gigiozzz

Rancher v2.X KeyCloak Authentication Backend Configuration

Ranchers official documentation about how to configure the Rancher <> KeyCloak setup is fine but definitely not sufficient to successfully configure it (https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/keycloak/). That's the reason why here every single required step is documented down here.

KeyCloak Configuration

I simply use the default master realm for the Rancher client. Nevertheless, it would sometimes absolutely make sense to use a custom KeyCloak realm.

Login as admin on https://keycloak.example.com/. Important: It's crucial that in KeyCloak the same username exists as you use as admin user on Rancher. Since I just use the admin account in this guide, this prerequisite is already achieved.
Create a new client under https://keycloak.example.com/auth/admin/master/console/#/realms/master/clients
- Client ID: https://rancher.example.com/v1-saml/keycloak/saml/metadata

	cat <<-EOF > kind.config
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	nodes:
	- role: control-plane
	kubeadmConfigPatches:
	- \|
	kind: InitConfiguration
	nodeRegistration:
	kubeletExtraArgs:

	#!/bin/sh

	# Quick start-stop-daemon example, derived from Debian /etc/init.d/ssh
	set -e

	# Must be a valid filename
	NAME=foo
	PIDFILE=/var/run/$NAME.pid
	#This is the command to be run, give the full pathname
	DAEMON=/usr/local/bin/bar