2023-02-09 09:29:41 +00:00
<#import "/templates/guide.adoc" as tmpl>
<@tmpl.guide
title="Kubernetes"
summary="Get started with Keycloak on Kubernetes">
:links-admin-console: Keycloak Admin Console
:links-account-console: Keycloak Account Console
2023-02-13 07:40:02 +00:00
== Before you start
2023-02-09 09:29:41 +00:00
Make sure you have Minikube installed, ideally with the Ingress addon enabled.
2023-02-20 12:58:57 +00:00
To check if you have the Ingress addon enabled, enter the following command:
2023-02-09 09:29:41 +00:00
[source,bash,subs="attributes+"]
----
minikube addons list
----
2023-02-20 12:58:57 +00:00
If the Ingress addon is not enabled, enter the following command to enable it:
2023-02-09 09:29:41 +00:00
[source,bash,subs="attributes+"]
----
minikube addons enable ingress
----
2023-02-20 12:58:57 +00:00
== Start Keycloak
2023-02-09 09:29:41 +00:00
The Keycloak QuickStarts repository includes some example files to help deploy Keycloak to Kubernetes.
2023-02-20 12:58:57 +00:00
As a first step, create the Keycloak deployment and service by entering the following command:
2023-02-09 09:29:41 +00:00
[source,bash,subs="attributes+"]
----
2023-05-29 22:29:59 +00:00
kubectl create -f https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes/keycloak.yaml
2023-02-09 09:29:41 +00:00
----
2023-02-20 12:58:57 +00:00
This command starts Keycloak on Kubernetes and creates an initial admin user with the username `admin` and password
2023-02-09 09:29:41 +00:00
`admin`.
2023-02-13 07:40:02 +00:00
=== Access Keycloak with Ingress addon enabled
2023-02-09 09:29:41 +00:00
2023-02-20 12:58:57 +00:00
Now create an Ingress for Keycloak by entering the following command:
2023-02-09 09:29:41 +00:00
[source,bash,subs="attributes+"]
----
2023-05-29 22:29:59 +00:00
wget -q -O - https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes/keycloak-ingress.yaml | \
2023-02-09 09:29:41 +00:00
sed "s/KEYCLOAK_HOST/keycloak.$(minikube ip).nip.io/" | \
kubectl create -f -
----
2023-02-20 12:58:57 +00:00
If `wget` and `sed` are not available, download the file and manually edit the file replacing `KEYCLOAK_HOST`
2023-02-09 09:29:41 +00:00
with `keycloak.<minikube ip address>.nip.io`.
2023-02-20 12:58:57 +00:00
Enter the following command to see the Keycloak URLs:
2023-02-09 09:29:41 +00:00
[source,bash,subs="attributes+"]
----
KEYCLOAK_URL=https://keycloak.$(minikube ip).nip.io &&
echo "" &&
echo "Keycloak: $KEYCLOAK_URL" &&
echo "Keycloak Admin Console: $KEYCLOAK_URL/admin" &&
echo "Keycloak Account Console: $KEYCLOAK_URL/realms/myrealm/account" &&
echo ""
----
2023-02-13 07:40:02 +00:00
=== Access Keycloak without Ingress
2023-02-09 09:29:41 +00:00
2023-02-20 12:58:57 +00:00
If the Ingress addon is not enabled, enter the following command in a separate shell:
2023-02-09 09:29:41 +00:00
[source,bash,subs="attributes+"]
----
minikube tunnel
----
2023-02-20 12:58:57 +00:00
You can now access Keycloak from the following URL:
2023-02-09 09:29:41 +00:00
[source,bash,subs="attributes+"]
----
KEYCLOAK_URL=http://$(minikube ip):$(kubectl get services/keycloak -o go-template='{{(index .spec.ports 0).nodePort}}') &&
echo "" &&
echo "Keycloak: $KEYCLOAK_URL" &&
echo "Keycloak Admin Console: $KEYCLOAK_URL/admin" &&
echo "Keycloak Account Console: $KEYCLOAK_URL/realms/myrealm/account" &&
echo ""
----
2023-05-04 09:04:44 +00:00
Remember these URLs. You need them as you follow the instructions in this {section}. The URL for the Account Console does not work yet as you need to create the realm first.
2023-02-09 09:29:41 +00:00
include::templates/realm-config.adoc[]
include::templates/login-to-account.adoc[]
include::templates/first-app.adoc[]
include::templates/next.adoc[]
</@tmpl.guide>
