Name		Name	Last commit message	Last commit date
parent directory ..
cert-manager		cert-manager
keycloak		keycloak
Cluster.yaml		Cluster.yaml
README.md		README.md
Taskfile.yaml		Taskfile.yaml

README.md

Authentication Example

Table of Contents

Authentication Example

This example demonstrates Keycloak authentication integration with the Inference Gateway using:

Keycloak for identity management
Helm chart for gateway deployment with auth enabled

Architecture

Identity Provider: Keycloak handles user authentication
Gateway: Inference Gateway deployed via helm chart with auth enabled
Integration: OIDC configuration between gateway and Keycloak

Prerequisites

Task
kubectl
helm
ctlptl (for cluster management)

Quick Start

Deploy infrastructure:

task deploy-infrastructure

Deploy Inference Gateway with authentication:

task deploy-inference-gateway

Review the Keycloak UI:

task keycloak-admin-password

Access Keycloak at https://keycloak.inference-gateway.local
Login with temp-admin and the fetched password as credentials

Create a Realm and Client in Keycloak, no need to do it via ClickOps, instead review the YAML file keycloak/job-import-realm.yaml it was already deployed when you ran deploy-infrastructure.
Test authentication:

curl -k -v -H "Authorization: Bearer $(task fetch-access-token)" https://api.inference-gateway.local/v1/models

Configuration

Keycloak Setup

Edit YAMLs in keycloak/ directory
Configure realm and client settings

Gateway Auth

Auth settings configured via helm values in Taskfile.yaml
OIDC issuer URL and client credentials in Secrets

Cleanup

task clean

Note: The example uses a self-signed certificate for Keycloak. In production, use a trusted CA certificate.