Access the Keycloak Admin Console¶
Using the Keycloak Admin Console, you can create or delete a user as well as grant or revoke roles to or from a user. The Keycloak administrator is responsible for assigning roles to users depending on the level of access they need in a cluster.
Obtain access credentials using the CLI¶
Available since MCC 2.22.0 (Cluster release 11.6.0)
./container-cloud get keycloak-creds --mgmt-kubeconfig <pathToManagementClusterKubeconfig>
Optionally, use the --output
key to save credentials in a YAML file.
Example of system response:
Keycloak admin credentials:
Address: https://<keycloak-ip-adress>/auth
Login: keycloak
Password: foobar
Obtain access credentials using kubectl¶
kubectl get cluster <mgmtClusterName> -o=jsonpath='{.status.providerStatus.helm.releases.iam.keycloak.url}'
The system response contains the URL to access the Keycloak Admin Console.
The user name is keycloak
by default. The password is located in
passwords.yaml
generated during bootstrap.
You can also obtain the password from the iam-api-secrets
secret
in the kaas
namespace of the management cluster and
decode the content of the keycloak_password
key:
kubectl get secret iam-api-secrets -n kaas -o=jsonpath='{.data.keycloak_password}' | base64 -d