Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to deploy keycloak to cloudfoundry

As the title, is there any guide to deploy keycloak to cloud foundry?

Seems like cloudfoundry is only friendly to spring boot applications.

like image 286
王子1986 Avatar asked Oct 19 '25 02:10

王子1986


2 Answers

Keycloak Single Instance on CF

To deploy single instance try to cf push the docker image using manifest.yml like this (Postgres DB example):

---
applications:
- name: sso
  docker:
    image: jboss/keycloak
  instances: 1
  memory: 2G
  disk_quota: 2G
  env: 
    PROXY_ADDRESS_FORWARDING: true
    DB_VENDOR: postgres
    DB_ADDR: 192.168.1.23
    DB_PORT: 5432
    DB_DATABASE: keycloakdb
    DB_USER: keycloak
    DB_PASSWORD: a-lot-of-asterisks

You can do it also with the following commands without a manifest file:

$ cf push sso --docker-image jboss/keycloak -i 1 -m 2G -k 2G --no-start

$ cf set-env sso PROXY_ADDRESS_FORWARDING true
$ cf set-env sso DB_VENDOR: postgres
$ cf set-env sso DB_ADDR 192.168.1.23 
$ cf set-env sso DB_PORT 5432 
$ cf set-env sso DB_DATABASE keycloakdb 
$ cf set-env sso DB_USER keycloak 
$ cf set-env sso DB_PASSWORD a-lot-of-asterisks

$ cf env sso
$ cf start sso

$ cf logs sso --recent

Keycloak HA Cluster ona CF

Please look at: Keycloak standalone cluster on Cloud Foundry

References

  • https://hub.docker.com/r/jboss/keycloak/
  • https://cli.cloudfoundry.org/en-US/cf/push.html
  • https://docs.cloudfoundry.org/adminguide/docker.html#public

Do you consider using Cloud Foundry's UAA?

CF UAA is the central identity management service for both users and applications, that supports: federated login, LDAP, SAML, SSO and multifactor authentication.

like image 166
kinjelom Avatar answered Oct 21 '25 21:10

kinjelom


In my experience the easiest solution is to wrap Keycloak in a Spring-Boot application (together with the required JBoss parts) and deploy that. This allows you to create a single jar and push that to Cloud Foundry with the standard Java build pack.

This is exactly what someone has done in this Github project. The project injects a basic configuration for Keycloak with the default H2 database. All you need to do is clone the project, run mvn package and push the resulting jar to CF.

like image 27
THelper Avatar answered Oct 21 '25 20:10

THelper



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!