github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/keycloak/examples/postgresql-kubeping/readme.md

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/keycloak/examples/postgresql-kubeping/readme.md (about)

     1  # Keycloak.X with KUBE_PING
     2  
     3  This example shows how to use KUBE_PING JGroup cluster discovery with Keycloak.X.
     4  
     5  Since Keycloak.X (17.0.x, 18.0.x) does not support jgroups KUBE_PING out of the box,
     6  we need to download the library and copy it into a custom docker image.
     7  
     8  Note that we use some customizations in the `keycloak-server-values.yaml` file:
     9  - Set environment variable `KC_CACHE_CONFIG_FILE=cache-ispn-kubeping.xml` to our custom cache config file
    10  - Disable automatic cache configuration via `cache.stack=custom`
    11  - Configure `kubeping_namespace` and `kubeping_label` system properties via `JAVA_OPTS_APPEND`
    12  - Configure serviceAccount.create=true and serviceAccount.allowReadPods=true to allow kube_ping to enlist keycloak pods
    13  
    14  # Setup
    15  
    16  ## Add repository
    17  ```
    18  helm repo add bitnami https://charts.bitnami.com/bitnami
    19  helm repo add codecentric https://codecentric.github.io/helm-charts
    20  ```
    21  
    22  ## Update helm repos
    23  ```
    24  helm repo update
    25  ```
    26  
    27  ## Build custom Docker Image
    28  
    29  This custom image automatically downloads the jgroups-kubernetes library.
    30  ```
    31  docker build -t thomasdarimont/keycloakx-kubeping .
    32  ```
    33  
    34  We need to make the custom docker image available in the Kubernetes cluster. This is up to your k8s environment.
    35  With [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) you can use `kind load docker-image thomasdarimont/keycloakx-kubeping:latest`.
    36  
    37  ## Deploy a PostgreSQL database
    38  ```
    39  helm install keycloak-db bitnami/postgresql --values ./keycloak-db-values.yaml
    40  ```
    41  
    42  # Deploy Keycloak
    43  
    44  ```
    45  helm install keycloak codecentric/keycloakx --values ./keycloak-server-values.yaml
    46  ```
    47  
    48  If everything worked you should now see log entries like this:
    49  ```
    50  ...
    51  keycloak 2022-04-09 15:14:55,997 INFO  [org.jgroups.protocols.kubernetes.KUBE_PING] (keycloak-cache-init) namespace default set; clustering enabled
    52  ...
    53  ```
    54  
    55  On a new Keycloak pod you should see the following log entries:
    56  ```
    57  ...
    58  15:16:20,184 INFO  [org.jgroups.protocols.kubernetes.KUBE_PING] (keycloak-cache-init) namespace default set; clustering enabled
    59  15:16:20,395 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [keycloak-keycloakx-0-34953|1] (2) [keycloak-keycloakx-0-34953, keycloak-keycloakx-1-34016]
    60  15:16:20,399 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `keycloak-keycloakx-1-34016`, physical addresses are `[10.244.0.22:7800]`
    61  ...
    62  ```
    63  
    64  # Access Keycloak
    65  Once Keycloak is running, forward the HTTP service port to 8080.
    66  
    67  ```
    68  kubectl port-forward service/keycloak-keycloakx-http 8080:80
    69  ```
    70  
    71  You can then access the Keycloak Admin-Console via `http://localhost:8080/auth` with
    72  username: `admin` and password: `secret`.
    73  
    74  # Remove Keycloak
    75  
    76  ```
    77  helm uninstall keycloak
    78  helm uninstall keycloak-db
    79  ```