Helm/Keycloak: Difference between revisions
Jump to navigation
Jump to search
| (14 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
helm | helm repo add bitnami https://charts.bitnami.com/bitnami | ||
helm repo update && helm repo list | |||
kubectl config get-contexts | |||
helm | |||
==Config== | ==Config== | ||
<syntaxhighlight lang=" | {|class='wikitable mw-collapsible' style='width:100%' | ||
!scope='col' style='text-align:left'| | |||
Config | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight style='margin:3px 0 3px 0' lang="bash"> | |||
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml" | export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml" | ||
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml" | export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml" | ||
export KUBECONFIG="${HOME}/.kube/config" | export KUBECONFIG="${HOME}/.kube/config" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |||
==Install== | ==Install== | ||
{| | {|class='wikitable mw-collapsible' style='width:100%' | ||
|colspan="2 | !scope='col' style='text-align:left' colspan='2'| | ||
<syntaxhighlight lang="yaml"> | Install | ||
|- | |||
|valign='top' colspan='2'| | |||
<syntaxhighlight style='margin:3px 0 3px 0' lang="sql"> | |||
cat << DDL | psql -U ${USER} | |||
CREATE DATABASE keycloak; | |||
CREATE USER keycloak WITH ENCRYPTED PASSWORD 'sadaqah!'; | |||
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak; | |||
DDL | |||
</syntaxhighlight> | |||
|- | |||
|valign='top' colspan='2'| | |||
<syntaxhighlight style='margin:3px 0 3px 0' lang="yaml"> | |||
kubectl create namespace keycloak | kubectl create namespace keycloak | ||
cat <<'YML' | \ | |||
cat <<YML | helm -n keycloak install keycloak | helm -n keycloak upgrade --install keycloak bitnami/keycloak --version 19.3.3 -f - | ||
--- | |||
auth: | auth: | ||
adminUser: admin | adminUser: admin | ||
adminPassword: "sadaqah!" | adminPassword: "sadaqah!" | ||
ingress: | ingress: | ||
enabled: true | enabled: true | ||
ingressClassName: nginx | ingressClassName: nginx | ||
hostname: keycloak.k8s.ops | |||
tls: | |||
enabled: false | |||
# extraEnvVars: | |||
# - name: KC_HOSTNAME | |||
# value: https://keycloak.k8s.ops | |||
image: | |||
registry: docker.io | |||
repository: bitnamilegacy/keycloak | |||
tag: 23.0.7-debian-12-r3 | |||
postgresql: | postgresql: | ||
enabled: true | enabled: true | ||
architecture: standalone | |||
image: | |||
registry: docker.io | |||
repository: bitnamilegacy/postgresql | |||
tag: 16.2.0-debian-12-r8 | |||
auth: | auth: | ||
username: keycloak | username: keycloak | ||
| Line 37: | Line 69: | ||
database: keycloak | database: keycloak | ||
postgresPassword: "sadaqah!" | postgresPassword: "sadaqah!" | ||
YML | YML | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|- | |||
|valign='top' style='width:50%'| | |||
<syntaxhighlight style='margin:3px 0 3px 0' lang="properties"> | |||
xdg-open http://keycloak.k8s.ops &>/dev/null & | |||
gnome-open http://keycloak.k8s.ops &>/dev/null & | |||
</syntaxhighlight> | |||
|valign='top' style='width:50%'| | |||
<syntaxhighlight style='margin:3px 0 3px 0' lang="properties"> | |||
x-www-browser http://keycloak.k8s.ops &>/dev/null & | |||
sensible-browser http://keycloak.k8s.ops &>/dev/null & | |||
</syntaxhighlight> | |||
|} | |||
==Headers== | |||
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%' | |||
!scope='col' style='text-align:left' colspan='2'| | |||
Headers | |||
|- | |- | ||
|colspan=" | |valign='top' colspan='2'| | ||
---- | <syntaxhighlight style='margin:3px 0 3px 0' lang='yaml'> | ||
cat <<'YML'| kubectl apply -n keycloak -f - | |||
--- | |||
apiVersion: v1 | |||
kind: ConfigMap | |||
metadata: | |||
name: keycloak-csp | |||
namespace: keycloak | |||
data: | |||
default.conf: | | |||
map $sent_http_content_type $expires { | |||
default off; | |||
text/html epoch; | |||
text/css max; | |||
application/javascript max; | |||
~image/ max; | |||
} | |||
server { | |||
server_name _; | |||
listen 80; | |||
gzip on; | |||
gzip_vary on; | |||
gzip_comp_level 3; | |||
gzip_http_version 1.0; | |||
gzip_proxied any; | |||
gzip_min_length 1100; | |||
gzip_buffers 64 8k; | |||
gzip_disable "msie6"; | |||
gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon; | |||
client_max_body_size 25M; | |||
keepalive_timeout 10; | |||
expires $expires; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header Host $host; | |||
proxy_request_buffering off; | |||
proxy_http_version 1.1; | |||
proxy_buffering off; | |||
proxy_redirect off; | |||
proxy_hide_header X-Frame-Options; | |||
proxy_hide_header Referrer-Policy; | |||
proxy_hide_header Permissions-Policy; | |||
proxy_hide_header X-Content-Type-Options; | |||
proxy_hide_header Content-Security-Policy; | |||
proxy_hide_header Strict-Transport-Security; | |||
add_header X-Frame-Options "SAMEORIGIN" always; | |||
add_header Referrer-Policy "same-origin" always; | |||
add_header X-Content-Type-Options "nosniff" always; | |||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | |||
add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:" always; | |||
add_header Permissions-Policy "camera=('none'), microphone=('none'), geolocation=('none'), payment=('none')" always; | |||
location / { | |||
proxy_pass http://keycloak:80/; | |||
} | |||
error_page 500 502 503 504 /50x.html; | |||
location = /50x.html { | |||
root /usr/share/nginx/html; | |||
} | |||
} | |||
--- | |||
apiVersion: v1 | |||
kind: Service | |||
metadata: | |||
name: keycloak-csp | |||
namespace: keycloak | |||
labels: | |||
app.kubernetes.io/instance: keycloak-csp | |||
app.kubernetes.io/managed-by: kubectl | |||
app.kubernetes.io/name: keycloak-csp | |||
app.kubernetes.io/version: 1.0.0 | |||
spec: | |||
type: ClusterIP | |||
ports: | |||
- port: 80 | |||
name: http | |||
protocol: TCP | |||
targetPort: http | |||
selector: | |||
app.kubernetes.io/instance: keycloak-csp | |||
app.kubernetes.io/name: keycloak-csp | |||
--- | |||
apiVersion: apps/v1 | |||
kind: Deployment | |||
metadata: | |||
name: keycloak-csp | |||
namespace: keycloak | |||
labels: | |||
app.kubernetes.io/instance: keycloak-csp | |||
app.kubernetes.io/managed-by: kubectl | |||
app.kubernetes.io/name: keycloak-csp | |||
app.kubernetes.io/version: 1.0.0 | |||
spec: | |||
replicas: 1 | |||
selector: | |||
matchLabels: | |||
app.kubernetes.io/instance: keycloak-csp | |||
app.kubernetes.io/name: keycloak-csp | |||
template: | |||
metadata: | |||
labels: | |||
app.kubernetes.io/instance: keycloak-csp | |||
app.kubernetes.io/name: keycloak-csp | |||
spec: | |||
containers: | |||
- name: keycloak-csp | |||
image: nginx:1.27-alpine-slim | |||
ports: | |||
- name: http | |||
protocol: TCP | |||
containerPort: 80 | |||
resources: | |||
requests: | |||
cpu: 50m | |||
memory: 64Mi | |||
limits: | |||
memory: 128Mi | |||
cpu: 100m | |||
volumeMounts: | |||
- mountPath: /etc/nginx/conf.d/default.conf | |||
subPath: default.conf | |||
name: default-conf | |||
volumes: | |||
- name: default-conf | |||
configMap: | |||
name: keycloak-csp | |||
items: | |||
- key: default.conf | |||
path: default.conf | |||
YML | |||
</syntaxhighlight> | |||
|- | |- | ||
|valign='top'| | |valign='top' style='width:50%'| | ||
<syntaxhighlight lang= | <syntaxhighlight style='margin:3px 0 3px 0' lang='yaml'> | ||
cat <<'YML'| kubectl apply -n keycloak -f - | |||
--- | |||
apiVersion: networking.k8s.io/v1 | |||
kind: Ingress | |||
metadata: | |||
name: keycloak | |||
namespace: keycloak | |||
labels: | |||
app.kubernetes.io/component: keycloak | |||
app.kubernetes.io/instance: keycloak | |||
app.kubernetes.io/part-of: keycloak | |||
app.kubernetes.io/managed-by: Helm | |||
app.kubernetes.io/version: 26.3.3 | |||
app.kubernetes.io/name: keycloak | |||
helm.sh/chart: keycloak-19.3.3 | |||
annotations: | |||
meta.helm.sh/release-name: keycloak | |||
meta.helm.sh/release-namespace: keycloak | |||
spec: | |||
ingressClassName: nginx | |||
rules: | |||
- host: keycloak.k8s.ops | |||
http: | |||
paths: | |||
- path: / | |||
pathType: ImplementationSpecific | |||
backend: | |||
service: | |||
name: keycloak-csp | |||
port: | |||
name: http | |||
YML | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|valign='top'| | |valign='top' style='width:50%'| | ||
<syntaxhighlight lang= | <syntaxhighlight style='margin:3px 0 3px 0' lang='yaml'> | ||
cat <<'YML'| kubectl apply -n keycloak -f - | |||
--- | |||
apiVersion: networking.k8s.io/v1 | |||
kind: Ingress | |||
metadata: | |||
name: keycloak | |||
namespace: keycloak | |||
labels: | |||
app.kubernetes.io/component: keycloak | |||
app.kubernetes.io/instance: keycloak | |||
app.kubernetes.io/part-of: keycloak | |||
app.kubernetes.io/managed-by: Helm | |||
app.kubernetes.io/version: 26.3.3 | |||
app.kubernetes.io/name: keycloak | |||
helm.sh/chart: keycloak-19.3.3 | |||
annotations: | |||
meta.helm.sh/release-name: keycloak | |||
meta.helm.sh/release-namespace: keycloak | |||
spec: | |||
ingressClassName: nginx | |||
rules: | |||
- host: keycloak.k8s.ops | |||
http: | |||
paths: | |||
- path: / | |||
pathType: ImplementationSpecific | |||
backend: | |||
service: | |||
name: keycloak | |||
port: | |||
name: http | |||
YML | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |} | ||
==Uninstall== | ==Uninstall== | ||
<syntaxhighlight lang= | {|class='wikitable mw-collapsible mw-collapsed' style='width:100%' | ||
!scope='col' style='text-align:left'| | |||
Uninstall | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | |||
helm uninstall -n keycloak keycloak | helm uninstall -n keycloak keycloak | ||
kubectl delete namespace keycloak | kubectl delete namespace keycloak | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |||
==Playground== | ==Playground== | ||
{| | {|class='wikitable mw-collapsible' style='width:100%' | ||
| colspan= | !scope='col' style='text-align:left' colspan='2'| | ||
<syntaxhighlight lang= | Playground | ||
helm -n keycloak install keycloak | |- | ||
helm -n keycloak upgrade -i keycloak | |valign='top' colspan='2'| | ||
helm show values | <syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | ||
helm -n keycloak install keycloak bitnami/keycloak --version 19.3.3 | |||
helm -n keycloak upgrade -i keycloak bitnami/keycloak --version 22.0.0 | |||
helm show values bitnami/keycloak --version 19.3.3|less | |||
</syntaxhighlight> | |||
|- | |||
|valign='top' colspan='2'| | |||
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | |||
kubectl -n keycloak exec -it svc/keycloak -c keycloak -- /opt/bitnami/keycloak/bin/kc.sh --version | |||
kubectl -n keycloak exec -it svc/keycloak -c keycloak -- cat /opt/bitnami/keycloak/version.txt | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|- | |- | ||
| | |valign='top' colspan='2'| | ||
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | |||
<syntaxhighlight lang= | |||
ADMIN_PASS=$(kubectl -n keycloak get secret keycloak -o json|jq -r '.data."admin-password"'|base64 -d) | ADMIN_PASS=$(kubectl -n keycloak get secret keycloak -o json|jq -r '.data."admin-password"'|base64 -d) | ||
ADMIN_PASS=$(kubectl -n keycloak get secret keycloak -o jsonpath="{.data.admin-password}"|base64 -d) | ADMIN_PASS=$(kubectl -n keycloak get secret keycloak -o jsonpath="{.data.admin-password}"|base64 -d) | ||
| Line 89: | Line 347: | ||
kubectl -n keycloak exec -it keycloak-postgresql-0 -- bash | kubectl -n keycloak exec -it keycloak-postgresql-0 -- bash | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|- | |- | ||
| colspan= | |valign='top' colspan='2'| | ||
<syntaxhighlight lang= | <syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | ||
kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten | kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten | ||
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten | kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten | ||
| Line 101: | Line 355: | ||
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten | kubectl config --kubeconfig=${HOME}/.kube/config view --flatten | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|- | |- | ||
| valign= | |valign='top' style='width:50%'| | ||
<syntaxhighlight lang= | <syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | ||
kubectl -n keycloak delete all --all | kubectl -n keycloak delete all --all | ||
kubectl -n keycloak delete ing --all | kubectl -n keycloak delete ing --all | ||
| Line 113: | Line 363: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign= | |valign='top' style='width:50%'| | ||
<syntaxhighlight lang= | <syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | ||
kubectl -n keycloak delete svc --all | kubectl -n keycloak delete svc --all | ||
kubectl -n keycloak delete pvc --all | kubectl -n keycloak delete pvc --all | ||
kubectl -n keycloak delete pv --all | kubectl -n keycloak delete pv --all | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang= | <syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | ||
kubectl -n keycloak rollout history sts keycloak | kubectl -n keycloak rollout history sts keycloak | ||
kubectl -n keycloak rollout restart sts keycloak | kubectl -n keycloak rollout restart sts keycloak | ||
| Line 132: | Line 378: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang= | <syntaxhighlight style='margin:3px 0 3px 0' lang='bash'> | ||
kubectl -n keycloak exec -it keycloak-postgresql-0 -- psql -Ukeycloak | kubectl -n keycloak exec -it keycloak-postgresql-0 -- psql -Ukeycloak | ||
kubectl -n keycloak logs -f keycloak-postgresql-0 | kubectl -n keycloak logs -f keycloak-postgresql-0 | ||
kubectl -n keycloak logs -f keycloak-0 | kubectl -n keycloak logs -f keycloak-0 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |} | ||
==References== | ==References== | ||
{| | {|class='wikitable mw-collapsible' style='width:100%' | ||
| valign= | !scope='col' style='text-align:left' colspan='3'| | ||
References | |||
|- | |||
|valign='top' style='width:34%'| | |||
* [https://stackoverflow.com/questions/75596795/ Helm » Pass YAML/JSON using <code>stdin</code>] | * [https://stackoverflow.com/questions/75596795/ Helm » Pass YAML/JSON using <code>stdin</code>] | ||
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]] | * [[Helm/Prometheus Stack|Helm » Prometheus Stack]] | ||
| Line 149: | Line 397: | ||
* [[Helm]] | * [[Helm]] | ||
| valign= | |valign='top' style='width:33%'| | ||
| valign= | |valign='top' style='width:33%'| | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
* [https:// | * [https://skycloak.io/upgrade-keycloak-from-8-to-24-a-complete-guide/ Keycloak » Upgrade From 8 To 24] | ||
* [https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md Keycloak » Ingress » Annotations] | |||
* [https://stackoverflow.com/questions/51744536/ Keycloak » Ingress » CORS Rules] | |||
* [https://www.keycloak.org/docs/latest/upgrading/ Keycloak » Upgrading Guide] | |||
* [https://www.keycloak.org/getting-started/getting-started-kube Keycloak » Getting started] | * [https://www.keycloak.org/getting-started/getting-started-kube Keycloak » Getting started] | ||
* [[Keycloak]] | * [[Keycloak]] | ||
| Line 166: | Line 414: | ||
| valign="top" | | | valign="top" | | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
| Line 184: | Line 429: | ||
| valign="top" | | | valign="top" | | ||
* [https://kubernetes.io/docs/reference/kubectl/generated/kubectl_rollout/ K8s » <code>kubectl rollout</code>] | * [https://kubernetes.io/docs/reference/kubectl/generated/kubectl_rollout/ K8s » <code>kubectl rollout</code>] | ||
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | |||
* [https://kubernetes.io/docs/concepts/configuration/secret/ K8s » Config » Secrets] | |||
| valign="top" | | | valign="top" | | ||
|} | |} | ||
Latest revision as of 12:42, 11 December 2025
helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update && helm repo list kubectl config get-contexts
Config
|
Config |
|---|
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"
|
Install
|
Install | |
|---|---|
cat << DDL | psql -U ${USER}
CREATE DATABASE keycloak;
CREATE USER keycloak WITH ENCRYPTED PASSWORD 'sadaqah!';
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
DDL
| |
kubectl create namespace keycloak
cat <<'YML' | \
helm -n keycloak upgrade --install keycloak bitnami/keycloak --version 19.3.3 -f -
---
auth:
adminUser: admin
adminPassword: "sadaqah!"
ingress:
enabled: true
ingressClassName: nginx
hostname: keycloak.k8s.ops
tls:
enabled: false
# extraEnvVars:
# - name: KC_HOSTNAME
# value: https://keycloak.k8s.ops
image:
registry: docker.io
repository: bitnamilegacy/keycloak
tag: 23.0.7-debian-12-r3
postgresql:
enabled: true
architecture: standalone
image:
registry: docker.io
repository: bitnamilegacy/postgresql
tag: 16.2.0-debian-12-r8
auth:
username: keycloak
password: "sadaqah!"
database: keycloak
postgresPassword: "sadaqah!"
YML
| |
xdg-open http://keycloak.k8s.ops &>/dev/null &
gnome-open http://keycloak.k8s.ops &>/dev/null &
|
x-www-browser http://keycloak.k8s.ops &>/dev/null &
sensible-browser http://keycloak.k8s.ops &>/dev/null &
|
Headers
|
Headers | |
|---|---|
cat <<'YML'| kubectl apply -n keycloak -f -
---
apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-csp
namespace: keycloak
data:
default.conf: |
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
server_name _;
listen 80;
gzip on;
gzip_vary on;
gzip_comp_level 3;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_disable "msie6";
gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;
client_max_body_size 25M;
keepalive_timeout 10;
expires $expires;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_buffering off;
proxy_redirect off;
proxy_hide_header X-Frame-Options;
proxy_hide_header Referrer-Policy;
proxy_hide_header Permissions-Policy;
proxy_hide_header X-Content-Type-Options;
proxy_hide_header Content-Security-Policy;
proxy_hide_header Strict-Transport-Security;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:" always;
add_header Permissions-Policy "camera=('none'), microphone=('none'), geolocation=('none'), payment=('none')" always;
location / {
proxy_pass http://keycloak:80/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-csp
namespace: keycloak
labels:
app.kubernetes.io/instance: keycloak-csp
app.kubernetes.io/managed-by: kubectl
app.kubernetes.io/name: keycloak-csp
app.kubernetes.io/version: 1.0.0
spec:
type: ClusterIP
ports:
- port: 80
name: http
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: keycloak-csp
app.kubernetes.io/name: keycloak-csp
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-csp
namespace: keycloak
labels:
app.kubernetes.io/instance: keycloak-csp
app.kubernetes.io/managed-by: kubectl
app.kubernetes.io/name: keycloak-csp
app.kubernetes.io/version: 1.0.0
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: keycloak-csp
app.kubernetes.io/name: keycloak-csp
template:
metadata:
labels:
app.kubernetes.io/instance: keycloak-csp
app.kubernetes.io/name: keycloak-csp
spec:
containers:
- name: keycloak-csp
image: nginx:1.27-alpine-slim
ports:
- name: http
protocol: TCP
containerPort: 80
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
memory: 128Mi
cpu: 100m
volumeMounts:
- mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
name: default-conf
volumes:
- name: default-conf
configMap:
name: keycloak-csp
items:
- key: default.conf
path: default.conf
YML
| |
cat <<'YML'| kubectl apply -n keycloak -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: keycloak
labels:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: 26.3.3
app.kubernetes.io/name: keycloak
helm.sh/chart: keycloak-19.3.3
annotations:
meta.helm.sh/release-name: keycloak
meta.helm.sh/release-namespace: keycloak
spec:
ingressClassName: nginx
rules:
- host: keycloak.k8s.ops
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: keycloak-csp
port:
name: http
YML
|
cat <<'YML'| kubectl apply -n keycloak -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: keycloak
labels:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: 26.3.3
app.kubernetes.io/name: keycloak
helm.sh/chart: keycloak-19.3.3
annotations:
meta.helm.sh/release-name: keycloak
meta.helm.sh/release-namespace: keycloak
spec:
ingressClassName: nginx
rules:
- host: keycloak.k8s.ops
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
name: http
YML
|
Uninstall
|
Uninstall |
|---|
helm uninstall -n keycloak keycloak
kubectl delete namespace keycloak
|
Playground
|
Playground | |
|---|---|
helm -n keycloak install keycloak bitnami/keycloak --version 19.3.3
helm -n keycloak upgrade -i keycloak bitnami/keycloak --version 22.0.0
helm show values bitnami/keycloak --version 19.3.3|less
| |
kubectl -n keycloak exec -it svc/keycloak -c keycloak -- /opt/bitnami/keycloak/bin/kc.sh --version
kubectl -n keycloak exec -it svc/keycloak -c keycloak -- cat /opt/bitnami/keycloak/version.txt
| |
ADMIN_PASS=$(kubectl -n keycloak get secret keycloak -o json|jq -r '.data."admin-password"'|base64 -d)
ADMIN_PASS=$(kubectl -n keycloak get secret keycloak -o jsonpath="{.data.admin-password}"|base64 -d)
kubectl -n keycloak exec -it svc/keycloak-postgresql -c postgresql -- psql -Ukeycloak
kubectl -n keycloak exec -it svc/keycloak-postgresql -c postgresql -- bash
kubectl -n keycloak exec -it svc/keycloak -c keycloak -- ls -lah /var
kubectl -n keycloak exec -it svc/keycloak -c keycloak -- bash
kubectl -n keycloak exec -it keycloak-postgresql-0 -- bash
| |
kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten
| |
kubectl -n keycloak delete all --all
kubectl -n keycloak delete ing --all
kubectl -n keycloak delete sts --all
|
kubectl -n keycloak delete svc --all
kubectl -n keycloak delete pvc --all
kubectl -n keycloak delete pv --all
|
kubectl -n keycloak rollout history sts keycloak
kubectl -n keycloak rollout restart sts keycloak
kubectl -n keycloak rollout status sts keycloak
|
kubectl -n keycloak exec -it keycloak-postgresql-0 -- psql -Ukeycloak
kubectl -n keycloak logs -f keycloak-postgresql-0
kubectl -n keycloak logs -f keycloak-0
|
References
|
References | ||
|---|---|---|