- Setup Keycloak in non-HA mode (replica 1)
- Disable UserFederation
- You might have to increase the resource limits to avoid that pod beeing killed by memory or CPU limits
See Keycloak Documentation for more details.
Trigger export (called from pod keycloak-0):
kubectl exec -it keycloak-0 bash
/opt/jboss/keycloak/bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/opt/jboss/keycloak-export -Dkeycloak.migration.usersExportStrategy=DIFFERENT_FILES -Dkeycloak.migration.usersPerFile=100 -Djboss.http.port=8888 -Djboss.https.port=9999 -Djboss.management.http.port=7777 -Djboss.management.https.port=7776
After succesful export keylcoak finish startup.
WFLYSRV0025: Keycloak 4.5.0.Final (WildFly Core 5.0.0.Final) started in 86826ms
Shutdown by pressing Ctrl+C
Copy files (on local machine):
mkdir kc-export
cd kc-export
kubectl cp keycloak-0:/opt/jboss/keycloak-export .See: https://stackoverflow.com/a/47198081/7290164
Copy files from local machine to pod:
cd kc-export
kubectl cp . keycloak-0:/opt/jboss/keycloak-exportConnect to pod and trigger import for a specific realm:
kubectl exec -it keycloak-0 bash
/opt/jboss/keycloak/bin/standalone.sh -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/opt/jboss/keycloak-export -Dkeycloak.migration.usersExportStrategy=DIFFERENT_FILES -Dkeycloak.migration.usersPerFile=100 -Djboss.http.port=8888 -Djboss.https.port=9999 -Djboss.management.http.port=7777 -Djboss.management.https.port=7776 -Dkeycloak.migration.realmName=<my-realm-name>
After succesful import keylcoak finish startup.
WFLYSRV0025: Keycloak 4.5.0.Final (WildFly Core 5.0.0.Final) started in 86826ms
Shutdown by pressing Ctrl+C
Thanks for this. When I export the realm, I am seeing the client secret is masked for clientAuthenticatorType as "client-jwt". Did you also face this problem. Is there any way to export the client secret also.