<#import "/templates/guide.adoc" as tmpl> <@tmpl.guide title="Openshift" summary="Get started with Keycloak on Openshift"> :links-admin-console: Keycloak Admin Console :links-account-console: Keycloak Account Console ## Before you start Install https://code-ready.github.io/crc/[Red Hat Code Ready Containers] and follow the steps in the documentation to install a local OpenShift cluster. Make sure the cluster is functional by executing the following command: [source,bash,subs="attributes+"] ---- crc status ---- If everything is OK you should see an output similar to this: [source,bash,subs="attributes+"] ---- CRC VM: Running OpenShift: Running ... ---- Log in as the user `developer`: [source,bash,subs="attributes+"] ---- oc login -u developer -p developer ---- For this guide, we are going to create a new project called `keycloak`. For that, execute the following command: [source,bash,subs="attributes+"] ---- oc new-project keycloak ---- ## Run Keycloak To spin up a Keycloak server in your project, execute the following command: [source,bash,subs="attributes+"] ---- oc process -f https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/openshift-examples/keycloak.yaml \ -p KEYCLOAK_ADMIN=admin \ -p KEYCLOAK_ADMIN_PASSWORD=admin \ -p NAMESPACE=keycloak \ | oc create -f - ---- Once the command above completes you should see a message similar to this: [source,bash,subs="attributes+"] ---- service/keycloak created route.route.openshift.io/keycloak created deploymentconfig.apps.openshift.io/keycloak created. ---- At this point, OpenShift is going to provision a Keycloak pod and related resources. As part of the process, OpenShift will try to pull the Keycloak server image. This might take some time depending on your network connection. To make sure Keycloak is provisioned, execute the following command: [source,bash,subs="attributes+"] ---- oc get pods ---- After a while you will see a message similar to this when the pod is ready: [source,bash,subs="attributes+"] ---- NAME READY STATUS RESTARTS AGE keycloak-1-deploy 0/1 Completed 0 1h keycloak-1-l9kdx 1/1 Running 0 1h ---- Once the server is provisioned, run the following command to find out the URLs of Keycloak: [source,bash,subs="attributes+"] ---- KEYCLOAK_URL=https://$(oc get route keycloak --template='{{ .spec.host }}') && echo "" && echo "Keycloak: $KEYCLOAK_URL" && echo "Keycloak Admin Console: $KEYCLOAK_URL/admin" && echo "Keycloak Account Console: $KEYCLOAK_URL/realms/myrealm/account" && echo "" ---- Remember these URLs as you will need them throughout this guide. The URL for the account console won't work right now as you will need to create the realm first. include::templates/realm-config.adoc[] include::templates/login-to-account.adoc[] include::templates/first-app.adoc[] include::templates/next.adoc[]