Quarkus Kubernetes operator：如何在应用程序容器（不是 operator 容器）中设置环境变量？答案

【问题标题】：Quarkus Kubernetes operator: how to set environment variables in application container (not operator container)?Quarkus Kubernetes operator：如何在应用程序容器（不是 operator 容器）中设置环境变量？
【发布时间】：2022-10-21 23:44:21
【问题描述】：

Keycloak 运算符使用 Quarkus：https://github.com/keycloak/keycloak/tree/main/operator

在application.properties (https://github.com/keycloak/keycloak/blob/main/operator/src/main/resources/application.properties) 我们可以设置环境变量： https://quarkus.io/guides/deploying-to-kubernetes#environment-variables-from-keyvalue-pairs

例如：

quarkus.kubernetes.env.vars.kc-hostname=localhost
quarkus.kubernetes.env.vars.kc-proxy=edge
quarkus.kubernetes.env.vars.proxy-address-forwarding=true

在生成的 Kubernetes 清单中，这些环境变量出现在操作员容器：

    spec:
      containers:
        - env:
            ...
            - name: KC_HOSTNAME
              value: localhost
            - name: PROXY_ADDRESS_FORWARDING
              value: "true"
            ...
            - name: KC_PROXY
              value: edge
          image: keycloak/keycloak-operator:19.0.2
          imagePullPolicy: Always

但是，我需要将它们设置在应用容器，而不是。

这是对此的另一个验证。正在运行的操作员容器：

$ kubectl describe pod keycloak-operator --namespace=keycloak


Name:             keycloak-operator-6479dbc544-2wl4d
...
Controlled By:  ReplicaSet/keycloak-operator-6479dbc544
Containers:
  keycloak-operator:
    Image:          keycloak/keycloak-operator:19.0.2
    ...
    Environment:
      KUBERNETES_NAMESPACE:      keycloak (v1:metadata.namespace)
      KC_HOSTNAME:               localhost
      PROXY_ADDRESS_FORWARDING:  true
      OPERATOR_KEYCLOAK_IMAGE:   quay.io/keycloak/keycloak:nightly
      KC_PROXY:                  edge

并使用此处提供的应用程序清单 (https://www.keycloak.org/operator/basic-deployment#_deploying_keycloak) 这是正在运行的应用程序 pod：

$ kubectl describe pod example-kc --namespace=keycloak

Name:             example-kc-0
Namespace:        keycloak
...
Containers:
  keycloak:
    Container ID:  
    Image:         quay.io/keycloak/keycloak:nightly
    ...
    Environment:
      KC_CACHE_STACK:                 kubernetes
      KC_HEALTH_ENABLED:              true
      KC_CACHE:                       ispn
      KC_DB:                          postgres
      KC_DB_URL_HOST:                 postgres-db
      KC_DB_USERNAME:                 <set to the key 'username' in secret 'keycloak-db-secret'>        Optional: false
      KC_DB_PASSWORD:                 <set to the key 'password' in secret 'keycloak-db-secret'>        Optional: false
      KEYCLOAK_ADMIN:                 <set to the key 'username' in secret 'example-kc-initial-admin'>  Optional: false
      KEYCLOAK_ADMIN_PASSWORD:        <set to the key 'password' in secret 'example-kc-initial-admin'>  Optional: false
      jgroups.dns.query:              example-kc-discovery.keycloak
      KC_HOSTNAME:                    test.keycloak.org
      KC_HTTPS_CERTIFICATE_FILE:      /mnt/certificates/tls.crt
      KC_HTTPS_CERTIFICATE_KEY_FILE:  /mnt/certificates/tls.key
      KC_PROXY:                       passthrough

修改清单 (https://www.keycloak.org/operator/basic-deployment#_deploying_keycloak) 以将 hostname: test.keycloak.org 替换为 hostname: localhost做工作。但是对于其他环境变量KC_PROXY 和PROXY_ADDRESS_FORWARDING 呢？谢谢

【问题讨论】：

标签： kubernetes quarkus application.properties kubernetes-operator kubernetes-custom-resources

【解决方案1】：

您应该使用 unsupported 资源属性。例如：

apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
 ...
spec:
  unsupported:
    podTemplate:
      spec:
        containers:
          - name: keycloak
            env:
              - name: PROXY_ADDRESS_FORWARDING
                value: "true"

见kubectl explain Keycloak.spec.unsupported.podTemplate

KIND:     Keycloak
VERSION:  k8s.keycloak.org/v2alpha1

RESOURCE: podTemplate <Object>

DESCRIPTION:
     You can configure that will be merged with the one configured by default by the operator. 
     ...
     
FIELDS:   
     metadata <Object>

     spec <Object>

【讨论】：