Skip to content

Instantly share code, notes, and snippets.

@r00ta

r00ta/keycloak.yaml

Created June 22, 2021 12:49
Show Gist options
  • Save r00ta/b69c8b067a71745a8ea771045413a4e7 to your computer and use it in GitHub Desktop.
Save r00ta/b69c8b067a71745a8ea771045413a4e7 to your computer and use it in GitHub Desktop.
Download ZIP
keycloak.yaml
Raw
keycloak.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-realm
data:
baaas-realm-sample.json: |
{
"realm": "baaas",
"displayName": "BAaaS",
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"requiredCredentials": [ "password" ],
"users": [
{
"username": "admin",
"enabled": true,
"credentials": [
{
"type": "password",
"value": "123"
}
],
"applicationRoles": {
"realm-management": [
"manage-users",
"manage-clients"
],
"account": [
"manage-account"
]
}
},
{
"username": "kermit",
"enabled": true,
"credentials": [
{
"type": "password",
"value": "thefrog"
}
],
"applicationRoles": {
"cloud-services": [
"user"
],
"baaas-mcp": [
"user"
]
}
}
],
"roles": {
"realm": [],
"client": {
"baaas-mcp": [
{
"name": "user",
"composite": false,
"clientRole": true,
"containerId": "baaas-mcp"
}
],
"cloud-services": [
{
"name": "user",
"composite": false,
"clientRole": true,
"containerId": "cloud-services"
}
]
}
},
"defaultRoles": [],
"requiredCredentials": [
"password"
],
"scopeMappings": [],
"clients": [
{
"id": "e1bc1111-69ba-4bf2-b342-189e1c2a98ef",
"clientId": "baaas-mcp",
"surrogateAuthRequired": false,
"enabled": true,
"standardFlowEnabled": true,
"alwaysDisplayInConsole": false,
"directAccessGrantsEnabled": true,
"publicClient": true,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"*"
],
"webOrigins": [
"*"
],
"bearerOnly": false,
"protocol": "openid-connect"
},
{
"id": "e6b8dc94-8dbb-40e8-a32c-fbc352dce8fb",
"clientId": "cloud-services",
"enabled": true,
"alwaysDisplayInConsole": false,
"directAccessGrantsEnabled": true,
"fullScopeAllowed": true,
"clientAuthenticatorType": "client-secret",
"publicClient": true,
"redirectUris": [
"*"
],
"webOrigins": [
"*"
],
"bearerOnly": true
}
],
"keycloakVersion": "10.0.1"
}
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
spec:
ports:
- name: http
port: 8180
targetPort: 8180
selector:
app: keycloak
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:13.0.1
args: ["-b 0.0.0.0", "-Djboss.socket.binding.port-offset=100", "-Dkeycloak.import=/keycloak-config/baaas-realm-sample.json"]
volumeMounts:
- name: config-volume
mountPath: /keycloak-config
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "123"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
volumes:
- name: config-volume
configMap:
name: keycloak-realm
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: keycloak
spec:
to:
kind: Service
name: keycloak
port:
targetPort: 8180
tls:
termination: edge
wildcardPolicy: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment