From de1da0a97b7f85608464e7ebaec7177633213ea2 Mon Sep 17 00:00:00 2001 From: Subhash Khileri Date: Fri, 23 Jan 2026 17:12:50 +0530 Subject: [PATCH] fix(keycloak): use plain HTTP route to avoid certificate issues - Update Keycloak environment variables for HTTP mode: - Replace KC_PROXY_HEADERS with KC_PROXY=edge - Add KC_HOSTNAME_STRICT_HTTPS=false - Remove TLS edge termination from OpenShift route to use plain HTTP - Bump version to 1.1.3 This simplifies test environment setup by avoiding self-signed certificate issues with TLS termination. Co-Authored-By: Claude Opus 4.5 --- package.json | 2 +- src/deployment/keycloak/config/keycloak-values.yaml | 10 ++++++---- src/deployment/keycloak/deployment.ts | 5 +---- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/package.json b/package.json index 16f4e01..2d6f4c3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "rhdh-e2e-test-utils", - "version": "1.1.2", + "version": "1.1.3", "description": "Test utilities for RHDH E2E tests", "license": "Apache-2.0", "type": "module", diff --git a/src/deployment/keycloak/config/keycloak-values.yaml b/src/deployment/keycloak/config/keycloak-values.yaml index 4921cc1..36229a7 100644 --- a/src/deployment/keycloak/config/keycloak-values.yaml +++ b/src/deployment/keycloak/config/keycloak-values.yaml @@ -67,12 +67,14 @@ extraEnvVars: value: admin - name: KEYCLOAK_ADMIN_PASSWORD value: admin123 - - name: KC_HTTP_ENABLED - value: "true" - - name: KC_PROXY_HEADERS - value: "xforwarded" - name: KC_HOSTNAME_STRICT value: "false" + - name: KC_HOSTNAME_STRICT_HTTPS + value: "false" + - name: KC_HTTP_ENABLED + value: "true" + - name: KC_PROXY + value: "edge" - name: JAVA_OPTS_APPEND value: "-Djava.net.preferIPv4Stack=true -Xms256m -Xmx512m" diff --git a/src/deployment/keycloak/deployment.ts b/src/deployment/keycloak/deployment.ts index 640f3ae..b05ad16 100644 --- a/src/deployment/keycloak/deployment.ts +++ b/src/deployment/keycloak/deployment.ts @@ -389,7 +389,7 @@ export class KeycloakHelper { } private async _createRoute(): Promise { - // Use TLS edge termination with Allow policy to support both HTTP and HTTPS + // Use plain HTTP route (no TLS) for test environments to avoid self-signed certificate issues const routeManifest = ` apiVersion: route.openshift.io/v1 kind: Route @@ -406,9 +406,6 @@ spec: weight: 100 port: targetPort: http - tls: - termination: edge - insecureEdgeTerminationPolicy: Allow wildcardPolicy: None `;