devonfw · maybeec · Dec 28, 2021 · Dec 22, 2021 · Dec 22, 2021
@@ -0,0 +1,9 @@
+apiVersion: v3
+name: Keycloak Helm template
+version: 1.0.0
+description: Helm chart template for Keycloak Kubernetes deployment
+appVersion: 1.0.0
+keywords:
+  - template
+maintainers:
+  - name: devon4j Developer
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress
+spec:
+  rules:
+  - host: {{ .Values.ingress.keycloak.host }}
+    http:
+      paths:
+      - path: "/"
+        pathType: Prefix
+        backend:
+            service:
+              name: {{ .Values.keycloak.service.name }}
+              port:
+                number: {{ .Values.ingress.keycloak.port }}
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: keycloak
+  labels:
+    app: keycloak
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: keycloak
+  template:
+    metadata:
+      labels:
+        app: keycloak
+    spec:
+      containers:
+      - name: keycloak
+        image: {{ .Values.keycloak.image.name }}:{{ .Values.keycloak.image.version }}
+        env:
+        - name: KEYCLOAK_USER
+          value: "admin"
+        - name: KEYCLOAK_PASSWORD
+          value: "admin"
+        - name: KEYCLOAK_LOGLEVEL
+          value: DEBUG
+        - name: WILDFLY_LOGLEVEL
+          value: DEBUG
+        ports:
+        - name: http
+          containerPort: {{ .Values.keycloak.ports.http }}
+        - name: https
+          containerPort: {{ .Values.keycloak.ports.https }}
+        readinessProbe:
+          httpGet:
+            path: /auth/realms/master
+            port: {{ .Values.keycloak.ports.http }}
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak
+  labels:
+    app: keycloak
+spec:
+  ports:
+  - name: http
+    port: {{ .Values.keycloak.service.port }}
+    targetPort: {{ .Values.keycloak.service.targetport }}
+  selector:
+    app: keycloak
+  type: ClusterIP
@@ -0,0 +1,20 @@
+# Keycloak configuration
+keycloak:
+  image:
+    name: "jboss/keycloak"
+    version: "latest"
+
+  ports:
+    http: 8080
+    https: 8443
+
+  service:
+    name: "keycloak"
+    port: 8080
+    targetport: 8080
+
+# Ingress configuration
+ingress:
+  keycloak:
+    host: "keycloak.localhost"
+    port: 8080
@@ -48,6 +48,10 @@ We recommend the following conventions:
 * this way you do not need any configuration or business knowledge inside your gateway as the routing can be implemented fully generic
 * use `app-id.` as a prefix to all permission groups/roles specific to your service to avoid name clashing in your central IAM
 
+=== Implementation hints
+* A Helm chart for the deployment of Keycloak in your Kubernetes environment can be found in the https://github.com/devonfw/solutions/blob/master/solutions/security_authentication/helm[GitHub repository of the devonfw solutions browser]
+* The https://github.com/devonfw-sample/devon4quarkus-reference/tree/master/documentation[devon4quarkus-product reference application] provides a documentation on how to integrate Keycloak into your Quarkus application to implement security mechanisms
+
 === Related documentations
 
 * https://github.com/devonfw/devon4j/blob/master/documentation/guide-access-control.asciidoc#authentication[devon4j authentication guide]
@@ -57,6 +61,7 @@ We recommend the following conventions:
 * https://www.keycloak.org/docs/latest/securing_apps/[Keycloak's securing apps guide]
 
 
+
 === IAM solutions
 
 * https://www.keycloak.org/[Keycloak]