SSO Keycloak dashboard services provide the ability to monitor real-time statistical data and event logs.
- Install asdf
- Run
make local-setupto install necessary tooling
-
De-coupling the auditing service from the authentication service (Keycloak) and reducing the amount of Keycloak SQL transactions and DB data storage; gives better maintainability of the Keycloak instances.
-
Full control of the log ingestion and data store process that gives better performance displaying the dashboard data and log events in a separate business intelligent tool rather than in Keycloak UI.
-
an access to the Keycloak logs without significant impacts on Keycloak operational performance.
-
a functional log consumer that can be used to filter the logs and extract metadata before the data stored.
-
a solution to store the aggregated historical data and logs for a longer term.
-
a dashboard tool to display the aggregated data and option to search log events.
-
a dashboard that has authorization integration to support multi-tenant workspaces.
-
Promtail&Loki: collect, transform and load raw log data for the designated time period. -
Loki&MinIO: provide the Amazon S3 compatible Object Storage to store/read compacted event data by Loki. -
Promtail&Custom Go server: collect, and upsert the aggreated event historial data in DB. -
Grafana: connect Loki and the aggregation DB to visualize the logs and stats.
It continuously deploys the resources in the sandbox and the prod environment based on the repository branch (pr's to dev deploys sandbox, pr's to main deploys prod) that has the new changes. GitHub CD pipeline scripts are triggered based on the directory that has changed; there is a recommended deployment order when deploying the resources for the very first time:
Loki: deploys theMinIOandLokiresources,read,write, andgateway.Aggregator: deploys theAggregatorandCompactorwith thePostgres DB.Grafana: deploys theGrafanadashboard with the twodatasourcesconfigured above.Promtail: deploys thePromtailin multiple namespaces to collect the Keycloak disk logs.
The following secrets are set in the GitHub secrets of the repository and can be found in OCP secret
SANDBOX_OPENSHIFT_SERVER: the OpenShift online server URL.SANDBOX_OPENSHIFT_TOKEN: : the OpenShift session token.- please the find the secret in Sandbox Deployer Secret
SANDBOX_OPENSHIFT_NAMESPACE: the namespace name to deployGrafana,Loki, andAggregator.SANDBOX_SSO_CLIENT_ID: the SSO integration credentials,client id, to set inGrafanaandMinIOdashboard UI.SANDBOX_SSO_CLIENT_SECRET: the SSO integration credentials,client secret, to set inGrafanaandMinIOdashboard UI.- please find the integration
#4492 SSO Dashboardvia CSS app
- please find the integration
SANDBOX_MINIO_USER: the username of the initial MinIO admin account.SANDBOX_MINIO_PASS: the password of the initial MinIO admin account.
PROD_OPENSHIFT_SERVER: the OpenShift online server URL.PROD_OPENSHIFT_TOKEN: : the OpenShift session token.- please the find the secret in Sandbox Deployer Secret
PROD_OPENSHIFT_NAMESPACE: the namespace name to deployGrafana,Loki, andAggregator.PROD_SSO_CLIENT_ID: the SSO integration credentials,client id, to set inGrafanaandMinIOdashboard UI.PROD_SSO_CLIENT_SECRET: the SSO integration credentials,client secret, to set inGrafanaandMinIOdashboard UI.- please find the integration
#4492 SSO Dashboardvia CSS app
- please find the integration
PROD_MINIO_USER: the username of the initial MinIO admin account.PROD_MINIO_PASS: the password of the initial MinIO admin account.
