Using a Keycloak service with FQDN

Issue a Keycloak instance

The YAML code below creates the service VSHNKeycloak with a Full Qualified Domain Name(FQDN).

kind: VSHNKeycloak
  name: keycloak-app1-prod
  namespace: prod-app
      version: "23"
      fqdn: (1)
      plan: standard-2
    name: keycloak-creds-connection (2)
1 Your full qualified domain name
2 Credentials to access the keycloak

Configure your DNS server

On APPUiO Cloud we provide you with a cert-manager setup which you can use to create, sign, install and renew certificates for your domains running on APPUiO Cloud.

To create a certificate for the Keycloak FQDN in your domain, you need to create a CNAME record in your domain’s DNS pointing to your APPUiO Zone’s well-defined cname record.

my-keycloak  IN  CNAME

Access Keycloak

Once the Keycloak instance is running in the cluster and DNS server has been configured with the new CNAME then the service should be accessible in your browser via FQDN with credentials from keycloak-creds-connection secret. The admin password can be changed but be aware the secret credentials will not be valid anymore.

Our keycloak service uses an internal administrator account named internaladmin. It’s used by VSHN for various scripts and configurations. Changing the user credentials of internaladmin account may break your instance!

Debug the service

To check the status and potential issues or errors in the service, check the status field of the new object:

$  oc describe my-keycloak-example
    Last Transition Time:  2024-03-28T10:08:04Z
    Reason:                ReconcileSuccess
    Status:                True
    Type:                  Synced
    Last Transition Time:  2024-03-28T10:09:30Z
    Reason:                Available
    Status:                True
    Type:                  Ready
  Connection Details:
    Last Published Time:  2024-03-28T10:09:30Z