Differences

This shows you the differences between two versions of the page.

--- сервис_keycloak [2025/07/16 14:58]
val [REST API]
+++ сервис_keycloak [2025/11/14 14:29] (current)
val [Kubernetes]
@@ Line 1: / Line 1: @@
 ====== Сервис Keycloak ======
+  * [[Практические примеры Keycloak]]
 ===== Установка и запуск =====
@@ Line 19: / Line 20: @@
 ==== docker-compose ====
+  * Установка [[Технология Docker#docker-compose]]
   * [[https://swjm.blog/deploying-keycloak-with-ssl-in-just-10-minutes-46073e5cf699|Deploying Keycloak with SSL in just 10 minutes!]]
@@ Line 53: / Line 56: @@
   keycloak:
     image: quay.io/keycloak/keycloak:22.0.5
+#    image: quay.io/keycloak/keycloak:26.1.3
     container_name: keycloak
     restart: always
@@ Line 68: / Line 72: @@
       - KEYCLOAK_ADMIN=admin
       - KEYCLOAK_ADMIN_PASSWORD=strongpassword
+#      - KC_BOOTSTRAP_ADMIN_USERNAME=admin
+#      - KC_BOOTSTRAP_ADMIN_PASSWORD=strongpassword
       - KC_HTTPS_CERTIFICATE_FILE=/wild.crt
       - KC_HTTPS_CERTIFICATE_KEY_FILE=/wild.key
+#      - KC_PROXY_HEADERS=xforwarded
 #      - KC_DB=postgres
 #      - KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
@@ Line 106: / Line 113: @@
   * [[https://github.com/bitnami/charts/tree/keycloak/17.3.6/bitnami/keycloak]]
   * [[https://github.com/helm/helm/issues/11000|issues: helm search repo chart <oci-repo/oci-chart> --versions for OCI]]
+  * [[Сервис PostgreSQL]]
+  * Kubernetes [[Система Kubernetes#secrets tls]]
 <code>
 ~/$ helm repo add bitnami https://charts.bitnami.com/bitnami; helm search repo bitnami/keycloak --versions; helm repo remove bitnami
+...403 Forbidden
+~/$ KC_HC_VER=17.3.6
+~/$ #KC_HC_VER=25.2.0
 ~/$ mkdir keycloak; cd keycloak
-~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6
+~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak --version $KC_HC_VER
-~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | tee keycloak.yaml | less
+~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --version $KC_HC_VER | tee keycloak.yaml | less
 /PersistentVolumeClaim
 </code>
@@ Line 122: / Line 136: @@
 <code>
-~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | tee values.yaml.orig
+~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak --version $KC_HC_VER | tee values.yaml.orig
 ~/keycloak$ cat values.yaml
 </code><code>
+global:
+  security:
+    allowInsecureImages: true
+image:
+  repository: bitnamilegacy/keycloak
 auth:
   adminUser: admin
@@ Line 135: / Line 155: @@
   ingressClassName: nginx
   hostname: keycloak.corp13.un
+#  tls: true
+#  extraTls:
+#  - hosts:
+#    - keycloak.corp13.un
+#    secretName: keycloak-tls
 #replicaCount: 2
@@ Line 177: / Line 203: @@
 #    name: themes
 </code><code>
-~/keycloak$ ###helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version 17.3.6 | less
+~/keycloak$ ###helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version $KC_HC_VER | less
-~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --create-namespace --version 17.3.6
+~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version $KC_HC_VER --create-namespace
 ~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch
@@ Line 228: / Line 254: @@
     Client ID: any-client
     Valid redirect URIs: *
+может понадобиться включить
+    Direct access grants
 </code>
@@ Line 304: / Line 333: @@
   username ->
     LDAP Attribute: sAMAccountName
+</code>
+=== FreeIPA ===
+<code>
+Vendor: Other
+Connection URL: ldap://server.corpX.un
+Bind type: none
+  или, для выгрузки email
+Bind type: simple
+Bind DN: uid=admin,cn=users,cn=accounts,dc=corp13,dc=un
+Edit mode: READ_ONLY
+Users DN: cn=users,cn=compat,dc=corpX,dc=un
+Users DN: cn=users,cn=accounts,dc=corpX,dc=un
+...
+Username LDAP attribute: uid
+...
+RDN LDAP attribute: uid
+...
+UUID LDAP attribute: ipaAnchorUUID
+UUID LDAP attribute: uid
 </code>
@@ Line 374: / Line 427: @@
 <code>
-# cat keycloak.sh
+$ cat keycloak.sh
 </code><code>
 KEYCLOAK_URL=https://kc.corp.un
@@ Line 397: / Line 450: @@
 # -H "Authorization: Bearer ${ACCESS_TOKEN}" | jq
 #curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
-#curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/?q=username:admin" \
+#curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/?q=username:user1" \
 #curl -SskX POST "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/" \
 # -H "Content-Type: application/json" \
 # -H "Authorization: Bearer ${ACCESS_TOKEN}" \
-# --data-binary "@user1.json"
 # -d '{"username": "user1"}'
+# --data-binary "@user1.json"
 #curl -SskX PUT "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
@@ Line 416: / Line 469: @@
 # -d '{ "type": "password", "temporary": false, "value": "kcpassword1" }'
-#curl -SskX DELETE "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${UPD_USER_ID}" \
+#curl -SskX DELETE "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
 # -H "Authorization: Bearer ${ACCESS_TOKEN}"
 </code><code>
-# cat user1.json
+$ cat user1.json
 </code><code>
   {

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools