1. Answers
  2. Deploy Keycloak and Rate Limiting with Solo.io on Kubernetes

How do I deploy Keycloak and set up rate limiting with Solo.io on Kubernetes?

This guide demonstrates how to deploy Keycloak on a Kubernetes cluster and set up rate limiting using Solo.io’s Gloo Edge. We will create a Keycloak deployment, expose it via a service, and configure rate limiting using Gloo Edge.

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a Kubernetes namespace for Keycloak
const keycloakNamespace = new k8s.core.v1.Namespace("keycloak-namespace", {
    metadata: {
        name: "keycloak",
    },
});

// Deploy Keycloak
const keycloakDeployment = new k8s.apps.v1.Deployment("keycloak-deployment", {
    metadata: {
        namespace: keycloakNamespace.metadata.name,
        name: "keycloak",
    },
    spec: {
        replicas: 1,
        selector: {
            matchLabels: {
                app: "keycloak",
            },
        },
        template: {
            metadata: {
                labels: {
                    app: "keycloak",
                },
            },
            spec: {
                containers: [
                    {
                        name: "keycloak",
                        image: "jboss/keycloak:latest",
                        ports: [
                            {
                                containerPort: 8080,
                                name: "http",
                            },
                        ],
                        env: [
                            {
                                name: "KEYCLOAK_USER",
                                value: "admin",
                            },
                            {
                                name: "KEYCLOAK_PASSWORD",
                                value: "admin",
                            },
                        ],
                    },
                ],
            },
        },
    },
});

// Expose Keycloak via a Kubernetes Service
const keycloakService = new k8s.core.v1.Service("keycloak-service", {
    metadata: {
        namespace: keycloakNamespace.metadata.name,
        name: "keycloak",
    },
    spec: {
        selector: {
            app: "keycloak",
        },
        ports: [
            {
                protocol: "TCP",
                port: 80,
                targetPort: "http",
            },
        ],
        type: "LoadBalancer",
    },
});

// Deploy Gloo Edge for rate limiting
const glooNamespace = new k8s.core.v1.Namespace("gloo-namespace", {
    metadata: {
        name: "gloo-system",
    },
});

const glooEdge = new k8s.helm.v3.Chart("gloo-edge", {
    chart: "gloo",
    version: "1.8.0",
    fetchOpts: {
        repo: "https://storage.googleapis.com/solo-public-helm",
    },
    namespace: glooNamespace.metadata.name,
    values: {
        global: {
            glooRbac: {
                create: true,
            },
        },
    },
});

// Configure rate limiting for Keycloak
const rateLimitConfig = new k8s.apiextensions.CustomResource("rate-limit-config", {
    apiVersion: "ratelimit.solo.io/v1alpha1",
    kind: "RateLimitConfig",
    metadata: {
        namespace: glooNamespace.metadata.name,
        name: "keycloak-rate-limit",
    },
    spec: {
        raw: [
            {
                rateLimit: {
                    unit: "minute",
                    requestsPerUnit: 10,
                },
                actions: [
                    {
                        requestHeaders: {
                            descriptorKey: "header_match",
                            headerName: ":path",
                            headerValueMatch: {
                                exact: "/auth",
                            },
                        },
                    },
                ],
            },
        ],
    },
});

// Export the Keycloak service URL
export const keycloakUrl = keycloakService.status.loadBalancer.ingress[0].hostname;

Key Points

  • Namespace Creation: We create separate namespaces for Keycloak and Gloo Edge.
  • Keycloak Deployment: Deploy Keycloak with environment variables for admin credentials.
  • Service Exposure: Expose Keycloak using a Kubernetes LoadBalancer service.
  • Gloo Edge Deployment: Deploy Gloo Edge using Helm for rate limiting capabilities.
  • Rate Limiting Configuration: Define rate limiting rules with Solo.io’s CRD.

Summary

In this guide, we deployed Keycloak on Kubernetes and set up rate limiting using Solo.io’s Gloo Edge. We created necessary namespaces, deployed Keycloak, exposed it via a service, and configured rate limiting rules. This setup ensures that Keycloak is protected from excessive requests, enhancing the security and stability of the application.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up