[keycloak-user] Deploy keycloak to Kubernetes Cluster on GCP

Dmitry Telegin dt at acutus.pro
Mon Nov 19 14:29:24 EST 2018 

P.S. Probably THE article on how to enable HTTPS on management interface:
http://www.mastertheboss.com/jboss-server/jboss-security/securing-access-to-jboss-wildfly-management-console

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro 

On Mon, 2018-11-19 at 22:11 +0300, Dmitry Telegin wrote:
> Hello William, answers inline,
> 
> On Sun, 2018-11-18 at 02:11 +0100, William Nankap wrote:
> > Hi every one,
> > 
> > when i deploy docker keycloak4.5.0.Final to kubernetes cluster on GCP i can
> > normaly access to keycloak interface via the extern ip address on port
> > 8080. But i can't access to the WILDFLY Management Interface on port 9990.
> 
> This is because by default Keycloak/Wildfly opens management ports (9990 and 9993) on the local IP only (127.0.0.1). To override this, you can append the following to the command line of your image:
> 
> -bmanagement=0.0.0.0
> 
> This will bind management interface to all the IPs on the host. However, you shouldn't access your plain HTTP management interface (9990) from the external IP, but rather use HTTPS on port 9993. Google "Wildfly management https" for how to configure it.
> 
> Alternatively, you can use reverse proxy / load balancer to terminate SSL.
> 
> > My questions:
> > 
> > 1/ What are the recommandation to use keycloak in production?
> >      a/ Install keycloak server side an wildfly server to use it correctly?
> >      b/ Install only the keycloak server. How can i manage deployment for
> > an app if i can't access to the wildfly management interface? Is it
> > imperativ to access it?
> 
> You mean - should you install separate Keycloak and application server instances, or is it possible to deploy WARs right into Keycloak? The answer to the second question is yes in theory, but in practice this is not recommended by many reasons.
> 
> Your typical setup would include Keycloak as an identity and authentication server, and another app server (Wildfly, Tomcat, Jetty etc.) to host your actual applications that you want secured by Keycloak.
> 
> > 
> > 2/ Need you more details on my deployment to help me? If yes, which?
> > 
> > 3/ How can i get the wildfly management interface on my GCP deployment to
> > deploy my app?
> 
> Please see above. Alternatively, you can use jboss-cli tool in the container which operates locally and doesn't require external IP.
> 
> Finally, you can deploy applications by simply dropping them into the standalone/deployments directory.
> 
> > 4/ Have you suggestions for me, the best way to use keycloak in production?
> > Some support?
> 
> Everything depends on your particular problem. The bare minimum is that you should have a "real" DBMS (PostgreSQL, MySQL etc.) and not an embedded one.
> 
> > 
> > I will be very thankful for your answer.
> > 
> > Kindest regards...
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list