These setup instructions are based on Keycloak - Guide - Keycloak on Kubernetes.
The instructions go into installing an Ingress for Keycloak. But we have Istio installed and we will be using the Istio Ingress to access Keycloak externally. The original
keycloak.yaml is modified and the
NodePort has been removed.
Note: This is a “ephemeral” installation of Keycloak, there is no database used for persistence. Sufficient for a workshop but not suitable for production use!
kubectl apply -f keycloak.yaml
kubectl get pods
It takes some time for the pod to start. Notice that there are two containers in the pod, one for Keycloak itself, the other is the Istio Envoy proxy:
kubectl get pod NAME READY STATUS RESTARTS AGE keycloak-5c7b8b7c4c-l7j4f 2/2 Running 0 3m6s
Continue when both containers are ready.
Open the Keycloak URL in your browser:
You may need to accept the security risk in your browser, we are using a self-signed certificate!
Note: This URL will work because we created a VirtualService in the previous exercise that maps the ‘/auth’ URI to the Keycloak service.
For the workshop we need our pre-configured realm.
In the Keycloak console, hover with your mouse pointer over “Master” in upper left corner.
Click on the blue “Add realm” button that appears.
Click on “Select file” and import the “quarkus-realm.json” file from the deployments directory.
The name will be “quarkus”, the “Create” button will be enabled. Click on “Create”.
Note: If you stop Minikube (maybe you want to continue tomorrow?) and later start it again, the Keycloak pod will be recreated. Our setup doesn’t use a database for persistence, hence the imported realm will be gone and the rest of the sample application will not start since it cannot retrieve data from Keycloak. You will need to repeat Step 5 of these instructions and then wait for the sample app to restart.
Try to create an access token:
curl -d "username=alice" -d "password=alice" -d "grant_type=password" -d "client_id=frontend" --insecure https://demo.k8s.local/auth/realms/quarkus/protocol/openid-connect/token | sed -n 's|.*"access_token":"\([^"]*\)".*|\1|p'
Continue with 5 - Deploy the microservices to Kubernetes