Security integration using Keycloak

[Storkycold]

Description

Registry Version: 2.6.x

Problem

I tried to set up security option in apicurio-registry, using keycloak.

Since I've installed with https://www.apicur.io/registry/docs/apicurio-registry-operator/1.2.0-dev-v2.6.x/assembly-operator-quickstart.html, I have keycloak format in CR file as follows: (link: install.yaml)

...
                      keycloak:
                        description: "Keycloak: \n Configure Apicurio Registry to
                          use Keycloak for Identity and Access Management (IAM)."
                        properties:
                          apiClientId:
                            description: Client ID for the REST API
                            type: string
                          realm:
                            description: Keycloak realm
                            type: string
                          uiClientId:
                            description: Client ID for the UI
                            type: string
                          url:
                            description: "Keycloak auth URL: \n URL of the Keycloak
                              auth endpoint, must end with `/auth`."
                            type: string
                        type: object
...

Therefore, I tried to set up environment variables for keycloak.

apiVersion: registry.apicur.io/v1
kind: ApicurioRegistry
metadata:
  name: apicurio-registry
spec:
  configuration:
    security: 
      keycloak:
        url: "http://192.168.80.20:30350"
        realm: "registry"
        apiClientId: "registry-api"
        uiClientId: "apicurio-registry"

keycloak resources in k8s

kubectl get pod -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
keycloak-86f6bfc9b8-48r9x   1/1     Running   0          26h

kubectl get svc -n keycloak
NAME       TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
keycloak   NodePort   10.233.36.95   <none>        8080:30350/TCP   26h

However, although apicurio-registry-deployment successfully acknowledged the environment variables, I cannot access to registry. It always ended up with blank web page.

# kubectl describe pod apicurio-registry-deployment 
...
    Environment:
      AUTH_ENABLED:                  true
      KEYCLOAK_UI_CLIENT_ID:         apicurio-registry
      KEYCLOAK_REALM:                registry
      KEYCLOAK_API_CLIENT_ID:        registry-api
      KEYCLOAK_URL:                  http://192.168.80.20:30350

keycloak resources

• realm name: registry
• api client ID: registry-api
• ui client ID: apicurio-registry

etc

Plus, the description written in README and the docs is somehow different. Despite the discrepancy, I believe I have successfully set the environment variables.

Questions

• Would it be possible to tell me if you have any idea about why apicurio-registry is not integrated with keycloak?
• Should I have to set ingress settings?

There will be something that makes this situation stagnated, but I couldn't find out.

kubectl get ingress -n keycloak                                                                                                                                                               
No resources found in keycloak namespace.

I appreciate for your consideration.