postgresql이 오류로 설치 되지 않음. MySQL 을 사용, keycloak schema와 keycloak service에서 사용할 계정을 MySQL에서 생성. 계정정보는 secret 값으로 keycloak이 설치될 namespace에 사전등록
$ kubectl create ns keycloak
$ kubectl -n keycloak create secret generic mysql-keycloak \\
--from-literal=username={mysql-keycloak-username} \\
--from-literal=password={mysql-keycloak-password}
Keycloak에서는 환경변수로 초기 admin 계정정보를 요구. 사전에 secret 값으로 등록
$ kubectl -n keycloak create secret generic keycloak-admin \\
--from-literal=username={my-admin-id} \\
--from-literal=password={my-admin-password}
mysql설정, Admin 계정, reverse-proxy정보를 config.yaml으로 주입
$ helm repo add codecentric <https://codecentric.github.io/helm-charts>
$ helm upgrade --cleanup-on-fail \\
--install keycloak codecentric/keycloak \\
--namespace keycloak --create-namespace \\
--set nodeSelector."kubernetes\\.io/hostname"=seungbae-pn41 \\
--set service.type=ClusterIP \\
--values=config.yaml
NAME: keycloak
LAST DEPLOYED: Thu Jul 14 23:35:03 2022
NAMESPACE: keycloak
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
***********************************************************************
* *
* Keycloak Helm Chart by codecentric AG *
* *
***********************************************************************
Keycloak was installed with a Service of type ClusterIP
Create a port-forwarding with the following commands:
export POD_NAME=$(kubectl get pods --namespace keycloak -l "app.kubernetes.io/name=keycloak,app.kubernetes.io/instance=keycloak" -o name)
echo "Visit <http://127.0.0.1:8080> to use your application"
kubectl --namespace keycloak port-forward "$POD_NAME" 8080
config.yaml은 아래 참조
nodeSelector:
kubernetes.io/hostname: seungbae-pn41
service:
type: ClusterIP
postgresql:
enabled: false
extraEnv: |
- name: DB_VENDOR
value: mysql
- name: DB_ADDR
value: home-mysql.mysql
- name: DB_PORT
value: "3306"
- name: DB_DATABASE
value: keycloak
- name: DB_USER
valueFrom:
secretKeyRef:
name: mysql-keycloak
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-keycloak
key: password
- name: KEYCLOAK_USER
valueFrom:
secretKeyRef:
name: keycloak-admin
key: username
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-admin
key: password
- name: PROXY_ADDRESS_FORWARDING
value: "true"
Ingress는 아래 참조
--- # Keycloak
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: keycloak
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
ingress.spec.ingressClassName: nginx
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
spec:
tls:
- hosts:
- keycloak.mlops.one
secretName: mlops-cert
rules:
- host: keycloak.mlops.one
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak-http
port:
number: 80
$ helm upgrade --cleanup-on-fail \\
keycloak codecentric/keycloak \\
--namespace keycloak \\
--values=config.yaml
$ helm uninstall keycloak --namespace keycloak
$ kubectl delete ns keycloak