Re: [keycloak-user] Deploy keycloak to Kubernetes Cluster on GCP

Hello William, answers inline, On Sun, 2018-11-18 at 02:11 +0100, William Nankap wrote: This is because by default Keycloak/Wildfly opens management ports (9990 and 9993) on the local IP only (127.0.0.1). To override this, you can append the following to the command line of your image: -bmanagement=0.0.0.0 This will bind management interface to all the IPs on the host. However, you shouldn't access your plain HTTP management interface (9990) from the external IP, but rather use HTTPS on port 9993. Google "Wildfly management https" for how to configure it. Alternatively, you can use reverse proxy / load balancer to terminate SSL. You mean - should you install separate Keycloak and application server instances, or is it possible to deploy WARs right into Keycloak? The answer to the second question is yes in theory, but in practice this is not recommended by many reasons. Your typical setup would include Keycloak as an identity and authentication server, and another app server (Wildfly, Tomcat, Jetty etc.) to host your actual applications that you want secured by Keycloak. Please see above. Alternatively, you can use jboss-cli tool in the container which operates locally and doesn't require external IP. Finally, you can deploy applications by simply dropping them into the standalone/deployments directory. Everything depends on your particular problem. The bare minimum is that you should have a "real" DBMS (PostgreSQL, MySQL etc.) and not an embedded one.