keycloak-containers | ARCHIVED Containers for the no longer supported WildFly | Identity Management library

by keycloak Shell Version: 19.0.3 License: Non-SPDX

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | keycloak-containers Summary

keycloak-containers is a Shell library typically used in Security, Identity Management, Gradle, Docker applications. keycloak-containers has no bugs, it has no vulnerabilities and it has medium support. However keycloak-containers has a Non-SPDX License. You can download it from GitHub.

Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. This repository contains Docker images related to the legacy WildFly distribution of Keycloak.

Support

Quality

Security

License

Reuse

Support

keycloak-containers has a medium active ecosystem.

It has 1441 star(s) with 1321 fork(s). There are 58 watchers for this library.

It had no major release in the last 6 months.

There are 0 open issues and 70 have been closed. On average issues are closed in 224 days. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of keycloak-containers is 19.0.3

Quality

keycloak-containers has 0 bugs and 0 code smells.

Security

keycloak-containers has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

keycloak-containers code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

keycloak-containers has a Non-SPDX License.

Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.

Reuse

keycloak-containers releases are not available. You will need to build from source code and install.

Installation instructions, examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of keycloak-containers

Get all kandi verified functions for this library.

keycloak-containers Key Features

No Key Features are available at this moment for keycloak-containers.

keycloak-containers Examples and Code Snippets

No Code Snippets are available at this moment for keycloak-containers.

Community Discussions

Trending Discussions on keycloak-containers

Deploying a Keycloak HA cluster to kubernetes | Pods are not discovering each other

QUESTION

Deploying a Keycloak HA cluster to kubernetes | Pods are not discovering each other

Asked 2022-Feb-05 at 13:58

I'm trying to deploy a HA Keycloak cluster (2 nodes) on Kubernetes (GKE). So far the cluster nodes (pods) are failing to discover each other in all the cases as of what I deduced from the logs. Where the pods initiate and the service is up but they fail to see other nodes.

Components

PostgreSQL DB deployment with a clusterIP service on the default port.
Keycloak Deployment of 2 nodes with the needed ports container ports 8080, 8443, a relevant clusterIP, and a service of type LoadBalancer to expose the service to the internet

Logs Snippet:

...

ANSWER

Answered 2022-Feb-05 at 13:58

The way KUBE_PING works is similar to running kubectl get pods inside one Keycloak pod to find the other Keycloak pods' IPs and then trying to connect to them one by one. Except Keycloak does that by querying the Kubernetes API directly instead of running kubectl.

To do that, it needs credentials to query the API, basically an access token.

You can pass your token directly, if you have it, but its not very secure and not very convenient (you can check other options and behavior here).

Kubernetes have a very convenient way to inject a token to be used by a pod (or a software running inside that pod) to query the API. Check the documentation for a deeper look.

The mechanism is to create a service account, give it permissions to call the API using a RoleBinding and set that account in the pod configuration.

That works by mounting the token as a file at a known location, hardcoded and expected by all Kubernetes clients. When the client wants to call the API it looks for a token at that location.

Although not very convenient, you may be in the even more inconvenient situation of lacking permissions to create RoleBindings (somewhat common in more strict environments).

You can then ask an admin to create the service account and RoleBinding for you or just (very unsecurely) pass you own user's token (if you are capable of doing a kubectl get pod on Keycloak's namespace you have the permissions) via SA_TOKEN_FILE environment variable.

Create the file using a secret or configmap, mount it to the pod and set SA_TOKEN_FILE to that file location. Note that this method is specific to Keycloak.

If you do have permissions to create service accounts and RoleBindings in the cluster:

An example (not tested):

Source https://stackoverflow.com/questions/70286956

Community Discussions, Code Snippets contain sources that include Stack Exchange Network