Official docs provide a way to deploy Keycloak
to local minikube
cluster. This however doesn't allow to test integration with 3rd-party services, as the URLs are not publicly resolvable. This is the MVP version of the Keycloak
deployment ready for testing any integrations.
Prerequisites:
- gcp account
kubectl
installed- own domain (can be a free one obtained from https://www.freenom.com/)
Once deployed, it can be accessed via https://<your-domain>/
(login:admin
, password: admin
)
- Create environment variables
export PROJECT=your-project # Your Google Cloud project ID.
export REGION=europe-west1-b # Your Google Cloud region.
export CLUSTER=keycloak
export [email protected]
export DOMAIN_NAME=your-domain.com
- Create cluster
gcloud container clusters create $CLUSTER --zone $REGION --preemptible --num-nodes=1
- Create
Keycloak
service and deployment
kubectl apply -f keycloak.yaml
- Create a static external IP address
gcloud compute addresses create ip-keycloak --global
You should see the new IP address listed:
gcloud compute addresses list
- Point your domain to the static external IP
In your domain DNS records create a new A
record (without a name) pointing to the static external IP and wait for the changes to propagate
- Create secret
kubectl apply -f secret.yaml
- Install cert-manager and create an issuer for Let's Encrypt staging
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml
kubectl apply -f issuer-letsencrypt-staging.yaml
- Create an Ingress
Edit keycloak-ingress.yaml
spec:
tls:
hosts:
- - your-domain.com
+ - your-real-domain.com
Then:
kubectl apply -f keycloak-ingress.yaml
Check progress with:
kubectl describe ingress keycloak
You may verify if all is set up correctly with:
curl -v --insecure https://$DOMAIN_NAME
- Cleanup
gcloud container clusters delete $CLUSTER --zone $REGION
gcloud compute addresses delete ip-keycloak --global