First thing to do is get familiar with keycloak. once you are happy it might be useful take a look at the keycloak quickstarts.
They seem to have all the examples and samples on getting going with keycloak.
In particular you want to look at the keycloak examples
For posterity I will show the contents of
apiVersion: v1 kind: Service metadata: name: keycloak labels: app: keycloak spec: ports: - name: http port: 8080 targetPort: 8080 selector: app: keycloak type: LoadBalancer --- apiVersion: apps/v1 kind: Deployment metadata: name: keycloak namespace: default labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak image: quay.io/keycloak/keycloak:10.0.1 env: - name: KEYCLOAK_USER value: "admin" - name: KEYCLOAK_PASSWORD value: "admin" - name: PROXY_ADDRESS_FORWARDING value: "true" ports: - name: http containerPort: 8080 - name: https containerPort: 8443 readinessProbe: httpGet: path: /auth/realms/master port: 8080
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: keycloak spec: tls: - hosts: - KEYCLOAK_HOST rules: - host: KEYCLOAK_HOST http: paths: - backend: serviceName: keycloak servicePort: 8080
We want to customise a few things about how keycloak runs and we do this by updating the environment variables.
So let us find what environment variabels are available and which we need to change.
We know the image beind used it:
So lets see what the readme of that container image says
It is rather dissapointing that when we check on quay for keycloak, there is an empty readme. So our princess is in another castle.
The best readme I could find was on keycloak-containers.
So the list of available environment variables I could find were:
DB_ADDR- database hostname
DB_PORT- optoinal defaults to vendor port
DB_DATABASE- database name
DB_SCHEMA- only postgres uses this
DB_USER- user to auth with db
DB_PASSWORD- user password to auth with db
KEYCLOAK_FRONTEND_URL- A set fixed url for frontend requests
Oh I found an even more exhaustive list of environment variables in the docker entrypoint
Creating a K8s service as a reference to an external servie
As per kubernetes up and running, it is worthwhile to represent an external service in kubernetes. That way you get built in naming, service discovery and it looks like the database is a k8s service.
It also helps when replacing a service or switching between prod and test.
kind: Service apiVersion: v1 metadata: name: external-database namespace: prod spec: type: ExternalName externalName: database.company.com
If you just have an ip you need to create the service and the endpoint with:
kind: Service apiVersion: v1 metadata: name: keycloak-external-db-ip spec: ports: - protocol: TCP port: 3306 targetPort: 3306
kind: Endpoints apiVersion: v1 metadata: name: keycloak-external-db-ip subsets: - addresses: - ip: my-ip.example.com ports: - port: 3306
now the actual service dns name will be:
so in this case:
Set that as
DB_ADDR with the other credentials and we should be good to go.
So updarte that and the other environment variables and deploy:
Create the deployment:
kubectl create -f keycloak-deployment.yml -n keycloak
create the service and the ingress:
kubectl apply -f keycloak-service.yml -n keycloak kubectl apply -f keycloak-ingress.yml -n keycloak
Boom and you should be up and running
- Kubernetes services
- kubernetes containers
- Brendan Burns. “Kubernetes: Up and Running.”
- Stian Thorgenson from Keycloak video on setting up on K8S
- K8s Mapping external services