Keycloak install on minikube

Open Source 2020. 6. 8. 13:40

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

www.keycloak.org/about.html

 

Keycloak - About

About Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. This page gives a brief introduction to Keycloak and some of th

www.keycloak.org

Keycloak 기능

  • SSO
  • User Federation : LDAP, AD...
  • Account Management Console
  • Standard Protocols : OIDC, OAuth 2.0, SAML

# namespace 생성 및 helm repo 추가

root@minik8s:~# kubectl create ns keycloak
namespace/keycloak created
root@minik8s:~# helm repo add codecentric https://codecentric.github.io/helm-charts
"codecentric" has been added to your repositories

# keycloak config 설정을 위해 values.yaml 생성

root@minik8s:~# mkdir keycloak && cd keycloak
root@minik8s:~/keycloak# helm show values codecentric/keycloak > values.yaml

# values.yaml 내용 수정

- keycloak 계정 암호 지정

- ingress, route 생성시 true로 변경 ( 이 문서에서는 false로 설치 함 )

- DB 지정

- PVC 지정

- 생성된 PVC

# 설치 후 확인

root@minik8s:~/keycloak# kubectl get all -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
pod/keycloak-0              1/1     Running   0          2m13s
pod/keycloak-postgresql-0   1/1     Running   0          2m13s


NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
service/keycloak-headless              ClusterIP   None             <none>        80/TCP,8443/TCP   2m15s
service/keycloak-http                  ClusterIP   10.104.146.230   <none>        80/TCP,8443/TCP   2m14s
service/keycloak-postgresql            ClusterIP   10.106.34.115    <none>        5432/TCP          2m14s
service/keycloak-postgresql-headless   ClusterIP   None             <none>        5432/TCP          2m15s


NAME                                   READY   AGE
statefulset.apps/keycloak              1/1     2m14s
statefulset.apps/keycloak-postgresql   1/1     2m14s

- values.yaml에서 ingress를 true로 하지 않아서 외부 접근 안됨 -> ClusterIP를 NodePort로 변경해서 접근 가능함

# clusterIP를 NodePort 로 변경후 확인
root@minik8s:~/keycloak# kubectl edit svc keycloak-http -n keycloak
service/keycloak-http edited
root@minik8s:~/keycloak# kubectl get all -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
pod/keycloak-0              1/1     Running   0          5m15s
pod/keycloak-postgresql-0   1/1     Running   0          5m15s


NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                       AGE
service/keycloak-headless              ClusterIP   None             <none>        80/TCP,8443/TCP               5m17s
service/keycloak-http                  NodePort    10.104.146.230   <none>        80:30478/TCP,8443:32572/TCP   5m16s
service/keycloak-postgresql            ClusterIP   10.106.34.115    <none>        5432/TCP                      5m16s
service/keycloak-postgresql-headless   ClusterIP   None             <none>        5432/TCP                      5m17s


NAME                                   READY   AGE
statefulset.apps/keycloak              1/1     5m16s
statefulset.apps/keycloak-postgresql   1/1     5m16s

 

# URL접근( http://<VM IP>:<NodePort>

# administration console 눌러서 login 화면 이동 -> values.yaml에서 지정한 계정/암호(keycloak / password)로 로그인

# Master Realm 은 default로 생성됨

- realm을 생성하고, clients(연계 대상 : jenkins 등)을 생성해서 연계함

'Open Source' 카테고리의 다른 글

Keycloak(User Federation) - LDAP 연계  (0) 2020.06.08
LDAP install on minikube  (0) 2020.06.08
install tekton on minikube  (0) 2020.04.21
Presto db 접근 방법  (0) 2020.03.31
mongodb 로그인, 조회 명령  (0) 2020.03.13
Posted by jerymy
,

티스토리툴바