Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace: организация_transparent_proxy пакет_pcs сервис_ppp технология_terraform сервис_multipath сервис_tcpwrap пакет_pacemaker сервис_git использование_протокола_syslog сервер_dovecot
сервис_keycloak

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
сервис_keycloak [2024/04/02 12:41]
val [Kubernetes] 		сервис_keycloak [2025/01/05 11:57] (current)
val [Kubernetes]
Line 79: Line 79:
  
   * [[https://​github.com/​bitnami/​charts/​tree/​main/​bitnami/​keycloak]]   * [[https://​github.com/​bitnami/​charts/​tree/​main/​bitnami/​keycloak]]
 +  * [[https://​github.com/​bitnami/​charts/​tree/​keycloak/​17.3.6/​bitnami/​keycloak]]
 +  * [[https://​github.com/​helm/​helm/​issues/​11000|issues:​ helm search repo chart <​oci-repo/​oci-chart>​ --versions for OCI]]
  
 <​code>​ <​code>​
-~/keycloak###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak+~/$ helm repo add bitnami https://charts.bitnami.com/bitnami; helm search repo bitnami/​keycloak ​--versions; helm repo remove bitnami
  
-~/keycloak$ helm template my-keycloak oci://​registry-1.docker.io/​bitnamicharts/​keycloak | tee keycloak.yaml | grep PersistentVolumeClaim+~/$ mkdir keycloak; cd keycloak 
 + 
 +~/keycloak$ ###helm pull oci://​registry-1.docker.io/​bitnamicharts/​keycloak --version 17.3.6 
 + 
 +~/keycloak$ helm template my-keycloak oci://​registry-1.docker.io/​bitnamicharts/​keycloak ​--version 17.3.6 ​| tee keycloak.yaml | less 
 +/PersistentVolumeClaim
 </​code>​ </​code>​
  
   * Kubernetes [[Система Kubernetes#​Volumes]]   * Kubernetes [[Система Kubernetes#​Volumes]]
- 
   * [[https://​www.keycloak.org/​server/​reverseproxy]]   * [[https://​www.keycloak.org/​server/​reverseproxy]]
 +
 <​code>​ <​code>​
-~/keycloak$ helm show values oci://​registry-1.docker.io/​bitnamicharts/​keycloak | tee values.yaml.orig+~/keycloak$ helm show values oci://​registry-1.docker.io/​bitnamicharts/​keycloak ​--version 17.3.6 ​| tee values.yaml.orig
    ​    ​
 ~/keycloak$ cat values.yaml ~/keycloak$ cat values.yaml
Line 98: Line 105:
   adminPassword:​ strongpassword   adminPassword:​ strongpassword
 proxy: edge proxy: edge
 +#​proxyHeaders:​ "​xforwarded"​
 ingress: ingress:
   enabled: true   enabled: true
Line 112: Line 120:
 #    username: bn_keycloak #    username: bn_keycloak
 #    password: "​strongpassword"​ #    password: "​strongpassword"​
 +
 +#​extraVolumeMounts:​
 +#- mountPath: /​opt/​bitnami/​keycloak/​themes
 +#  name: themes
 +#​extraVolumes:​
 +#- emptyDir: {}
 +#  name: themes
 +
 +#​initContainers:​
 +#- name: get-theme
 +#  image: curlimages/​curl
 +#  command: ["/​bin/​sh",​ "​-c"​]
 +#  args:
 +#  - |
 +#    cd /​opt/​bitnami/​keycloak/​themes/​
 +#    curl https://​val.bmstu.ru/​unix/​Media/​mytheme.tgz | tar -xvzf -
 +#  securityContext:​
 +#    runAsUser: 1001
 +#  volumeMounts:​
 +#  - mountPath: /​opt/​bitnami/​keycloak/​themes
 +#    name: themes
 </​code><​code>​ </​code><​code>​
-~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://​registry-1.docker.io/​bitnamicharts/​keycloak -n my-keycloak-ns --create-namespace+~/keycloak$ ###helm template my-keycloak -f values.yaml oci://​registry-1.docker.io/​bitnamicharts/​keycloak -n my-keycloak-ns --version 17.3.6 | less 
 + 
 +~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://​registry-1.docker.io/​bitnamicharts/​keycloak -n my-keycloak-ns --create-namespace ​--version 17.3.6 
 + 
 +~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch
  
-~/​keycloak$ ​kubectl ​-n my-keycloak-ns get pods --watch+~/​keycloak$ ​curl -v http://​nodeN/ ​-H "​Host: ​keycloak.corp13.un"​
  
 ~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres ~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres
  
 $ ###helm delete my-keycloak -n my-keycloak-ns $ ###helm delete my-keycloak -n my-keycloak-ns
 +$ ###kubectl delete ns my-keycloak-ns
 </​code>​ </​code>​
  
Line 136: Line 170:
     Add User     Add User
       user1/​kcpassword1       user1/​kcpassword1
 +      В новых версиях надо ФИО и email, иначе Account is not fully set up
 </​code>​ </​code>​
  
Line 292: Line 327:
  
 ===== Дополнительные материалы ===== ===== Дополнительные материалы =====
 +
 +==== API ====
 +
 +  * [[https://​gist.github.com/​luciddreamz/​83a888eedd9274b4045a3ab8af064faa|luciddreamz/​keycloak.sh]]
 +
 +<​code>​
 +debian:~# cat keycloak.sh
 +#!/bin/bash
 +
 +#export KEYCLOAK_URL=https://​portal.bmstu.ru
 +export KEYCLOAK_URL=https://​portal-demo.bmstu.ru
 +export KEYCLOAK_REALM=ph
 +export KEYCLOAK_CLIENT_ID=superuser
 +export KEYCLOAK_CLIENT_SECRET=XXXXXXXXXXXXXXXXXXXX
 +#export USER_ID=391530c1-c4f2-4838-bb95-def2c8e37e57
 +
 +export TKN=$(curl -X POST "​${KEYCLOAK_URL}/​auth/​realms/​${KEYCLOAK_REALM}/​protocol/​openid-connect/​token"​ \
 + -d "​username=${KEYCLOAK_CLIENT_ID}"​ \
 + -d "​password=${KEYCLOAK_CLIENT_SECRET}"​ \
 + -d '​grant_type=password'​ \
 + -d '​client_id=ph-master'​ | jq -r '​.access_token'​)
 +
 +echo $TKN
 +
 +#curl -vvv -X GET "​${KEYCLOAK_URL}/​auth/​admin/​realms/​${KEYCLOAK_REALM}/​users/​${USER_ID}"​ \
 +curl -vvv -X GET "​${KEYCLOAK_URL}/​auth/​admin/​realms/​${KEYCLOAK_REALM}/​users/?​q=username:​ivanovii"​ \
 +-H "​Accept:​ application/​json"​ \
 +-H "​Authorization:​ Bearer ${TKN}"​ | jq .
 +
 +</​code>​
  
 ==== K8S ==== ==== K8S ====
сервис_keycloak.1712050888.txt.gz · Last modified: 2024/04/02 12:41 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki