2

I am trying to connect MinIO with KeyCloak and I follow the instructions provided in this documentation: https://github.com/minio/minio/blob/master/docs/sts/keycloak.md

What I have done so far is deploy a Docker container for the MinIO server, another one for the MinioClient and a third one used for the KeyCloak server.

As you can see in the following snippet the configuration of the Minio Client container is done correctly, since I can list the buckets available in the Minio Server: 

mc ls myminio
[2020-05-14 11:54:59 UTC]      0B bucket1/
[2020-05-06 12:23:01 UTC]      0B bucket2/

I have an issue arising when I try to configure MinIO as depicted in step 3 (Configure MinIO) of the documentation. In more detail, the command that I run is this one:

mc admin config set myminio identity_openid config_url="http://localhost:8080/auth/realms/demo/.well-known/openid-configuration" client_id="account"

And the error I get is this one: 

mc: <ERROR> Cannot set 'identity_openid config_url=http://localhost:8080/auth/realms/demo/.well-known/openid-configuration client_id=account' to server. Get http://localhost:8080/auth/realms/demo/.well-known/openid-configuration: dial tcp 127.0.0.1:8080: connect: connection refused.

When I curl this address http://localhost:8080/auth/realms/demo/.well-known/openid-configuration from the MinIO Client container though, I retrieve the JSON file.

csymvoul
  • 677
  • 3
  • 15
  • 30
  • Can you share the dockerfile here and also the docker-compose file if you are using it. So that we can dig into the problem. – Mehant Kammakomati May 29 '20 at 08:46
  • I am not using docker-compose nor have I created a Dockerfile. I just run the containers based on the images on docker hub – csymvoul May 29 '20 at 08:52

2 Answers2

3

Turns out, all I had to do is change the localhost in the config_url, from localhost to the IP of the KeyCloak container (172.17.0.3).

This is just a temporary solution that works for now, but I will continue searching for something more concrete than just hardcoding the IP.

When I figure out the solution, this answer will be updated.

Update

I had to create a docker-compose.yml file as the one below in order to overcome the issues without having to manually place the IP of the KeyCloak container. 

version: '2'
services:

  miniod:
    image: minio/minio
    restart: always
    container_name: miniod 
    ports:
    - 9000:9000
    volumes:
    - "C:/data:/data"
    environment:
    - "MINIO_ACCESS_KEY=access_key" 
    - "MINIO_SECRET_KEY=secret_key"
    command: ["server", "/data"]
    networks:
    - minionw

  mcd:
    image: minio/mc 
    container_name: mcd
    networks:
    - minionw

  kcd: 
    image: quay.io/keycloak/keycloak:10.0.1
    container_name: kcd
    restart: always
    ports: 
    - 8080:8080
    environment: 
    - "KEYCLOAK_USER=admin"
    - "KEYCLOAK_PASSWORD=pass"
    networks: 
    - minionw

networks:
  minionw: 
    driver: "bridge"
csymvoul
  • 677
  • 3
  • 15
  • 30
  • Yes! This seems to work for me too with the 192.168 subnet IP of the keycloak container – Jono Aug 02 '22 at 10:36
1

Connection refused occurs when a port is not accessible on the hostname or IP we specified. Please try exposing the port using --expose flag along with the port number which you wish to expose when using the docker CLI. Then being exposed, you can access on it on localhost

Mehant Kammakomati
  • 852
  • 1
  • 8
  • 25