MLOps - Keycloak
By Bys on February 7, 2025
MLOps
Keycloak
Install Keycloak(Official)
기존에 설치한 Postgresql 을 활용하기 위해 다음과 같이 진행
# 기존 PostgreSQL에 접속
kubectl exec -it postgresql-0 -n postgresql -- psql -U postgres
# Keycloak용 사용자 생성
CREATE USER keycloak WITH PASSWORD 'keycloak';
# Keycloak용 데이터베이스 생성
CREATE DATABASE keycloak;
# 생성한 데이터베이스에 대한 권한 부여
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
# keycloak 데이터베이스로 전환
\c keycloak
# keycloak 유저에게 스키마 관련 권한 부여
GRANT ALL ON SCHEMA public TO keycloak;
KC_DB_URL_HOST 환경변수를 postgre 서비스로 변경
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: keycloak
namespace: keycloak
labels:
app: keycloak
spec:
serviceName: keycloak-discovery
replicas: 2
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:26.2.5
args: ["start"]
env:
- name: KC_BOOTSTRAP_ADMIN_USERNAME
value: "admin"
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
value: "admin"
- name: KC_PROXY_HEADERS
value: "xforwarded"
- name: KC_HTTP_ENABLED
value: "true"
- name: KC_HOSTNAME_STRICT
value: "false"
- name: KC_HEALTH_ENABLED
value: "true"
- name: 'KC_CACHE'
value: 'ispn'
- name: 'KC_CACHE_STACK'
value: 'kubernetes'
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: JAVA_OPTS_APPEND
value: '-Djgroups.dns.query="keycloak-discovery" -Djgroups.bind.address=\$(POD_IP)'
# 기존 PostgreSQL 사용을 위한 설정 수정
- name: 'KC_DB_URL_DATABASE'
value: 'keycloak'
- name: 'KC_DB_URL_HOST'
value: 'postgresql.postgresql.svc.cluster.local' # 기존 PostgreSQL 서비스 주소
- name: 'KC_DB'
value: 'postgres'
- name: 'KC_DB_PASSWORD'
value: 'keycloak' # PostgreSQL에서 생성한 keycloak 사용자의 비밀번호
- name: 'KC_DB_USERNAME'
value: 'keycloak' # PostgreSQL에서 생성한 keycloak 사용자
ports:
- name: http
containerPort: 8080
startupProbe:
httpGet:
path: /health/started
port: 9000
readinessProbe:
httpGet:
path: /health/ready
port: 9000
livenessProbe:
httpGet:
path: /health/live
port: 9000
resources:
limits:
cpu: 2000m
memory: 2000Mi
requests:
cpu: 500m
memory: 1700Mi
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: keycloak
annotations:
alb.ingress.kubernetes.io/group.name: mlops
alb.ingress.kubernetes.io/subnets: bys-dev-ue1-sbn-1a-extelb, bys-dev-ue1-sbn-1b-extelb, bys-dev-ue1-sbn-1c-extelb, bys-dev-ue1-sbn-1d-extelb, bys-dev-ue1-sbn-1f-extelb
alb.ingress.kubernetes.io/scheme : internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:558846430793:certificate/a5207b24-ae67-49ac-b34e-f34ed0088bca
alb.ingress.kubernetes.io/security-groups: sg-07e6c272df0bed7ee
alb.ingress.kubernetes.io/healthcheck-path: /
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '10'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '4'
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/success-codes: 200,302
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/tags: auto-delete=no
spec:
ingressClassName: "alb"
rules:
- host: keycloak.bys.asia
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 8080
Install Keycloak(Bitnami)
values.yaml
ingress:
enabled: true
ingressClassName: "alb"
hostname: keycloak.bys.asia
pathType: Prefix
path: "/"
tls: true
annotations:
alb.ingress.kubernetes.io/group.name: mlops
alb.ingress.kubernetes.io/subnets: bys-dev-ue1-sbn-1a-extelb, bys-dev-ue1-sbn-1b-extelb, bys-dev-ue1-sbn-1c-extelb, bys-dev-ue1-sbn-1d-extelb, bys-dev-ue1-sbn-1f-extelb
alb.ingress.kubernetes.io/scheme : internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:558846430793:certificate/a5207b24-ae67-49ac-b34e-f34ed0088bca
alb.ingress.kubernetes.io/security-groups: sg-07e6c272df0bed7ee
alb.ingress.kubernetes.io/healthcheck-path: /
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '10'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '4'
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/success-codes: 200,302
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/tags: auto-delete=no
auth:
adminUser: admin
adminPassword: admin
postgresql:
primary:
persistence:
size: 15Gi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update bitnami
helm upgrade -i keycloak bitnami/keycloak -n keycloak -f /Users/bys/workspace/kubernetes/mlops/keycloak/values.yaml
helm delete keycloak -n keycloak
# admin password
kubectl get secret keycloak -n keycloak -o jsonpath='{.data.admin-password}' | base64 --decode
Keycloak 차트에는 아래와 같이 postgresql 에 대한 dependency 가 존재한다.
dependencies:
- condition: postgresql.enabled
name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 16.x.x
만약, postgresql 에 대한 Values.yaml 파일을 수정하고 싶다면 postgresql. 이 후 값을 설정하면 된다.
https://devocean.sk.com/blog/techBoardDetail.do?ID=167194&boardType=techBlog
keycloak jupyter spark mlflow mlops