tls keycloak-tls \

--key tls.key \

--cert tls.crt \

-n default

步骤 2:更新 Ingress 规则

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

name: keycloak-ingress

namespace: default

annotations:

kubernetes.io/ingress.class: "nginx"

nginx.ingress.kubernetes.io/force-ssl-redirect: "true"  # 强制 HTTPS

spec:

tls:

hosts:

keycloak.xiangxun.org

secretName: keycloak-tls

rules:

host: keycloak.xiangxun.org

http:

paths:

path: /

pathType: Prefix

backend:

service:

name: keycloak-service

port:

  number: 8443

# 3.测试访问

# HTTP 访问(自动重定向到 HTTPS)

curl -I http://keycloak.xiangxun.org

# HTTPS 访问(无端口号)

curl -I https://keycloak.xiangxun.org

结果:使用 nodeport 方式无法进行域名访问。

15 天 后