Browse Source

[UPD] bump keycloak to 17.0 and improve charm

default 3 years ago
parent
commit
2f218dc9ab
  1. 15
      keycloak/README.rst
  2. 12
      keycloak/build/Dockerfile
  3. 37
      keycloak/hooks/post_deploy
  4. 9
      keycloak/hooks/postgres_database-relation-joined
  5. 6
      keycloak/hooks/web_proxy-relation-joined
  6. 3
      keycloak/metadata.yml

15
keycloak/README.rst

@ -0,0 +1,15 @@
Keycloak 17.0 image
# Compose.yml
keycloak:
docker-compose:
environment:
KEYCLOAK_ADMIN: "admin"
KEYCLOAK_ADMIN_PASSWORD: "CHANGEME"
relations:
web-proxy:
frontend:
domain: id.mydomain.fr

12
keycloak/build/Dockerfile

@ -0,0 +1,12 @@
FROM quay.io/keycloak/keycloak:17.0.0 as builder
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:17.0.0
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak
ENV KC_LOG_LEVEL=INFO
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

37
keycloak/hooks/post_deploy

@ -1,37 +0,0 @@
#!/bin/bash
## Init is run on host
## For now it is run every time the script is launched, but
## it should be launched only once after build.
## Accessible variables are:
## - SERVICE_NAME Name of current service
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service
PASSWORD_SET_CONTROL="$SERVICE_CONFIGSTORE/.password-set-control"
set -e
if [ -e "$PASSWORD_SET_CONTROL" ]; then
exit 0
fi
containers=($(get_running_containers_for_service "$SERVICE_NAME"))
if [ "${#containers[@]}" == 0 ]; then
err "no containers found for service ${DARKYELLOW}$SERVICE_NAME${NORMAL}"
exit 1
fi
## It is not possible at first glance to reset password, so we decided
## to set to admin/admin. This means it is important to change the
## admin password as soon as possible.
## XXXvlab: taking the first container
container_id="${containers[0]}"
docker exec "$container_id" \
/opt/jboss/keycloak/bin/add-user-keycloak.sh \
-u "admin" -p "admin"
docker restart "$container_id"
mkdir -p "${PASSWORD_SET_CONTROL%/*}" && touch "$PASSWORD_SET_CONTROL"

9
keycloak/hooks/postgres_database-relation-joined

@ -10,9 +10,8 @@ config-add "\
services:
$MASTER_BASE_SERVICE_NAME:
environment:
DB_VENDOR: postgres
DB_ADDR: \"$MASTER_TARGET_SERVICE_NAME\"
DB_DATABASE: \"$DBNAME\"
DB_PASSWORD: \"$PASSWORD\"
DB_USER: \"$USER\"
KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\"
KC_DB_USERNAME: \"$USER\"
KC_DB_PASSWORD: \"$PASSWORD\"
KC_DB: \"postgres\"
"

6
keycloak/hooks/web_proxy-relation-joined

@ -1,11 +1,17 @@
#!/bin/bash
DOMAIN=$(relation-get domain) || exit 1
set -e
config-add "\
services:
$MASTER_BASE_SERVICE_NAME:
environment:
KC_HOSTNAME: "$DOMAIN"
PROXY_ADDRESS_FORWARDING: \"true\"
KC_PROXY: edge
KC_HTTP_ENABLED: \"true\"
KC_HOSTNAME_STRICT: \"false\"
"

3
keycloak/metadata.yml

@ -1,4 +1,5 @@
docker-image: docker.0k.io/keycloak:16.1.1 ## jboss/keycloak:16.1.1
#docker-image: docker.0k.io/keycloak:16.1.1 ## jboss/keycloak:16.1.1
#docker-image: quay.io/keycloak/keycloak:17.0.0
default-options:

Loading…
Cancel
Save