Skip to content

Puppet-Finland/ansible-collection-puppeteers-keycloak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
meta
meta
 
 
plugins
plugins
 
 
roles/k3s
roles/k3s
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
galaxy.yml
galaxy.yml
 
 

Repository files navigation

Ansible Collection - puppeteers.keycloak

This Ansible collection contains code such as roles for managing Keycloak.

Roles

puppeteers.keycloak.k3s

This role uses Kubernetes Operator Lifecycle Manager to set up Keycloak Operator and thus install Keycloak on k3s. The role works in two phases:

  1. Setup phase, where Ansible copies yaml files to the to-be Keycloak host and applies them with "kubectl apply". This step create the namespace, serviceaccount, role and role binding. This phase also fetches server-ca.crt and generates a short-lived service account token. Both of those are used for authentication in the next phase.
  2. Keycloak configuration phase, where the role sets up all Kubernetes resources required by Keycloak. This is done using the kubernetes.core.k8s module.

You need to pass the following variables to it:

  • puppeteers_keycloak_k3s_namespace: namespace to use for the Keycloak Kubernetes resources
  • puppeteers_keycloak_k3s_host: Kubernetes API server URL. Example: "https://keycloak.example.org:6443".
  • puppeteers_keycloak_k3s_http_host: hostname for the IngressRoute. Example: "keycloak.example.org".
  • puppeteers_keycloak_k3s_db_username: PostgreSQL username for Keycloak.
  • puppeteers_keycloak_k3s_db_password: PostgreSQL password for Keycloak.
  • puppeteers_keycloak_k3s_starting_version: Version of Keycloak to install initially, for example 26.4.5. This gets passed to the end of the startingCSV parameter ("keycloak-operator.v24.6.5"). This has no effect beyond the initial Keycloak install: upgrades are handled by accepting Operator InstallPlans (see below).
  • puppeteers_keycloak_k3s_tls_secret_name: get TLS certificate and key from this secret, for example when using cert-manager for example. If this is left undefined default Traefik certificates will be used instead.

If you wish to use an external PostgreSQL database with Keycloak you can do it with these two variables:

  • puppeteers_keycloak_k3s_manage_postgres: set to false
  • puppeteers_keycloak_k3s_db_host: set to the hostname of the PostgreSQL server
  • puppeteers_keycloak_k3s_db_database: set to the name of the Keycloak database

To use a custom Keycloak image:

  • puppeteers_keycloak_k3s_keycloak_image: set to the something along the lines of repo.example.com/keycloak:26.4.6; the default value is the same as in keycloak/operator/src/main/resources/application.properties, i.e. quay.io/keycloak/keycloak:nightly`.

Make sure to follow the instructions in Customizing Keycloak and Running Keycloak in a container articles when building your custom image.

NOTE: Operator InstallPlan approval is set to Manual. This means that you need to approve the initial InstallPlan to get Keycloak running. On the Keycloak host do something like this:

$ kubectl get installplans -n keycloak
$ kubectl patch -n keycloak installplan install-xyz12 -p '{"spec":{"approved":true}}' --type merge

After a while Keycloak should be running.

License

This project is licensed under the BSD-2-Clause license. See LICENSE.

About

An Ansible collections with roles related to Keycloak management

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

8 tags

Packages

No packages published

Languages