This is a simple low touch deployment solution for self-managed Keycloak and exposed to public internet through Cloudflare Tunnels, all using Terraform following principles of Infrastructure as Code.
- A working Kubernetes cluster
- A Cloudflare account with a Full-setup DNS
- Terraform installed locally. Feel free to use https://github.com/tfutils/tfenv
-
Clone this repository
-
Add a file
variables.auto.tfvarsand populate the following variables:cf_domain: The root DNS record you wish to use from Cloudflarecf_zone_id: Cloudflare Zone ID for your root DNS record
-
Add a file
secrets.auto.tfvarsand populate the following variables:cf_api_token: API Token with Edit permissions for, Account/Cloudflare Tunnel, Account/Access: Apps and Policies, and Zone/DNScf_account_id: Cloudflare account IDkeycloak_admin_user_password: The temporary password you wish to use for your deployment.
-
(Optional) Update any default values in
variables.tf -
Run:
terraform init terraform validate terraform plan --out plan.txt terraform apply plan.txt
-
Once complete visit:
auth.<cf_domain>to validate your deployment