Browse Source

chg: [keycloak] upgrade to version ``17.0``

Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
nj-keycloak-17.0
Valentin Lab 3 years ago
parent
commit
0552ca1061
  1. 32
      keycloak/README.rst
  2. 12
      keycloak/build/Dockerfile
  3. 37
      keycloak/hooks/post_deploy
  4. 9
      keycloak/hooks/postgres_database-relation-joined
  5. 7
      keycloak/hooks/web_proxy-relation-joined
  6. 4
      keycloak/metadata.yml

32
keycloak/README.rst

@ -0,0 +1,32 @@
Description
===========
Using ``keycloak`` version 17.0
Usage
=====
To start with ``keycloak``, just put this service in your
``compose.yml``::
keycloak:
options:
admin-password: CHANGEME
relations:
web-proxy:
frontend:
domain: id.mydomain.fr
Customize theme
===============
You can customize theme by putting your theme in
``/srv/datastore/data/keycloak/opt/keycloak/themes``
For example copy the material folder from
https://github.com/MAXIMUS-DeltaWare/material-keycloak-theme and
restart ``keycloak``.
Then go to your admin console, log in and go to the realm/themes part
to choose you new theme

12
keycloak/build/Dockerfile

@ -0,0 +1,12 @@
FROM quay.io/keycloak/keycloak:17.0.0 as builder
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:17.0.0
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak
ENV KC_LOG_LEVEL=INFO
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

37
keycloak/hooks/post_deploy

@ -1,37 +0,0 @@
#!/bin/bash
## Init is run on host
## For now it is run every time the script is launched, but
## it should be launched only once after build.
## Accessible variables are:
## - SERVICE_NAME Name of current service
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service
PASSWORD_SET_CONTROL="$SERVICE_CONFIGSTORE/.password-set-control"
set -e
if [ -e "$PASSWORD_SET_CONTROL" ]; then
exit 0
fi
containers=($(get_running_containers_for_service "$SERVICE_NAME"))
if [ "${#containers[@]}" == 0 ]; then
err "no containers found for service ${DARKYELLOW}$SERVICE_NAME${NORMAL}"
exit 1
fi
## It is not possible at first glance to reset password, so we decided
## to set to admin/admin. This means it is important to change the
## admin password as soon as possible.
## XXXvlab: taking the first container
container_id="${containers[0]}"
docker exec "$container_id" \
/opt/jboss/keycloak/bin/add-user-keycloak.sh \
-u "admin" -p "admin"
docker restart "$container_id"
mkdir -p "${PASSWORD_SET_CONTROL%/*}" && touch "$PASSWORD_SET_CONTROL"

9
keycloak/hooks/postgres_database-relation-joined

@ -10,9 +10,8 @@ config-add "\
services: services:
$MASTER_BASE_SERVICE_NAME: $MASTER_BASE_SERVICE_NAME:
environment: environment:
DB_VENDOR: postgres
DB_ADDR: \"$MASTER_TARGET_SERVICE_NAME\"
DB_DATABASE: \"$DBNAME\"
DB_PASSWORD: \"$PASSWORD\"
DB_USER: \"$USER\"
KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\"
KC_DB_USERNAME: \"$USER\"
KC_DB_PASSWORD: \"$PASSWORD\"
KC_DB: \"postgres\"
" "

7
keycloak/hooks/web_proxy-relation-joined

@ -1,11 +1,16 @@
#!/bin/bash #!/bin/bash
DOMAIN=$(relation-get domain) || exit 1
set -e set -e
config-add "\ config-add "\
services: services:
$MASTER_BASE_SERVICE_NAME: $MASTER_BASE_SERVICE_NAME:
environment: environment:
PROXY_ADDRESS_FORWARDING: \"true\"
KC_HOSTNAME: "$DOMAIN"
KC_PROXY: edge
KC_HTTP_ENABLED: \"true\"
KC_HOSTNAME_STRICT: \"false\"
" "

4
keycloak/metadata.yml

@ -1,4 +1,6 @@
docker-image: docker.0k.io/keycloak:16.1.1 ## jboss/keycloak:16.1.1
data-resources:
- /opt/keycloak/themes
default-options: default-options:

Loading…
Cancel
Save