Keycloak

Reference implementation of Keycloak.

This reference implementation deploys Keycloak.

Dependencies

• Kustomize
• an ingress controller or a Gateway API controller like:
  • ingress-nginx (enable-ssl-passthrough must be enabled)
• A GitOps CD tool like Argo CD or Flux CD

Configuration

The fully qualified domain name of your Keycloak instance needs to be configured in the HelmRelease and Ingress by patching the manifests in /overlays/local/kustomization.yaml.

Installation

Using for example Flux CD you can install the Keycloak implementation using the following Kustomization:

apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: keycloak
  namespace: flux-system
spec:
  interval: 1h
  sourceRef:
    kind: GitRepository
    name: flux-system
  path: ./apps/keycloak/overlays/local
  prune: true
  wait: true

SealedSecret

kubectl create secret generic keycloak \
  --namespace keycloak \
  --from-literal=KEYCLOAK_ADMIN_PASSWORD='YourSuperSecretPassword' \
  --dry-run=client -o yaml > secret.yaml

kubeseal \
  --format yaml \
  --name keycloak \
  --namespace keycloak \
  --controller-name=sealed-secrets-controller \
  --controller-namespace=sealed-secrets \
  < secret.yaml > sealed-secret.yaml

git add sealed-secret.yaml
rm secret.yaml