我想在 kubernetes 上的 keycloak 中为登录、注册和忘记密码页面配置自定义主题。
我在 kubernetes 上使用以下 url 和 keycloak 配置。
https://www.keycloak.org/getting-started/getting-started-kube
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:12.0.4
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
请向我推荐任何现有的博客网址或现有的解决方案。
我过去使用的方法是首先创建一个 .tar 文件(例如,
custom_theme.tar/opt/jboss/keycloak/themes/my_custom_themehelm char 文件夹结构:
Chart.yaml custom_theme.tar templates values.yaml
内容:
values.yaml:
password: adminpassword
模板文件夹结构:
customThemes-configmap.yaml ingress.yaml service.yaml
deployment.yaml secret.yaml
内容:
自定义主题-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: customthemes-configmap
binaryData:
custom_theme.tar: |-
{{ .Files.Get "custom_theme.tar" | b64enc}}
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: keycloak
spec:
tls:
- hosts:
- keycloak-sprint01.demo
rules:
- host: keycloak-sprint01.demo
http:
paths:
- backend:
serviceName: keycloak
servicePort: 8080
service.yaml
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: keycloak-password
type: Opaque
stringData:
password: {{.Values.password}}
部署.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:10.0.1
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-password
key: password
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: "h2"
- name: JAVA_TOOL_OPTIONS
value: -Dkeycloak.profile.feature.scripts=enabled
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
volumeMounts:
- mountPath: /opt/jboss/keycloak/themes/my_custom_theme
name: shared-volume
initContainers:
- name: init-customtheme
image: busybox:1.28
command: ['sh', '-c', 'cp -rL /CustomTheme/custom_theme.tar /shared && cd /shared/ && tar -xvf custom_theme.tar && rm -rf custom_theme.tar']
volumeMounts:
- mountPath: /shared
name: shared-volume
- mountPath: /CustomTheme
name: theme-volume
volumes:
- name: shared-volume
emptyDir: {}
- name: theme-volume
configMap:
name: customthemes-configmap
我并不是说这是最好的方法,我不是 Kubernetes 或 helm 方面的专家。可以在here找到包含上述文件的 Git 存储库。
您可以使用主题图像来处理 initContainers, 主题可以在 helm 图表文件夹之外维护
initContainers: |
- name: keycloak-theme-provider
image: docker.io/my-theme:1.0
imagePullPolicy: IfNotPresent
command:
- sh
args:
- -c
- |
echo "Copying theme..."
cp -R /my-theme/* /theme
volumeMounts:
- name: theme
mountPath: /theme
extraVolumeMounts:
- name: theme
mountPath: /opt/jboss/keycloak/themes/my-theme
extraVolumes:
- name: theme
emptyDir: {}
docker镜像代码
FROM busybox
COPY src/themes/ /my-theme
另一种可能性是制作自定义 Docker 映像,将主题复制到正确的文件夹。
Dockerfile:
FROM bitnami/keycloak:latest
COPY ./themes/xential/ /opt/jboss/keycloak/themes/xential/
对于 Helm 配置(我使用了 bitnami/keycloak helm 图表):
image:
registry: {{ requiredEnv "CI_REGISTRY" }}
repository: {{ requiredEnv "IMAGE_NAME" }}
tag: {{ requiredEnv "IMAGE_TAG" }}
pullPolicy: Always
pullSecrets:
- PUTT_YOUR_SECRET_HERE_IF_PRIVATE_REGISTRY
参考资料取自@dreamcrash 答案,但稍微灵活一些。 将资源移动到某个远程 http 存储。不共享完整的配置,但共享所需的配置,
首先在部署部分声明卷挂载:
volumeMounts:
- mountPath: /opt/keycloak/themes
name: shared-volume
然后是一个卷的声明,该卷将用于通过 init 容器进行堆放以放置文件:
volumes:
- name: shared-volume
定义要执行的 init 容器脚本,以拉取文件并将其解压到所需的文件夹。这使得您可以在管理控制台中选择您的主题。
initContainers:
- name: init-logintheme
image: busybox:1.28
command: ['sh', '-c', 'wget https://your_server_location/login-theme.tar.xz -P /tmp/ && tar -xvf /tmp/login-theme.tar.xz -C /opt/keycloak/themes && echo 1']
volumeMounts:
- mountPath: /opt/keycloak/themes
name: shared-volume
请告诉我这是否有帮助。