...
Only MINIO_IDENTITY_OPENID_CONFIG_URL is mandatory.
Minio Setup
This yaml file minio.yaml has the environment setup as follows:
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
env:
- name: MINIO_ROOT_USER
value: minio
- name: MINIO_ROOT_PASSWORD
value: minio123
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
value: http://keycloak:8080/realms/minio/.well-known/openid-configuration
- name: MINIO_IDENTITY_OPENID_CLIENT_ID
value: minio-cli
- name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
value: YVZGoUdprHmqexlX30stzGWwZtT2SNll
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME
value: policy
- name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX
value: ""
- name: MINIO_IDENTITY_OPENID_REDIRECT_URI
value: http://minio:9001/oauth_callback |
Keycloak Setup
Go to the keycloak UI and create a new realm called "minio".
...
or one of your own custom polices you have already setup in minio (see Minio Policies below).
Lastly make sure "Add to access token" and "Add to ID token" are turned on.
...
Go back to you minio setup and update the environment variables in your deployment so they match what you have in Keycloak e.g. client secret
Minio Policies
You can create you own policy by copying one of the existing policies and modifying it to suit your needs.
...
The user with this policy will have write access to the "camel-source" bucket.
SSO Login
When you go to the Minio URL you will see the "Login with SSO" button
...
Make sure to change your redirect_url in both Keycloak and Minio to point to your new container.
Minio Clients
Once Mnio/Keycloak has been setup you can create a client to obtain an access token from keycloak and use the temporary access key and secret to work with Minio.
...