Giters

al-matari / keycloak-cloud-native-demo

Demo for Keycloak features around cloud-nativeness

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Keycloak Cloud Native demo

Minikube CI status

This project shows how to integrate Keycloak in a Cloud Native environment:

  • Deploying Keycloak with its Operator.

  • Collecting metrics from Keycloak and showing them in Grafana.

  • Using Keycloak as an Identity and Access Management (IAM) solution for Grafana.

This is a setup for exploring and training. It is not a setup for production as not all ports have been locked down and secured for the ease of exploration.

About

This is a project I use for demos. It contains a fully scripted setup for:

  1. Setting up Minikube.

  2. Deploying Keycloak using the Keycloak Operator.

  3. Deploying Prometheus and Grafana.

  4. Configuring Keycloak to:

    • Publish metrics to Prometheus.

    • Act as a Single-Sign-On provider for Grafana.

  5. Configure Grafana to:

    • Use Keycloak as a Single-Sign-On provider.

    • Present a dashboard with metrics from Keycloak

Prepare

  • Install task, helm, jq and bash for automation

  • Install minikube as a Kubernetes runtime

  • Install kubectl to interact with minikube

Note
 This project is a minimized version of the keycloak-benchmark project. For more detailed instructions on how to install the tools, visit the installation documentation of keycloak-benchmark.

Install

  1. Run ./rebuild.sh to prepare an empty running minikube instance

  2. Run task to perform all tasks listed in the Taskfile.yaml

Verify

  1. Run the script ./isup.sh to verify that all services are running. It then shows output similar to the following:

    https://prometheus.192.168.39.120.nip.io/ is up
https://keycloak.192.168.39.120.nip.io/ is up
https://grafana.192.168.39.120.nip.io/ is up

  2. Click on the link for Keycloak and log in with the user admin and the password admin.

  3. Click on the link for Grafana. As you already logged in before, you won’t see another login screen.

Explore

Have a look around and discover the following:

Keycloak

  1. The client grafana that is visible in the UI is created by the script setup-grafana-in-keycloak.sh

  2. It also exposes the realm roles in the userinfo endpoint; this is set up in the client profile roles and its mapper realm roles.

Keycloak Operator

  1. The file keycloak/templates/keycloak.yaml contains the information for the operator to deploy Keycloak.

Grafana

  1. The file monitoring.yaml contains the OpenID connect configuration. Some of the parameters are overwritten when calling helm with the actual URLs from the Taskfile.yaml.

  2. In the web UI, go to the user profile (click on the avatar in the lower left corner, then on the email address), and see that the user has Admin privileges, as the user has the realm role admin.

Use the following image as a map of the installed components:

minikube runtime view.dio

Further reading

For load testing and more advanced features, have a look at the keycloak-benchmark project which includes an OpenTelemetry and a variety of different Keycloak configurations.

About

Demo for Keycloak features around cloud-nativeness

License:Apache License 2.0

Languages

Language:Shell 100.0%