User Tools
сервис_keycloak
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_keycloak [2024/08/31 12:19] val [Kubernetes] |
сервис_keycloak [2025/05/13 16:34] (current) val [Kubernetes] |
||
|---|---|---|---|
| Line 13: | Line 13: | ||
| server# wget https://github.com/keycloak/keycloak/releases/download/22.0.5/keycloak-22.0.5.zip | server# wget https://github.com/keycloak/keycloak/releases/download/22.0.5/keycloak-22.0.5.zip | ||
| - | server:~/keycloak-22.0.5# KEYCLOAK_ADMIN=root KEYCLOAK_ADMIN_PASSWORD='strongpassword' bin/kc.sh start-dev --https-certificate-file=/root/server.crt --https-certificate-key-file=/root/server.key | + | server:~/keycloak-22.0.5# KEYCLOAK_ADMIN=admin KEYCLOAK_ADMIN_PASSWORD='strongpassword' bin/kc.sh start-dev --https-certificate-file=/root/server.crt --https-certificate-key-file=/root/server.key |
| </code> | </code> | ||
| + | |||
| + | * [[http://192.168.X.10:8080/]] | ||
| ==== docker-compose ==== | ==== docker-compose ==== | ||
| Line 46: | Line 48: | ||
| # cat keycloak.yml | # cat keycloak.yml | ||
| </code><code> | </code><code> | ||
| - | version: '3' | + | #version: '3' |
| services: | services: | ||
| Line 64: | Line 66: | ||
| #- "/etc/krb5.keytab:/etc/krb5.keytab" | #- "/etc/krb5.keytab:/etc/krb5.keytab" | ||
| environment: | environment: | ||
| - | - KEYCLOAK_ADMIN=root | + | - KEYCLOAK_ADMIN=admin |
| - KEYCLOAK_ADMIN_PASSWORD=strongpassword | - KEYCLOAK_ADMIN_PASSWORD=strongpassword | ||
| - KC_HTTPS_CERTIFICATE_FILE=/wild.crt | - KC_HTTPS_CERTIFICATE_FILE=/wild.crt | ||
| - KC_HTTPS_CERTIFICATE_KEY_FILE=/wild.key | - KC_HTTPS_CERTIFICATE_KEY_FILE=/wild.key | ||
| + | # - KC_DB=postgres | ||
| + | # - KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak | ||
| + | # - KC_DB_USERNAME=keycloak | ||
| + | # - KC_DB_PASSWORD=strongpassword | ||
| command: | command: | ||
| - start-dev | - start-dev | ||
| + | # depends_on: | ||
| + | # - postgres | ||
| + | # postgres: | ||
| + | # image: postgres:15.6 | ||
| + | # container_name: postgres_db | ||
| + | # volumes: | ||
| + | # - postgres_data:/var/lib/postgresql/data | ||
| + | # environment: | ||
| + | # POSTGRES_DB: keycloak | ||
| + | # POSTGRES_USER: keycloak | ||
| + | # POSTGRES_PASSWORD: strongpassword | ||
| + | #volumes: | ||
| + | # postgres_data: | ||
| </code><code> | </code><code> | ||
| # docker-compose -f keycloak.yml up -d | # docker-compose -f keycloak.yml up -d | ||
| # docker logs keycloak -f | # docker logs keycloak -f | ||
| + | |||
| + | # ###docker exec -ti postgres_db psql -U keycloak | ||
| + | |||
| + | # ###docker-compose -f keycloak.yml down | ||
| </code> | </code> | ||
| Line 79: | Line 102: | ||
| * [[https://github.com/bitnami/charts/tree/main/bitnami/keycloak]] | * [[https://github.com/bitnami/charts/tree/main/bitnami/keycloak]] | ||
| + | * [[https://github.com/bitnami/charts/tree/keycloak/17.3.6/bitnami/keycloak]] | ||
| * [[https://github.com/helm/helm/issues/11000|issues: helm search repo chart <oci-repo/oci-chart> --versions for OCI]] | * [[https://github.com/helm/helm/issues/11000|issues: helm search repo chart <oci-repo/oci-chart> --versions for OCI]] | ||
| Line 109: | Line 133: | ||
| ingressClassName: nginx | ingressClassName: nginx | ||
| hostname: keycloak.corp13.un | hostname: keycloak.corp13.un | ||
| + | #replicaCount: 2 | ||
| + | |||
| #global: | #global: | ||
| # storageClass: local-path | # storageClass: local-path | ||
| # storageClass: longhorn | # storageClass: longhorn | ||
| - | #replicaCount: 2 | ||
| - | #postgresql: | ||
| - | # enabled: true | ||
| # auth: | # auth: | ||
| # postgresPassword: "strongpassword" | # postgresPassword: "strongpassword" | ||
| # username: bn_keycloak | # username: bn_keycloak | ||
| # password: "strongpassword" | # password: "strongpassword" | ||
| + | |||
| + | #postgresql: | ||
| + | # enabled: false | ||
| + | #externalDatabase: | ||
| + | # host: "my-postgres-postgresql.my-postgres-ns" | ||
| + | # host: "my-pgcluster-rw.my-pgcluster-ns" | ||
| + | # host: "my-pgpooler.my-pgcluster-ns" | ||
| + | # port: 5432 | ||
| + | # user: keycloak | ||
| + | # database: keycloak | ||
| + | # password: strongpassword | ||
| + | |||
| + | #extraVolumeMounts: | ||
| + | #- mountPath: /opt/bitnami/keycloak/themes | ||
| + | # name: themes | ||
| + | #extraVolumes: | ||
| + | #- emptyDir: {} | ||
| + | # name: themes | ||
| + | |||
| + | #initContainers: | ||
| + | #- name: get-theme | ||
| + | # image: curlimages/curl | ||
| + | # command: ["/bin/sh", "-c"] | ||
| + | # args: | ||
| + | # - | | ||
| + | # cd /opt/bitnami/keycloak/themes/ | ||
| + | # curl https://val.bmstu.ru/unix/Media/mytheme.tgz | tar -xvzf - | ||
| + | # securityContext: | ||
| + | # runAsUser: 1001 | ||
| + | # volumeMounts: | ||
| + | # - mountPath: /opt/bitnami/keycloak/themes | ||
| + | # name: themes | ||
| </code><code> | </code><code> | ||
| ~/keycloak$ ###helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version 17.3.6 | less | ~/keycloak$ ###helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version 17.3.6 | less | ||
| Line 126: | Line 181: | ||
| ~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch | ~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch | ||
| - | ~/keycloak$ curl -v http://nodeN/ -H "Host: keycloak.corp13.un" | + | ~/keycloak# kubectl -n my-keycloak-ns logs statefulsets/my-keycloak -f |
| - | ~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres | + | ~/keycloak$ curl -v http://kubeN/ -H "Host: keycloak.corp13.un" |
| + | ~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres | ||
| + | </code> | ||
| + | * [[Система Kubernetes#Остановка сервиса]] | ||
| + | <code> | ||
| $ ###helm delete my-keycloak -n my-keycloak-ns | $ ###helm delete my-keycloak -n my-keycloak-ns | ||
| $ ###kubectl delete ns my-keycloak-ns | $ ###kubectl delete ns my-keycloak-ns | ||
| Line 305: | Line 364: | ||
| ===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== API ==== | ||
| + | |||
| + | * [[https://gist.github.com/luciddreamz/83a888eedd9274b4045a3ab8af064faa|luciddreamz/keycloak.sh]] | ||
| + | |||
| + | <code> | ||
| + | debian:~# cat keycloak.sh | ||
| + | #!/bin/bash | ||
| + | |||
| + | #export KEYCLOAK_URL=https://portal.bmstu.ru | ||
| + | export KEYCLOAK_URL=https://portal-demo.bmstu.ru | ||
| + | export KEYCLOAK_REALM=ph | ||
| + | export KEYCLOAK_CLIENT_ID=superuser | ||
| + | export KEYCLOAK_CLIENT_SECRET=XXXXXXXXXXXXXXXXXXXX | ||
| + | #export USER_ID=391530c1-c4f2-4838-bb95-def2c8e37e57 | ||
| + | |||
| + | export TKN=$(curl -X POST "${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \ | ||
| + | -d "username=${KEYCLOAK_CLIENT_ID}" \ | ||
| + | -d "password=${KEYCLOAK_CLIENT_SECRET}" \ | ||
| + | -d 'grant_type=password' \ | ||
| + | -d 'client_id=ph-master' | jq -r '.access_token') | ||
| + | |||
| + | echo $TKN | ||
| + | |||
| + | #curl -vvv -X GET "${KEYCLOAK_URL}/auth/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \ | ||
| + | curl -vvv -X GET "${KEYCLOAK_URL}/auth/admin/realms/${KEYCLOAK_REALM}/users/?q=username:ivanovii" \ | ||
| + | -H "Accept: application/json" \ | ||
| + | -H "Authorization: Bearer ${TKN}" | jq . | ||
| + | |||
| + | </code> | ||
| ==== K8S ==== | ==== K8S ==== | ||
сервис_keycloak.1725095990.txt.gz · Last modified: 2024/08/31 12:19 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
