K
Q

How to deploy keycloak on kubernetes with custom configuration?

5/15/2020

I want to deploy keycloak with below custom configuration, before starting it.

  • new realm
  • role
  • client
  • an admin user under the new realm

I am using below deployment file to create keycloak pod

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: default
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:10.0.1
        env:
        - name: KEYCLOAK_USER
          value: "admin"
        - name: KEYCLOAK_PASSWORD
          value: "admin"
        - name: REALM
          value: "ntc"
        - name: PROXY_ADDRESS_FORWARDING
          value: "true"
        volumeMounts:
        - mountPath: /opt/jboss/keycloak/startup/elements
          name: elements
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 443
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8080
        volumes:
      - name: elements
        configMap:
          name: keycloak-elements

and using below cilent.json and realm.json file to generate configmap for keycloak.

cilent.json

{
  "id": "7ec4ccce-d6ed-461f-8e95-ea98e4912b8c",
  "clientId": "ntc-app",
  "enabled": true,
  "clientAuthenticatorType": "client-secret",
  "secret": "0b360a88-df24-48fa-8e96-bf6577bbee95",
  "directAccessGrantsEnabled": true
}

realm.json

{
 "realm": "ntc",
 "id": "ntc",
 "enabled": "true",
 "revokeRefreshToken" : true,
 "accessTokenLifespan" : 900,
 "passwordPolicy": "length(8) and digits(1) and specialChars(1)",
 "roles" : {
  "realm" : [ {
        "id": "c9253f52-1960-4c9d-af99-5facca0c0846",
        "name": "admin",
        "description" : "admin role",
        "scopeParamRequired": false,
        "composite": false,
        "clientRole": false,
        "containerId": "ntc"
    }, {
      "id" : "1e7ed0c8-9585-44b0-92f8-59e472573461",
      "name" : "user",
      "description" : "user role",
      "scopeParamRequired" : false,
      "composite" : false,
      "clientRole" : false,
      "containerId" : "ntc"
    }
   ]
  }
}

both the files are saved under elements folder and used below command to generate the config map

kubectl create configmap keycloak-elements --from-file=elements

Still, I don't see any new realm/role or client got created.

enter image description here

what went wrong?

-- Siddhanta Rath
keycloak
kubernetes
realm

Similar Questions

Is it possible to make a hybrid K8S cluster AWS / Raspberry PI
Encrypt the elasticsearch data in k8s
Is haproxy ingress controller support tls client authentication for tcp mode backend?
Kubernetes client -CertificateException insufficient data

1 Answer

5/15/2020

I think you need to import the realm and client like described here http://www.mastertheboss.com/jboss-frameworks/keycloak/keycloak-with-docker

Some environment variables might help to accomplish the task.

-- Michael Johann
Source: StackOverflow