| The purpose of this ticket is to verify that the keycloak example app we have in the voyager server repo does work on OpenShift with a keycloak instance provisioned in OpenShift. The keycloak example is here: https://github.com/aerogear/apollo-voyager-server/tree/master/examples/keycloak There is a guide for getting the keycloak example running locally which should be followed: https://github.com/aerogear/apollo-voyager-server/blob/master/doc/guides/examples.md#keycloak-example How does the example app know how to talk to keycloak? The basic idea is that there is a keycloak config file somewhere and the app attempts to read that file in. That file tells the app how to talk to keycloak. You can see that happening in the example here: https://github.com/aerogear/apollo-voyager-server/blob/master/examples/keycloak/server.js#L10 First you will need to modify the example app to read the file path as an environment variable. The code would be something like this:
const keycloakConfigPath = process.env.KEYCLOAK_CONFIG || path.resolve(__dirname, './config/keycloak.json') |
const keycloakConfig = JSON.parse(fs.readFileSync(keycloakConfigPath))
|
This will ensure it works in OpenShift. Then you will need to do the following:
- Create a dockerfile for the keycloak example
- Ensure the container can run locally against the local keycloak instance (set up as part of the guide linked above)
- Push this image to the aerogear dockerhub
- Provision keycloak inside OpenShift using the keycloak APB
- Provision the keycloak example app that you pushed to dockerhub using the sync-app-apb
- Set up the integration between the example app and the keycloak instance
How will the integration work? Some things to be aware of (this is my understanding which might be slightly inaccurate in places)
- When keycloak is provisioned a default realm will be created.
- You can bind the keycloak service to the example app. This will result in a new secret being created in OpenShift that will have a bunch of properties. One of these properties is called `config`. This config contains the configuration data the example app needs in order to talk to keycloak. It will be configured to talk to that default realm already created in keycloak.
- In the OpenShift console, you will be able to mount the keycloak binding secret into the container. Mount the secret as a file (not an environment variable)
- Use the Openshift console to go into the terminal of the container and verify that a bunch of keycloak files have been mounted in there. Ensure that a file called `config` was mounted.
- Now the application will need to be able to read this file.
- You will probably need to set an environment variable on the running container `KEYCLOAK_CONFIG=<path you mounted the secret/config>`
- Restart the container and it should successfully read in the file.
The next steps are to set up the keycloak realm to ensure your app has some users and roles and login functionality enabled. If you load the following realm-export.json into a local keycloak instance, you will see which settings you need to make to the realm in the keycloak instance on OpenShift. https://github.com/aerogear/apollo-voyager-server/blob/master/examples/keycloak/config/realm-export.json The following blog post by Austin also has really simple to follow steps for setting up the keycloak realm https://codeburst.io/keycloak-and-express-7c71693d507a |
