Keycloak#
| Chart Name | Version | App version |
|---|---|---|
| keycloakx | 7.1.8 | 26.5.3 |
Keycloak is an open-source Identity and Access Management (IAM) platform that provides centralized authentication, authorization, and single sign-on (SSO) for modern applications. It offloads identity and security concerns from application developers by handling user authentication and access control in a consistent, reusable way.
Keycloak supports standard identity protocols such as OAuth 2.0, OpenID Connect, and SAML, and offers features including user federation (LDAP/Active Directory integration), social login, multi-factor authentication (MFA/2FA), and a web-based administrative console for managing users, roles, and authorization policies. Through SSO and identity brokering, users can authenticate once and access multiple applications using a variety of identity providers.
Note
This deployment uses the modern KeycloakX (Quarkus-based) Keycloak distribution, installed and managed via the community-maintained Codecentric Helm chart, which tracks upstream Keycloak container images and follows recommended configuration practices.
Prerequisites#
Deploy k0rdent v0.1.0: QuickStart
Install template to k0rdent#
helm upgrade --install keycloakx oci://ghcr.io/k0rdent/catalog/charts/kgst --set "chart=keycloakx:7.1.8" \
--set "k0rdentApiVersion=v1alpha1" -n kcm-system
Verify service template#
Deploy service template#
apiVersion: k0rdent.mirantis.com/v1beta1
kind: MultiClusterService
metadata:
name: keycloak
spec:
clusterSelector:
matchLabels:
group: demo
serviceSpec:
services:
- template: keycloakx-7-1-8
name: keycloakx
namespace: keycloak
values: |
keycloakx:
command:
- "/opt/keycloak/bin/kc.sh"
- "start"
- "--http-port=8080"
- "--hostname-strict=false"
extraEnv: |
- name: KEYCLOAK_ADMIN
value: admin
- name: KEYCLOAK_ADMIN_PASSWORD
value: admin
- name: JAVA_OPTS_APPEND
value: >-
-Djgroups.dns.query=keycloakx-headless