Differences

This shows you the differences between two versions of the page.

--- сервис_keycloak [2024/02/17 05:58]
val
+++ сервис_keycloak [2024/04/07 05:50]
val [Kubernetes]
@@ Line 76: / Line 76: @@
 </code>
-==== Kerberos ====
+==== Kubernetes ====
   * [[https://github.com/bitnami/charts/tree/main/bitnami/keycloak]]
 <code>
-student@server:~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak | tee values.yaml.orig
+~/$ mkdir keycloak; cd keycloak
+~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak
+~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak | tee keycloak.yaml | less
+/PersistentVolumeClaim
+</code>
+  * Kubernetes [[Система Kubernetes#Volumes]]
+  * [[https://www.keycloak.org/server/reverseproxy]]
+<code>
+~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak | tee values.yaml.orig
-student@server:~/keycloak$ cat values.yaml
+~/keycloak$ cat values.yaml
 </code><code>
 auth:
@@ Line 92: / Line 104: @@
   enabled: true
   ingressClassName: nginx
-  hostname: kc.corp13.un
+  hostname: keycloak.corp13.un
 #global:
 #  storageClass: local-path
 #  storageClass: longhorn
+#replicaCount: 2
+#postgresql:
+#  enabled: true
+#  auth:
+#    postgresPassword: "strongpassword"
+#    username: bn_keycloak
+#    password: "strongpassword"
 </code><code>
-student@server:~/keycloak$ helm upgrade my-kc -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak --namespace my-kc-ns --create-namespace
+~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --create-namespace
-</code>
-  * [[Система Kubernetes#Volumes]]
+~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch
+~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres
+$ ###helm delete my-keycloak -n my-keycloak-ns
+</code>
 ===== Подключение =====
-==== Браузер ====
   * https://keycloak.corpX.un/
@@ Line 125: / Line 148: @@
 ===== Аутентификация пользователей WEB приложения =====
 <code>
+Clients
   Create Client
     Client ID: test-cgi
     Valid redirect URIs: http://gate.corpX.un/cgi-bin/test-cgi
@@ Line 134: / Line 159: @@
 </code>
-==== cli ====
+==== Проверка ====
+  * [[Материалы по Windows#Windows CA для Linux сервисов]]
+  * [[Пакет OpenSSL#Импорт сертификата центра сертификации]]
+=== curl ===
 <code>
-curl -d "client_id=any-client" \
+webinar# curl -d "client_id=any-client" \
      -d "client_secret=anystring" \
      -d "grant_type=password" \
@@ Line 147: / Line 178: @@
   * [[https://jwt.io/|JWT.IO allows you to decode, verify and generate JWT]]
+=== Apache CGI приложение ===
   * [[Сервис HTTP#Установка и запуск сервера Apache]]
@@ Line 259: / Line 292: @@
         Value: readwrite
+</code>
+===== Дополнительные материалы =====
+==== K8S ====
+<code>
+kube1:~/keycloak# diff keycloak.yaml keycloak.yaml.orig
+,458c457
+< #kind: StatefulSet
+< kind: Deployment
+---
+> kind: StatefulSet
+,476c471,475
+< #  podManagementPolicy: Parallel
+< #  serviceName: my-keycloak-headless
+< #  updateStrategy:
+< #    rollingUpdate: {}
+< #    type: RollingUpdate
+---
+>   podManagementPolicy: Parallel
+>   serviceName: my-keycloak-headless
+>   updateStrategy:
+>     rollingUpdate: {}
+>     type: RollingUpdate
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools