Use keycloak config cli to build our kc environment on aws

[ArmandMeppa]

Use Terraform to configure and deploy our kc as IaC, with best practices and security measures.

Please start with: https://www.keycloak.org/guides

[francis-pouatcha]

https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs#keycloak-setup

[francis-pouatcha]

I do not understand what i have to review here. How do we deploy keycloak?

I provided these scripts so we can use as example to define some automated CD of keycloak.

What i need is the use of a keycloak deployment approach. Here is a list of deployment approaches for Keycloak CI/CD:

1. Adorsys Keycloak Config CLI: A command-line tool to manage Keycloak configurations and automate deployment tasks.
2. Keycloak Terraform Provider: A Terraform provider for managing Keycloak resources as part of your infrastructure-as-code approach.
3. Keycloak Operator: A Kubernetes operator that simplifies the deployment and management of Keycloak on Kubernetes clusters.
4. Docker Compose: A tool for defining and running multi-container Docker applications, including Keycloak.
5. Ansible Playbooks: Ansible scripts that automate the installation, configuration, and deployment of Keycloak.
6. Shell Scripts: Custom scripts that automate Keycloak deployment steps using command-line tools.
7. Helm Charts: Packages for deploying applications on Kubernetes, including pre-configured Keycloak deployments.
8. Custom Operators: Kubernetes operators specifically designed for managing Keycloak deployments, offering more control and customization than the official operator.
9. Dedicated CI/CD Tools: CI/CD platforms like Jenkins, GitLab CI/CD, or GitHub Actions, which may have plugins or integrations specifically for Keycloak.

This list covers the most common and effective approaches for deploying Keycloak in a CI/CD pipeline. The choice of an approach will depend on specific requirements, infrastructure, and familiarity with different tools.

Question: which approach are we using to deploy keycloak on the AWS-EC2 environment?

[francis-pouatcha]

Simple and nice Keycloak tutorial:

• https://www.altkomsoftware.com/blog/keycloak-security-in-microservices/

Just some mor eexamples of keycloak on AWS

• https://aws-samples.github.io/keycloak-on-aws/en/implementation-guide/deployment/
• https://aws-samples.github.io/keycloak-on-aws/en/implementation-guide/tutorials/api-gateway/

On MUltitenancy

• https://www.hcltech.com/blogs/keycloak-multitenancy

[bengo237]

Keycloak deployment Concept

[bengo237]

Retrieve Secrets Manager secrets through Amazon ECS environment variables

[nitch2019]

Working of Onboarding the students to take over the task. No dependency with the current online Deployement

[Marcjazz]

@ArmandMeppa and @bengo237 are currently on boarding the students and they will follow with this ticket from next week

[hugoib]

Import of different configuration is the remaining part.

[forkimenjeckayang]

Having this error when trying to export our KC configurations to live instance

[forkimenjeckayang]

The error above was due to the path of the keystore file.Since our KC instance is running in a container the file system structure changed. Here is the correct path

/opt/keycloak/target/kc_keystore.pkcs12

Running locally the realm export works well but using the container running keycloak we have another issue with the sd-jwt-signing-service

Branch Link: https://github.com/adorsys/keycloak-ssi-deployment/tree/35-use-keycloak-config-cli-to-build-our-kc-environment-on-aws

[forkimenjeckayang]

• We have a working keycloak image to start our keycloak and a script which uses the keycloak config CLI to import our configurations
• The problems mentioned above were solved by dropping all the tables in the persistent online DB, updating our ECS service and re-running the script that configures our KC instance.