Exercise 4: Setup Keycloak
These setup instractions are based on Keycloak - Guide - Keycloak on Kubernetes.
The instructions go into installing an Ingress for Keycloak. But we have Istio installed and we will be using the Istio Ingress to access Keycloak externally. The original keycloak.yaml is modified and the NodePort has been removed.
Note: This is a "ephemeral" installation of Keycloak, there is no database used for persistance. Sufficient for a workshop but not suitable for production use!
kubectl apply -f keycloak.yaml
kubectl get pods
Get the Keycloak URL and open the URL in your browser:
echo "https://"$INGRESSURL"/auth"
Note: This will work because we created a VirtualService in the previous exercise that maps the '/auth' URI to the Keycloak service.
Click on 'Administration Console'.
Login In with username 'admin' and password 'admin'.
For the workshop we need our pre-configured realm, we will create the realm using a bash script.
Verify your existing environment varibles
cd $ROOT_FOLDER/IKSecho $MYCLUSTERecho $INGRESSURLecho $INGRESSSECRET
Execute the bash script
bash keycloak-create-realm.sh
Example output:
------------------------------------------------------------------------The realm is created.Open following link in your browser:https://harald-uebele-k8s-fra05-********************-0001/auth/admin/master/console/#/realms/quarkus------------------------------------------------------------------------
Try to create an access token, this requires the $INGRESSURL environment variable to be set:
curl -d "username=alice" -d "password=alice" -d "grant_type=password" -d "client_id=frontend" https://$INGRESSURL/auth/realms/quarkus/protocol/openid-connect/token | sed -n 's|.*"access_token":"\([^"]*\)".*|\1|p'
You should see following users: admin, alice, jdoe
