Setting up realms in Keycloak during kubernetes helm install

6/4/2018

I'm trying to get keycloak set up as a helm chart requirement to run some integration tests. I can get it to bring it up and run it, but I can't figure out how to set up the realm and client I need. I've switched over to the 1.0.0 stable release that came out today:

https://github.com/kubernetes/charts/tree/master/stable/keycloak

I wanted to use the keycloak.preStartScript defined in the chart and use the /opt/jboss/keycloak/bin/kcadm.sh admin script to do this, but apparently by "pre start" they mean before the server is brought up, so kcadm.sh can't authenticate. If I leave out the keycloak.preStartScript I can shell into the keycloak container and run the kcadm.sh scripts I want to use after it's up and running, but they fail as part of the pre start script.

Here's my requirements.yaml for my chart:

dependencies:
- name: keycloak
  repository: https://kubernetes-charts.storage.googleapis.com/
  version: 1.0.0

Here's my values.yaml file for my chart:

keycloak:
  keycloak:
    persistence:
      dbVendor: H2
      deployPostgres: false
    username: 'admin'
    password: 'test'
    preStartScript: |
      /opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password 'test'
      /opt/jboss/keycloak/bin/kcadm.sh create realms -s realm=foo -s enabled=true -o
      CID=$(/opt/jboss/keycloak/bin/kcadm.sh create clients -r foo -s clientId=foo -s 'redirectUris=["http://localhost:8080/*"]' -i)
      /opt/jboss/keycloak/bin/kcadm.sh get clients/$CID/installation/providers/keycloak-oidc-keycloak-json
  persistence:
    dbVendor: H2
    deployPostgres: false

Also a side annoyance is that I need to define the persistence settings in both places or it either fails or brings up postgresql in addition to keycloak

-- Jason Carreira
keycloak
kubernetes-helm

2 Answers

6/5/2018

I tried this too and also hit this problem so have raised an issue. I prefer to use -Dimport with a realm .json file but your points suggest a postStartScript option would make sense so I've included both in the PR on that issue

-- Ryan Dawson
Source: StackOverflow

6/13/2018

the Keycloak chart has been updated. Have a look at these PRs:

-- unguiculus
Source: StackOverflow