高可用 Keycloak，K8s

高可用 Keycloak，K8s

使用 K8S 部署 Keycloak，使用 Mysql 做爲外部存儲工具。以實現 Keycloak 在生產環境中高可用。

Keycloak K8s 配置文件

Keycloak 官方有一個 Keycloak on Kubernetes 教程，可以看出官方教程只是簡單的說了如何通過 K8s 部署服務。

修改官方提供的 yaml 文件

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  selector:
    app: keycloak
  type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: default
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:13.0.0
        env:
        - name: KEYCLOAK_USER
          value: "admin"
        - name: KEYCLOAK_PASSWORD
          value: "admin"
        - name: PROXY_ADDRESS_FORWARDING
          value: "true"
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8443
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8080

1. 修改鏡像地址，原因是該鏡像有較爲清晰的文檔

    image: jboss/keycloak:13.0.0
   

2. 配置 Mysql 變量，在創建 keycloak Mysql 數據庫時，注意，創建的數據庫編碼應爲 utf8，create schema keycloak character set utf8 collate utf8_unicode_ci;

    - name: DB_VENDOR
      value: mysql
    - name: DB_ADDR
      value: 10.0.5.213:3306
    - name: DB_DATABASE
      value: keycloak
    - name: DB_USER
      value: root
    - name: DB_PASSWORD
      value: 12345678
   

   改造後的 yaml 文件爲：

    apiVersion: v1
    kind: Service
    metadata:
    name: keycloak
    labels:
        app: keycloak
    spec:
    ports:
    - name: http
        port: 8080
        targetPort: 8080
    selector:
        app: keycloak
    type: LoadBalancer
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: keycloak
    labels:
        app: keycloak
    spec:
    replicas: 2
    selector:
        matchLabels:
        app: keycloak
    template:
        metadata:
        labels:
            app: keycloak
        spec:
        containers:
        - name: keycloak
            image: jboss/keycloak:13.0.0
            env:
            - name: KEYCLOAK_USER
            value: "admin"
            - name: KEYCLOAK_PASSWORD
            value: "admin"
            - name: PROXY_ADDRESS_FORWARDING
            value: "true"
            - name: DB_VENDOR
            value: mysql
            - name: DB_ADDR
            value: "127.0.0.1"
            - name: DB_PORT
            value: "3306"
            - name: DB_DATABASE
            value: keycloak
            - name: DB_USER
            value: "root"
            - name: DB_PASSWORD
            value: "123456"
            ports:
            - name: http
            containerPort: 8080
            - name: https
            containerPort: 8443
            readinessProbe:
            httpGet:
                path: /auth/realms/master
                port: 8080
   

3. 把 yaml 文件複製到服務器中，然後創建 kc 空間，命令如下 kubectl create ns kc，執行命令 kubectl apply -f keycloak.yaml -n kc以啓動服務

4. 訪問 Keycloak 服務，127.0.0.1:8080
   

   點擊 Administration Console,使用賬號 admin、密碼 admin登錄