[PLATFORM][KEYCLOAK] Update Keycloak instructions and Realm import

Update Keycloak installation instructions to use keycloakx (Quarkus based) and update of REALM import Move the creation of the keycloak-ui ingress setup from helmchart to documentation. Issue-ID: OOM-3267 Change-Id: I3c79b05edd488f60a112590584974ba94a8c71a8 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
author: Andreas Geissler <andreas-geissler@telekom.de> 2024-02-07 10:31:05 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> 2024-02-15 15:24:07 +0100
commit: 723038ed1a0d58dade5c3da643c92f1ff0063005 (patch)
tree: 4ad0275b431f49d1603d97a19716db7a163ec4af /docs
parent: ad8e7c7a9b5da7c348d9c1c6a3eda61f49301150 (diff)
5 files changed, 103 insertions, 39 deletions
diff --git a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
index 4c21217c23..f25f4e716c 100644
--- a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
@@ -358,7 +358,7 @@ Keycloak Installation
 - create keycloak namespace::
 
   > kubectl create namespace keycloak
-  > kubectl label namespace keycloak istio-injection=enabled
+  > kubectl label namespace keycloak istio-injection=disabled
 
 Install Keycloak-Database
 ^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -388,7 +388,21 @@ Configure Keycloak
 
 - Install keycloak::
 
-  > helm -n keycloak upgrade -i keycloak codecentric/keycloak --values ./keycloak-server-values.yaml
+  > helm -n keycloak upgrade -i keycloak codecentric/keycloakx --values ./keycloak-server-values.yaml
 
 The required Ingress entry and REALM will be provided by the ONAP "Platform"
 component.
+
+- Create Ingress gateway entry for the keycloak web interface
+  using the configured Ingress <base-url> (here "simpledemo.onap.org")
+  as described in :ref:`oom_customize_overrides`
+
+    .. collapse:: keycloak-ingress.yaml
+
+      .. include:: ../../resources/yaml/keycloak-ingress.yaml
+         :code: yaml
+
+- Add the Ingress entry for Keycloak::
+
+    > kubectl -n keycloak apply -f keycloak-ingress.yaml
+
diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_options.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_options.rst
index dc206e0548..3b198cf1d6 100644
--- a/docs/sections/guides/infra_guides/oom_infra_deployment_options.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_deployment_options.rst
@@ -36,5 +36,5 @@ Internal traffic encryption will be ensured by using Istio ServiceMesh.
 .. figure:: ../../resources/images/servicemesh/ServiceMesh.png
    :align: center
 
-For external access we start to establish Authentication via Oauth2-proxy
-and Keycloak which will be completed in the coming release.
+For external access we propose to establish Authentication via Oauth2-proxy
+and Keycloak which is described in this document.
diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
index 4eefdafbf3..dbb965dd86 100644
--- a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
@@ -60,7 +60,7 @@ The versions of software that are supported and tested by OOM are as follows:
   ==============     ======  ============ ==============
   London             1.17.2  v0.6.2       19.0.3-legacy
   Montreal           1.19.3  v1.0.0       19.0.3-legacy
-  New Delhi          1.19.3  v1.0.0       19.0.3-legacy
+  New Delhi          1.19.3  v1.0.0       22.0.4
   ==============     ======  ============ ==============
 
 .. table:: OOM Software Requirements (optional)
diff --git a/docs/sections/resources/yaml/keycloak-ingress.yaml b/docs/sections/resources/yaml/keycloak-ingress.yaml
new file mode 100644
index 0000000000..91fc34f381
--- /dev/null
+++ b/docs/sections/resources/yaml/keycloak-ingress.yaml
@@ -0,0 +1,55 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: Helm
+  name: keycloak-ui-http-route
+  namespace: keycloak
+spec:
+  hostnames:
+  - keycloak-ui.simpledemo.onap.org
+  parentRefs:
+  - group: gateway.networking.k8s.io
+    kind: Gateway
+    name: common-gateway
+    namespace: istio-ingress
+    sectionName: https-80
+  rules:
+    Filters:
+      Request Redirect:
+        Port:         443
+        Scheme:       https
+        Status Code:  301
+      Type:           RequestRedirect
+    Matches:
+      Path:
+        Type:   PathPrefix
+        Value:  /auth
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: Helm
+  name: keycloak-ui-http-route
+  namespace: keycloak
+spec:
+  hostnames:
+  - keycloak-ui.simpledemo.onap.org
+  parentRefs:
+  - group: gateway.networking.k8s.io
+    kind: Gateway
+    name: common-gateway
+    namespace: istio-ingress
+    sectionName: https-443
+  rules:
+  - backendRefs:
+    - group: ""
+      kind: Service
+      name: keycloak-keycloakx-http
+      port: 80
+      weight: 1
+    matches:
+    - path:
+        type: PathPrefix
+        value: /auth
diff --git a/docs/sections/resources/yaml/keycloak-server-values.yaml b/docs/sections/resources/yaml/keycloak-server-values.yaml
index 7eaecbedfc..0160ce86e8 100644
--- a/docs/sections/resources/yaml/keycloak-server-values.yaml
+++ b/docs/sections/resources/yaml/keycloak-server-values.yaml
@@ -1,53 +1,48 @@
-image:
-  # The Keycloak image repository
-  repository: quay.io/keycloak/keycloak
-  # Overrides the Keycloak image tag whose default is the chart appVersion
-  tag: "19.0.3-legacy"
-
-postgresql:
-  # If `true`, the Postgresql dependency is enabled
-  enabled: false
+---
+command:
+  - "/opt/keycloak/bin/kc.sh"
+  - "--verbose"
+  - "start"
+  - "--http-enabled=true"
+  - "--http-port=8080"
+  - "--hostname-strict=false"
+  - "--hostname-strict-https=false"
+  - "--spi-events-listener-jboss-logging-success-level=info"
+  - "--spi-events-listener-jboss-logging-error-level=warn"
 
 extraEnv: |
-  - name: KEYCLOAK_USER
+  - name: KEYCLOAK_ADMIN
     valueFrom:
       secretKeyRef:
         name: {{ include "keycloak.fullname" . }}-admin-creds
         key: user
-  - name: KEYCLOAK_PASSWORD
+  - name: KEYCLOAK_ADMIN_PASSWORD
     valueFrom:
       secretKeyRef:
         name: {{ include "keycloak.fullname" . }}-admin-creds
         key: password
-  - name: DB_VENDOR
-    value: postgres
-  - name: DB_ADDR
-    value: keycloak-db-postgresql
-  - name: DB_PORT
-    value: "5432"
-  - name: DB_DATABASE
-    value: keycloak
-  - name: DB_USER
-    value: dbusername
-  - name: DB_PASSWORD_FILE
-    value: /secrets/db-creds/password
+  - name: JAVA_OPTS_APPEND
+    value: >-
+      -XX:+UseContainerSupport
+      -XX:MaxRAMPercentage=50.0
+      -Djava.awt.headless=true
+      -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
   - name: PROXY_ADDRESS_FORWARDING
     value: "true"
 
-extraVolumeMounts: |
-  - name: db-creds
-    mountPath: /secrets/db-creds
-    readOnly: true
+dbchecker:
+  enabled: true
 
-extraVolumes: |
-  - name: db-creds
-    secret:
-      secretName: keycloak-db-postgresql
+database:
+  vendor: postgres
+  hostname: keycloak-db-postgresql
+  port: 5432
+  username: dbusername
+  password: dbpassword
+  database: keycloak
 
 secrets:
   admin-creds:
-    annotations:
-      my-test-annotation: Test secret for {{ include "keycloak.fullname" . }}
     stringData:
       user: admin
-      password: secret
-\ No newline at end of file
+      password: secret
author	Andreas Geissler <andreas-geissler@telekom.de>	2024-02-07 10:31:05 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	2024-02-15 15:24:07 +0100
commit	723038ed1a0d58dade5c3da643c92f1ff0063005 (patch)
tree	4ad0275b431f49d1603d97a19716db7a163ec4af /docs
parent	ad8e7c7a9b5da7c348d9c1c6a3eda61f49301150 (diff)