kubernetes（gke）keycloak可能无法连接到cloudsql

发布于 2025-02-01 17:16:03 字数 1875 浏览 4 评论 0 原文

我在kubernetes群集中运行keycloak，它运行良好，直到我意识到数据库仍然使用H2固定，即使我已经在我的 exployment.yaml 中添加了Postgres config。有人可以指出我想念的地方吗？

apiVersion: apps/v1
kind: Deployment
...
spec:
  ...
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:17.0.0
          args:
            [
              "start",
              "--hostname-strict=false"
            ]
          env:
            - name: DB_VENDOR
              value: postgres
            - name: DB_ADDR
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: host
            - name: DB_PORT
              value: "5432"
            - name: DB_DATABASE
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: database
            - name: DB_SCHEMA
              value: public
            - name: DB_USER
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: username
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: password
            - name: KEYCLOAK_ADMIN
              valueFrom:
                secretKeyRef:
                  name: keycloak-secret
                  key: username
            - name: KEYCLOAK_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-secret
                  key: password
            - name: PROXY_ADDRESS_FORWARDING
              value: "true"
            - name: KC_PROXY
              value: "edge"
            - name: JAVA_OPTS
              value: -Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled

我使用GCP的Post -Gre Cloudsql

原文

I run keycloak in my kubernetes cluster, it run pretty well until i realize that the database still stuck using H2, even tho i already adding POSTGRES config in my deployment.yaml.
can someone point out where i'm missing?

apiVersion: apps/v1
kind: Deployment
...
spec:
  ...
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:17.0.0
          args:
            [
              "start",
              "--hostname-strict=false"
            ]
          env:
            - name: DB_VENDOR
              value: postgres
            - name: DB_ADDR
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: host
            - name: DB_PORT
              value: "5432"
            - name: DB_DATABASE
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: database
            - name: DB_SCHEMA
              value: public
            - name: DB_USER
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: username
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-cred
                  key: password
            - name: KEYCLOAK_ADMIN
              valueFrom:
                secretKeyRef:
                  name: keycloak-secret
                  key: username
            - name: KEYCLOAK_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-secret
                  key: password
            - name: PROXY_ADDRESS_FORWARDING
              value: "true"
            - name: KC_PROXY
              value: "edge"
            - name: JAVA_OPTS
              value: -Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled

I use Postgre CloudSQL from GCP

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

微暖i 2025-02-08 17:16:03

您设置的“ db_vendor”值是针对旧野生蝇分布的，根据示例中的图像，您使用的是基于Quarkus的图像。因此，首先，它现在称为“ DB”。参考： https://www.keycloak.org/server/server/server/db

也请注意，请注意，请注意，请注意， “ DB”选项是“构建选项”，这意味着您必须“构建”服务器才能生效。

方式1：您可以将启动-Auto-Build 添加到您的 args 。这样，KeyCloak会自动检测到您已更改了构建时间选项并在容器启动时运行构建。这很方便，但需要一些时间。

路2：
或者，您可以首先使用推荐的方法来创建优化的服务器映像，从而导致更好的启动时间。例如，通过使用这样的Dockerfile：

FROM quay.io/keycloak/keycloak:latest as builder

ENV KC_FEATURES=scripts
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build

并进行 docker构建。 -t my_optimized_keycloak ，然后将图像上传到首选注册表。参考： https://wwwww.keycloak.org/server/server/server/server/containers

我也注意到您的混合物一些带有新的旧配置键，因此一般建议：查看 - 尤其是“所有配置”指南提供了良好的概述。

另外，我注意到您正在使用弃用upload_script的功能。自KEYCLOAK 18以来被删除（请参阅）fyi。

The "db_vendor" value you set is for the old wildfly distribution, according to the image in your example you are using quarkus based image. So first of all, it's now called "db". Ref: https://www.keycloak.org/server/db

Also, please notice that the "db" option is a "build option", meaning you have to "build" the server in order for it to take effect.

Way 1: you can add start --auto-build to your args. That way, Keycloak detects automatically for you that you have changed a build time option and runs a build when the container starts up. This is convenient, but takes some time.

Way 2:
Or you can use the recommended way of creating an optimized server image first, leading to better startup times. E.g. by using a Dockerfile like this:

FROM quay.io/keycloak/keycloak:latest as builder

ENV KC_FEATURES=scripts
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build

and do a docker build . -t my_optimized_keycloak and then upload the image to the registry of choice. ref: https://www.keycloak.org/server/containers

Also I noticed you mix some old configuration keys with new ones, so general recommendation: Look at the new guides section at https://www.keycloak.org/guides - especially the "All configuration" guide gives a good overview.

Also I noticed you are using the deprecated upload_scripts feature. That was removed since Keycloak 18 (see https://www.keycloak.org/2022/04/keycloak-1800-released.html ) fyi.

回复收藏 0 原文

~没有更多了~