Skip to content

Commit 488ccee

Browse files
matzewmatzew
committed
Adjusting ports and better support for mac/podman
Signed-off-by: Matthias Wessendorf <[email protected]>
1 parent 163d44a commit 488ccee

File tree

7 files changed

+66
-49
lines changed

7 files changed

+66
-49
lines changed

build/keycloak.mk

Lines changed: 38 additions & 38 deletions
Large diffs are not rendered by default.

build/kind.mk

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,21 @@ kind-create-cluster: kind kind-create-certs ## Create the kind cluster for devel
3535
echo "Installing cert-manager..."; \
3636
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml; \
3737
echo "Waiting for cert-manager to be ready..."; \
38-
kubectl wait --namespace cert-manager --for=condition=ready pod --selector=app.kubernetes.io/instance=cert-manager --timeout=120s; \
39-
kubectl wait --namespace cert-manager --for=condition=ready pod --selector=app.kubernetes.io/name=webhook --timeout=120s; \
38+
kubectl wait --namespace cert-manager --for=condition=available deployment/cert-manager --timeout=120s; \
39+
kubectl wait --namespace cert-manager --for=condition=available deployment/cert-manager-cainjector --timeout=120s; \
40+
kubectl wait --namespace cert-manager --for=condition=available deployment/cert-manager-webhook --timeout=120s; \
4041
echo "✅ cert-manager ready"; \
4142
echo "Creating cert-manager ClusterIssuer..."; \
4243
sleep 5; \
4344
kubectl apply -f config/cert-manager/selfsigned-issuer.yaml; \
4445
echo "✅ ClusterIssuer created"; \
46+
echo "Adding /etc/hosts entry for Keycloak in control plane..."; \
47+
if command -v docker >/dev/null 2>&1 && docker ps --filter "name=$(KIND_CLUSTER_NAME)-control-plane" --format "{{.Names}}" | grep -q "$(KIND_CLUSTER_NAME)-control-plane"; then \
48+
docker exec $(KIND_CLUSTER_NAME)-control-plane bash -c 'grep -q "keycloak.127-0-0-1.sslip.io" /etc/hosts || echo "127.0.0.1 keycloak.127-0-0-1.sslip.io" >> /etc/hosts'; \
49+
elif command -v podman >/dev/null 2>&1 && podman ps --filter "name=$(KIND_CLUSTER_NAME)-control-plane" --format "{{.Names}}" | grep -q "$(KIND_CLUSTER_NAME)-control-plane"; then \
50+
podman exec $(KIND_CLUSTER_NAME)-control-plane bash -c 'grep -q "keycloak.127-0-0-1.sslip.io" /etc/hosts || echo "127.0.0.1 keycloak.127-0-0-1.sslip.io" >> /etc/hosts'; \
51+
fi; \
52+
echo "✅ /etc/hosts entry added"; \
4553
fi
4654

4755
.PHONY: kind-delete-cluster

config/ingress/nginx-ingress.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -350,6 +350,10 @@ spec:
350350
containerPort: 443
351351
protocol: TCP
352352
hostPort: 443
353+
- name: https-alt
354+
containerPort: 443
355+
protocol: TCP
356+
hostPort: 8443
353357
- name: webhook
354358
containerPort: 8443
355359
protocol: TCP

config/keycloak/deployment.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,12 +26,12 @@ spec:
2626
image: quay.io/keycloak/keycloak:26.4
2727
args: ["start-dev"]
2828
env:
29-
- name: KEYCLOAK_ADMIN
29+
- name: KC_BOOTSTRAP_ADMIN_USERNAME
3030
value: "admin"
31-
- name: KEYCLOAK_ADMIN_PASSWORD
31+
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
3232
value: "admin"
33-
- name: KC_HOSTNAME_STRICT
34-
value: "false"
33+
- name: KC_HOSTNAME
34+
value: "https://keycloak.127-0-0-1.sslip.io:8443"
3535
- name: KC_HTTP_ENABLED
3636
value: "true"
3737
- name: KC_HEALTH_ENABLED

config/keycloak/ingress.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,11 @@ metadata:
1010
cert-manager.io/cluster-issuer: "selfsigned-ca-issuer"
1111
nginx.ingress.kubernetes.io/ssl-redirect: "true"
1212
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
13+
# Required for Keycloak 26.2.0+ to include port in issuer URLs
14+
nginx.ingress.kubernetes.io/configuration-snippet: |
15+
proxy_set_header X-Forwarded-Proto https;
16+
proxy_set_header X-Forwarded-Port 8443;
17+
proxy_set_header X-Forwarded-Host $host:8443;
1318
spec:
1419
ingressClassName: nginx
1520
tls:

config/keycloak/rbac.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# RBAC ClusterRoleBinding for mcp user with OIDC authentication
22
#
33
# IMPORTANT: This requires Kubernetes API server to be configured with OIDC:
4-
# --oidc-issuer-url=https://keycloak.127-0-0-1.sslip.io/realms/openshift
4+
# --oidc-issuer-url=https://keycloak.127-0-0-1.sslip.io:8443/realms/openshift
55
# --oidc-username-claim=preferred_username
66
#
77
# Without OIDC configuration, this binding will not work.
@@ -17,4 +17,4 @@ roleRef:
1717
subjects:
1818
- apiGroup: rbac.authorization.k8s.io
1919
kind: User
20-
name: https://keycloak.127-0-0-1.sslip.io/realms/openshift#mcp
20+
name: https://keycloak.127-0-0-1.sslip.io:8443/realms/openshift#mcp

config/kind/cluster.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,15 @@ nodes:
1616
kind: ClusterConfiguration
1717
apiServer:
1818
extraArgs:
19-
oidc-issuer-url: https://keycloak.127-0-0-1.sslip.io/realms/openshift
19+
oidc-issuer-url: https://keycloak.127-0-0-1.sslip.io:8443/realms/openshift
2020
oidc-client-id: openshift
2121
oidc-username-claim: preferred_username
2222
oidc-groups-claim: groups
2323
oidc-ca-file: /etc/kubernetes/pki/keycloak-ca.crt
2424
extraPortMappings:
2525
- containerPort: 80
26-
hostPort: 80
26+
hostPort: 8080
2727
protocol: TCP
2828
- containerPort: 443
29-
hostPort: 443
29+
hostPort: 8443
3030
protocol: TCP

0 commit comments

Comments
 (0)