This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
сервис_keycloak [2024/02/17 06:00] val [cli] |
сервис_keycloak [2024/04/07 08:53] (current) val [Kubernetes] |
||
---|---|---|---|
Line 76: | Line 76: | ||
</code> | </code> | ||
- | ==== Kerberos ==== | + | ==== Kubernetes ==== |
* [[https://github.com/bitnami/charts/tree/main/bitnami/keycloak]] | * [[https://github.com/bitnami/charts/tree/main/bitnami/keycloak]] | ||
<code> | <code> | ||
- | student@server:~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak | tee values.yaml.orig | + | ~/$ mkdir keycloak; cd keycloak |
+ | |||
+ | ~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak | ||
+ | |||
+ | ~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak | tee keycloak.yaml | less | ||
+ | /PersistentVolumeClaim | ||
+ | </code> | ||
+ | |||
+ | * Kubernetes [[Система Kubernetes#Volumes]] | ||
+ | |||
+ | * [[https://www.keycloak.org/server/reverseproxy]] | ||
+ | <code> | ||
+ | ~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak | tee values.yaml.orig | ||
| | ||
- | student@server:~/keycloak$ cat values.yaml | + | ~/keycloak$ cat values.yaml |
</code><code> | </code><code> | ||
+ | image: | ||
+ | tag: 23.0.7-debian-12-r5 | ||
auth: | auth: | ||
adminUser: admin | adminUser: admin | ||
Line 92: | Line 106: | ||
enabled: true | enabled: true | ||
ingressClassName: nginx | ingressClassName: nginx | ||
- | hostname: kc.corp13.un | + | hostname: keycloak.corp13.un |
#global: | #global: | ||
# storageClass: local-path | # storageClass: local-path | ||
# storageClass: longhorn | # storageClass: longhorn | ||
+ | #replicaCount: 2 | ||
+ | #postgresql: | ||
+ | # enabled: true | ||
+ | # auth: | ||
+ | # postgresPassword: "strongpassword" | ||
+ | # username: bn_keycloak | ||
+ | # password: "strongpassword" | ||
</code><code> | </code><code> | ||
- | student@server:~/keycloak$ helm upgrade my-kc -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak --namespace my-kc-ns --create-namespace | + | ~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --create-namespace |
- | </code> | + | |
- | * [[Система Kubernetes#Volumes]] | + | ~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch |
+ | |||
+ | ~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres | ||
+ | |||
+ | $ ###helm delete my-keycloak -n my-keycloak-ns | ||
+ | </code> | ||
===== Подключение ===== | ===== Подключение ===== | ||
Line 125: | Line 150: | ||
===== Аутентификация пользователей WEB приложения ===== | ===== Аутентификация пользователей WEB приложения ===== | ||
- | <code> | + | <code> |
+ | Clients | ||
Create Client | Create Client | ||
+ | | ||
Client ID: test-cgi | Client ID: test-cgi | ||
Valid redirect URIs: http://gate.corpX.un/cgi-bin/test-cgi | Valid redirect URIs: http://gate.corpX.un/cgi-bin/test-cgi | ||
Line 138: | Line 165: | ||
* [[Материалы по Windows#Windows CA для Linux сервисов]] | * [[Материалы по Windows#Windows CA для Linux сервисов]] | ||
* [[Пакет OpenSSL#Импорт сертификата центра сертификации]] | * [[Пакет OpenSSL#Импорт сертификата центра сертификации]] | ||
+ | |||
+ | === curl === | ||
<code> | <code> | ||
- | gate# curl -d "client_id=any-client" \ | + | webinar# curl -d "client_id=any-client" \ |
-d "client_secret=anystring" \ | -d "client_secret=anystring" \ | ||
-d "grant_type=password" \ | -d "grant_type=password" \ | ||
Line 151: | Line 180: | ||
* [[https://jwt.io/|JWT.IO allows you to decode, verify and generate JWT]] | * [[https://jwt.io/|JWT.IO allows you to decode, verify and generate JWT]] | ||
+ | |||
+ | === Apache CGI приложение === | ||
* [[Сервис HTTP#Установка и запуск сервера Apache]] | * [[Сервис HTTP#Установка и запуск сервера Apache]] | ||
Line 263: | Line 294: | ||
Value: readwrite | Value: readwrite | ||
| | ||
+ | </code> | ||
+ | |||
+ | ===== Дополнительные материалы ===== | ||
+ | |||
+ | ==== K8S ==== | ||
+ | <code> | ||
+ | kube1:~/keycloak# diff keycloak.yaml keycloak.yaml.orig | ||
+ | 457,458c457 | ||
+ | < #kind: StatefulSet | ||
+ | < kind: Deployment | ||
+ | --- | ||
+ | > kind: StatefulSet | ||
+ | 472,476c471,475 | ||
+ | < # podManagementPolicy: Parallel | ||
+ | < # serviceName: my-keycloak-headless | ||
+ | < # updateStrategy: | ||
+ | < # rollingUpdate: {} | ||
+ | < # type: RollingUpdate | ||
+ | --- | ||
+ | > podManagementPolicy: Parallel | ||
+ | > serviceName: my-keycloak-headless | ||
+ | > updateStrategy: | ||
+ | > rollingUpdate: {} | ||
+ | > type: RollingUpdate | ||
</code> | </code> | ||