我正在尝试在具有多个副本的Kubernetes中部署Keycloak。我正在使用带有最新Kubernetes的Helm 3.0图表。当我在有状态集中有一个副本时,它可以很好地部署-但我需要高可用性,因此至少需要两个副本。到目前为止,它仅适用于一个副本。有两个副本,我不能以管理员或常规用户身份登录。
有人可以向我提供支持多个副本的Keycloak部署的工作版本(最好是Helm吗?
jgroups:
discoveryProtocol: dns.DNS_PING
jgroups:
discoveryProtocol: Kubernetes.KUBE_PING
jgroups:
discoveryProtocol: JDBC_PING
状态集摘要
apiVersion: v1
items:
- apiVersion: apps/v1
kind: StatefulSet
metadata:
...
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
helm.sh/chart: keycloak-7.5.0
name: ...
namespace: default
spec:
podManagementPolicy: Parallel
replicas: 2
revisionHistoryLimit: 10
...
containers:
- command:
- /scripts/keycloak.sh
env:
...
livenessProbe:
failureThreshold: 3
httpGet:
path: /auth/
port: http
scheme: HTTP
initialDelaySeconds: 300
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: keycloak
ports:
...
readinessProbe:
failureThreshold: 3
httpGet:
path: /auth/realms/master
port: http
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
- name: POSTGRES_DB
value: keycloak
- name: POSTGRESQL_ENABLE_LDAP
value: "no"
image: docker.io/bitnami/postgresql:12.2.0-debian-10-r91
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "keycloak" -d "keycloak" -h 127.0.0.1 -p 5432
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: bizmall-postgresql
ports:
- containerPort: 5432
name: tcp-postgresql
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -c
- -e
- |
exec pg_isready -U "keycloak" -d "keycloak" -h 127.0.0.1 -p 5432
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: 250m
memory: 256Mi
securityContext:
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /dev/shm
name: dshm
- mountPath: /bitnami/postgresql
name: data
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
这里是密钥库的头盔图-https://github.com/codecentric/helm-charts/tree/master/charts/keycloak我们正在使用它来部署具有3个副本的HA模式密钥库。