[UPD] bump keycloak to 17.0 and improve charm

keycloak/build/Dockerfile

@@ -0,0 +1,12 @@
+FROM quay.io/keycloak/keycloak:17.0.0 as builder
+
+ENV KC_METRICS_ENABLED=true
+ENV KC_FEATURES=token-exchange
+ENV KC_DB=postgres
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:17.0.0
+COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
+WORKDIR /opt/keycloak
+ENV KC_LOG_LEVEL=INFO
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

keycloak/hooks/postgres_database-relation-joined

@@ -10,9 +10,8 @@ config-add "\
 services:
   $MASTER_BASE_SERVICE_NAME:
     environment:
-      DB_VENDOR: postgres
-      DB_ADDR: \"$MASTER_TARGET_SERVICE_NAME\"
-      DB_DATABASE: \"$DBNAME\"
-      DB_PASSWORD: \"$PASSWORD\"
-      DB_USER: \"$USER\"
+      KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\"
+      KC_DB_USERNAME: \"$USER\"
+      KC_DB_PASSWORD: \"$PASSWORD\"
+      KC_DB: \"postgres\"
 "

keycloak/hooks/web_proxy-relation-joined

@@ -1,11 +1,17 @@
 #!/bin/bash
 
+DOMAIN=$(relation-get domain) || exit 1
+
 set -e
 
 config-add "\
 services:
   $MASTER_BASE_SERVICE_NAME:
     environment:
+      KC_HOSTNAME: "$DOMAIN"
       PROXY_ADDRESS_FORWARDING: \"true\"
+      KC_PROXY: edge
+      KC_HTTP_ENABLED: \"true\"
+      KC_HOSTNAME_STRICT: \"false\"
 "
 

keycloak/metadata.yml

@@ -1,4 +1,5 @@
-docker-image: docker.0k.io/keycloak:16.1.1  ## jboss/keycloak:16.1.1
+#docker-image: docker.0k.io/keycloak:16.1.1  ## jboss/keycloak:16.1.1
+#docker-image: quay.io/keycloak/keycloak:17.0.0
 
 default-options: