...
Add helm registries
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add codecentric https://codecentric.github.io/helm-charts helm repo update |
Create override files
Create value files for PostgreSQL instance (storageClass only required, if default class is not defined):
| Code Block | ||||
|---|---|---|---|---|
| ||||
# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
global:
postgresql:
auth:
username: dbusername
password: dbpassword
database: keycloak
# storageClass: cinder-csi - only required if other storageclass than default is used |
Create value file for keycloak server (for keycloakx charts) - (currently not recommended, use keycloak instead of keycloakx charts):
| Code Block | ||||
|---|---|---|---|---|
| ||||
# This is an example configuration, for production grade configuration see the Keycloak documentation.
# See https://www.keycloak.org/server/configuration
# See https://www.keycloak.org/server/all-config
command:
- "/opt/keycloak/bin/kc.sh"
- "--verbose"
- "start"
- "--http-enabled=true"
- "--http-port=8080"
- "--hostname-strict=false"
- "--hostname-strict-https=false"
- "--spi-events-listener-jboss-logging-success-level=info"
- "--spi-events-listener-jboss-logging-error-level=warn"
extraEnv: |
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-admin-creds
key: user
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-admin-creds
key: password
- name: JAVA_OPTS_APPEND
value: >-
-XX:+UseContainerSupport
-XX:MaxRAMPercentage=50.0
-Djava.awt.headless=true
-Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
dbchecker:
enabled: true
database:
vendor: postgres
hostname: keycloak-db-postgresql
port: 5432
username: dbusername
password: dbpassword
database: keycloak
secrets:
admin-creds:
annotations:
my-test-annotation: Test secret for {{ include "keycloak.fullname" . }}
stringData:
user: admin
password: secret
|
...
Add Istio-Ingress resources for the Keycloak access (not required, if ONAP-Platform component is installed):
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: keycloak-gateway
spec:
selector:
istio: ingressgatewayingress
servers:
- hosts:
- keycloak.simpledemo.onap.org
port:
name: http
number: 80
protocol: HTTP
tls:
httpsRedirect: true
- hosts:
- keycloak.simpledemo.onap.org
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: ingress-tls-secret
mode: SIMPLE
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: keycloak-service
spec:
hosts:
- keycloak.simpledemo.onap.org
gateways:
- keycloak-gateway
http:
- route:
- destination:
port:
number: 80
host: keycloak-http |
Install Keycloak DB and Keycloak
Create Namespace:
| Code Block |
|---|
kubectl create namespace keycloak kubectl label namespace keycloak istio-injection=enabled |
...
Install Keycloak Server (based on keycloakx) - (currently not recommended, use keycloak instead of keycloakx charts):
| Code Block |
|---|
helm -n keycloak upgrade -i keycloak codecentric/keycloakx --values ./keycloakx-server-values.yaml |
...
Add Istio-Ingress Ressources to integrate keycloak to the Ingress (not required, if ONAP-Platform component is installed):
| Code Block |
|---|
kubectl -n keycloak apply -f ./kc-ingress.yaml |
...