重点是,我想将我的项目部署到 Docker,并且该项目由多个微服务组成,在 Docker Compose 中描述了 Keycloak 的配置,如果您在 localhost 上运行应用程序,它可以轻松通过 localhost 连接到 Keycloak。所以现在需要在 Docker 中配置我的应用程序,在 Docker 中它应该不通过 localhost 访问 Keycloak,而是通过容器名称访问。我正在尝试在此配置上构建应用程序:
spring:
data:
mongodb:
uri: mongodb://localhost:27017/task
application:
name: task-service
security:
oauth2:
client:
registration:
keycloak:
client-id: task-client
client-secret: GRnfhjeldW0UhTo0R22M8qi3gGxzYOXt
scope: openid, profile
authorization-grant-type: authorization_code
provider:
keycloak:
issuer-uri: http://localhost:8180/auth/realms/task-realm
user-name-attribute: preferred_username
resource-server:
jwt:
issuer-uri: http://localhost:8180/auth/realms/task-realm
jwk-set-uri: http://localhost:8180/auth/realms/task-realm/protocol/openid-connect/certs
此外,构建需要启动keycloak,否则构建将无法组装。然后在 docker-compose 中,我将这些连接 URL 重新定义为 docker 容器的 URL。
task:
image: task-service
container_name: task-service
ports:
- '8082:8082'
environment:
- SPRING_DATA_MONGODB_URI=mongodb://mongodb:27017/task
- EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE=http://eureka-server:8090/eureka
- SPRING_SECURITY_OAUTH2_PROVIDER_KEYCLOAK_ISSUER_URI=http://keycloak:8180/auth/realms/task-realm
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8180/auth/realms/task-realm
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8180/auth/realms/task-realm/protocol/openid-connect/certs
- SPRING_RABBITMQ_HOST=rabbitmq
- SPRING_RABBITMQ_VIRTUAL_HOST=vhost
depends_on:
- eureka
- mongodb
- keycloak
- rabbitmq
networks:
- task-management
当“docker-compose up”任务服务因错误而崩溃时,因为我无法连接到 keycloak,因为它尝试通过本地主机连接,尽管我在 docker-compose 中重新定义了 keycloak。我对 Open Feign Client 也有同样的问题,它无法启动,因为它找不到它引用的服务。谁能告诉我我错误地重新定义了什么。例如,当我重新定义mongo url时,它被重新定义
我希望获得有关覆盖 keycloak 配置 bean 属性的帮助
如果配置正确,端口引用,并且所有环境变量都正确引用,您可能应该在启动所有容器之前添加运行状况检查,依赖可能还不够:
version: '3.8'
This is the example just to show healthcheck service for mongoDb and keycloak, but it should be done the same way for all the others required by task container:
mongodb:
image: mongo
container_name: mongodb
ports:
- '27017:27017'
healthcheck:
test: ["CMD", "mongo", "--eval", "db.adminCommand('ping')"]
interval: 30s
timeout: 10s
retries: 5
keycloak:
image: jboss/keycloak
container_name: keycloak
ports:
- '8180:8080'
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/auth/realms/master"]
interval: 30s
timeout: 10s
retries: 5
task-service:
image: task-service
container_name: task-service
ports:
- '8082:8082'
environment:
- SPRING_DATA_MONGODB_URI=mongodb://mongodb:27017/task
- EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE=http://eureka-server:8090/eureka
- SPRING_SECURITY_OAUTH2_PROVIDER_KEYCLOAK_ISSUER_URI=http://keycloak:8180/auth/realms/task-realm
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8180/auth/realms/task-realm
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8180/auth/realms/task-realm/protocol/openid-connect/certs
- SPRING_RABBITMQ_HOST=rabbitmq
- SPRING_RABBITMQ_VIRTUAL_HOST=vhost
depends_on:
eureka:
condition: service_healthy
mongodb:
condition: service_healthy
keycloak:
condition: service_healthy
rabbitmq:
condition: service_healthy
networks:
- task-management
networks:
task-management:
driver: bridge