Skip to content

keycloak

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

keycloak

README.md

necronizer's cloud keycloak module

OpenTofu Module to deploy Keycloak Identity Management on the Kubernetes Cluster

Required Modules to deploy Keycloak Identity Management:

  1. Cluster Issuer
  2. Cloudnative PG
  3. Observability
  4. OpenBao

Providers

Name Version
kubernetes 2.38.0

Resources

Name Type
kubernetes_config_map.realm_configuration resource
kubernetes_ingress_v1.ingress resource
kubernetes_manifest.certificate_authority resource
kubernetes_manifest.database_client_certificate_sync resource
kubernetes_manifest.database_credentials_sync resource
kubernetes_manifest.database_server_certificate_authority_sync resource
kubernetes_manifest.ingress_certificate resource
kubernetes_manifest.internal_certificate resource
kubernetes_manifest.issuer resource
kubernetes_manifest.keycloak_credentials_sync resource
kubernetes_manifest.middleware_buffering resource
kubernetes_manifest.middleware_rewrite resource
kubernetes_manifest.password_generator resource
kubernetes_manifest.public_issuer resource
kubernetes_manifest.push_keycloak_credentials resource
kubernetes_manifest.push_realm_secrets resource
kubernetes_manifest.realm_secrets_sync resource
kubernetes_manifest.transport resource
kubernetes_namespace.namespace resource
kubernetes_network_policy.keycloak_network_access_policy resource
kubernetes_pod_disruption_budget_v1.keycloak_pdb resource
kubernetes_secret.cloudflare_token resource
kubernetes_service.keycloak_discovery resource
kubernetes_service.keycloak_service resource
kubernetes_stateful_set.keycloak_cluster resource

Inputs

Name Description Type Default Required
acme_server URL for the ACME Server to be used, defaults to production URL for LetsEncrypt string "https://acme-v02.api.letsencrypt.org/directory" no
app_name App name for deploying Keycloak Identity Platform solution string "keycloak" no
certificate_authority_name Name of the Certificate Authority to be associated with Keycloak Identity Platform solution string "keycloak-certificate-authority" no
cloudflare_email Email for generating Ingress Certificates to be associated with Keycloak Identity Platform solution string n/a yes
cloudflare_issuer_name Name of the Cloudflare Issuer to be associated with Keycloak Identity Platform solution string "keycloak-cloudflare-issuer" no
cloudflare_token Token for generating Ingress Certificates to be associated with Keycloak Identity Platform solution string n/a yes
cluster_issuer_name Name for the Cluster Issuer to be used to generate internal self signed certificates string n/a yes
cluster_name Database Cluster Name to allow Network Connections to string n/a yes
cluster_secret_store_name Name of the cluster secret store to be used for pulling and pushing secrets to OpenBao string n/a yes
country_name Country name for deploying Keycloak Identity Platform solution string "India" no
database_client_certificate_name Client Certificate to be used for Keycloak User string n/a yes
database_credentials Name of the secret which contains the database credentials for Keycloak string n/a yes
database_server_certificate_authority_name Server Certificate Authority being used for the database string n/a yes
domain Domain for which Ingress Certificate is to be generated for string n/a yes
host_name Host name for which Ingress Certificate is to be generated for string "auth" no
image Docker image to be used for deployment of Keycloak string "keycloak" no
ingress_certificate_name Name of the Ingress Certificate to be associated with Keycloak Identity Platform solution string "keycloak-ingress-certificate" no
internal_certificate_name Name of the Internal Certificate to be associated with Keycloak Identity Platform solution string "keycloak-internal-certificate" no
issuer_name Name of the Issuer to be associated with Keycloak Identity Platform solution string "keycloak-certificate-issuer" no
keycloak_credentials Name of the secret which contains the credentials for the Keycloak Cluster string "default-credentials" no
keycloak_environment_variables Environment variables for Keycloak Configuration list 
[
  {
    "name": "KC_HTTP_PORT",
    "value": "8080"
  },
  {
    "name": "KC_HTTPS_PORT",
    "value": "8443"
  },
  {
    "name": "KC_HTTPS_CERTIFICATE_FILE",
    "value": "/mnt/certs/tls/tls.crt"
  },
  {
    "name": "KC_HTTPS_CERTIFICATE_KEY_FILE",
    "value": "/mnt/certs/tls/tls.key"
  },
  {
    "name": "KC_DB_URL",
    "value": "jdbc:postgresql://postgresql-cluster-rw.postgres.svc/keycloak?ssl=true&sslmode=verify-full&sslrootcert=/mnt/certs/database/certificate-authority/ca.crt&sslcert=/mnt/certs/database/certificate/tls.crt&sslkey=/mnt/der/key.der"
  },
  {
    "name": "KC_DB_POOL_INITIAL_SIZE",
    "value": "1"
  },
  {
    "name": "KC_DB_POOL_MIN_SIZE",
    "value": "1"
  },
  {
    "name": "KC_DB_POOL_MAX_SIZE",
    "value": "3"
  },
  {
    "name": "KC_HEALTH_ENABLED",
    "value": "true"
  },
  {
    "name": "KC_CACHE",
    "value": "ispn"
  },
  {
    "name": "KC_CACHE_STACK",
    "value": "jdbc-ping"
  },
  {
    "name": "KC_PROXY",
    "value": "passthrough"
  },
  {
    "name": "KC_TRUSTSTORE_PATHS",
    "value": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
  }
]
 no
keycloak_ports Keycloak Ports Configuration list 
[
  {
    "containerPort": "8443",
    "name": "https",
    "protocol": "TCP"
  },
  {
    "containerPort": "8080",
    "name": "http",
    "protocol": "TCP"
  },
  {
    "containerPort": "9000",
    "name": "management",
    "protocol": "TCP"
  },
  {
    "containerPort": "7800",
    "name": "discovery",
    "protocol": "TCP"
  }
]
 no
namespace Namespace to be used for deploying Keycloak Identity Platform solution string "keycloak" no
observability_namespace Namespace where all components for observability are deployed string n/a yes
organization_name Organization name for deploying Keycloak Identity Platform solution string "cloud" no
postgres_namespace Namespace for the PostgreSQL Deployment for database connections string n/a yes
realm_settings Realm Settings for pre-installing a realm with Keycloak 
object({
    display_name               = string
    application_name           = string
    base_url                   = string
    valid_login_redirect_path  = string
    valid_logout_redirect_path = string
    smtp_host                  = string
    smtp_port                  = number
    smtp_mail                  = string
    smtp_username              = string
    smtp_password              = string
  })
 n/a yes
replicas Number of replicas to run for Keycloak cluster number 1 no
repository Repository to be used for deployment of Keycloak string "quay.io/keycloak" no
tag Docker tag to be used for deployment of Keycloak string "26.4.5" no

Outputs

No outputs.