Differences

This shows you the differences between two versions of the page.

--- сервис_keycloak [2025/04/24 10:35]
val [Kubernetes]
+++ сервис_keycloak [2025/08/18 16:46] (current)
val [docker-compose]
@@ Line 13: / Line 13: @@
 server# wget https://github.com/keycloak/keycloak/releases/download/22.0.5/keycloak-22.0.5.zip
-server:~/keycloak-22.0.5# KEYCLOAK_ADMIN=root KEYCLOAK_ADMIN_PASSWORD='strongpassword' bin/kc.sh start-dev --https-certificate-file=/root/server.crt --https-certificate-key-file=/root/server.key
+server:~/keycloak-22.0.5# KEYCLOAK_ADMIN=admin KEYCLOAK_ADMIN_PASSWORD='strongpassword' bin/kc.sh start-dev --https-certificate-file=/root/server.crt --https-certificate-key-file=/root/server.key
 </code>
+  * [[http://192.168.X.10:8080/]]
 ==== docker-compose ====
+  * Установка [[Технология Docker#docker-compose]]
   * [[https://swjm.blog/deploying-keycloak-with-ssl-in-just-10-minutes-46073e5cf699|Deploying Keycloak with SSL in just 10 minutes!]]
@@ Line 46: / Line 50: @@
 # cat keycloak.yml
 </code><code>
-version: '3'
+#version: '3'
 services:
   keycloak:
     image: quay.io/keycloak/keycloak:22.0.5
+#    image: quay.io/keycloak/keycloak:26.1.3
     container_name: keycloak
     restart: always
@@ Line 66: / Line 71: @@
       - KEYCLOAK_ADMIN=admin
       - KEYCLOAK_ADMIN_PASSWORD=strongpassword
+#      - KC_BOOTSTRAP_ADMIN_USERNAME=admin
+#      - KC_BOOTSTRAP_ADMIN_PASSWORD=strongpassword
       - KC_HTTPS_CERTIFICATE_FILE=/wild.crt
       - KC_HTTPS_CERTIFICATE_KEY_FILE=/wild.key
+#      - KC_PROXY_HEADERS=xforwarded
 #      - KC_DB=postgres
-#      - KC_DB_URL=jdbc:postgresql://172.17.0.1:5432/keycloak
+#      - KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
 #      - KC_DB_USERNAME=keycloak
 #      - KC_DB_PASSWORD=strongpassword
@@ Line 91: / Line 99: @@
 # docker logs keycloak -f
+# ###docker inspect keycloak -f {{.NetworkSettings.Networks.root_default.IPAddress}}
+# ###docker exec -ti postgres_db psql -U keycloak
+# ###docker-compose -f keycloak.yml down
 </code>
@@ Line 141: / Line 155: @@
 #externalDatabase:
 #  host: "my-postgres-postgresql.my-postgres-ns"
+#  host: "my-pgcluster-rw.my-pgcluster-ns"
+#  host: "my-pgpooler.my-pgcluster-ns"
 #  port: 5432
 #  user: keycloak
@@ Line 173: / Line 189: @@
 ~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch
-~/keycloak$ curl -v http://nodeN/ -H "Host: keycloak.corp13.un"
+~/keycloak# kubectl -n my-keycloak-ns logs statefulsets/my-keycloak -f
-~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres
+~/keycloak$ curl -v http://kubeN/ -H "Host: keycloak.corp13.un"
+~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres
+</code>
+  * [[Система Kubernetes#Остановка сервиса]]
+<code>
 $ ###helm delete my-keycloak -n my-keycloak-ns
 $ ###kubectl delete ns my-keycloak-ns
@@ Line 349: / Line 369: @@
         Value: readwrite
+</code>
+===== REST API =====
+  * [[https://www.keycloak.org/docs-api/latest/rest-api/index.html]]
+  * [[https://jwt.io/|JWT.IO allows you to decode, verify and generate JWT]]
+  * [[https://steve-mu.medium.com/create-new-user-in-keycloak-with-admin-restful-api-e6e868b836b4]]
+  * [[Утилита jq]]
+<code>
+# cat keycloak.sh
+</code><code>
+KEYCLOAK_URL=https://kc.corp.un
+KEYCLOAK_REALM=master
+KEYCLOAK_USERNAME=admin
+KEYCLOAK_PASSWORD=strongpassword
+KEYCLOAK_CLIENT_ID=admin-cli
+ACCESS_TOKEN=$(curl -SskX POST "${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \
+ -d "username=${KEYCLOAK_USERNAME}" \
+ -d "password=${KEYCLOAK_PASSWORD}" \
+ -d "grant_type=password" \
+ -d "client_id=${KEYCLOAK_CLIENT_ID}" | jq -r '.access_token')
+echo $ACCESS_TOKEN
+#exit 0
+#USER_ID=6c43d042-2674-4bee-82a5-b31713a15093
+#curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}" | jq
+#curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
+#curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/?q=username:admin" \
+#curl -SskX POST "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/" \
+# -H "Content-Type: application/json" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+# --data-binary "@user1.json"
+# -d '{"username": "user1"}'
+#curl -SskX PUT "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
+# -H "Content-Type: application/json" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+# --data-binary "@user1.json"
+# -d '{"firstName": "Ivan"}'
+#curl -kX PUT "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}/reset-password" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+# -H "Content-Type: application/json" \
+# -d '{ "type": "password", "temporary": false, "value": "kcpassword1" }'
+#curl -SskX DELETE "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${UPD_USER_ID}" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}"
+</code><code>
+# cat user1.json
+</code><code>
+  {
+    "username": "user1",
+    "email": "user1@corp.un",
+    "firstName": "Иван",
+    "lastName": "Иванов",
+    "enabled": true,
+    "emailVerified": true
+  }
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools