[keycloak-user] Fwd: Deploy keycloak to Kubernetes Cluster on GCP

William Nankap willyvic17 at gmail.com
Tue Nov 20 09:47:44 EST 2018


Hello Dimitry, thanks for your answer.

P.S. Probably THE article on how to enable HTTPS on management interface:
http://www.mastertheboss.com/jboss-server/jboss-security/securing-access-to-jboss-wildfly-management-console

1- Thanks


On Mon, 2018-11-19 at 22:11 +0300, Dmitry Telegin wrote:
> Hello William, answers inline,
>
> On Sun, 2018-11-18 at 02:11 +0100, William Nankap wrote:
> > Hi every one,
> >
> > when i deploy docker keycloak4.5.0.Final to kubernetes cluster on GCP i
can
> > normaly access to keycloak interface via the extern ip address on port
> > 8080. But i can't access to the WILDFLY Management Interface on port
9990.
>
> This is because by default Keycloak/Wildfly opens management ports (9990
and 9993) on the local IP only (127.0.0.1). To override this, you can
append the following to the command line of your image:
>
> -bmanagement=0.0.0.0
>
> This will bind management interface to all the IPs on the host. However,
you shouldn't access your plain HTTP management interface (9990) from the
external IP, but rather use HTTPS on port 9993. Google "Wildfly management
https" for how to configure it.
>
> Alternatively, you can use reverse proxy / load balancer to terminate SSL.
>
    1- How can i add this command  *-bmanagement=0.0.0.0* on my docker
image ? a link for help please

 2- i can access the standalone.xml but i can't modify. to access this i
run early the command
             *kubectl exec -it [PODNAME] /bin/bash*
          that open  *[**jboss at podname]$ cd
keycloak/standalone/configuration*
          how can i modify the standalone.xml?

3-  after deployed my keycloak docker on my cluster, i expose that by
create a service which is loadbalancer. i open port 80 that read keycloak
interface, but when i open port 9990 i get error connexion refused


> > My questions:
> >
> > 1/ What are the recommandation to use keycloak in production?
> >      a/ Install keycloak server side an wildfly server to use it
correctly?
> >      b/ Install only the keycloak server. How can i manage deployment
for
> > an app if i can't access to the wildfly management interface? Is it
> > imperativ to access it?
>
> You mean - should you install separate Keycloak and application server
instances, or is it possible to deploy WARs right into Keycloak? The answer
to the second question is yes in theory, but in practice this is not
recommended by many reasons.
>
> Your typical setup would include Keycloak as an identity and
authentication server, and another app server (Wildfly, Tomcat, Jetty etc.)
to host your actual applications that you want secured by Keycloak.
>
> >
> > 2/ Need you more details on my deployment to help me? If yes, which?
> >
> > 3/ How can i get the wildfly management interface on my GCP deployment
to
> > deploy my app?
>
> Please see above. Alternatively, you can use jboss-cli tool in the
container which operates locally and doesn't require external IP.
>
> Finally, you can deploy applications by simply dropping them into the
standalone/deployments directory.
>

1- i can't paste a file on this directory. may be i don't the good method.
can you help me?


> > 4/ Have you suggestions for me, the best way to use keycloak in
production?
> > Some support?
>
> Everything depends on your particular problem. The bare minimum is that
you should have a "real" DBMS (PostgreSQL, MySQL etc.) and not an embedded
one.
>
> >
> > I will be very thankful for your answer.
> >
> > Kindest regards...
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list