Skip to main content

Keycloak

Overview

Keycloak is available as an add-on within Ankra's platform, providing an open-source identity and access management solution that supports single sign-on (SSO), identity brokering, and user federation. Keycloak offers comprehensive authentication and authorization capabilities, making it easy to secure applications and services.

Configuration Options

The Keycloak add-on offers configurable inputs that allow you to customize the deployment for your organization's needs. Below are the available inputs:

Inputs

  • Helm Chart Version
    This input sets the version of the Keycloak Helm chart to deploy.

    • Default: 24.0.0
    • Options:
      • 24.0.0 (default)
      • 22.2.1

    Example:

    helm_chart_version: "24.0.0"

  • Ingress Hostname
    This input defines the hostname for the Keycloak ingress. When set, it enables the ingress for Keycloak.

    • Default: ""

    Example:

    ingress_hostname: "keycloak.example.com"

  • Ingress TLS Provider
    This input specifies the TLS provider for securing the Keycloak ingress.

    • Default: letsencrypt
    • Options:
      • letsencrypt (default)
      • cloudflare

    Example:

    ingress_tls_provider: "letsencrypt"

  • Ingress DNS Target
    This input sets the DNS target for the Keycloak ingress, typically pointing to the cluster load balancer DNS name.

    • Default: $LOAD_BALANCER_DNS_NAME

    Example:

    ingress_dns_target: "$LOAD_BALANCER_DNS_NAME"

  • Replica Count
    This input sets the number of replicas for the Keycloak deployment.

    • Default: 1
    • Options:
      • 1 (default)
      • 2, 3, 4, 5

    Example:

    replica_count: "1"

  • Service Monitor Enabled
    This input allows you to enable or disable the service monitor for Prometheus.

    • Default: false
    • Options:
      • true
      • false (default)

    Example:

    service_monitor_enabled: "false"

  • Database Type
    This input specifies whether Keycloak should use an internal or external database.

    • Default: internal
    • Options:
      • internal (default)
      • external

    Example:

    database_type: "internal"

Usage

Deploying Keycloak

To deploy Keycloak in your Kubernetes cluster using Ankra, follow these steps:

  1. Access the Add-ons Section
    In Ankra's platform, navigate to the Add-ons section and select Keycloak from the list of available add-ons.

  2. Configure Inputs
    You will be prompted to configure the following inputs:

    • Helm Chart Version: Set the version of the Keycloak Helm chart to install.
    • Ingress Hostname: Define the ingress hostname.
    • Ingress TLS Provider: Choose the TLS provider (e.g., Let's Encrypt or Cloudflare).
    • Ingress DNS Target: Set the DNS target for the ingress.
    • Replica Count: Set the number of replicas for the Keycloak deployment.
    • Service Monitor Enabled: Optionally enable the service monitor for Prometheus.
    • Database Type: Choose whether to use an internal or external database.

    Example configuration:

    helm_chart_version: "24.0.0"
    ingress_hostname: "keycloak.example.com"
    ingress_tls_provider: "letsencrypt"
    ingress_dns_target: "$LOAD_BALANCER_DNS_NAME"
    replica_count: "1"
    service_monitor_enabled: "false"
    database_type: "internal"

  3. Access
    You can gain access from the URL you have provided during setup. You can get started with the admin account by extracting the admin-credentials secret and decode the secret data.