Adding authentication to your Kubernetes Web applications with Keycloak

Carlos Eduardo
13 min readMar 2, 2020

In this article, I will walk you thru the deployment of Keycloak, a user authentication and authorization tool and how to integrate this to any Kubernetes Web application without touching a single line of code from your app.

First, we will run Keycloak and configure it to have some users and groups then deploy a simple web application to your Kubernetes cluster (we will deploy a small Kubernetes cluster too). Finally we will add the authentication layer to the app looking at the differences between both authenticated and unauthenticated resources.

This way, you will have an infrastructure provided tool to control user access with near infinite configuration options.

I recommend reading Keycloak site and documentation for best practices and configuration options. Here I give you a simple way to add authentication to applications but no security scans or validations have been made for possible holes or vulnerabilities. Talk to your Information Security team about any solution you plan to use in your environment.

Keycloak

Keycloak is an open-source identity and access management application that uses open protocols and is easily integrated with other providers. It is the open-source project base of Red Hat Single Sign-on.

Deploying Keycloak

The easiest way to deploy Keycloak is by using a container image. You can deploy it into your existing Kubernetes or Openshift cluster or standalone with Docker or Podman into a host.

Keycloak requires a persistent storage that can be a PV from Kubernetes or a local directory mapped into the container. Here in this article I deployed Keycloak on a Linux VM using Docker.

docker run -d \
--name keycloak \
-p 8080:8080 \
-p 8443:8443 \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=admin \
-e PROXY_ADDRESS_FORWARDING=true \
-v $(pwd)/keycloak-db:/opt/jboss/keycloak/standalone/data \
carlosedp/keycloak:v9.0.0

The image I used is built by me for both AMD64 and ARM64 architectures with manifests. There is an official image for AMD64 only at jboss/keycloak.

Configuring Keycloak

--

--

Carlos Eduardo

Writing everything cloud and all the tech behind it. If you like my projects and would like to support me, check my Patreon on https://www.patreon.com/carlosedp