https://github.com/ettysekhon/platform-auth

Keycloak 26.x on GKE with Helm + Terraform realm management. OAuth 2.1/OIDC provider for cumulus-creations.com.
https://github.com/ettysekhon/platform-auth

authentication devops gcp gke google-cloud helm infrastructure keycloak kubernetes oauth2 oidc terraform

Last synced: about 1 month ago
JSON representation

Keycloak 26.x on GKE with Helm + Terraform realm management. OAuth 2.1/OIDC provider for cumulus-creations.com.

• Host: GitHub
• URL: https://github.com/ettysekhon/platform-auth
• Owner: ettysekhon
• Created: 2026-01-03T16:12:16.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2026-01-10T23:04:57.000Z (2 months ago)
• Last Synced: 2026-01-11T07:06:02.177Z (2 months ago)
• Topics: authentication, devops, gcp, gke, google-cloud, helm, infrastructure, keycloak, kubernetes, oauth2, oidc, terraform
• Language: HCL
• Homepage: https://auth.cumulus-creations.com
• Size: 30.3 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • Codeowners: .github/CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# Platform Auth

Keycloak 26.4.7 on GKE. Central OIDC provider for `cumulus-creations.com` subdomains.

## Deploy

```bash

make deploy                              # Helm install

export TF_VAR_keycloak_admin_password=x

make tf-init && make tf-apply            # Realm config

```

Tag to trigger CI deploy: `git tag v0.1.0 && git push origin v0.1.0`

## Structure

```text

helm/                     # Keycloak + PostgreSQL

terraform/realms/         # Realm configs per app

.github/workflows/        # ci.yaml (lint/test), deploy.yaml (GKE)

```

## Secrets

| Secret             | Source                                                      |

| ------------------ | ----------------------------------------------------------- |

| `GCP_WIF_PROVIDER` | `terraform output -raw wif_provider` (infrastructure repo)  |

| `GCP_WIF_SA`       | `terraform output -raw service_account_email`               |

## Endpoints

| Purpose        | URL                                                                                         |

| -------------- | ------------------------------------------------------------------------------------------- |

| Admin          |                                                   |

| OIDC Discovery |    |

## Operations

```bash

# Admin password

kubectl get secret keycloak-admin-secret -n auth-platform -o jsonpath='{.data.password}' | base64 -d

# Client secret

cd terraform/realms/meal-planner && terraform output -raw client_secret

# Port forward

kubectl port-forward svc/platform-auth-keycloak 8080:8080 -n auth-platform

```