Keycloak gatekeeper HTTP 502 / timeout after 10 seconds

Question

I am using keycloak gatekeeper as a proxy connected to a keycloak instance to secure kibana. All tools run in a private kubernetes cluster. The keycloak gatekeeper was installed with the following helm chart https://github.com/mvitale1989/helm-keycloak-gatekeeper.

I noticed that by long running kibana queries (> 10 seconds) I get after exactly 10 seconds HTTP 502 bad gateway. I connected directly to kibana with "kubectl port-forward ...." and tested some long running queries and get timeouts after 30 seconds. That's why I think that the keycloak gatekeeper is responsible for the HTTP 502 code. I couldn't find anything in the logs from the keycloak gatekeeper instance.

Question: Is there a default timeout in keycloak gatekeeper for requests to upstream that last longer than 10 seconds? If yes, how can I change it to for example 30 seconds?

Thank you very much in advance!

Answer 1

We had the same problem. The two variables that are important are:

server-write-timeout: 30s
upstream-response-header-timeout: 30s

The first one is the timeout for the complete response. The second one is the timeout for receiving the first response headers.

Answer 2

In the config of Keycloak gatekeeper, the default value for ServerReadTimeout is set to 10 secs, see:

• https://github.com/keycloak/keycloak-gatekeeper/blob/master/config.go#L62
• https://github.com/keycloak/keycloak-gatekeeper/blob/42b3e3cd1359285da766fd0f0f637411d744e9bf/doc.go#L338

You should be able to change this by setting server-read-timeout in your configuration file:

server-read-timeout: 30