Secure applications by putting light weight keycloak gatekeeper in front of them.
Follow the link
Download helm from here.
# set tiller namespace
export TILLER_NAMESPACE=<TILLER_NAMESPACE>
# set application namespace
export NAMESPACE=<NAMESPACE>
helm install --name keycloak-gatekeeper . --dry-run --debug --namespace $NAMESPACE
helm install --name keycloak-gatekeeper . --namespace $NAMESPACE
helm upgrade keycloak-gateekeeper . --install --namespace $NAMESPACE
helm delete --purge keycloak-gateekeeper
The values.yaml contains the configuration for keycloak-gatekeeper:
- podAnnotations: list of additional pod annotations
- podLabels: list of additional pod labels
- roles: list of Realm roles. The user is authorized when he is part at least of one Realm role.
Keycloak gatekeeper will redirect the final users to an application using internal OpenShift service (e.g. securing Prometheus service)
app:
# Application name
name: prometheus
service:
## OpenShift Service name
name: prometheus.<NAMESPACE>.svc
## OpenShift Service port
port: 9090
Monitoring can be set up to get some statistics based on the return code of the requests of keycloak gatekeeper. To enable that, add podAnnotations as described in values.yaml
podAnnotations:
prometheus.io/path: "oauth/metrics"
prometheus.io/port: "3000"
prometheus.io/scrape: "true"
See here for the documentation.
TBD