Deploy Keycloak version 22.0.4 on Microk8s
01/10/2023 - 3 phút
Here are the steps to deploy Keycloak on Kubernetes:
Step 1: Install Microk8s
Refer to the article: Microk8s
Step 2: Create the keycloak-service.yaml file
We need to create a service file to expose the Keycloak application. By default, Keycloak runs on port 8080, with the previous version, we can use ClusterIP directly and can have replicas of the groups. But with the latest version of Keycloak, we will need to create a headless service, which will help us have replicas, i.e., have HA keycloak on Kubernetes.
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: ClusterIP
clusterIP: None
After the service yaml is created, we need to apply the deployment using the command below.
microk8s kubectl apply -f service.yaml -n keycloak
To check if the service has been created or not, run the command below.
microk8s kubectl get svc -n keycloak
Step 3: Create the keycloak-deployment.yaml file
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
labels:
app: keycloak
spec:
replicas: 2
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:22.0.4
args: ["start", "--cache-stack=kubernetes"]
env:
- name: KEYCLOAK_ADMIN
value: "admin"
- name: KEYCLOAK_ADMIN_PASSWORD
value: "admin"
- name: KC_PROXY
value: "edge"
- name: jgroups.dns.query
value: "keycloak"
- name: KC_HOSTNAME_STRICT
value: "false"
- name: KC_HEALTH_ENABLED
value: "true"
- name: KC_METRICS_ENABLED
value: "true"
- name: KC_HTTP_ENABLED
value: "true"
- name: KC_DB
value: "postgres"
- name: KC_DB_PASSWORD
value: PassKhongChilaPasss
- name: KC_DB_USERNAME
value: postgres
- name: KC_DB_URL_PORT
value: "5432"
- name: KC_DB_URL_HOST
value: 10.86.224.19
- name: CACHE_OWNERS_COUNT
value: "2"
- name: CACHE_OWNERS_AUTH_SESSIONS_COUNT
value: "2"
ports:
- name: jgroups
containerPort: 7600
- name: https
containerPort: 8443
- name: http
containerPort: 8080
readinessProbe:
httpGet:
scheme: HTTP
path: /health/ready
port: 8080
initialDelaySeconds: 60
periodSeconds: 1
If you have multiple replicas, i.e., more than 1 group for Keycloak and if you face issues accessing the application, add the env variables below. Update the value according to the number of groups, i.e., if you have two groups then the value will be 2, if you have four groups then the value will be 4.
- name: CACHE_OWNERS_COUNT
value: "2"
- name: CACHE_OWNERS_AUTH_SESSIONS_COUNT
value: "2"
After the deployment yaml is created, we need to apply the deployment using the command below.
microk8s kubectl apply -f keycloak-deployment.yaml -n keycloak
To check if the deployment has been created or not, run the command below.
microk8s kubectl get deployments -n keycloak
Step 4: Create the keycloak-ingress.yaml file
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 2500m
nginx.ingress.kubernetes.io/proxy-buffer-size: 12k
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
ingressClassName: nginx
rules:
- host: keycloak.localhost
http:
paths:
- backend:
service:
name: keycloak
port:
number: 8080
path: /(.*)
pathType: Prefix
After the ingress yaml is created, we need to apply the deployment using the command below.
microk8s kubectl apply -f keycloak-ingress.yaml -n keycloak
To check if the ingress has been created or not, run the command below.
microk8s kubectl get ingress -n keycloak
After the deployment, service, and ingress are created, you can check the status of the group to see if they are running or not. Run the command below to check the status of the group.
microk8s kubectl get pods -n keycloak