diff --git a/keycloak/README.rst b/keycloak/README.rst new file mode 100644 index 0000000..f3b5be9 --- /dev/null +++ b/keycloak/README.rst @@ -0,0 +1,32 @@ +Description +=========== + +Using ``keycloak`` version 17.0 + + +Usage +===== + +To start with ``keycloak``, just put this service in your +``compose.yml`` + + keycloak: + options: + admin-password: CHANGEME + relations: + web-proxy: + frontend: + domain: id.mydomain.fr + +Customize theme +=============== + +You can customize theme by putting your theme in +``/srv/datastore/data/keycloak/opt/keycloak/themes`` + +For example copy the material folder from +https://github.com/MAXIMUS-DeltaWare/material-keycloak-theme and +restart ``keycloak``. + +Then go to your admin console, log in and go to the realm/themes part +to choose you new theme diff --git a/keycloak/build/Dockerfile b/keycloak/build/Dockerfile new file mode 100644 index 0000000..deedd48 --- /dev/null +++ b/keycloak/build/Dockerfile @@ -0,0 +1,12 @@ +FROM quay.io/keycloak/keycloak:17.0.0 as builder + +ENV KC_METRICS_ENABLED=true +ENV KC_FEATURES=token-exchange +ENV KC_DB=postgres +RUN /opt/keycloak/bin/kc.sh build + +FROM quay.io/keycloak/keycloak:17.0.0 +COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/ +WORKDIR /opt/keycloak +ENV KC_LOG_LEVEL=INFO +ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"] diff --git a/keycloak/hooks/post_deploy b/keycloak/hooks/post_deploy deleted file mode 100755 index fa3546b..0000000 --- a/keycloak/hooks/post_deploy +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -## Init is run on host -## For now it is run every time the script is launched, but -## it should be launched only once after build. - -## Accessible variables are: -## - SERVICE_NAME Name of current service -## - DOCKER_BASE_IMAGE Base image from which this service might be built if any -## - SERVICE_DATASTORE Location on host of the DATASTORE of this service -## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service - -PASSWORD_SET_CONTROL="$SERVICE_CONFIGSTORE/.password-set-control" - -set -e - -if [ -e "$PASSWORD_SET_CONTROL" ]; then - exit 0 -fi - -containers=($(get_running_containers_for_service "$SERVICE_NAME")) -if [ "${#containers[@]}" == 0 ]; then - err "no containers found for service ${DARKYELLOW}$SERVICE_NAME${NORMAL}" - exit 1 -fi - -## It is not possible at first glance to reset password, so we decided -## to set to admin/admin. This means it is important to change the -## admin password as soon as possible. - -## XXXvlab: taking the first container -container_id="${containers[0]}" -docker exec "$container_id" \ - /opt/jboss/keycloak/bin/add-user-keycloak.sh \ - -u "admin" -p "admin" -docker restart "$container_id" -mkdir -p "${PASSWORD_SET_CONTROL%/*}" && touch "$PASSWORD_SET_CONTROL" diff --git a/keycloak/hooks/postgres_database-relation-joined b/keycloak/hooks/postgres_database-relation-joined index 672cc74..1f5c177 100755 --- a/keycloak/hooks/postgres_database-relation-joined +++ b/keycloak/hooks/postgres_database-relation-joined @@ -10,9 +10,8 @@ config-add "\ services: $MASTER_BASE_SERVICE_NAME: environment: - DB_VENDOR: postgres - DB_ADDR: \"$MASTER_TARGET_SERVICE_NAME\" - DB_DATABASE: \"$DBNAME\" - DB_PASSWORD: \"$PASSWORD\" - DB_USER: \"$USER\" + KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\" + KC_DB_USERNAME: \"$USER\" + KC_DB_PASSWORD: \"$PASSWORD\" + KC_DB: \"postgres\" " diff --git a/keycloak/hooks/web_proxy-relation-joined b/keycloak/hooks/web_proxy-relation-joined index 461a335..cb7bd03 100755 --- a/keycloak/hooks/web_proxy-relation-joined +++ b/keycloak/hooks/web_proxy-relation-joined @@ -1,11 +1,16 @@ #!/bin/bash +DOMAIN=$(relation-get domain) || exit 1 + set -e config-add "\ services: $MASTER_BASE_SERVICE_NAME: environment: - PROXY_ADDRESS_FORWARDING: \"true\" + KC_HOSTNAME: "$DOMAIN" + KC_PROXY: edge + KC_HTTP_ENABLED: \"true\" + KC_HOSTNAME_STRICT: \"false\" " diff --git a/keycloak/metadata.yml b/keycloak/metadata.yml index a2db5cb..9f3ad3f 100644 --- a/keycloak/metadata.yml +++ b/keycloak/metadata.yml @@ -1,4 +1,6 @@ -docker-image: docker.0k.io/keycloak:16.1.1 ## jboss/keycloak:16.1.1 + +data-resources: + - /opt/keycloak/themes default-options: