Cloud Foundry上的Keycloak独立群集 [英] Keycloak standalone cluster on Cloud Foundry

问题描述

如何在Cloud Foundry上配置Keycloak独立群集?

How to configure Keycloak standalone cluster on Cloud Foundry?

我尝试将docker image jboss/keycloak:4.5.0.Final用于内部路由:

I tried to use docker image jboss/keycloak:4.5.0.Final with internal routing:

• env:
  • JGROUPS_DISCOVERY_PROTOCOL: dns.DNS_PING
  • JGROUPS_DISCOVERY_PROPERTIES: dns_query=keycloak-cluster-poc.apps.internal
  • env:
    • JGROUPS_DISCOVERY_PROTOCOL: dns.DNS_PING
    • JGROUPS_DISCOVERY_PROPERTIES: dns_query=keycloak-cluster-poc.apps.internal

    cf add-network-policy keycloak-cluster-poc --destination-app keycloak-cluster-poc --protocol tcp/udp --port 1-65535
    

  它不起作用.我应该公开其他端口吗?

  It's not working. Should I expose additional ports?

  <socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
  <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
  <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
  <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
  <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
  <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
  

  推荐答案

  我终于找到了自己问题的答案.

  I finally found the answer to my own question.

  转到此 keycloak4cf 回购如果您正在寻找一种快速的解决方案.

  Go to this keycloak4cf repo if you are looking for a quick solution.

  我必须面对的主要问题:

  Main problems that I had to face:

  使用jboss/keycloak:5.0.0或更高/最新

  存在已删除并没有>硬编码6 JGRP-2295 .

  There is hardcoded .svc.cluster.local DNS query suffix removed with JGRP-2295.

  此修复程序在JGroups 4.0.15.Final中发布，在Infinispan Core 9.4.0.Final.中使用，并与Keycloak 5.0.0(包含在inifnispan-core 9.4.3.Final中)一起发布.

  This fix was released in JGroups 4.0.15.Final, that is used in Infinispan Core 9.4.0.Final., released with Keycloak 5.0.0 (included inifnispan-core 9.4.3.Final).

  必须使用TCP而不是多播UDP (没有Cloud Foundry上进行多播-谢谢@DanielMikusa的提示).

  Clustering have to be done with TCP instead of multicast UDP (there is no multicast on Cloud Foundry - thank you @DanielMikusa for the tip).

  要更改此配置，请使用dns.DNS_PING.cli:

  To change this config use dns.DNS_PING.cli:

  embed-server --server-config=standalone-ha.xml --std-out=echo
  batch
  /subsystem=jgroups:write-attribute(name=default-stack,value=tcp)
  /subsystem=jgroups/channel=ee:write-attribute(name=stack,value=tcp)
  /subsystem=jgroups/stack=udp/protocol=PING:remove()
  /subsystem=jgroups/stack=udp/protocol=$keycloak_jgroups_discovery_protocol:add(add-index=0, properties=$keycloak_jgroups_discovery_protocol_properties)
  /subsystem=jgroups/stack=tcp/protocol=MPING:remove()
  /subsystem=jgroups/stack=tcp/protocol=$keycloak_jgroups_discovery_protocol:add(add-index=0, properties=$keycloak_jgroups_discovery_protocol_properties)
  run-batch
  stop-embedded-server
  

  添加网络策略以允许群集节点之间的连接:

  Add network policy to allow connections between cluster nodes:

  cf add-network-policy keycloak-cluster-poc --destination-app keycloak-cluster-poc --protocol tcp --port 7600
  

  这篇关于Cloud Foundry上的Keycloak独立群集的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！