Is there a way to specify the Keycloak version which is used in dev/test mode in quarkus ?
The default one on the 2.15.0.Final version is 19.0.3 and I want to use the 20.0.2.
I search in multiple documentations but I didn't find anything.
Thanks !
You can specify which image to use for the keycloak dev service (that is what will be loaded in dev/test mode) using the quarkus.keycloak.devservices.image-name property.
Example :
quarkus.keycloak.devservices.image-name=quay.io/keycloak/keycloak:20.0.2
Note that if the image name does not end with -legacy, Quarkus will assume it is a Keycloak Quarkus image.
You'll find all configuration properties for the Keycloak Dev service here : https://quarkus.io/guides/dev-services#keycloak
Related
I am trying to monitor keycloak application., but it's only shows without routes
I am using the latest Newrelic agent with the Keycloac 20.0.3
I tried to use
https://github.com/newrelic-experimental/newrelic-java-quarkus
but I got the same results
Most Probably in your newrelic.yml config file there is an option enable_auto_transaction_naming try to enable it
Created ECS cluster let's call it tools.
tools cluster have 2 services:
sso-proxy
grafana - opensource
Going through sso-proxy to get grafana.
when trying to enter credentials to grafana i got the following error:
When incognito mode the login working for the first time.
This is the ECS logs:
Please someone can help.
Grafana must receive proper Host header in the request header. I guess your "sso-proxy" doesn't do that. You didn't provide reproducible example (why not, when you want to help), so it is only a guess.
Lazy and insecure workaround will be Grafana downgrade to version 8.3.4-, where CSRF fix for CVE-2022-21703 is not included.
I am using kubespray for the deployment of a kubernetes cluster and
want to set some API Server parameters for the deployment. In specific I want to configure the authentication via OpenID Connect (e.g set the oidc-issuer-url parameter). I saw that kubespray has some vars to set (https://github.com/kubernetes-sigs/kubespray/blob/master/docs/vars.md), but not the ones I am looking for.
Is there a way to set these parameters via kubespray? I don't want to configure each master manually (e.g by editing the /etc/kubernetes/manifests/kube-apiserver.yaml files).
Thanks for your help
On the bottom of the page you are referring to there is description how to define custom flags for various components of k8s:
kubelet_custom_flags:
- "--eviction-hard=memory.available<100Mi"
- "--eviction-soft-grace-period=memory.available=30s"
- "--eviction-soft=memory.available<300Mi"
The possible vars are:
apiserver_custom_flags
controller_mgr_custom_flags
scheduler_custom_flags
kubelet_custom_flags
kubelet_node_custom_flags
The k8s-cluster.yml file has some parameters which allow to set the OID configuration:
kube_oidc_auth: true
...
kube_oidc_url: https:// ...
kube_oidc_client_id: kubernetes
kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.pem"
kube_oidc_username_claim: sub
kube_oidc_username_prefix: oidc:
kube_oidc_groups_claim: groups
kube_oidc_groups_prefix: oidc:
These parameters are the counter parts to the oidc api server parameters
I try to add a basic authentication to my kubernetes cluster by changing the file.
/etc/kubernetes/manifest/kubernetes-apiserver.yaml
There i add 3 flags
-- basic-auth-file=/etc/kubernetes/basic-auth.csv
-- authorization-mode=ABAC
-- authentication-mode=basic
But when i add those lines and i restart my system. My kubernetes freezes and won't start. Is this the right way to add flags to an already running kubernetes cluster ? Is this the right way to add basic authentication to kubernetes dashboard ?
I used this tutorial for the basic authentication: https://github.com/kubernetes/dashboard/wiki/Access-control#basic
Conceptually you doing everything right, but the problem is that for Modern Kubernetes version, at least for 1.9, authentication-mode is not a valid CLI flag for API server. All available flags you can check in documentation.
It is a bit outdated documentation in the repo. Actually, basic authentification will be enabled when you provided basic-auth-file option.
So, just remove authentication-mode flag and use only basic-auth-file and authorization-mode. If should help.
For enable a user/password authorization, based on documentation of dashboard, you need to add authentication-mode CLI arg to a Dashboard.
I am running a Confluence server using the official Docker container: atlassian/confluence-server: https://hub.docker.com/r/atlassian/confluence-server/
I would like now to access the Confluence REST API: https://docs.atlassian.com/atlassian-confluence/REST/latest-server/
I see that the container exposes 2 ports: 8090 and 8091. I can get the Confluence UI on the former. Is the latter supposed to be an API port?
I have checked also the plugins if I have to install a plugin. But I haven't found anything.
Maybe I have to send more variables or expose more ports from the docker command?
Found it!
The API need no further configuration. It is available on the same port as the UI. So, in the case of the default configuration of the atlassian/confluence-server, the API is available under:
http://localhost:8090/rest/api/content