Skip to content

Instantly share code, notes, and snippets.

@clemenko

clemenko/keycloak_from_scratch.sh

Last active September 11, 2024 11:52
Show Gist options
  • Save clemenko/4759fd8cb548767285dd1fd2ae81de6c to your computer and use it in GitHub Desktop.
Save clemenko/4759fd8cb548767285dd1fd2ae81de6c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
keycloak_from_scratch.sh
#!/usr/bin/env bash
# simple script for installing rke2, helm, and keycloak
# clemenko
# https://github.com/bitnami/charts/tree/main/bitnami/keycloak
curl -sfL https://get.rke2.io | sh - && systemctl enable --now rke2-server.service && echo "export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$PATH:/usr/local/bin/:/var/lib/rancher/rke2/bin/" >> ~/.bashrc && source ~/.bashrc && curl -sfL https://get.hauler.dev | bash && curl -s https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
yum install -y nfs-utils cryptsetup iscsi-initiator-utils; systemctl enable --now iscsid
helm repo add longhorn https://charts.longhorn.io --force-update
helm upgrade -i longhorn longhorn/longhorn -n longhorn-system --create-namespace
# Good guide about the values : https://gerrit.opencord.org/plugins/gitiles/roc-helm-charts/+/refs/heads/master/keycloak/values.yaml
cat << EOF > values.yaml
auth:
adminUser: admin
adminPassword: Pa22word
adminIngress:
enabled: true
hostname: keycloak.192.168.1.182.sslip.io
keycloakConfigCli:
enabled: true
configuration:
master.json: |
{
"realm": "master",
"displayName": "rancher Keycloak",
"accessTokenLifespan": 86400,
"ssoSessionMaxLifespan": 86400,
"clients": [
{
"clientId": "rancher-roc-gui",
"name": "rancher ROC GUI",
"rootUrl": "http://rancher-roc-gui:31194",
"adminUrl": "http://rancher-roc-gui:31194",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"http://rancher-roc-gui:8183/*",
"http://localhost:8183/*",
"http://localhost:4200/*",
"http://rancher-roc-gui:31194/*"
],
"webOrigins": [
"http://localhost:8183",
"http://localhost:4200",
"http://rancher-roc-gui:8183",
"http://rancher-roc-gui:31194"
],
"protocol": "openid-connect",
"fullScopeAllowed": true,
"defaultClientScopes": [
"profile",
"email"
],
"optionalClientScopes": [
"roles",
"groups",
"offline_access"
]
}
],
"clientScopes": [
{
"name": "groups",
"description": "Groups scope",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "Groups Mapper",
"protocol": "openid-connect",
"protocolMapper": "oidc-group-membership-mapper",
"consentRequired": false,
"config": {
"full.path": "false",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"userinfo.token.claim": "true"
}
}
]
}
],
"groups": [
{
"name": "rancherROCAdmin",
"path": "/rancherROCAdmin"
}
],
"users": [
{
"username" : "andy",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "Alice",
"lastName" : "Admin",
"email" : "[email protected]",
"credentials": [
{
"type": "password",
"value": "password"
}
],
"realmRoles" : [ "default-roles-master" ],
"groups" : [ "/rancherROCAdmin" ],
"clientRoles": {
"account": [
"view-profile",
"manage-account"
]
},
}
]
}
EOF
helm upgrade -i keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --create-namespace -n keycloak -f values.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment