Hi All,
I want to create multiple users under master realm while setting up keycloak with keycloak operator on Kubernetes, and for these users I need to provide limited access like view realm, Edit Profile etc…,
Actually I am able to do from Console, but need to do from configuration files while setting up Keycloak on K8s
Is it possible or not?
Yes, this documentation is providing after Keycloak setup is done, but I need to provide users for master realm while setup Keycloak
Is it possible or not?
I did some time ago something similar. What I had is importing users from JSON file as Realm import strategy. Then passwords will be stored in ENV variables.
The name of the file will be:
master-users-0.json
And JSON content:
{
"realm": "master",
"users": [
{
"createdTimestamp": 1653561039575,
"username": "username",
"enabled": true,
"totp": false,
"emailVerified": true,
"firstName": "User",
"lastName": "Name",
"email": "user@user.com",
"attributes": {
....
},
"credentials": [
{
"type": "password",
"value": "password", -> ${USER_PASSWORD}
"temporary": false
}
],
"groups": [
"group-name"
],
"disableableCredentialTypes": [],
"requiredActions": [],
"notBefore": 0,
"access": {
"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": true,
"manage": true
}
}
]
}
Then copy them to the Keycloak:
COPY /config/local-config/users /opt/keycloak/data/import
Requiremets:
Keycloak must have
OVERWRITE_EXISTING
strategy
Config:
-Dkeycloak.migration.strategy=OVERWRITE_EXISTING
-Dkeycloak.migration.replace
-Dkeycloak.migration.dir=/opt/keycloak/data/import
-Dkeycloak.migration.action=import
-Dkeycloak.migration.provider=dir
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
labels:
app: keycloak
name: keycloak
namespace: keycloak
spec:
hostname:
hostname: <KEYCLOAK_URL_HERE>
resources:
requests:
cpu: "2"
memory: "1250M"
limits:
cpu: "6"
memory: "2250M"
db:
vendor: postgres
url: jdbc:aws-wrapper:postgresql://<AWS_AURORA_URL_HERE>:5432/keycloak
poolMinSize: 30
poolInitialSize: 30
poolMaxSize: 30
usernameSecret:
name: keycloak-db-secret
key: username
passwordSecret:
name: keycloak-db-secret
key: password
image: <KEYCLOAK_IMAGE_HERE>
startOptimized: false
features:
enabled:
- multi-site
transaction:
xaEnabled: false
additionalOptions:
- name: http-max-queued-requests
value: "1000"
- name: log-console-output
value: json
- name: metrics-enabled
value: 'true'
- name: http-pool-max-threads
value: "66"
- name: db-driver
value: software.amazon.jdbc.Driver
http:
tlsSecret: keycloak-tls-secret
instances: 3
I am using this approach to setup keycloak, While setting up need to update master realm
Is it possible to update master relam or not?
What do you mean to update master realm? If you think to add user in it I believe yes as I described above.