高可用 Keycloak，K8s

使用 K8S 部署 Keycloak，使用 Mysql 做为外部存储工具。以实现 Keycloak 在生产环境中高可用。

Keycloak K8s 配置文件

Keycloak 官方有一个 Keycloak on Kubernetes 教程，可以看出官方教程只是简单的说了如何通过 K8s 部署服务。

修改官方提供的 yaml 文件

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  selector:
    app: keycloak
  type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: default
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:13.0.0
        env:
        - name: KEYCLOAK_USER
          value: "admin"
        - name: KEYCLOAK_PASSWORD
          value: "admin"
        - name: PROXY_ADDRESS_FORWARDING
          value: "true"
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8443
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8080

1. 修改镜像地址，原因是该镜像有较为清晰的文档

    image: jboss/keycloak:13.0.0
   

2. 配置 Mysql 变量，在创建 keycloak Mysql 数据库时，注意，创建的数据库编码应为 utf8，create schema keycloak character set utf8 collate utf8_unicode_ci;

    - name: DB_VENDOR
      value: mysql
    - name: DB_ADDR
      value: 10.0.5.213:3306
    - name: DB_DATABASE
      value: keycloak
    - name: DB_USER
      value: root
    - name: DB_PASSWORD
      value: 12345678
   

   改造后的 yaml 文件为：

    apiVersion: v1
    kind: Service
    metadata:
    name: keycloak
    labels:
        app: keycloak
    spec:
    ports:
    - name: http
        port: 8080
        targetPort: 8080
    selector:
        app: keycloak
    type: LoadBalancer
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: keycloak
    labels:
        app: keycloak
    spec:
    replicas: 2
    selector:
        matchLabels:
        app: keycloak
    template:
        metadata:
        labels:
            app: keycloak
        spec:
        containers:
        - name: keycloak
            image: jboss/keycloak:13.0.0
            env:
            - name: KEYCLOAK_USER
            value: "admin"
            - name: KEYCLOAK_PASSWORD
            value: "admin"
            - name: PROXY_ADDRESS_FORWARDING
            value: "true"
            - name: DB_VENDOR
            value: mysql
            - name: DB_ADDR
            value: "127.0.0.1"
            - name: DB_PORT
            value: "3306"
            - name: DB_DATABASE
            value: keycloak
            - name: DB_USER
            value: "root"
            - name: DB_PASSWORD
            value: "123456"
            ports:
            - name: http
            containerPort: 8080
            - name: https
            containerPort: 8443
            readinessProbe:
            httpGet:
                path: /auth/realms/master
                port: 8080
   

3. 把 yaml 文件复制到服务器中，然后创建 kc 空间，命令如下 kubectl create ns kc，执行命令 kubectl apply -f keycloak.yaml -n kc以启动服务

4. 访问 Keycloak 服务，127.0.0.1:8080
   

   点击 Administration Console,使用账号 admin、密码 admin登录