- Running DKP Enterprise
- Running Keycloak
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-release bitnami/keycloa
-
Login at Keycloak as admin
-
Create realm
-
Switch realm to new created
-
Select
Client Scopes
-
Add client scope
- Name: groups
- Type: Default
- Display on consent screen: On
- Include in token scope: On
-
Click on created client scope -> Mappers
-
Create Mapper
- Mapper Type: Group Membership
- Name: Groups Mapper
- Token Claim Name: groups
- Full group path: Off
- Add to ID token: On
- Add to access token: On
- Add to userinfo: On
-
Go to
Clients
-
Create Client
- Client type: OpenID Connect
- Client ID: Name / Url / ID
- Client Authentication: On
- Authentication Flow:
- Standard flow: On
- Implicit flow: On
- Direct grant access: On
- Service account roles: On
- Root url: https://
- Home url: https://
- Valid redirect url: https:///dex/callback
- Switch to
client scopes
of the client -> Add client scope
- Select `groups``
- Type: Default
-
Switch to
Credentials
and copy `Client secret`` -
Switch to
Groups
-> Add Groups:
- Add 2 groups:
- Name: dkp-admins
- Name: dkp-users
- Switch to
Users
-> Add User:
- Add user1
- Name: user1
- First Name: Normal
- Last Name: User
- Email: [email protected]
- Password: random
- Groups:
- dkp-users
- Add admin1
- Name: admin1
- First Name: Admin
- Last Name: User
- Email: [email protected]
- Password: random2
- Groups:
- dkp-users
- dkp-admins
-
Login to DKP Enterprise
-
Go to
Identity Providers
-> Add Identity Provider
- Type: OIDC
- Name: Keycloak
- Client ID:
- Client Secret:
- Issuer: https:///auth/realms/
- Insecure Enable Groups: On
- Get User Info: On
- Go to
Identity Providers
->Groups
-> Create Group
- dkp-users
- Name: dkp-users
- Identity Provider Group:
oidc:dkp-users
- dkp-users
- Name: dkp-admins
- Identity Provider Group:
oidc:dkp-admins
- Go to
Access Control
->Cluster Role Bindings
-> Edit Groups
- dkp-users:
- Roles:
View Role
- dkp-kommander-view
- Roles:
- dkp-admins:
- Roles:
Cluster Admin role
Admin role
- dkp-kommander-admin
- Roles: