问题:
带有现有数据库的Helm Keycloak Postgres...在安装过程中不保存数据
岳迪
我正试图让掌舵键斗篷图表与Postgres数据库工作。我希望我的数据在卸载期间保持不变。我已经创建了/mnt/disks/vol1/PostgreSQL挂载。当我运行以下命令时:helm install keycloak-f keycloak.yaml codecentric/keycloak
init:
image:
repository: busybox
tag: 1.31
pullPolicy: IfNotPresent
resources: {}
# limits:
# cpu: "10m"
# memory: "32Mi"
# requests:
# cpu: "10m"
# memory: "32Mi"
clusterDomain: cluster.local
## Optionally override the fully qualified name
# fullnameOverride: keycloak
## Optionally override the name
# nameOverride: keycloak
keycloak:
replicas: 1
image:
repository: jboss/keycloak
tag: 8.0.1
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
pullSecrets: []
# - myRegistrKeySecretName
hostAliases: []
# - ip: "1.2.3.4"
# hostnames:
# - "my.host.com"
proxyAddressForwarding: true
enableServiceLinks: false
podManagementPolicy: Parallel
restartPolicy: Always
serviceAccount:
# Specifies whether a service account should be created
create: false
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
securityContext:
fsGroup: 1000
containerSecurityContext:
runAsUser: 1000
runAsNonRoot: true
## The path keycloak will be served from. To serve keycloak from the root path, use two quotes (e.g. "").
basepath: "auth"
## Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy
extraContainers: |
## lifecycleHooks defines the container lifecycle hooks
lifecycleHooks: |
# postStart:
# exec:
# command: ["/bin/sh", "-c", "ls"]
## Override the default for the Keycloak container, e.g. for clusters with large cache that requires rebalancing.
terminationGracePeriodSeconds: 60
## Additional arguments to start command e.g. -Dkeycloak.import= to load a realm
extraArgs: ""
## Username for the initial Keycloak admin user
username: admin
## Password for the initial Keycloak admin user. Applicable only if existingSecret is not set.
## If not set, a random 10 characters password will be used
password: "aaaa"
# Specifies an existing secret to be used for the admin password
existingSecret: ""
# The key in the existing secret that stores the password
existingSecretKey: password
## jGroups configuration (only for HA deployment)
jgroups:
discoveryProtocol: dns.DNS_PING
discoveryProperties: >
"dns_query={{ template "keycloak.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
javaToolOptions: >-
-XX:+UseContainerSupport
-XX:MaxRAMPercentage=50.0
## Allows the specification of additional environment variables for Keycloak
extraEnv: |
- name: KEYCLOAK_LOGLEVEL
value: DEBUG
# - name: WILDFLY_LOGLEVEL
# value: DEBUG
# - name: CACHE_OWNERS
# value: "2"
# - name: DB_QUERY_TIMEOUT
# value: "60"
# - name: DB_VALIDATE_ON_MATCH
# value: true
# - name: DB_USE_CAST_FAIL
# value: false
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
{{- include "keycloak.selectorLabels" . | nindent 10 }}
matchExpressions:
- key: role
operator: NotIn
values:
- test
topologyKey: kubernetes.io/hostname
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
{{- include "keycloak.selectorLabels" . | nindent 12 }}
matchExpressions:
- key: role
operator: NotIn
values:
- test
topologyKey: failure-domain.beta.kubernetes.io/zone
nodeSelector: {}
priorityClassName: ""
tolerations: []
## Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
## Extra Annotations to be added to pod
podAnnotations: {}
livenessProbe: |
httpGet:
path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/
port: http
initialDelaySeconds: 300
timeoutSeconds: 5
readinessProbe: |
httpGet:
path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/realms/master
port: http
initialDelaySeconds: 30
timeoutSeconds: 1
resources: {}
# limits:
# cpu: "100m"
# memory: "1024Mi"
# requests:
# cpu: "100m"
# memory: "1024Mi"
## WildFly CLI configurations. They all end up in the file 'keycloak.cli' configured in the configmap which is
## executed on server startup.
cli:
enabled: true
nodeIdentifier: |
{{ .Files.Get "scripts/node-identifier.cli" }}
logging: |
{{ .Files.Get "scripts/logging.cli" }}
ha: |
{{ .Files.Get "scripts/ha.cli" }}
datasource: |
{{ .Files.Get "scripts/datasource.cli" }}
# Custom CLI script
custom: |
## Custom startup scripts to run before Keycloak starts up
startupScripts: {}
# mystartup.sh: |
# #!/bin/sh
#
# echo 'Hello from my custom startup script!'
## Additional init containers, e. g. for providing custom themes
extraInitContainers: |
## Add additional volumes and mounts, e. g. for custom themes
extraVolumeMounts: |
- name: theme
mountPath: /opt/jboss/keycloak/themes/
subPath: kcthemes
extraVolumes: |
- name: theme
persistentVolumeClaim:
claimName: keycloak-pv-claim
## Add additional ports, eg. for custom admin console
extraPorts: |
podDisruptionBudget: {}
# maxUnavailable: 1
# minAvailable: 1
service:
annotations: {}
# service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"
labels: {}
# key: value
## ServiceType
## ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
type: ClusterIP
## Optional static port assignment for service type NodePort.
# nodePort: 30000
httpPort: 8080
httpNodePort: ""
httpsPort: 8443
httpsNodePort: ""
# Optional: jGroups port for high availability clustering
jgroupsPort: 7600
## Ingress configuration.
## ref: https://kubernetes.io/docs/user-guide/ingress/
ingress:
enabled: true
path: /
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# ingress.kubernetes.io/affinity: cookie
labels: {}
# key: value
## List of hosts for the ingress
hosts:
- localhost
## TLS configuration
tls:
- hosts:
- localhost
secretName: keycloak-secret
## OpenShift route configuration.
## ref: https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html
route:
enabled: false
path: /
annotations: {}
# kubernetes.io/tls-acme: "true"
# haproxy.router.openshift.io/disable_cookies: "true"
# haproxy.router.openshift.io/balance: roundrobin
labels: {}
# key: value
# Host name for the route
host:
# TLS configuration
tls:
enabled: true
insecureEdgeTerminationPolicy: Redirect
termination: edge
## Persistence configuration
persistence:
# If true, the Postgres chart is deployed
deployPostgres: true
# The database vendor. Can be either "postgres", "mysql", "mariadb", or "h2"
dbVendor: postgres
## The following values only apply if "deployPostgres" is set to "false"
dbName: keycloak
dbHost: keycloak-postgresql
dbPort: 5432
## Database Credentials are loaded from a Secret residing in the same Namespace as keycloak.
## The Chart can read credentials from an existing Secret OR it can provision its own Secret.
## Specify existing Secret
# If set, specifies the Name of an existing Secret to read db credentials from.
existingSecret: ""
existingSecretPasswordKey: "" # read keycloak db password from existingSecret under this Key
existingSecretUsernameKey: "" # read keycloak db user from existingSecret under this Key
## Provision new Secret
# Only used if existingSecret is not specified. In this case a new secret is created
# populated by the variables below.
dbUser: KcSuperUser
dbPassword: KcSuperPass
postgresql:
image:
tag: 12
### PostgreSQL User to create.
##
postgresqlUsername: "KcSuperUser"
## PostgreSQL Password for the new user.
## If not set, a random 10 characters password will be used.
##
postgresqlPassword: "KcSuperPassword"
## PostgreSQL Database to create.
##
postgresqlDatabase: keycloak
## Persistent Volume Storage configuration.
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
##
persistence:
## Enable PostgreSQL persistence using Persistent Volume Claims.
##
enabled: true
exitingClaim: "pdata-keycloak-postgresql-0"
mountPath: /var/lib/postgresql/data
classes:
- name: postgres # Defines name of storage class.
# Path on the host where local volumes of this storage class are mounted
# under.
#hostDir: /mnt/fast-disks
# Optionally specify mount path of local volumes. By default, we use same
# path as hostDir in container.
mountDir: /mnt/disks/vol1/postgresdata
# The volume mode of created PersistentVolume object. Default to Filesystem
# if not specified.
volumeMode: Filesystem
# Filesystem type to mount.
# It applies only when the source path is a block device,
# and desire volume mode is Filesystem.
# Must be a filesystem type supported by the host operating system.
fsType: ext4
blockCleanerCommand:
# Do a quick reset of the block device during its cleanup.
# - "/scripts/quick_reset.sh"
# or use dd to zero out block dev in two iterations by uncommenting these lines
# - "/scripts/dd_zero.sh"
# - "2"
# or run shred utility for 2 iteration.s
- "/scripts/shred.sh"
- "2"
# or blkdiscard utility by uncommenting the line below.
# - "/scripts/blkdiscard.sh"
# Uncomment to create storage class object with default configuration.
# storageClass: true
# Uncomment to create storage class object and configure it.
# storageClass:
test:
enabled: true
image:
repository: unguiculus/docker-python3-phantomjs-selenium
tag: v1
pullPolicy: IfNotPresent
securityContext:
fsGroup: 1000
containerSecurityContext:
runAsUser: 1000
runAsNonRoot: true
prometheus:
operator:
## Are you using Prometheus Operator?
enabled: false
serviceMonitor:
## Optionally set a target namespace in which to deploy serviceMonitor
namespace: ""
## Additional labels to add to the ServiceMonitor so it is picked up by the operator.
## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release.
selector:
release: prometheus
## Interval at which Prometheus scrapes metrics
interval: 10s
## Timeout at which Prometheus timeouts scrape run
scrapeTimeout: 10s
## The path to scrape
path: /auth/realms/master/metrics
prometheusRules:
## Add Prometheus Rules?
enabled: false
## Additional labels to add to the PrometheusRule so it is picked up by the operator.
## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
selector:
app: prometheus-operator
release: prometheus
## Some example rules.
rules: {}
# - alert: keycloak-IngressHigh5xxRate
# annotations:
# message: The percentage of 5xx errors for keycloak over the last 5 minutes is over 1%.
# expr: (sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak",status=~"5[0-9]{2}"}[1m]))/sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak"}[1m])))*100 > 1
# for: 5m
# labels:
# severity: warning
# - alert: keycloak-IngressHigh5xxRate
# annotations:
# message: The percentage of 5xx errors for keycloak over the last 5 minutes is over 5%.
# expr: (sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak",status=~"5[0-9]{2}"}[1m]))/sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak"}[1m])))*100 > 5
# for: 5m
# labels:
# severity: critical
kind: PersistentVolume
apiVersion: v1
metadata:
name: keycloak-postgres-volume
labels:
app: postgres
type: local
spec:
storageClassName: postgres
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/disks/vol1/postgresdata"
索赔:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: data-keycloak-postgresql-0
labels:
app: postgres
spec:
storageClassName: postgres
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
储存
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: postgres
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
共有1个答案
欧渝
我让它在values.yaml持久性中使用以下内容:##使用持久性卷声明启用PostgreSQL持久性。##启用:true exitingclaim:“pdata-keycloak-postgreSQL-0”mountpath://bitnami/postgreSQL
不知何故,/var/lib/PostgreSQL的mounthPath不起作用。
类似资料:
-
在JPA中,是否有任何方法可以在DB中批量插入数据,并且只有在DB中不存在数据时才插入数据。当我尝试批量插入时,由于唯一键约束,它抛出异常。我想插入数据库中不存在的所有记录,其余的应该跳过。 组织。springframework。刀。DataIntegrityViolationException:无法执行语句;SQL[n/a];约束[reference_number_master_id_key];
-
我正在尝试更新数据,据我所知,save()方法在id为空时保存实体,或者在DB中找到给定id时更新数据库中现有的实体。 但是,当我尝试保存数据时,它不会被更新: 但是,当我从数据库检索数据并更新其字段并再次保存时,它会更新: 和实体:
-
我有一个关于在数据库中存储数据的问题。 我正在应用程序中的一些屏幕上工作:登录屏幕(用户可以访问你的帐户),注册屏幕(用户可以创建一个新帐户),用户提供信息的屏幕(比如“母亲的名字和身高”),以及配置文件屏幕(显示用户提供的信息)。 我在登录屏幕和注册屏幕中没有问题,但是我不知道如何在Firebase数据库中保存用户提供的信息,在用户提供信息的屏幕中。 你们谁能帮我一下吗?我知道我可以使用fire
-
问题内容: 我有一个模型对象,我想要一个带有日期的字段。目前,我正在使用适合我们需求的产品。 Hibernate将该字段以形式存储在数据库中。我们可以将其在数据库中的保存方式更改为更易读的格式,更重要的是将其更改为可排序的格式吗? 使用的数据库是mysql db。 问题答案: 这个问题已经解决了作为一种新的改进来 ,原来这是一个孤立的捆绑模块 现在,它直接捆绑,所以只要确保你使用的是最新的版本,它
-
我有一个模型对象,我想在其中有一个带日期的字段。目前,我使用来满足我们的需要。 所使用的数据库是一个mysql数据库。
-
我的数据库是SQL Server2008,备份文件是2005年的。 会有什么问题?