charts
charts copied to clipboard
bitnami
KC_PROXY deprecated, use proxy-headers
Name and Version
bitnami/keycloack 21.2.1
What architecture are you using?
amd64
What steps will reproduce the bug?
- Deploy helm chart with the following values:
replicaCount: 1
proxy: "edge"
production: true
cache:
enabled: true
stackName: kubernetes
service:
type: NodePort
ingress:
enabled: true
path: "/*"
hostname: "[REDACTED]"
ingressClassName: alb
postgresql:
enabled: false
externalDatabase:
[REDACTED]
What is the expected behavior?
normal startup
What do you see instead?
Logs about deprecated KC_PROXY config
2024-05-20 22:56:14,193 WARN [org.key.qua.run.cli.Picocli] (main) The following used options or option values are DEPRECATED and will be removed in a future release:
- proxy: Use proxy-headers.
Consult the Release Notes for details.
Additional information
When using proxy: edge, what should be the config?
Hi, thank you for reporting this issue. I can reproduce it installing the bitnami/keycloak chart with default values:
$ helm install keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --version 21.3.1
$ kubectl logs statefulset/keycloak
2024-05-27 09:49:32,273 WARN [org.key.qua.run.cli.Picocli] (main) The following used options or option values are DEPRECATED and will be removed in a future release:
- proxy: Use proxy-headers.
Although it's just a deprecation warning (for now), we can fix it in the container and chart configuration.
Some references:
- https://www.keycloak.org/server/reverseproxy
The support for setting proxy modes is deprecated and will be removed in a future Keycloak release. Consider configuring accepted reverse proxy headers instead [...]
- https://www.keycloak.org/docs/24.0.4/upgrading/index.html#deprecated-proxy-option
Would you like to contribute sending a PR with the changes to fix this issue? The Bitnami team will be more than happy to review your submission and offer feedback. You can find the contributing guidelines here.
Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.
I guess fixing the chart will first require fixing the Docker image, as reported at https://github.com/bitnami/containers/issues/65190.
Note that Keycloak 25 introduced even more changes when it comes to hostnames: https://www.keycloak.org/2024/06/keycloak-2500-released.html#_new_hostname_options.
Thank you for linking both issues. You are correct, the container image needs to be adapted as well.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I have just set the https://github.com/bitnami/charts/labels/on-hold label as https://github.com/bitnami/containers/issues/65190 needs to be fixed first.
One question I have about proxy: edge to proxyHeaders: xforwarded (or forwarded) is the arg --http-enabled true in the documentation.
Seems that the PR #27890 and #28530 don't address it by adding a flag for --http-enabled true.
https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
One question I have about
proxy: edgetoproxyHeaders: xforwarded (or forwarded)is the arg--http-enabled truein the documentation. Seems that the PR #27890 and #28530 don't address it by adding a flag for--http-enabled true.https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
@lucasfcnunes See https://github.com/bitnami/containers/pull/67957#issuecomment-2221450498
TLDR http-enabled is always true unconditionally in bitnami containers