Kubernetes Keycloak高可用性群集

问题描述 投票:0回答:1

我正在尝试在具有多个副本的Kubernetes中部署Keycloak。我正在使用带有最新Kubernetes的Helm 3.0图表。当我在有状态集中有一个副本时,它可以很好地部署-但我需要高可用性,因此至少需要两个副本。到目前为止,它仅适用于一个副本。有两个副本,我不能以管理员或常规用户身份登录。

有人可以向我提供支持多个副本的Keycloak部署的工作版本(最好是Helm吗?

  jgroups:
    discoveryProtocol: dns.DNS_PING
  jgroups:
    discoveryProtocol: Kubernetes.KUBE_PING
  jgroups:
    discoveryProtocol: JDBC_PING

状态集摘要

  apiVersion: v1
  items:
    - apiVersion: apps/v1
      kind: StatefulSet
      metadata:
       ...
        labels:
          app.kubernetes.io/managed-by: Helm
          app.kubernetes.io/name: keycloak
          helm.sh/chart: keycloak-7.5.0
        name: ...
        namespace: default

      spec:
        podManagementPolicy: Parallel
        replicas: 2
        revisionHistoryLimit: 10
        ...
            containers:
              - command:
                  - /scripts/keycloak.sh
                env:
                  ...
                livenessProbe:
                  failureThreshold: 3
                  httpGet:
                    path: /auth/
                    port: http
                    scheme: HTTP
                  initialDelaySeconds: 300
                  periodSeconds: 10
                  successThreshold: 1
                  timeoutSeconds: 5
                name: keycloak
                ports:
                 ...
                readinessProbe:
                  failureThreshold: 3
                  httpGet:
                    path: /auth/realms/master
                    port: http
                    scheme: HTTP
                  initialDelaySeconds: 30
                  periodSeconds: 10
                  successThreshold: 1
                  timeoutSeconds: 1

                  - name: POSTGRES_DB
                    value: keycloak
                  - name: POSTGRESQL_ENABLE_LDAP
                    value: "no"
                image: docker.io/bitnami/postgresql:12.2.0-debian-10-r91
                imagePullPolicy: IfNotPresent
                livenessProbe:
                  exec:
                    command:
                      - /bin/sh
                      - -c
                      - exec pg_isready -U "keycloak" -d "keycloak" -h 127.0.0.1 -p 5432
                  failureThreshold: 6
                  initialDelaySeconds: 30
                  periodSeconds: 10
                  successThreshold: 1
                  timeoutSeconds: 5
                name: bizmall-postgresql
                ports:
                  - containerPort: 5432
                    name: tcp-postgresql
                    protocol: TCP
                readinessProbe:
                  exec:
                    command:
                      - /bin/sh
                      - -c
                      - -e
                      - |
                        exec pg_isready -U "keycloak" -d "keycloak" -h 127.0.0.1 -p 5432
                        [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
                  failureThreshold: 6
                  initialDelaySeconds: 5
                  periodSeconds: 10
                  successThreshold: 1
                  timeoutSeconds: 5
                resources:
                  requests:
                    cpu: 250m
                    memory: 256Mi
                securityContext:
                  runAsUser: 1001
                terminationMessagePath: /dev/termination-log
                terminationMessagePolicy: File
                volumeMounts:
                  - mountPath: /dev/shm
                    name: dshm
                  - mountPath: /bitnami/postgresql
                    name: data
            dnsPolicy: ClusterFirst
            restartPolicy: Always
            schedulerName: default-scheduler
            securityContext:
              fsGroup: 1001
            terminationGracePeriodSeconds: 30
keycloak kubernetes-helm
1个回答
0
投票

这里是密钥库的头盔图-https://github.com/codecentric/helm-charts/tree/master/charts/keycloak我们正在使用它来部署具有3个副本的HA模式密钥库。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.