User Tools
сервис_keycloak
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_keycloak [2024/03/20 13:50] val [Kubernetes] |
сервис_keycloak [2025/01/05 11:57] (current) val [Kubernetes] |
||
|---|---|---|---|
| Line 79: | Line 79: | ||
| * [[https://github.com/bitnami/charts/tree/main/bitnami/keycloak]] | * [[https://github.com/bitnami/charts/tree/main/bitnami/keycloak]] | ||
| + | * [[https://github.com/bitnami/charts/tree/keycloak/17.3.6/bitnami/keycloak]] | ||
| + | * [[https://github.com/helm/helm/issues/11000|issues: helm search repo chart <oci-repo/oci-chart> --versions for OCI]] | ||
| <code> | <code> | ||
| - | ~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak | + | ~/$ helm repo add bitnami https://charts.bitnami.com/bitnami; helm search repo bitnami/keycloak --versions; helm repo remove bitnami |
| - | ~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak | tee keycloak.yaml | grep PersistentVolumeClaim | + | ~/$ mkdir keycloak; cd keycloak |
| + | |||
| + | ~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | ||
| + | |||
| + | ~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | tee keycloak.yaml | less | ||
| + | /PersistentVolumeClaim | ||
| </code> | </code> | ||
| * Kubernetes [[Система Kubernetes#Volumes]] | * Kubernetes [[Система Kubernetes#Volumes]] | ||
| - | |||
| * [[https://www.keycloak.org/server/reverseproxy]] | * [[https://www.keycloak.org/server/reverseproxy]] | ||
| + | |||
| <code> | <code> | ||
| - | ~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak | tee values.yaml.orig | + | ~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | tee values.yaml.orig |
| | | ||
| ~/keycloak$ cat values.yaml | ~/keycloak$ cat values.yaml | ||
| Line 98: | Line 105: | ||
| adminPassword: strongpassword | adminPassword: strongpassword | ||
| proxy: edge | proxy: edge | ||
| + | #proxyHeaders: "xforwarded" | ||
| ingress: | ingress: | ||
| enabled: true | enabled: true | ||
| Line 105: | Line 113: | ||
| # storageClass: local-path | # storageClass: local-path | ||
| # storageClass: longhorn | # storageClass: longhorn | ||
| + | #replicaCount: 2 | ||
| + | #postgresql: | ||
| + | # enabled: true | ||
| + | # auth: | ||
| + | # postgresPassword: "strongpassword" | ||
| + | # username: bn_keycloak | ||
| + | # password: "strongpassword" | ||
| + | |||
| + | #extraVolumeMounts: | ||
| + | #- mountPath: /opt/bitnami/keycloak/themes | ||
| + | # name: themes | ||
| + | #extraVolumes: | ||
| + | #- emptyDir: {} | ||
| + | # name: themes | ||
| + | |||
| + | #initContainers: | ||
| + | #- name: get-theme | ||
| + | # image: curlimages/curl | ||
| + | # command: ["/bin/sh", "-c"] | ||
| + | # args: | ||
| + | # - | | ||
| + | # cd /opt/bitnami/keycloak/themes/ | ||
| + | # curl https://val.bmstu.ru/unix/Media/mytheme.tgz | tar -xvzf - | ||
| + | # securityContext: | ||
| + | # runAsUser: 1001 | ||
| + | # volumeMounts: | ||
| + | # - mountPath: /opt/bitnami/keycloak/themes | ||
| + | # name: themes | ||
| </code><code> | </code><code> | ||
| - | ~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --create-namespace | + | ~/keycloak$ ###helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version 17.3.6 | less |
| + | |||
| + | ~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --create-namespace --version 17.3.6 | ||
| + | |||
| + | ~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch | ||
| + | |||
| + | ~/keycloak$ curl -v http://nodeN/ -H "Host: keycloak.corp13.un" | ||
| + | |||
| + | ~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres | ||
| $ ###helm delete my-keycloak -n my-keycloak-ns | $ ###helm delete my-keycloak -n my-keycloak-ns | ||
| + | $ ###kubectl delete ns my-keycloak-ns | ||
| </code> | </code> | ||
| - | |||
| ===== Подключение ===== | ===== Подключение ===== | ||
| Line 126: | Line 170: | ||
| Add User | Add User | ||
| user1/kcpassword1 | user1/kcpassword1 | ||
| + | В новых версиях надо ФИО и email, иначе Account is not fully set up | ||
| </code> | </code> | ||
| Line 279: | Line 324: | ||
| Value: readwrite | Value: readwrite | ||
| | | ||
| + | </code> | ||
| + | |||
| + | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== API ==== | ||
| + | |||
| + | * [[https://gist.github.com/luciddreamz/83a888eedd9274b4045a3ab8af064faa|luciddreamz/keycloak.sh]] | ||
| + | |||
| + | <code> | ||
| + | debian:~# cat keycloak.sh | ||
| + | #!/bin/bash | ||
| + | |||
| + | #export KEYCLOAK_URL=https://portal.bmstu.ru | ||
| + | export KEYCLOAK_URL=https://portal-demo.bmstu.ru | ||
| + | export KEYCLOAK_REALM=ph | ||
| + | export KEYCLOAK_CLIENT_ID=superuser | ||
| + | export KEYCLOAK_CLIENT_SECRET=XXXXXXXXXXXXXXXXXXXX | ||
| + | #export USER_ID=391530c1-c4f2-4838-bb95-def2c8e37e57 | ||
| + | |||
| + | export TKN=$(curl -X POST "${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \ | ||
| + | -d "username=${KEYCLOAK_CLIENT_ID}" \ | ||
| + | -d "password=${KEYCLOAK_CLIENT_SECRET}" \ | ||
| + | -d 'grant_type=password' \ | ||
| + | -d 'client_id=ph-master' | jq -r '.access_token') | ||
| + | |||
| + | echo $TKN | ||
| + | |||
| + | #curl -vvv -X GET "${KEYCLOAK_URL}/auth/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \ | ||
| + | curl -vvv -X GET "${KEYCLOAK_URL}/auth/admin/realms/${KEYCLOAK_REALM}/users/?q=username:ivanovii" \ | ||
| + | -H "Accept: application/json" \ | ||
| + | -H "Authorization: Bearer ${TKN}" | jq . | ||
| + | |||
| + | </code> | ||
| + | |||
| + | ==== K8S ==== | ||
| + | <code> | ||
| + | kube1:~/keycloak# diff keycloak.yaml keycloak.yaml.orig | ||
| + | 457,458c457 | ||
| + | < #kind: StatefulSet | ||
| + | < kind: Deployment | ||
| + | --- | ||
| + | > kind: StatefulSet | ||
| + | 472,476c471,475 | ||
| + | < # podManagementPolicy: Parallel | ||
| + | < # serviceName: my-keycloak-headless | ||
| + | < # updateStrategy: | ||
| + | < # rollingUpdate: {} | ||
| + | < # type: RollingUpdate | ||
| + | --- | ||
| + | > podManagementPolicy: Parallel | ||
| + | > serviceName: my-keycloak-headless | ||
| + | > updateStrategy: | ||
| + | > rollingUpdate: {} | ||
| + | > type: RollingUpdate | ||
| </code> | </code> | ||
сервис_keycloak.1710931834.txt.gz · Last modified: 2024/03/20 13:50 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
