Keycloak


MLOps

Keycloak

Install Keycloak(Official)

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    app: keycloak
spec:
  ports:
    - name: http
      port: 8080
      targetPort: 8080  
  selector:
    app: keycloak
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:25.0.0
          args: ["start-dev"]
          env:
            - name: KEYCLOAK_ADMIN
              value: "admin"
            - name: KEYCLOAK_ADMIN_PASSWORD
              value: "admin"
            - name: KC_PROXY
              value: "edge"
            - name: KC_HEALTH_ENABLED
              value: "true"
            - name: KC_LOG_LEVEL
              value: "DEBUG"
          ports:
            - name: http
              containerPort: 8080
          readinessProbe:
            httpGet:
              path: /health/ready
              port: 9000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak
  namespace: keycloak
  annotations:
    alb.ingress.kubernetes.io/group.name: mlops
    alb.ingress.kubernetes.io/subnets: bys-dev-ue1-sbn-1a-extelb, bys-dev-ue1-sbn-1b-extelb, bys-dev-ue1-sbn-1c-extelb, bys-dev-ue1-sbn-1d-extelb, bys-dev-ue1-sbn-1f-extelb
    alb.ingress.kubernetes.io/scheme : internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:558846430793:certificate/a5207b24-ae67-49ac-b34e-f34ed0088bca
    alb.ingress.kubernetes.io/security-groups: sg-07e6c272df0bed7ee
    alb.ingress.kubernetes.io/healthcheck-path: /
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '10'
    alb.ingress.kubernetes.io/healthy-threshold-count: '2'
    alb.ingress.kubernetes.io/unhealthy-threshold-count: '4'
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/success-codes: 200,302
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/tags: auto-delete=no
spec:
  ingressClassName: "alb"
  rules:
    - host: keycloak.bys.asia
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: keycloak
                port:
                  number: 8080


Install Keycloak(Bitnami)

values.yaml

ingress:
  enabled: true
  ingressClassName: "alb"
  hostname: keycloak.bys.asia
  pathType: Prefix
  path: "/"
  tls: true
  annotations: 
    alb.ingress.kubernetes.io/group.name: mlops
    alb.ingress.kubernetes.io/subnets: bys-dev-ue1-sbn-1a-extelb, bys-dev-ue1-sbn-1b-extelb, bys-dev-ue1-sbn-1c-extelb, bys-dev-ue1-sbn-1d-extelb, bys-dev-ue1-sbn-1f-extelb
    alb.ingress.kubernetes.io/scheme : internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:558846430793:certificate/a5207b24-ae67-49ac-b34e-f34ed0088bca
    alb.ingress.kubernetes.io/security-groups: sg-07e6c272df0bed7ee
    alb.ingress.kubernetes.io/healthcheck-path: /
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '10'
    alb.ingress.kubernetes.io/healthy-threshold-count: '2'
    alb.ingress.kubernetes.io/unhealthy-threshold-count: '4'
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/success-codes: 200,302
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/tags: auto-delete=no
auth:
  adminUser: admin
  adminPassword: admin

postgresql:
  primary:
    persistence:
      size: 15Gi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update bitnami

helm upgrade -i keycloak bitnami/keycloak -n keycloak -f /Users/bys/workspace/kubernetes/mlops/keycloak/values.yaml
helm delete keycloak -n keycloak

# admin password
kubectl get secret keycloak -n keycloak -o jsonpath='{.data.admin-password}'  | base64 --decode

Keycloak 차트에는 아래와 같이 postgresql 에 대한 dependency 가 존재한다.

dependencies:
- condition: postgresql.enabled
  name: postgresql
  repository: oci://registry-1.docker.io/bitnamicharts
  version: 16.x.x

만약, postgresql 에 대한 Values.yaml 파일을 수정하고 싶다면 postgresql. 이 후 값을 설정하면 된다.



https://devocean.sk.com/blog/techBoardDetail.do?ID=167194&boardType=techBlog

Tag: [ keycloak  jupyter  spark  mlflow  ]