tokers commented on issue #235: URL: https://github.com/apache/apisix-helm-chart/issues/235#issuecomment-1053765154
OK, so `k6k.m01.net` is the keycloak serivce address, you sent requests to keycloak and find the CA problems. And it seems that your keycloak service is not proxied by APISIX since you said: > With apisix used as ingress controller for the cluster I'm using the openid-connect and authz-keycloak plugins and they works correctly accessing the keycloak server (https://k6k.m01.net/) that is outside the cluster. Maybe those plugins don't do a strict certificate verification So your last question: > The question is why the curl from the apisix pod says unknown CA if the CA cert is loaded in apisix configuration? You don't send requests to APISIX at all, It's not a question, APISIX doesn't handle your requests. And I already said: > I checked the case you pasted, you login to the APISIX pod but sent requests to k6k.m01.net , I don't know how you handle the DNS resolving, **but you should make sure requests were sent to the APISIX cluster**. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
