Securing Spring Boot Applications with Keycloak on Kubernetes

Prerequisites

minikube start
minikube dashboard
helm init

Deploying Keycloak

Set up database

helm install --name keycloak-db \
--set postgresUser=admin \
--set postgresPassword=password \
--set postgresDatabase=keycloak-db \
stable/postgresql
echo $(kubectl get pods --namespace default -l "app=postgresql,release=keycloak-db" -o jsonpath="{.items[0].metadata.name}")

Deploying Keycloak

kubectl apply -f kubernetes/keycloak-deployment.yml
POD_NAME=$(kubectl get pods -l name=keycloak -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}') kubectl logs -f ${POD_NAME}
minikube service keycloak --url
Initial UI of Keycloak
Adding a new application specific client to Keycloak
Setting the redirect URL for the application
Creating a new role to Keycloak
Adding a new user
Setting the password for the newly created user
Adding role to user

Deploying the Spring Boot Application

keycloak.auth-server-url=http://192.168.99.100:30080/auth/
keycloak.resource=persons-app
keycloak.realm=master
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
eval $(minikube docker-env)
mvn install dockerfile:build
kubectl apply -f kubernetes/app-deployment.yml
minikube service person-app
Minimalistic landing page of the application
Schema of authorization code grant type (Source: https://tools.ietf.org/html/rfc6749#page-24)

Conclusion

Johannes Innerbichler

Written by

I studied Computer Engineering and became a freelancer in the area of cloud applications, cloud security and data analytics. www.johannesinnerbichler.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade