diff --git a/keycloak/README.rst b/keycloak/README.rst new file mode 100644 index 0000000..4c8a40b --- /dev/null +++ b/keycloak/README.rst @@ -0,0 +1,15 @@ + + +Keycloak 17.0 image + +# Compose.yml + +keycloak: + docker-compose: + environment: + KEYCLOAK_ADMIN: "admin" + KEYCLOAK_ADMIN_PASSWORD: "CHANGEME" + relations: + web-proxy: + frontend: + domain: id.mydomain.fr diff --git a/keycloak/build/Dockerfile b/keycloak/build/Dockerfile new file mode 100644 index 0000000..deedd48 --- /dev/null +++ b/keycloak/build/Dockerfile @@ -0,0 +1,12 @@ +FROM quay.io/keycloak/keycloak:17.0.0 as builder + +ENV KC_METRICS_ENABLED=true +ENV KC_FEATURES=token-exchange +ENV KC_DB=postgres +RUN /opt/keycloak/bin/kc.sh build + +FROM quay.io/keycloak/keycloak:17.0.0 +COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/ +WORKDIR /opt/keycloak +ENV KC_LOG_LEVEL=INFO +ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"] diff --git a/keycloak/hooks/post_deploy b/keycloak/hooks/post_deploy deleted file mode 100755 index fa3546b..0000000 --- a/keycloak/hooks/post_deploy +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -## Init is run on host -## For now it is run every time the script is launched, but -## it should be launched only once after build. - -## Accessible variables are: -## - SERVICE_NAME Name of current service -## - DOCKER_BASE_IMAGE Base image from which this service might be built if any -## - SERVICE_DATASTORE Location on host of the DATASTORE of this service -## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service - -PASSWORD_SET_CONTROL="$SERVICE_CONFIGSTORE/.password-set-control" - -set -e - -if [ -e "$PASSWORD_SET_CONTROL" ]; then - exit 0 -fi - -containers=($(get_running_containers_for_service "$SERVICE_NAME")) -if [ "${#containers[@]}" == 0 ]; then - err "no containers found for service ${DARKYELLOW}$SERVICE_NAME${NORMAL}" - exit 1 -fi - -## It is not possible at first glance to reset password, so we decided -## to set to admin/admin. This means it is important to change the -## admin password as soon as possible. - -## XXXvlab: taking the first container -container_id="${containers[0]}" -docker exec "$container_id" \ - /opt/jboss/keycloak/bin/add-user-keycloak.sh \ - -u "admin" -p "admin" -docker restart "$container_id" -mkdir -p "${PASSWORD_SET_CONTROL%/*}" && touch "$PASSWORD_SET_CONTROL" diff --git a/keycloak/hooks/postgres_database-relation-joined b/keycloak/hooks/postgres_database-relation-joined index 672cc74..1f5c177 100755 --- a/keycloak/hooks/postgres_database-relation-joined +++ b/keycloak/hooks/postgres_database-relation-joined @@ -10,9 +10,8 @@ config-add "\ services: $MASTER_BASE_SERVICE_NAME: environment: - DB_VENDOR: postgres - DB_ADDR: \"$MASTER_TARGET_SERVICE_NAME\" - DB_DATABASE: \"$DBNAME\" - DB_PASSWORD: \"$PASSWORD\" - DB_USER: \"$USER\" + KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\" + KC_DB_USERNAME: \"$USER\" + KC_DB_PASSWORD: \"$PASSWORD\" + KC_DB: \"postgres\" " diff --git a/keycloak/hooks/web_proxy-relation-joined b/keycloak/hooks/web_proxy-relation-joined index 461a335..1151541 100755 --- a/keycloak/hooks/web_proxy-relation-joined +++ b/keycloak/hooks/web_proxy-relation-joined @@ -1,11 +1,17 @@ #!/bin/bash +DOMAIN=$(relation-get domain) || exit 1 + set -e config-add "\ services: $MASTER_BASE_SERVICE_NAME: environment: + KC_HOSTNAME: "$DOMAIN" PROXY_ADDRESS_FORWARDING: \"true\" + KC_PROXY: edge + KC_HTTP_ENABLED: \"true\" + KC_HOSTNAME_STRICT: \"false\" " diff --git a/keycloak/metadata.yml b/keycloak/metadata.yml index a2db5cb..6fe7d37 100644 --- a/keycloak/metadata.yml +++ b/keycloak/metadata.yml @@ -1,4 +1,5 @@ -docker-image: docker.0k.io/keycloak:16.1.1 ## jboss/keycloak:16.1.1 +#docker-image: docker.0k.io/keycloak:16.1.1 ## jboss/keycloak:16.1.1 +#docker-image: quay.io/keycloak/keycloak:17.0.0 default-options: