Exercise 1 - Setup Keycloak on Kubernetes

Step 1: Clone the project to your local machine

git clone https://github.com/thomassuedbroecker/keycloak-on-kubernetes-frontend-backend
cd keycloak-on-kubernetes-frontend-backend
ROOT_FOLDER=$(pwd)

Step 2: Apply the deployment specification

cd $ROOT_FOLDER/keycloak-deployment
kubectl apply -f deployment.yaml

Step 3: Verify the deployment with kubectl

1. Insert this command and verify the output.

kubectl get pods

Sample output:

NAME                      READY   STATUS    RESTARTS   AGE
keycloak-74d59dc658-8ttlp   1/1     Running   0          6m9s

Step 4: Apply the service specification

cd $ROOT_FOLDER/keycloak-deployment
kubectl apply -f service.yaml

Step 5: Verify the running Keycloak on Kubernetes

1. Get cluster (worker node) IP address

clusterip=$(ibmcloud ks workers --cluster cloud-native | awk '/Ready/ {print $2;exit;}')
echo $clusterip

Example output:

$ 184.172.247.228

1. Get nodeport to access the service

$ nodeport=$(kubectl get svc keycloak --ignore-not-found --output 'jsonpath={.spec.ports[*].nodePort}')
$ echo $nodeport

Example output:

$ 31347

1. Open keycloak in a browser

export keycloakurl=http://${clusterip}:${nodeport}
echo $keycloakurl

Example output:

$ http://184.172.247.228:31347

Step 6: Import the existing realm configuration

1. Open the Keycloak in a browser http://${clusterip}:${nodeport} select the Administration Console

1. Login to using the URL in your browser with user/admin and password/admin

The gif shows how to import the existing realm configuration.

1. Select Add realm

1. Choose for import Select file

1. Select existing realm configuration from folder /keycloak-realm-exports/cloud-native-starter-author-local-realm-export.json

1. Press Create

(Optional) Step 3: Verify the imported realm cloudnativestarter

1. Realm

The realm cloudnativestarter uses a OpenID Endpoint configuration..

1. Realm keys

The Key has the JavaWebToken (JWT) format and uses the RS256 asymmetric algorithm.

"RS256 (RSA Signature with SHA-256) is an asymmetric algorithm, and it uses a public/private key pair: the identity provider has a private (secret) key used to generate the signature, and the consumer of the JWT gets a public key to validate the signature. Since the public key, as opposed to the private key, doesn't need to be kept secured, most identity providers make it easily available for consumers to obtain and use (usually through a metadata URL)." Resource of this text

1. Client

Definition of the authors-cloud-native-starter client.

1. Client scope

1. Roles

Definition of the role authors-role-cloud-native-starter.

1. Groups

Definition of the group authors-cloud-native-starter.

1. Groups role mapping

The definition of the role authors-role-cloud-native-starter to the group authors-cloudnativestarter mapping.

Step 4: Add a user

1. Set Username: author-cloud-native-starter

1. Set Password in Credentials: 1234

1. Turn off temporary

1. Remove in the tab Details the Required User Action Update Password

Step 5: Add user to Group

1. Select in users the newly created user Author-cloud-native-starter and edit.

2. Open the tab Groups and select in Available Groups the newly creatd group authors-cloudnativestarter.

3. Now press Join