Keycloak Setup
Deploy Keycloak in Kubernetes environment.
Prerequisites
- Install kubectl.
- Access to Kubernetes cluster.
Steps
-
Create deployment configuration file:
deployment.yamlapiVersion: apps/v1 kind: Deployment metadata: name: keycloak labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak image: jboss/keycloak:12.0.4 env: - name: PROXY_ADDRESS_FORWARDING value: "true" - name: KEYCLOAK_USER value: <your-keycloak-username> - name: KEYCLOAK_PASSWORD value: <your-keycloak-password> - name: KEYCLOAK_FRONTEND_URL value: "https://keycloak.<your-keycloak-host>/auth/" ports: - name: http containerPort: 8080 protocol: TCPReplace Placeholders
Before deploying, replace the following placeholders:
<your-keycloak-username>with your Keycloak username (e.g.admin).<your-keycloak-password>with your Keycloak password (e.g.admin).<your-keycloak-host>with your Keycloak host (e.g.my-company.com).
apiVersion: apps/v1 kind: Deployment metadata: name: keycloak labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: initContainers: - name: wait-db-ready image: busybox:1.28 command: - sh - -c - for i in {1..15}; do echo "Waiting for database creation."; sleep 2; done; containers: - name: keycloak image: jboss/keycloak:12.0.4 env: - name: PROXY_ADDRESS_FORWARDING value: "true" - name: KEYCLOAK_USER value: <your-keycloak-username> - name: KEYCLOAK_PASSWORD value: <your-keycloak-password> - name: KEYCLOAK_FRONTEND_URL value: "https://keycloak.<your-keycloak-host>/auth/" - name: DB_VENDOR value: postgres - name: DB_USER value: <your-keycloak-database-username> - name: DB_PASSWORD value: <your-keycloak-database-password> - name: DB_DATABASE value: <your-keycloak-database-username> - name: DB_ADDR value: keycloak-database ports: - name: http containerPort: 8080 protocol: TCP --- apiVersion: apps/v1 kind: Deployment metadata: name: keycloak-database labels: app: keycloak-database spec: replicas: 1 selector: matchLabels: app: keycloak-database template: metadata: labels: app: keycloak-database spec: containers: - name: keycloak-database image: postgres:13 volumeMounts: - name: keycloak-database-data mountPath: /var/lib/postgresql/data env: - name: PGDATA value: "/var/lib/postgresql/data/pgdata" - name: POSTGRES_USER value: <your-keycloak-database-username> - name: POSTGRES_PASSWORD value: <your-keycloak-database-password> ports: - name: jdbc containerPort: 5432 protocol: TCP volumes: - name: keycloak-database-data persistentVolumeClaim: claimName: keycloak-database-data --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: keycloak-database-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 2GiReplace Placeholders
Before deploying, replace the following placeholders:
<your-keycloak-username>with your Keycloak username (e.g.admin).<your-keycloak-password>with your Keycloak password (e.g.admin).<your-keycloak-host>with your Keycloak host (e.g.my-company.com).<your-keycloak-database-username>with your Keycloak database username (e.g.dbadmin).<your-keycloak-database-password>with your Keycloak database password (e.g.dbadmin).
-
Create service configuration file:
service.yamlapiVersion: v1 kind: Service metadata: name: keycloak labels: app: keycloak spec: type: ClusterIP ports: - port: 8080 targetPort: http protocol: TCP name: http selector: app: keycloakapiVersion: v1 kind: Service metadata: name: keycloak labels: app: keycloak spec: type: ClusterIP ports: - port: 8080 targetPort: http protocol: TCP name: http selector: app: keycloak --- apiVersion: v1 kind: Service metadata: name: keycloak-database labels: app: keycloak-database spec: type: ClusterIP ports: - port: 5432 targetPort: jdbc protocol: TCP name: jdbc selector: app: keycloak-databaseapiVersion: v1 kind: Service metadata: name: keycloak labels: app: keycloak spec: type: ClusterIP ports: - port: 8080 targetPort: http protocol: TCP name: http selector: app: keycloak --- apiVersion: v1 kind: Service metadata: name: keycloak-database labels: app: keycloak-database spec: type: ClusterIP ports: - port: 5432 targetPort: jdbc protocol: TCP name: jdbc selector: app: keycloak-database --- kind: Route apiVersion: route.openshift.io/v1 metadata: name: keycloak spec: host: keycloak.<your-openshift-domain> to: kind: Service name: keycloak port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Redirect wildcardPolicy: NoneReplace Placeholders
Before deploying, replace the following placeholders:
<your-openshift-domain>with your OpenShift domain (e.g.apps.sandbox.xxxx.yy.openshiftapps.com).
-
Deploy to the Kubernetes Cluster with:
kubectl apply -f deployment.yml kubectl apply -f service.yml -
Open a web browser and go to:
https://keycloak.<your-openshift-domain>