Differences

This shows you the differences between two versions of the page.

--- сервис_keycloak [2024/04/02 12:38]
val [MinIO]
+++ сервис_keycloak [2025/01/05 11:57] (current)
val [Kubernetes]
@@ Line 79: / Line 79: @@
   * [[https://github.com/bitnami/charts/tree/main/bitnami/keycloak]]
+  * [[https://github.com/bitnami/charts/tree/keycloak/17.3.6/bitnami/keycloak]]
+  * [[https://github.com/helm/helm/issues/11000|issues: helm search repo chart <oci-repo/oci-chart> --versions for OCI]]
 <code>
-~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak
+~/$ helm repo add bitnami https://charts.bitnami.com/bitnami; helm search repo bitnami/keycloak --versions; helm repo remove bitnami
-~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak | tee keycloak.yaml | grep PersistentVolumeClaim
+~/$ mkdir keycloak; cd keycloak
+~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6
+~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | tee keycloak.yaml | less
+/PersistentVolumeClaim
 </code>
   * Kubernetes [[Система Kubernetes#Volumes]]
   * [[https://www.keycloak.org/server/reverseproxy]]
 <code>
-~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak | tee values.yaml.orig
+~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | tee values.yaml.orig
 ~/keycloak$ cat values.yaml
@@ Line 98: / Line 105: @@
   adminPassword: strongpassword
 proxy: edge
+#proxyHeaders: "xforwarded"
 ingress:
   enabled: true
@@ Line 105: / Line 113: @@
 #  storageClass: local-path
 #  storageClass: longhorn
+#replicaCount: 2
 #postgresql:
 #  enabled: true
@@ Line 111: / Line 120: @@
 #    username: bn_keycloak
 #    password: "strongpassword"
+#extraVolumeMounts:
+#- mountPath: /opt/bitnami/keycloak/themes
+#  name: themes
+#extraVolumes:
+#- emptyDir: {}
+#  name: themes
+#initContainers:
+#- name: get-theme
+#  image: curlimages/curl
+#  command: ["/bin/sh", "-c"]
+#  args:
+#  - |
+#    cd /opt/bitnami/keycloak/themes/
+#    curl https://val.bmstu.ru/unix/Media/mytheme.tgz | tar -xvzf -
+#  securityContext:
+#    runAsUser: 1001
+#  volumeMounts:
+#  - mountPath: /opt/bitnami/keycloak/themes
+#    name: themes
 </code><code>
-~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --create-namespace
+~/keycloak$ ###helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version 17.3.6 | less
+~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --create-namespace --version 17.3.6
+~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch
-~/keycloak$ kubectl -n my-keycloak-ns get pods --watch
+~/keycloak$ curl -v http://nodeN/ -H "Host: keycloak.corp13.un"
 ~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres
 $ ###helm delete my-keycloak -n my-keycloak-ns
+$ ###kubectl delete ns my-keycloak-ns
 </code>
@@ Line 135: / Line 170: @@
     Add User
       user1/kcpassword1
+      В новых версиях надо ФИО и email, иначе Account is not fully set up
 </code>
@@ Line 292: / Line 328: @@
 ===== Дополнительные материалы =====
-==== K8S ====
+==== API ====
+  * [[https://gist.github.com/luciddreamz/83a888eedd9274b4045a3ab8af064faa|luciddreamz/keycloak.sh]]
 <code>
-kube1:~/keycloak# helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns | tee keycloak.yaml.orig
+debian:~# cat keycloak.sh
+#!/bin/bash
+#export KEYCLOAK_URL=https://portal.bmstu.ru
+export KEYCLOAK_URL=https://portal-demo.bmstu.ru
+export KEYCLOAK_REALM=ph
+export KEYCLOAK_CLIENT_ID=superuser
+export KEYCLOAK_CLIENT_SECRET=XXXXXXXXXXXXXXXXXXXX
+#export USER_ID=391530c1-c4f2-4838-bb95-def2c8e37e57
+export TKN=$(curl -X POST "${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \
+ -d "username=${KEYCLOAK_CLIENT_ID}" \
+ -d "password=${KEYCLOAK_CLIENT_SECRET}" \
+ -d 'grant_type=password' \
+ -d 'client_id=ph-master' | jq -r '.access_token')
+echo $TKN
+#curl -vvv -X GET "${KEYCLOAK_URL}/auth/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
+curl -vvv -X GET "${KEYCLOAK_URL}/auth/admin/realms/${KEYCLOAK_REALM}/users/?q=username:ivanovii" \
+-H "Accept: application/json" \
+-H "Authorization: Bearer ${TKN}" | jq .
+</code>
+==== K8S ====
+<code>
 kube1:~/keycloak# diff keycloak.yaml keycloak.yaml.orig
 ,458c457

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools