使用 K8S 部署 Keycloak,使用 Mysql 做为外部存储工具。以实现 Keycloak 在生产环境中高可用。
Keycloak K8s 配置文件
Keycloak 官方有一个 Keycloak on Kubernetes 教程,可以看出官方教程只是简单的说了如何通过 K8s 部署服务。
修改官方提供的 yaml 文件
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:13.0.0
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
复制代码
修改镜像地址,原因是该镜像有较为清晰的文档
image: jboss/keycloak:13.0.0
配置 Mysql 变量,在创建 keycloak Mysql 数据库时,注意,创建的数据库编码应为 utf8
,create schema keycloak character set utf8 collate utf8_unicode_ci;
- name: DB_VENDOR
value: mysql
- name: DB_ADDR
value: 10.0.5.213:3306
- name: DB_DATABASE
value: keycloak
- name: DB_USER
value: root
- name: DB_PASSWORD
value: 12345678
复制代码
改造后的 yaml 文件为:
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
labels:
app: keycloak
spec:
replicas: 2
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: jboss/keycloak:13.0.0
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: mysql
- name: DB_ADDR
value: "127.0.0.1"
- name: DB_PORT
value: "3306"
- name: DB_DATABASE
value: keycloak
- name: DB_USER
value: "root"
- name: DB_PASSWORD
value: "123456"
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
复制代码
把 yaml 文件复制到服务器中,然后创建 kc
空间,命令如下 kubectl create ns kc
,执行命令 kubectl apply -f keycloak.yaml -n kc
以启动服务
访问 Keycloak 服务,127.0.0.1:8080
点击 Administration Console
,使用账号 admin
、密码 admin
登录
评论