mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-01 04:30:44 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove obsolete information from the Keycloak deployment

Browse Source 
Closes #40375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz
2025-06-11 14:17:48 +02:00
committed by GitHub
parent d8b53df634
commit 74027bfbfe
7 changed files with 93 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/guides/high-availability/deploy-keycloak-kubernetes.adoc
+1 -4
View File
@@ -43,10 +43,7 @@ As most requests will not touch the database due to the {project_name} embedded
See the <@links.ha id="concepts-database-connections" /> {section} for details.
<2> Specify the URL to your custom {project_name} image. If your image is optimized, set the `startOptimized` flag to `true`.
<3> Enable additional features for multi-site support like the loadbalancer probe `/lb-check`.
<4> XA transactions are not supported by the https://github.com/awslabs/aws-advanced-jdbc-wrapper/releases/[Amazon Web Services JDBC Driver].
<5> To be able to analyze the system under load, enable the metrics endpoint.
The disadvantage of the setting is that the metrics will be available at the external {project_name} endpoint, so you must add a filter so that the endpoint is not available from the outside.
Use a reverse proxy in front of {project_name} to filter out those URLs.
<4> To be able to analyze the system under load, enable the metrics endpoint.
== Verifying the deployment
docs/guides/high-availability/examples/generated/ispn-single.yaml
+9 -3
View File
@@ -24,6 +24,12 @@ data:
metrics:
namesAsTags: true
histograms: false
tracing:
enabled: true
collector-endpoint: "http://tempo-tempo.monitoring.svc:4318"
exporter-protocol: "OTLP"
service-name: "infinispan-server"
security: false
server:
endpoints:
- securityRealm: default
@@ -305,12 +311,12 @@ spec:
expose:
type: Route
configMapName: "cluster-config"
image: quay.io/infinispan/server:15.0.11.Final
version: 15.0.4
image: quay.io/infinispan/server:15.0.15.Final
version: 15.0.15
configListener:
enabled: false
container:
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dorg.infinispan.threads.virtual=true -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000 -Dotel.traces.sampler=parentbased_always_off'
cpu: 4:2
memory: 2Gi:1Gi
logging:
docs/guides/high-availability/examples/generated/ispn-site-a.yaml
+9 -3
View File
@@ -36,6 +36,12 @@ data:
metrics:
namesAsTags: true
histograms: false
tracing:
enabled: true
collector-endpoint: "http://tempo-tempo.monitoring.svc:4318"
exporter-protocol: "OTLP"
service-name: "infinispan-server"
security: false
server:
endpoints:
- securityRealm: default
@@ -339,12 +345,12 @@ spec:
expose:
type: Route
configMapName: "cluster-config"
image: quay.io/infinispan/server:15.0.11.Final
version: 15.0.4
image:
version: 15.0.15
configListener:
enabled: false
container:
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000'
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dorg.infinispan.threads.virtual=true -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000 -Dotel.traces.sampler=parentbased_always_off'
logging:
categories:
org.infinispan: info
docs/guides/high-availability/examples/generated/ispn-site-b.yaml
+9 -3
View File
@@ -36,6 +36,12 @@ data:
metrics:
namesAsTags: true
histograms: false
tracing:
enabled: true
collector-endpoint: "http://tempo-tempo.monitoring.svc:4318"
exporter-protocol: "OTLP"
service-name: "infinispan-server"
security: false
server:
endpoints:
- securityRealm: default
@@ -339,12 +345,12 @@ spec:
expose:
type: Route
configMapName: "cluster-config"
image: quay.io/infinispan/server:15.0.11.Final
version: 15.0.4
image:
version: 15.0.15
configListener:
enabled: false
container:
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000'
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dorg.infinispan.threads.virtual=true -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000 -Dotel.traces.sampler=parentbased_always_off'
cpu: 4:2
memory: 2Gi:1Gi
logging:
docs/guides/high-availability/examples/generated/ispn-volatile.yaml
+9 -3
View File
@@ -36,6 +36,12 @@ data:
metrics:
namesAsTags: true
histograms: false
tracing:
enabled: true
collector-endpoint: "http://tempo-tempo.monitoring.svc:4318"
exporter-protocol: "OTLP"
service-name: "infinispan-server"
security: false
server:
endpoints:
- securityRealm: default
@@ -507,12 +513,12 @@ spec:
expose:
type: Route
configMapName: "cluster-config"
image: quay.io/infinispan/server:15.0.11.Final
version: 15.0.4
image:
version: 15.0.15
configListener:
enabled: false
container:
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000'
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dorg.infinispan.threads.virtual=true -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000 -Dotel.traces.sampler=parentbased_always_off'
cpu: 4:2
memory: 2Gi:1Gi
logging:
docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
+29 -18
View File
@@ -54,7 +54,7 @@ metadata:
name: keycloak-providers
namespace: keycloak
binaryData:
keycloak-benchmark-dataset-0.15-SNAPSHOT.jar: ...
keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar: ...
---
# Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml
apiVersion: v1
@@ -206,7 +206,7 @@ spec:
value: keycloak
- name: POSTGRES_DB
value: keycloak
image: postgres:15
image: mirror.gcr.io/postgres:15
volumeMounts:
# Using volume mount for PostgreSQL's data folder as it is otherwise not writable
- mountPath: /var/lib/postgresql
@@ -351,7 +351,7 @@ spec:
- name: SQLPAD_CONNECTIONS__pgdemo__username
value: keycloak
- name: SQLPAD_CONNECTIONS__pgdemo__password
value: pass
value: secret99
- name: SQLPAD_CONNECTIONS__pgdemo__database
value: keycloak
- name: SQLPAD_CONNECTIONS__pgdemo__driver
@@ -362,7 +362,7 @@ spec:
value: '86400'
- name: SQLPAD_QUERY_RESULT_MAX_ROWS
value: '100000'
image: sqlpad/sqlpad:6.11.0
image: mirror.gcr.io/sqlpad/sqlpad:6.11.0
imagePullPolicy: Always
startupProbe:
httpGet:
@@ -451,14 +451,10 @@ spec:
startOptimized: false # <2>
features:
enabled:
- user-event-metrics
- multi-site # <3>
transaction:
xaEnabled: false # <4>
# tag::keycloak-ispn[]
additionalOptions:
# end::keycloak-ispn[]
# end::keycloak[]
- name: http-metrics-histograms-enabled
value: 'true'
@@ -473,7 +469,7 @@ spec:
# tag::keycloak[]
- name: log-console-output
value: json
- name: metrics-enabled # <5>
- name: metrics-enabled # <4>
value: 'true'
- name: event-metrics-user-enabled
value: 'true'
@@ -490,10 +486,9 @@ spec:
secret:
name: remote-store-secret
key: password
- name: spi-cache-embedded-default-site-name # <5>
value: keycloak
# end::keycloak-ispn[]
- name: db-driver
# end::keycloak-ispn[]
value: software.amazon.jdbc.Driver
http:
tlsSecret: keycloak-tls-secret
@@ -503,7 +498,7 @@ spec:
podTemplate:
metadata:
annotations:
checksum/config: a6e4c8f98e1b1035942cd1121684f817d533021a392be90b5df784f474146350-9bfd430c6539df907f0421bb34c92fb32194d461565bd342f7f96ff5a5408273-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
checksum/config: 74d09d74f6547eec9888f07648f5f5be52afa1be1a6231f286cbd368e86e6f19-099f6e0e31165c359aa5534e8dc6e42b603410742f45fefbc62d923ea6cb7e64-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
spec:
containers:
- env:
@@ -520,10 +515,11 @@ spec:
name: keycloak-preconfigured-admin
key: password
optional: false
- name: JAVA_OPTS_APPEND # <5>
value: ""
- name: JAVA_OPTS_APPEND
value: >
-Djdk.tracePinnedThreads=full
ports:
# end::keycloak[]
# readinessProbe:
# exec:
# command:
@@ -534,8 +530,8 @@ spec:
# - 'true'
volumeMounts:
- name: keycloak-providers
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.15-SNAPSHOT.jar
subPath: keycloak-benchmark-dataset-0.15-SNAPSHOT.jar
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar
subPath: keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar
readOnly: true
volumes:
- name: keycloak-providers
@@ -552,11 +548,26 @@ spec:
selector:
matchLabels:
app: keycloak
# Use pod target labels "as is" without any renaming
# podTargetLabels:
# - app
# Since at least Keycloak 26.2 and the latest Quarkus 3.19 version, it requires "OpenMetricsText1.0.0" to retrieve exemplars,
# as at least some of the other protocols don't support exemplars.
scrapeProtocols:
- OpenMetricsText1.0.0
podMetricsEndpoints:
- port: management
scheme: https
tlsConfig:
insecureSkipVerify: true
relabelings:
- targetLabel: application
# Alternative: hard-coded value
# replacement: "keycloak"
sourceLabels:
- __meta_kubernetes_pod_label_app
regex: (.+)
replacement: ${1}
---
# Source: keycloak/templates/postgres/postgres-exporter.yaml
apiVersion: monitoring.coreos.com/v1
docs/guides/high-availability/examples/generated/keycloak.yaml
+27 -17
View File
@@ -41,7 +41,7 @@ metadata:
name: keycloak-providers
namespace: keycloak
binaryData:
keycloak-benchmark-dataset-0.15-SNAPSHOT.jar: ...
keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar: ...
---
# Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml
apiVersion: v1
@@ -193,7 +193,7 @@ spec:
value: keycloak
- name: POSTGRES_DB
value: keycloak
image: postgres:15
image: mirror.gcr.io/postgres:15
volumeMounts:
# Using volume mount for PostgreSQL's data folder as it is otherwise not writable
- mountPath: /var/lib/postgresql
@@ -338,7 +338,7 @@ spec:
- name: SQLPAD_CONNECTIONS__pgdemo__username
value: keycloak
- name: SQLPAD_CONNECTIONS__pgdemo__password
value: pass
value: secret99
- name: SQLPAD_CONNECTIONS__pgdemo__database
value: keycloak
- name: SQLPAD_CONNECTIONS__pgdemo__driver
@@ -349,7 +349,7 @@ spec:
value: '86400'
- name: SQLPAD_QUERY_RESULT_MAX_ROWS
value: '100000'
image: sqlpad/sqlpad:6.11.0
image: mirror.gcr.io/sqlpad/sqlpad:6.11.0
imagePullPolicy: Always
startupProbe:
httpGet:
@@ -440,14 +440,10 @@ spec:
startOptimized: false # <2>
features:
enabled:
- user-event-metrics
- multi-site # <3>
transaction:
xaEnabled: false # <4>
# tag::keycloak-ispn[]
additionalOptions:
# end::keycloak-ispn[]
# end::keycloak[]
- name: http-metrics-histograms-enabled
value: 'true'
@@ -462,7 +458,7 @@ spec:
# tag::keycloak[]
- name: log-console-output
value: json
- name: metrics-enabled # <5>
- name: metrics-enabled # <4>
value: 'true'
- name: event-metrics-user-enabled
value: 'true'
@@ -481,8 +477,6 @@ spec:
secret:
name: remote-store-secret
key: password
- name: spi-cache-embedded-default-site-name
value: keycloak
- name: db-driver
value: software.amazon.jdbc.Driver
http:
@@ -493,7 +487,7 @@ spec:
podTemplate:
metadata:
annotations:
checksum/config: a6e4c8f98e1b1035942cd1121684f817d533021a392be90b5df784f474146350-9af6f9e8393229798cfb789798e36f84e39803616fe3e51b2a38e3ce05830565-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
checksum/config: 74d09d74f6547eec9888f07648f5f5be52afa1be1a6231f286cbd368e86e6f19-b9788fd7a0f3ed13e27c33f89e0e1019fc1fb7d445005dada32fab73b68c335b-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
spec:
containers:
- env:
@@ -510,10 +504,11 @@ spec:
name: keycloak-preconfigured-admin
key: password
optional: false
- name: JAVA_OPTS_APPEND # <5>
value: ""
- name: JAVA_OPTS_APPEND
value: >
-Djdk.tracePinnedThreads=full
ports:
# end::keycloak[]
# readinessProbe:
# exec:
# command:
@@ -524,8 +519,8 @@ spec:
# - 'true'
volumeMounts:
- name: keycloak-providers
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.15-SNAPSHOT.jar
subPath: keycloak-benchmark-dataset-0.15-SNAPSHOT.jar
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar
subPath: keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar
readOnly: true
volumes:
- name: keycloak-providers
@@ -542,11 +537,26 @@ spec:
selector:
matchLabels:
app: keycloak
# Use pod target labels "as is" without any renaming
# podTargetLabels:
# - app
# Since at least Keycloak 26.2 and the latest Quarkus 3.19 version, it requires "OpenMetricsText1.0.0" to retrieve exemplars,
# as at least some of the other protocols don't support exemplars.
scrapeProtocols:
- OpenMetricsText1.0.0
podMetricsEndpoints:
- port: management
scheme: https
tlsConfig:
insecureSkipVerify: true
relabelings:
- targetLabel: application
# Alternative: hard-coded value
# replacement: "keycloak"
sourceLabels:
- __meta_kubernetes_pod_label_app
regex: (.+)
replacement: ${1}
---
# Source: keycloak/templates/postgres/postgres-exporter.yaml
apiVersion: monitoring.coreos.com/v1