Security and Identity Installation
Keycloak-operator
-
Create namespace and secret:
kubectl create namespace security
kubectl -n security create secret generic keycloak-admin \
--from-literal=username=admin \
--from-literal=password="$(openssl rand -base64 12)" \
--type=Opaque \
--dry-run=client -o yaml | kubectl apply -f - -
Install operator:
helm upgrade --install keycloak-operator-helm keycloak-operator-helm/. \
-n security \
--create-namespace \
--values keycloak-operator-helm/values.yaml \
--wait --timeout 900s \
--dependency-update
Keycloak
-
Configure domain in
keycloak-helm/values-aws.yaml(replace%%DOMAIN%%) -
Install Keycloak:
helm upgrade --install keycloak keycloak-helm/. \
-n security \
--values keycloak-helm/values-aws.yaml \
--wait --timeout 900s \
--dependency-update
Access Keycloak at: https://keycloak.<your-domain>/auth/admin
OAuth2 Proxy
-
Create namespace:
kubectl create namespace oauth2-proxy -
Create OAuth2 secret:
kubectl create secret generic oauth2-proxy \
--namespace=oauth2-proxy \
--from-literal=client-id='codemie' \
--from-literal=client-secret="$(openssl rand -base64 12)" \
--from-literal=cookie-secret=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\n' | tr -- '+/' '-_' ; echo) \
--type=Opaque -
Copy Keycloak secret:
kubectl get secret keycloak-admin -n security -o yaml | sed '/namespace:/d' | kubectl apply -n oauth2-proxy -f - -
Configure domain in
oauth2-proxy/values-aws.yaml(replace%%DOMAIN%%) -
Install OAuth2 Proxy:
helm upgrade --install oauth2-proxy oauth2-proxy/. \
-n oauth2-proxy \
--values oauth2-proxy/values-aws.yaml \
--wait --timeout 900s \
--dependency-update
Next Steps
Proceed to Plugin Engine installation.