From f93014c3016b99cde3889b3f6a055a4e15777f5a Mon Sep 17 00:00:00 2001 From: Golam Mohammad Shovon Date: Wed, 16 Feb 2022 23:56:45 +0100 Subject: [PATCH 1/4] Keycloak added for pyvolt-dpsim-demo Signed-off-by: Golam Mohammad Shovon --- pyvolt-dpsim-demo/README.md | 79 +- pyvolt-dpsim-demo/demo-setup.sh | 2 + pyvolt-dpsim-demo/demo-teardown.sh | 2 + .../keycloak/keycloak_values.yaml | 945 ++++++++++++++++++ .../visualization/grafana_values.yaml | 15 +- 5 files changed, 996 insertions(+), 47 deletions(-) create mode 100644 pyvolt-dpsim-demo/keycloak/keycloak_values.yaml diff --git a/pyvolt-dpsim-demo/README.md b/pyvolt-dpsim-demo/README.md index 36dfa65..b7573d7 100644 --- a/pyvolt-dpsim-demo/README.md +++ b/pyvolt-dpsim-demo/README.md @@ -17,55 +17,11 @@ Ensure that the following Helm Chart Repos are set up or add them locally: ```bash helm repo add sogno https://sogno-platform.github.io/helm-charts - helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add influxdata https://influxdata.github.io/helm-charts helm repo add grafana https://grafana.github.io/helm-charts helm repo update ``` -### HugePages - -The current setup requires HugePages support for the real-time simulator. This can be checked and activated (temporarily) as follows: - -```bash -# Verify HugePages -cat /proc/meminfo | grep Huge - -AnonHugePages: 104448 kB -ShmemHugePages: 0 kB -FileHugePages: 0 kB -HugePages_Total: 0 <-- we require a minimum of 1024 -HugePages_Free: 0 -HugePages_Rsvd: 0 -HugePages_Surp: 0 -Hugepagesize: 2048 kB -Hugetlb: 0 kB - -# Increase No of HPgs -echo 1024 | sudo tee /proc/sys/vm/nr_hugepages - -# Check it worked -cat /proc/meminfo | grep Huge - -AnonHugePages: 104448 kB -ShmemHugePages: 0 kB -FileHugePages: 0 kB -HugePages_Total: 1024 -HugePages_Free: 1024 -HugePages_Rsvd: 0 -HugePages_Surp: 0 -Hugepagesize: 2048 kB -Hugetlb: 2097152 kB - -If you don't see 1024 next to HugePages_Total, you may need to restart -your system and try again with a fresh boot. - -# Restart k3s service to apply changes -sudo systemctl restart k3s - -# Ensure the KUBECONFIG env is still set correctly -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml -``` ## Manual Chart Installation @@ -87,9 +43,38 @@ helm install influxdb influxdata/influxdb -f database/influxdb-helm-values.yaml helm install telegraf influxdata/telegraf -f ts-adapter/telegraf-values.yaml ``` +### KeyCloak: + +The following installation will deploy a KeyCloak instance that is available at the nodePort specified in the keycloak_values.yaml file. +Per defautl at port 31250: http://localhost:31250 + +```bash +helm install my-release -f keycloak/keycloak_values.yaml bitnami/keycloak +``` +To Get the user password for the keycloak, run this command. +```bash + echo Password: $(kubectl get secret --namespace default my-release-keycloak -o jsonpath="{.data.admin-password}" | base64 --decode) +``` +Login to the keycloak instance. The user name is:user and use the passwrod. + +Than Create a realm for common authentication for your applications. +![alt text](https://i2.wp.com/www.techrunnr.com/wp-content/uploads/2020/07/Screenshot-from-2020-07-12-22-19-43.png?w=775&ssl=1) + +Create a client for grafana as given below where root url is your grafana application URL.In this case it will be "http://localhost:31230." +![alt text](https://i0.wp.com/www.techrunnr.com/wp-content/uploads/2020/07/Screenshot-from-2020-07-12-23-18-38.png?w=850&ssl=1) + +Once the client is created, open the client configuration and change the access type to confidential from public. Save the config. +![alt text](https://i0.wp.com/www.techrunnr.com/wp-content/uploads/2020/07/Screenshot-from-2020-07-12-23-23-08.png?w=702&ssl=1) + +Open the client grafana again and go to credentials tag and copy the client id and secret for future use. + +![alt text](https://i0.wp.com/www.techrunnr.com/wp-content/uploads/2020/07/Screenshot-from-2020-07-12-23-23-32.png?w=710&ssl=1 ) + + ### Visualization -The following installation will deploy a Grafana instance that is available at the nodePort specified in the grafana_values.yaml file. +The following installation will deploy a Grafana instance that is available at the nodePort specified in the grafana_values.yaml file. +Change the client_secret with your own. Per defautl at port 31230: http://localhost:31230 ```bash @@ -98,6 +83,8 @@ kubectl apply -f visualization/dashboard-configmap.yaml ``` The configmap contains a demo dashboard and should automatically be recognized by the grafana instance. Username and password for Grafana are set to "demo". +You have to create a user in the realm you created to use the login with the keylocak feature. + ### CIM Editor Pintura The following installation will deploy a Pintura instance that is available at the nodePort specified in the pintura_values.yaml file. @@ -109,7 +96,7 @@ helm install pintura sogno/pintura -f cim-editor/pintura_values.yaml ### DPsim Simulation ```bash -helm install dpsim-demo sogno/dpsim-demo +helm install dpsim -demo sogno/dpsim-demo ``` ### State-Estimation diff --git a/pyvolt-dpsim-demo/demo-setup.sh b/pyvolt-dpsim-demo/demo-setup.sh index 466b58f..f5da77c 100755 --- a/pyvolt-dpsim-demo/demo-setup.sh +++ b/pyvolt-dpsim-demo/demo-setup.sh @@ -6,6 +6,8 @@ helm install influxdb influxdata/influxdb -f database/influxdb-helm-values.yaml helm install telegraf influxdata/telegraf -f ts-adapter/telegraf-values.yaml +helm install my-release -f keycloak/keycloak_values.yaml bitnami/keycloak + helm install grafana grafana/grafana -f visualization/grafana_values.yaml kubectl apply -f visualization/dashboard-configmap.yaml diff --git a/pyvolt-dpsim-demo/demo-teardown.sh b/pyvolt-dpsim-demo/demo-teardown.sh index 36b6de9..f96132d 100755 --- a/pyvolt-dpsim-demo/demo-teardown.sh +++ b/pyvolt-dpsim-demo/demo-teardown.sh @@ -14,3 +14,5 @@ helm uninstall pintura helm uninstall dpsim-demo helm uninstall pyvolt-demo + +helm uninstall my-release diff --git a/pyvolt-dpsim-demo/keycloak/keycloak_values.yaml b/pyvolt-dpsim-demo/keycloak/keycloak_values.yaml new file mode 100644 index 0000000..5be64e0 --- /dev/null +++ b/pyvolt-dpsim-demo/keycloak/keycloak_values.yaml @@ -0,0 +1,945 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override keycloak.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override keycloak.fullname +## +fullnameOverride: "" +## @param hostAliases Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## @section Keycloak parameters + +## Bitnami Keycloak image version +## ref: https://hub.docker.com/r/bitnami/keycloak/tags/ +## @param image.registry Keycloak image registry +## @param image.repository Keycloak image repository +## @param image.tag Keycloak image tag (immutable tags are recommended) +## @param image.pullPolicy Keycloak image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/keycloak + tag: 16.1.1-debian-10-r0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Keycloak authentication parameters +## ref: https://github.com/bitnami/bitnami-docker-keycloak#admin-credentials +## +auth: + ## @param auth.createAdminUser Create administrator user on boot + ## + createAdminUser: true + ## @param auth.adminUser Keycloak administrator user + ## + adminUser: user + ## @param auth.adminPassword Keycloak administrator password for the new user + ## + adminPassword: "" + ## @param auth.managementUser Wildfly management user + ## + managementUser: manager + ## @param auth.managementPassword Wildfly management password + ## + managementPassword: "" + ## @param auth.existingSecret An already existing secret containing auth info + ## e.g: + ## existingSecret: + ## name: mySecret + ## keyMapping: + ## admin-password: myPasswordKey + ## management-password: myManagementPasswordKey + ## database-password: myDatabasePasswordKey + ## tls-keystore-password: myTlsKeystorePasswordKey + ## tls-truestore-password: myTlsTruestorePasswordKey + ## + existingSecret: "" + ## @param auth.existingSecretPerPassword Override `existingSecret` and other secret values + ## e.g: + ## existingSecretPerPassword: + ## keyMapping: + ## adminPassword: KEYCLOAK_ADMIN_PASSWORD + ## managementPassword: KEYCLOAK_MANAGEMENT_PASSWORD + ## databasePassword: password + ## tlsKeystorePassword: JKS_KEYSTORE_TRUSTSTORE_PASSWORD + ## tlsTruststorePassword: JKS_KEYSTORE_TRUSTSTORE_PASSWORD + ## adminPassword: + ## name: keycloak-test2.credentials ## release-name + ## managementPassword: + ## name: keycloak-test2.credentials + ## databasePassword: + ## name: keycloak.pocwatt-keycloak-cluster.credentials + ## tlsKeystorePassword: + ## name: keycloak-test2.credentials + ## tlsTruststorePassword: + ## name: keycloak-test2.credentials + ## + existingSecretPerPassword: {} + ## TLS encryption parameters + ## ref: https://github.com/bitnami/bitnami-docker-keycloak#tls-encryption + ## + tls: + ## @param auth.tls.enabled Enable TLS encryption + ## + enabled: false + ## @param auth.tls.autoGenerated Generate automatically self-signed TLS certificates. Currently only supports PEM certificates + ## + autoGenerated: false + ## @param auth.tls.existingSecret Existing secret containing the TLS certificates per Keycloak replica + ## Create this secret following the steps below: + ## 1) Generate your trustore and keystore files (more info at https://www.keycloak.org/docs/latest/server_installation/#_setting_up_ssl) + ## 2) Rename your truststore to `keycloak.truststore.jks`. + ## 3) Rename your keystores to `keycloak-X.keystore.jks` where X is the ID of each Keycloak replica + ## 4) Run the command below where SECRET_NAME is the name of the secret you want to create: + ## kubectl create secret generic SECRET_NAME --from-file=./keycloak.truststore.jks --from-file=./keycloak-0.keystore.jks --from-file=./keycloak-1.keystore.jks ... + ## + existingSecret: "" + ## @param auth.tls.truststoreFilename Truststore specific filename inside the existing secret + ## Note: Setting up this value, you will use the same trustore file in all the replicas + ## + truststoreFilename: "" + ## @param auth.tls.keystoreFilename Keystore specific filename inside the existing secret + ## Note: Setting up this value, you will use the same trustore file in all the replicas + ## + keystoreFilename: "" + ## @param auth.tls.jksSecret DEPRECATED. Use `auth.tls.existingSecret` instead + ## + jksSecret: "" + ## @param auth.tls.keystorePassword Password to access the keystore when it's password-protected + ## + keystorePassword: "" + ## @param auth.tls.truststorePassword Password to access the truststore when it's password-protected + ## + truststorePassword: "" + ## Init containers' resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param auth.tls.resources.limits The resources limits for the TLS init container + ## @param auth.tls.resources.requests The requested resources for the TLS init container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} +## @param proxyAddressForwarding Enable Proxy Address Forwarding +## ref: https://www.keycloak.org/docs/latest/server_installation/#_setting-up-a-load-balancer-or-proxy +## +proxyAddressForwarding: false +## Keycloak Service Discovery settings +## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration +## +serviceDiscovery: + ## @param serviceDiscovery.enabled Enable Service Discovery for Keycloak (required if `replicaCount` > `1`) + ## + enabled: false + ## @param serviceDiscovery.protocol Sets the protocol that Keycloak nodes would use to discover new peers + ## Available protocols can be found at http://www.jgroups.org/javadoc3/org/jgroups/protocols/ + ## + protocol: kubernetes.KUBE_PING + ## @param serviceDiscovery.properties Properties for the discovery protocol set in `serviceDiscovery.protocol` parameter + ## List of key=>value pairs + ## Example: + ## properties: + ## - datasource_jndi_name=>"java:jboss/datasources/KeycloakDS" + ## - initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))" + ## + properties: [] + ## @param serviceDiscovery.transportStack Transport stack for the discovery protocol set in `serviceDiscovery.protocol` parameter + ## + transportStack: tcp +## Keycloak cache settings +## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration +## +cache: + ## @param cache.ownersCount Number of nodes that will replicate cached data + ## + ownersCount: 1 + ## @param cache.authOwnersCount Number of nodes that will replicate cached authentication data + ## + authOwnersCount: 1 +## @param configuration Keycloak Configuration. Auto-generated based on other parameters when not specified +## Specify content for standalone-ha.xml +## NOTE: This will override configuring Keycloak based on environment variables (including those set by the chart) +## The standalone-ha.xml is auto-generated based on other parameters when this parameter is not specified +## +## Example: +## configuration: |- +## foo: bar +## baz: +## +configuration: "" +## @param existingConfigmap Name of existing ConfigMap with Keycloak configuration +## NOTE: When it's set the configuration parameter is ignored +## +existingConfigmap: "" +## @param extraStartupArgs Extra default startup args +## +extraStartupArgs: "" +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## ref: https://github.com/bitnami/bitnami-docker-keycloak#initializing-a-new-instance +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) +## +initdbScriptsConfigMap: "" +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param extraEnvVars Extra environment variables to be set on Keycloak container +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" + +## @section keycloak-config-cli parameters + +## Configuration for keycloak-config-cli +## ref: https://github.com/adorsys/keycloak-config-cli +## +keycloakConfigCli: + ## @param keycloakConfigCli.enabled Whether to enable keycloak-config-cli + ## + enabled: false + ## Bitnami keycloak-config-cli image + ## ref: https://hub.docker.com/r/bitnami/keycloak-config-cli/tags/ + ## @param keycloakConfigCli.image.registry keycloak-config-cli container image registry + ## @param keycloakConfigCli.image.repository keycloak-config-cli container image repository + ## @param keycloakConfigCli.image.tag keycloak-config-cli container image tag + ## @param keycloakConfigCli.image.pullPolicy keycloak-config-cli container image pull policy + ## @param keycloakConfigCli.image.pullSecrets keycloak-config-cli container image pull secrets + ## + image: + registry: docker.io + repository: bitnami/keycloak-config-cli + tag: 4.6.1-debian-10-r7 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param keycloakConfigCli.annotations [object] Annotations for keycloak-config-cli job + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: + helm.sh/hook: "post-install,post-upgrade,post-rollback" + helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation" + helm.sh/hook-weight: "5" + ## @param keycloakConfigCli.command Command for running the container (set to default if not set). Use array form + ## + command: [] + ## @param keycloakConfigCli.args Args for running the container (set to default if not set). Use array form + ## + args: [] + ## @param keycloakConfigCli.hostAliases Job pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## Keycloak config CLI resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param keycloakConfigCli.resources.limits The resources limits for the keycloak-config-cli container + ## @param keycloakConfigCli.resources.requests The requested resources for the keycloak-config-cli container + ## + resources: + ## Example: + ## limits: + ## cpu: 200m + ## memory: 256Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 200m + ## memory: 10Mi + requests: {} + ## keycloak-config-cli containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param keycloakConfigCli.containerSecurityContext.enabled Enabled keycloak-config-cli containers' Security Context + ## @param keycloakConfigCli.containerSecurityContext.runAsUser Set keycloak-config-cli container's Security Context runAsUser + ## @param keycloakConfigCli.containerSecurityContext.runAsNonRoot Set keycloak-config-cli container's Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## keycloak-config-cli pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param keycloakConfigCli.podSecurityContext.enabled Enabled keycloak-config-cli pods' Security Context + ## @param keycloakConfigCli.podSecurityContext.fsGroup Set keycloak-config-cli pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## @param keycloakConfigCli.backoffLimit Number of retries before considering a Job as failed + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy + ## + backoffLimit: 1 + ## @param keycloakConfigCli.podLabels Pod extra labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param keycloakConfigCli.podAnnotations Annotations for job pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param keycloakConfigCli.extraEnvVars Additional environment variables to set + ## Example: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param keycloakConfigCli.extraEnvVarsCM ConfigMap with extra environment variables + ## + extraEnvVarsCM: "" + ## @param keycloakConfigCli.extraEnvVarsSecret Secret with extra environment variables + ## + extraEnvVarsSecret: "" + ## @param keycloakConfigCli.extraVolumes Extra volumes to add to the job + ## + extraVolumes: [] + ## @param keycloakConfigCli.extraVolumeMounts Extra volume mounts to add to the container + ## + extraVolumeMounts: [] + ## @param keycloakConfigCli.configuration keycloak-config-cli realms configuration + ## NOTE: nil keys will be considered files to import locally + ## Example: + ## configuration: + ## realm1.json: | + ## { + ## "realm": "realm1", + ## "clients": [] + ## } + ## files/realm2.yaml: + ## realm3.yaml: | + ## realm: realm3 + ## clients: [] + ## + configuration: {} + ## @param keycloakConfigCli.existingConfigmap ConfigMap with keycloak-config-cli configuration. This will override `keycloakConfigCli.config` + ## NOTE: This will override keycloakConfigCli.configuration + ## + existingConfigmap: "" + +## @section Keycloak deployment/statefulset parameters + +## @param replicaCount Number of Keycloak replicas to deploy +## +replicaCount: 1 +## @param containerPorts [object] Keycloak container ports to open +## +containerPorts: + http: 8080 + https: 8443 +## Keycloak containers' SecurityContext +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled Keykloak pods' Security Context +## @param podSecurityContext.fsGroup Set Keykloak pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Keycloak pods' Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled Keykloak containers' Security Context +## @param containerSecurityContext.runAsUser Set Keykloak container's Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set Keykloak container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## Keycloak resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the Keycloak container +## @param resources.requests The requested resources for the Keycloak container +## +resources: + ## Example: + ## limits: + ## cpu: 200m + ## memory: 256Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 200m + ## memory: 10Mi + requests: {} +## Configure extra options for startup probe +## When enabling this, make sure to set initialDelaySeconds to 0 for livenessProbe and readinessProbe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.httpGet.path Request path for startupProbe +## @param startupProbe.httpGet.port Port for startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + httpGet: + path: /auth/ + port: http + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 60 + successThreshold: 1 +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.httpGet.path Request path for livenessProbe +## @param livenessProbe.httpGet.port Port for livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + httpGet: + path: /auth/ + port: http + initialDelaySeconds: 300 + periodSeconds: 1 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.httpGet.path Request path for readinessProbe +## @param readinessProbe.httpGet.port Port for readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + httpGet: + path: /auth/realms/master + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 +## @param customStartupProbe Custom Startup probes for Keycloak +## +customStartupProbe: {} +## @param customLivenessProbe Custom Liveness probes for Keycloak +## +customLivenessProbe: {} +## @param customReadinessProbe Custom Rediness probes Keycloak +## +customReadinessProbe: {} +## Strategy to use to update Pods +## +updateStrategy: + ## @param updateStrategy.type StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## @param nodeSelector Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param podLabels Extra labels for Keycloak pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for Keycloak pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param priorityClassName Keycloak pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param lifecycleHooks LifecycleHooks to set additional configuration at startup +## +lifecycleHooks: {} +## @param extraVolumes Optionally specify extra list of additional volumes for Keycloak pods +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Keycloak container(s) +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the Keycloak pods +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the Keycloak pods +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] + +## @section Exposure parameters + +## Service configuration +## +service: + ## @param service.type Kubernetes service type + ## + type: NodePort + ## @param service.port Service HTTP port + ## + port: 80 + ## @param service.httpsPort HTTPS Port + ## + httpsPort: 443 + ## @param service.nodePorts [object] Specify the nodePort values for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "31250" + https: "31476" + ## @param service.clusterIP Keycloak service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Annotations for Keycloak service + ## + annotations: {} +## Keycloak ingress parameters +## ref: https://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for Keycloak + ## + enabled: false + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: keycloak.local + ## @param ingress.path Default path for the ingress record + ## + path: / + ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Relay on cert-manager to create it by setting the corresponding annotations + ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: keycloak.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - keycloak.local + ## secretName: keycloak.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: keycloak.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ingress.servicePort Service port to be used + ## Default is http. Alternative is https. + ## + servicePort: http + +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable the default NetworkPolicy policy + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports Keycloak is listening + ## on. When true, Keycloak will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.additionalRules Additional NetworkPolicy rules + ## Note that all rules are OR-ed. + ## Example: + ## additionalRules: + ## - matchLabels: + ## - role: frontend + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + additionalRules: {} + +## @section RBAC parameter +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for Keycloak pods + ## + create: true + ## @param serviceAccount.name Name of the created ServiceAccount + ## If not set and create is true, a name is generated using the fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod + ## + automountServiceAccountToken: false +## Specifies whether RBAC resources should be created +## +rbac: + ## @param rbac.create Whether to create and use RBAC resources or not + ## + create: false + ## @param rbac.rules Custom RBAC rules + ## Example: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + +## @section Other parameters + +## Keycloak Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + maxUnavailable: "" +## Keycloak Autoscaling configuration +## @param autoscaling.enabled Enable autoscaling for Keycloak +## @param autoscaling.minReplicas Minimum number of Keycloak replicas +## @param autoscaling.maxReplicas Maximum number of Keycloak replicas +## @param autoscaling.targetCPU Target CPU utilization percentage +## @param autoscaling.targetMemory Target Memory utilization percentage +## +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + targetCPU: "" + targetMemory: "" + +## @section Metrics parameters + +## Metrics configuration +## +metrics: + ## @param metrics.enabled Enable exposing Keycloak statistics + ## ref: https://github.com/bitnami/bitnami-docker-keycloak#enabling-statistics + ## + enabled: false + ## Keycloak metrics service parameters + ## + service: + ## @param metrics.service.port Service HTTP management port + ## + port: 9990 + ## @param metrics.service.annotations [object] Annotations for enabling prometheus to access the metrics endpoints + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.port }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabellings Specify Metric Relabellings to add to the scrape endpoint + ## + relabellings: [] + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.additionalLabels Used to pass Labels that are required by the installed Prometheus Operator + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + +## @section Database parameters + +## PostgreSQL chart configuration +## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml +## +postgresql: + ## @param postgresql.enabled Deploy a PostgreSQL server to satisfy the applications database requirements + ## + enabled: true + ## @param postgresql.postgresqlUsername Keycloak PostgreSQL user (has superuser privileges if username is `postgres`) + ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run + ## + postgresqlUsername: bn_keycloak + ## @param postgresql.postgresqlPassword Keycloak PostgreSQL password - ignored if existingSecret is provided + ## Defaults to a random 10-character alphanumeric string if not set + ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run + ## + postgresqlPassword: "" + ## @param postgresql.postgresqlDatabase Name of the database to create + ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run + ## + postgresqlDatabase: bitnami_keycloak + ## @param postgresql.existingSecret Use an existing secret file with the PostgreSQL password + ## + existingSecret: "" + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes + ## + persistence: + ## @param postgresql.persistence.enabled Enable PostgreSQL persistence using PVC + ## + enabled: true +## External database configuration +## +externalDatabase: + ## @param externalDatabase.host Host of the external database + ## + host: "" + ## @param externalDatabase.port Database port + ## + port: 5432 + ## @param externalDatabase.user non admin username for Keycloak Database + ## + user: bn_keycloak + ## @param externalDatabase.password Database password + ## + password: "" + ## @param externalDatabase.database Database name + ## + database: bitnami_keycloak + ## @param externalDatabase.existingSecret Use an existing secret file with the external PostgreSQL credentials + ## + existingSecret: "" diff --git a/pyvolt-dpsim-demo/visualization/grafana_values.yaml b/pyvolt-dpsim-demo/visualization/grafana_values.yaml index 7bef2a3..3b989e3 100644 --- a/pyvolt-dpsim-demo/visualization/grafana_values.yaml +++ b/pyvolt-dpsim-demo/visualization/grafana_values.yaml @@ -15,6 +15,20 @@ datasources: password: telegraf jsonData: httpMode: GET +grafana.ini: + auth: + signout_redirect_url: "http://loacalhost:31250/auth/realms/devops/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2F137.226.248.193%3A31230%2Flogin" + + server: + root_url: http://loacalhost:31230/ + auth.generic_oauth: + enabled: true + name: "login_keycloak" + client_id: "grafana" + client_secret: "q1vYjPVZCSKkS0GKLcxrL0lt597baR3H" + auth_url: "http://loacalhost:31250/auth/realms/devops/protocol/openid-connect/auth" + token_url: "http://loacalhost:31250/auth/realms/devops/protocol/openid-connect/token" + api_url: "http://loacalhost:31250/auth/realms/devops/protocol/openid-connect/userinfo" adminUser: demo adminPassword: demo @@ -23,4 +37,3 @@ sidecar: dashboards: enabled: true label: grafana_dashboard - From 93c2ef159220e2c693ae0ce994274c4e1ed8620c Mon Sep 17 00:00:00 2001 From: Golam Mohammad Shovon Date: Wed, 6 Apr 2022 19:32:38 +0200 Subject: [PATCH 2/4] Revert "Keycloak added for pyvolt-dpsim-demo" This reverts commit f93014c3016b99cde3889b3f6a055a4e15777f5a. --- pyvolt-dpsim-demo/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pyvolt-dpsim-demo/README.md b/pyvolt-dpsim-demo/README.md index 7143da0..4680f37 100644 --- a/pyvolt-dpsim-demo/README.md +++ b/pyvolt-dpsim-demo/README.md @@ -22,7 +22,11 @@ helm repo update ``` ### HugePages +<<<<<<< HEAD The current setup requires HugePages support for the real-time simulator. This can be checked and activated as follows: +======= +The current setup requires HugePages support for the real-time simulator. This can be checked and activated (temporarily) as follows: +>>>>>>> parent of f93014c... Keycloak added for pyvolt-dpsim-demo ```bash # Verify HugePages @@ -54,6 +58,12 @@ HugePages_Surp: 0 Hugepagesize: 2048 kB Hugetlb: 2097152 kB +<<<<<<< HEAD +======= +If you don't see 1024 next to HugePages_Total, you may need to restart +your system and try again with a fresh boot. + +>>>>>>> parent of f93014c... Keycloak added for pyvolt-dpsim-demo # Restart k3s service to apply changes sudo systemctl restart k3s @@ -83,7 +93,11 @@ helm install telegraf influxdata/telegraf -f ts-adapter/telegraf-values.yaml ### Visualization +<<<<<<< HEAD The following installation will deploy a Grafana instance that is available at the nodePort specified in the grafana_values.yaml file. +======= +The following installation will deploy a Grafana instance that is available at the nodePort specified in the grafana_values.yaml file. +>>>>>>> parent of f93014c... Keycloak added for pyvolt-dpsim-demo Per defautl at port 31230: http://localhost:31230 ```bash From 78f8e5c71a32e981e20db0868492e077265a916a Mon Sep 17 00:00:00 2001 From: Golam Mohammad Shovon Date: Thu, 7 Apr 2022 12:34:36 +0200 Subject: [PATCH 3/4] keycloak serviced added for sso Signed-off-by: Golam Mohammad Shovon --- pyvolt-dpsim-demo/README.md | 46 +----- .../keycloak/keycloak_createion.py | 152 ++++++++++++++++++ .../keycloak/keycloak_values.yaml | 4 +- .../visualization/grafana_values.yaml | 17 +- 4 files changed, 168 insertions(+), 51 deletions(-) create mode 100644 pyvolt-dpsim-demo/keycloak/keycloak_createion.py diff --git a/pyvolt-dpsim-demo/README.md b/pyvolt-dpsim-demo/README.md index 9d55d62..1220d31 100644 --- a/pyvolt-dpsim-demo/README.md +++ b/pyvolt-dpsim-demo/README.md @@ -22,14 +22,9 @@ helm repo add influxdata https://influxdata.github.io/helm-charts helm repo add grafana https://grafana.github.io/helm-charts helm repo update ``` -<<<<<<< HEAD ### HugePages -<<<<<<< HEAD -The current setup requires HugePages support for the real-time simulator. This can be checked and activated as follows: -======= -The current setup requires HugePages support for the real-time simulator. This can be checked and activated (temporarily) as follows: ->>>>>>> parent of f93014c... Keycloak added for pyvolt-dpsim-demo +The current setup requires HugePages support for the real-time simulator. But if you want keycloak sso service , do not do this.This can be checked and activated (temporarily) as follows: ```bash # Verify HugePages @@ -61,20 +56,15 @@ HugePages_Surp: 0 Hugepagesize: 2048 kB Hugetlb: 2097152 kB -<<<<<<< HEAD -======= If you don't see 1024 next to HugePages_Total, you may need to restart your system and try again with a fresh boot. ->>>>>>> parent of f93014c... Keycloak added for pyvolt-dpsim-demo # Restart k3s service to apply changes sudo systemctl restart k3s # Ensure the KUBECONFIG env is still set correctly export KUBECONFIG=/etc/rancher/k3s/k3s.yaml ``` -======= ->>>>>>> f93014c3016b99cde3889b3f6a055a4e15777f5a ## Manual Chart Installation @@ -98,52 +88,24 @@ helm install telegraf influxdata/telegraf -f ts-adapter/telegraf-values.yaml ### KeyCloak: -The following installation will deploy a KeyCloak instance that is available at the nodePort specified in the keycloak_values.yaml file. +The following installation will deploy a KeyCloak instance that is available at the nodePort specified in the keycloak_values.yaml file.The username and password both is "user" for the admin panel. Per defautl at port 31250: http://localhost:31250 ```bash helm install my-release -f keycloak/keycloak_values.yaml bitnami/keycloak ``` -To Get the user password for the keycloak, run this command. -```bash - echo Password: $(kubectl get secret --namespace default my-release-keycloak -o jsonpath="{.data.admin-password}" | base64 --decode) -``` -Login to the keycloak instance. The user name is:user and use the passwrod. - -Than Create a realm for common authentication for your applications. -![alt text](https://i2.wp.com/www.techrunnr.com/wp-content/uploads/2020/07/Screenshot-from-2020-07-12-22-19-43.png?w=775&ssl=1) - -Create a client for grafana as given below where root url is your grafana application URL.In this case it will be "http://localhost:31230." -![alt text](https://i0.wp.com/www.techrunnr.com/wp-content/uploads/2020/07/Screenshot-from-2020-07-12-23-18-38.png?w=850&ssl=1) - -Once the client is created, open the client configuration and change the access type to confidential from public. Save the config. -![alt text](https://i0.wp.com/www.techrunnr.com/wp-content/uploads/2020/07/Screenshot-from-2020-07-12-23-23-08.png?w=702&ssl=1) - -Open the client grafana again and go to credentials tag and copy the client id and secret for future use. - -![alt text](https://i0.wp.com/www.techrunnr.com/wp-content/uploads/2020/07/Screenshot-from-2020-07-12-23-23-32.png?w=710&ssl=1 ) - +To create keycloak realm, client and user run the python script keycloak_createion.py. ### Visualization -<<<<<<< HEAD The following installation will deploy a Grafana instance that is available at the nodePort specified in the grafana_values.yaml file. -<<<<<<< HEAD -======= -The following installation will deploy a Grafana instance that is available at the nodePort specified in the grafana_values.yaml file. ->>>>>>> parent of f93014c... Keycloak added for pyvolt-dpsim-demo -======= -Change the client_secret with your own. ->>>>>>> f93014c3016b99cde3889b3f6a055a4e15777f5a Per defautl at port 31230: http://localhost:31230 ```bash helm install grafana grafana/grafana -f visualization/grafana_values.yaml kubectl apply -f visualization/dashboard-configmap.yaml ``` -The configmap contains a demo dashboard and should automatically be recognized by the grafana instance. Username and password for Grafana are set to "demo". - -You have to create a user in the realm you created to use the login with the keylocak feature. +The configmap contains a demo dashboard and should automatically be recognized by the grafana instance. Username and password for Grafana are set to "demo".Its also the same in the case of login with oauth. ### CIM Editor Pintura diff --git a/pyvolt-dpsim-demo/keycloak/keycloak_createion.py b/pyvolt-dpsim-demo/keycloak/keycloak_createion.py new file mode 100644 index 0000000..b549fd2 --- /dev/null +++ b/pyvolt-dpsim-demo/keycloak/keycloak_createion.py @@ -0,0 +1,152 @@ +from json.tool import main +from re import X +import string +import requests +import ast +import json + +def get_token(): + + lurl = 'http://localhost:31250/auth/realms/master/protocol/openid-connect/token' + + params = { + + 'client_id': 'admin-cli', + 'grant_type': 'password', + 'username' : 'user', + 'password': 'user' + } + x = requests.post(lurl, params, verify=False).content.decode('utf-8') + return ast.literal_eval(x)['access_token'] + +def create_realm(): + url = "http://localhost:31250/auth/admin/realms" + + payload = json.dumps({ + "id": "grafana", + "realm": "grafana", + "enabled": True + }) + headers = { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer ' + str(get_token()) + } + + response = requests.request("POST", url, headers=headers, data=payload) + + print('Realm created') + +def create_client(): + url = "http://localhost:31250/auth/admin/realms/grafana/clients" + + payload = json.dumps({ + "clientId": "grafana", + "name": "grafana", + "adminUrl": "http://localhost:31230", + "alwaysDisplayInConsole": False, + "secret": "Z6RT9ViirQTPgV9AQqoZwGm38XHyUROY", + + "access": { + "view": True, + "configure": True, + "manage": True + }, + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "authorizationServicesEnabled": True, + "bearerOnly": False, + "directAccessGrantsEnabled": True, + "enabled": True, + "protocol": "openid-connect", + "description": "grafana", + "rootUrl": "http://localhost:31230", + "surrogateAuthRequired": False, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [ + "manage-account", + "view-profile" + ], + "redirectUris": [ + "http://localhost:31230/*", + "http://localhost:31230/login/generic_oauth" + ], + "webOrigins": [], + "notBefore": 0, + "consentRequired": False, + "standardFlowEnabled": True, + "implicitFlowEnabled": False, + "serviceAccountsEnabled": True, + "publicClient": False, + "frontchannelLogout": False, + "fullScopeAllowed": False, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }) + headers = { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer ' + str(get_token()) + } + + response = requests.request("POST", url, headers=headers, data=payload) + + print('client created') + + +def create_user(): + url = "http://localhost:31250/auth/admin/realms/grafana/users" + + payload = json.dumps({ + "createdTimestamp": 1588880747548, + "username": "demo", + "enabled": True, + "totp": False, + "emailVerified": True, + "firstName": "user", + "lastName": "grafana", + "email": "user_grafana@grafana.com", + "disableableCredentialTypes": [], + "requiredActions": [], + "notBefore": 0, + "access": { + "manageGroupMembership": True, + "view": True, + "mapRoles": True, + "impersonate": True, + "manage": True + }, + "credentials": [{ + "type":"password", + "value":"demo", + "temporary":False, + }], + "realmRoles": [ + "mb-user" + ] + }) + headers = { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer ' + str(get_token()) + } + + response = requests.request("POST", url, headers=headers, data=payload) + + print('user created') + +def function(): + create_realm() + create_client() + create_user() + +function() diff --git a/pyvolt-dpsim-demo/keycloak/keycloak_values.yaml b/pyvolt-dpsim-demo/keycloak/keycloak_values.yaml index 5be64e0..bdea46f 100644 --- a/pyvolt-dpsim-demo/keycloak/keycloak_values.yaml +++ b/pyvolt-dpsim-demo/keycloak/keycloak_values.yaml @@ -87,7 +87,7 @@ auth: adminUser: user ## @param auth.adminPassword Keycloak administrator password for the new user ## - adminPassword: "" + adminPassword: "user" ## @param auth.managementUser Wildfly management user ## managementUser: manager @@ -942,4 +942,4 @@ externalDatabase: database: bitnami_keycloak ## @param externalDatabase.existingSecret Use an existing secret file with the external PostgreSQL credentials ## - existingSecret: "" + existingSecret: "" \ No newline at end of file diff --git a/pyvolt-dpsim-demo/visualization/grafana_values.yaml b/pyvolt-dpsim-demo/visualization/grafana_values.yaml index 3b989e3..2fe3304 100644 --- a/pyvolt-dpsim-demo/visualization/grafana_values.yaml +++ b/pyvolt-dpsim-demo/visualization/grafana_values.yaml @@ -17,18 +17,21 @@ datasources: httpMode: GET grafana.ini: auth: - signout_redirect_url: "http://loacalhost:31250/auth/realms/devops/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2F137.226.248.193%3A31230%2Flogin" + signout_redirect_url: "http://localhost:31250/auth/realms/grafana/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Flocalhost%3A31230%2Flogin" server: - root_url: http://loacalhost:31230/ + root_url: http://localhost:31230/ auth.generic_oauth: enabled: true - name: "login_keycloak" + name: "Oauth" client_id: "grafana" - client_secret: "q1vYjPVZCSKkS0GKLcxrL0lt597baR3H" - auth_url: "http://loacalhost:31250/auth/realms/devops/protocol/openid-connect/auth" - token_url: "http://loacalhost:31250/auth/realms/devops/protocol/openid-connect/token" - api_url: "http://loacalhost:31250/auth/realms/devops/protocol/openid-connect/userinfo" + client_secret: "Z6RT9ViirQTPgV9AQqoZwGm38XHyUROY" + auth_url: "http://localhost:31250/auth/realms/grafana/protocol/openid-connect/auth" + token_url: "http://my-release-keycloak.default.svc.cluster.local/auth/realms/grafana/protocol/openid-connect/token" + api_url: "http://localhost:31250/auth/realms/grafana/protocol/openid-connect/userinfo" + scopes: "openid email profile" + + adminUser: demo adminPassword: demo From 601fc08f85850ab5bd53c5afffc8a79ed1543f7c Mon Sep 17 00:00:00 2001 From: Golam Mohammad Shovon Date: Wed, 13 Apr 2022 21:29:15 +0200 Subject: [PATCH 4/4] keycloak service added for sso Signed-off-by: Golam Mohammad Shovon --- pyvolt-dpsim-demo/README.md | 17 ++++++++++------- pyvolt-dpsim-demo/demo-setup.sh | 7 ++++++- pyvolt-dpsim-demo/demo-teardown.sh | 3 +++ ...ycloak_createion.py => keycloak_creation.py} | 0 4 files changed, 19 insertions(+), 8 deletions(-) rename pyvolt-dpsim-demo/keycloak/{keycloak_createion.py => keycloak_creation.py} (100%) diff --git a/pyvolt-dpsim-demo/README.md b/pyvolt-dpsim-demo/README.md index 1220d31..f59d111 100644 --- a/pyvolt-dpsim-demo/README.md +++ b/pyvolt-dpsim-demo/README.md @@ -24,7 +24,7 @@ helm repo update ``` ### HugePages -The current setup requires HugePages support for the real-time simulator. But if you want keycloak sso service , do not do this.This can be checked and activated (temporarily) as follows: +The current setup requires HugePages support for the real-time simulator. But if you want a keycloak sso service, do not do this. This can be checked and activated (temporarily) as follows: ```bash # Verify HugePages @@ -33,7 +33,7 @@ cat /proc/meminfo | grep Huge AnonHugePages: 104448 kB ShmemHugePages: 0 kB FileHugePages: 0 kB -HugePages_Total: 0 <-- we require a minimum of 1024 +HugePages_Total: 0 <-- we require a minimum of 1024 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 @@ -88,24 +88,27 @@ helm install telegraf influxdata/telegraf -f ts-adapter/telegraf-values.yaml ### KeyCloak: -The following installation will deploy a KeyCloak instance that is available at the nodePort specified in the keycloak_values.yaml file.The username and password both is "user" for the admin panel. -Per defautl at port 31250: http://localhost:31250 +The following installation will deploy a KeyCloak instance that is available at the nodePort specified in the keycloak_values.yaml file. The username and password both are "user" for the admin panel. +Per default at port 31250: http://localhost:31250 ```bash helm install my-release -f keycloak/keycloak_values.yaml bitnami/keycloak ``` -To create keycloak realm, client and user run the python script keycloak_createion.py. +Please wait for 3 minutes for the keycloak to deploy properly. To create keycloak realm, client and user run the python script keycloak_createion.py. +```bash +python3 keycloak/keycloak_creation.py +``` ### Visualization The following installation will deploy a Grafana instance that is available at the nodePort specified in the grafana_values.yaml file. -Per defautl at port 31230: http://localhost:31230 +Per default at port 31230: http://localhost:31230 ```bash helm install grafana grafana/grafana -f visualization/grafana_values.yaml kubectl apply -f visualization/dashboard-configmap.yaml ``` -The configmap contains a demo dashboard and should automatically be recognized by the grafana instance. Username and password for Grafana are set to "demo".Its also the same in the case of login with oauth. +The configmap contains a demo dashboard and should automatically be recognized by the grafana instance. The username and password for Grafana are set to "demo".It's also the same in the case of login with oauth. ### CIM Editor Pintura diff --git a/pyvolt-dpsim-demo/demo-setup.sh b/pyvolt-dpsim-demo/demo-setup.sh index f5da77c..2f056b0 100755 --- a/pyvolt-dpsim-demo/demo-setup.sh +++ b/pyvolt-dpsim-demo/demo-setup.sh @@ -8,7 +8,12 @@ helm install telegraf influxdata/telegraf -f ts-adapter/telegraf-values.yaml helm install my-release -f keycloak/keycloak_values.yaml bitnami/keycloak +sleep 5m + +python3 keycloak/keycloak_creation.py + helm install grafana grafana/grafana -f visualization/grafana_values.yaml + kubectl apply -f visualization/dashboard-configmap.yaml helm install pintura sogno/pintura -f cim-editor/pintura_values.yaml @@ -17,4 +22,4 @@ helm install dpsim-demo sogno/dpsim-demo helm install pyvolt-demo sogno/pyvolt-service -f state-estimation/se_values.yaml -kubectl get pods +kubectl get pods \ No newline at end of file diff --git a/pyvolt-dpsim-demo/demo-teardown.sh b/pyvolt-dpsim-demo/demo-teardown.sh index f96132d..a18eeb6 100755 --- a/pyvolt-dpsim-demo/demo-teardown.sh +++ b/pyvolt-dpsim-demo/demo-teardown.sh @@ -7,6 +7,7 @@ helm uninstall influxdb helm uninstall telegraf helm uninstall grafana + kubectl delete -f visualization/dashboard-configmap.yaml helm uninstall pintura @@ -16,3 +17,5 @@ helm uninstall dpsim-demo helm uninstall pyvolt-demo helm uninstall my-release + +kubectl delete pvc data-my-release-postgresql-0 \ No newline at end of file diff --git a/pyvolt-dpsim-demo/keycloak/keycloak_createion.py b/pyvolt-dpsim-demo/keycloak/keycloak_creation.py similarity index 100% rename from pyvolt-dpsim-demo/keycloak/keycloak_createion.py rename to pyvolt-dpsim-demo/keycloak/keycloak_creation.py