如何在 kubernetes 上为 keyCloak 配置自定义主题
How to configure custom themes for keyCloak on kubernetes
我想在 kubernetes 的 keycloak 中为登录、注册和忘记密码页面配置自定义主题。
我在 kubernetes 上使用以下 url 和 keycloak 配置。
https://www.keycloak.org/getting-started/getting-started-kube
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:12.0.4
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
请向我推荐任何现有的博客 url 或现有的解决方案。
我过去使用的方法是首先创建一个带有自定义主题的 .tar 文件(例如 custom_theme.tar)用于Keycloak。然后将卷挂载到存储 Keycloak 主题的文件夹(即 /opt/jboss/keycloak/themes/my_custom_theme),并从本地文件夹复制带有自定义主题的 .tar 文件进入 Keycloak 容器。
helm char 文件夹结构:
Chart.yaml custom_theme.tar templates values.yaml
内容:
values.yaml:
password: adminpassword
模板文件夹结构:
customThemes-configmap.yaml ingress.yaml service.yaml
deployment.yaml secret.yaml
内容:
自定义主题-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: customthemes-configmap
binaryData:
custom_theme.tar: |-
{{ .Files.Get "custom_theme.tar" | b64enc}}
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: keycloak
spec:
tls:
- hosts:
- keycloak-sprint01.demo
rules:
- host: keycloak-sprint01.demo
http:
paths:
- backend:
serviceName: keycloak
servicePort: 8080
service.yaml
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: keycloak-password
type: Opaque
stringData:
password: {{.Values.password}}
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:10.0.1
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-password
key: password
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: "h2"
- name: JAVA_TOOL_OPTIONS
value: -Dkeycloak.profile.feature.scripts=enabled
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
volumeMounts:
- mountPath: /opt/jboss/keycloak/themes/my_custom_theme
name: shared-volume
initContainers:
- name: init-customtheme
image: busybox:1.28
command: ['sh', '-c', 'cp -rL /CustomTheme/custom_theme.tar /shared && cd /shared/ && tar -xvf custom_theme.tar && rm -rf custom_theme.tar']
volumeMounts:
- mountPath: /shared
name: shared-volume
- mountPath: /CustomTheme
name: theme-volume
volumes:
- name: shared-volume
emptyDir: {}
- name: theme-volume
configMap:
name: customthemes-configmap
我并不是说这是最好的方法,我不是 Kubernetes 或 helm 方面的专家。可以找到包含上述文件的 Git 存储库 here.
您可以使用主题图片来处理 initContainers,
主题可以在 helm chart 文件夹外维护
initContainers: |
- name: keycloak-theme-provider
image: docker.io/my-theme:1.0
imagePullPolicy: IfNotPresent
command:
- sh
args:
- -c
- |
echo "Copying theme..."
cp -R /my-theme/* /theme
volumeMounts:
- name: theme
mountPath: /theme
extraVolumeMounts:
- name: theme
mountPath: /opt/jboss/keycloak/themes/my-theme
extraVolumes:
- name: theme
emptyDir: {}
docker 图片代码
FROM busybox
COPY src/themes/ /my-theme
我想在 kubernetes 的 keycloak 中为登录、注册和忘记密码页面配置自定义主题。
我在 kubernetes 上使用以下 url 和 keycloak 配置。
https://www.keycloak.org/getting-started/getting-started-kube
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:12.0.4
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
请向我推荐任何现有的博客 url 或现有的解决方案。
我过去使用的方法是首先创建一个带有自定义主题的 .tar 文件(例如 custom_theme.tar)用于Keycloak。然后将卷挂载到存储 Keycloak 主题的文件夹(即 /opt/jboss/keycloak/themes/my_custom_theme),并从本地文件夹复制带有自定义主题的 .tar 文件进入 Keycloak 容器。
helm char 文件夹结构:
Chart.yaml custom_theme.tar templates values.yaml
内容:
values.yaml:
password: adminpassword
模板文件夹结构:
customThemes-configmap.yaml ingress.yaml service.yaml
deployment.yaml secret.yaml
内容:
自定义主题-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: customthemes-configmap
binaryData:
custom_theme.tar: |-
{{ .Files.Get "custom_theme.tar" | b64enc}}
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: keycloak
spec:
tls:
- hosts:
- keycloak-sprint01.demo
rules:
- host: keycloak-sprint01.demo
http:
paths:
- backend:
serviceName: keycloak
servicePort: 8080
service.yaml
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app: keycloak
type: LoadBalancer
secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: keycloak-password
type: Opaque
stringData:
password: {{.Values.password}}
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:10.0.1
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-password
key: password
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: "h2"
- name: JAVA_TOOL_OPTIONS
value: -Dkeycloak.profile.feature.scripts=enabled
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
volumeMounts:
- mountPath: /opt/jboss/keycloak/themes/my_custom_theme
name: shared-volume
initContainers:
- name: init-customtheme
image: busybox:1.28
command: ['sh', '-c', 'cp -rL /CustomTheme/custom_theme.tar /shared && cd /shared/ && tar -xvf custom_theme.tar && rm -rf custom_theme.tar']
volumeMounts:
- mountPath: /shared
name: shared-volume
- mountPath: /CustomTheme
name: theme-volume
volumes:
- name: shared-volume
emptyDir: {}
- name: theme-volume
configMap:
name: customthemes-configmap
我并不是说这是最好的方法,我不是 Kubernetes 或 helm 方面的专家。可以找到包含上述文件的 Git 存储库 here.
您可以使用主题图片来处理 initContainers, 主题可以在 helm chart 文件夹外维护
initContainers: |
- name: keycloak-theme-provider
image: docker.io/my-theme:1.0
imagePullPolicy: IfNotPresent
command:
- sh
args:
- -c
- |
echo "Copying theme..."
cp -R /my-theme/* /theme
volumeMounts:
- name: theme
mountPath: /theme
extraVolumeMounts:
- name: theme
mountPath: /opt/jboss/keycloak/themes/my-theme
extraVolumes:
- name: theme
emptyDir: {}
docker 图片代码
FROM busybox
COPY src/themes/ /my-theme