coop-cloud/keycloak
coop-cloud
/
keycloak
4
0
Fork 2
Code Issues 4 Pull Requests Releases 1 Wiki Activity

Compare commits

base: coop-cloud:master
Branches Tags
coop-cloud:master
coop-cloud:postgres
coop-cloud:dev
coop-cloud:arm64
coop-cloud:custom-theme-loading
coop-cloud:8.0.1+23.0.6
coop-cloud:8.0.0+23.0.0
coop-cloud:7.2.0+22.0.5
coop-cloud:7.1.0+22.0.5
coop-cloud:7.0.2+22.0.5
coop-cloud:7.0.1+22.0.4
coop-cloud:6.1.0+22.0.1
coop-cloud:7.0.0+22.0.1
coop-cloud:6.0.0+21.0.2
coop-cloud:5.1.0+20.0.3
coop-cloud:5.0.2+20.0.3
coop-cloud:5.0.1+20.0.3
coop-cloud:5.0.0+20.0.1
coop-cloud:4.0.1+16.1.1
coop-cloud:4.0.0+16.1.0
coop-cloud:3.0.0+15.0.2
coop-cloud:2.0.0+14.0.0
coop-cloud:1.0.0+13.0.1
..
compare: coop-cloud:arm64
Branches Tags
coop-cloud:master
coop-cloud:postgres
coop-cloud:dev
coop-cloud:arm64
coop-cloud:custom-theme-loading
coop-cloud:8.0.1+23.0.6
coop-cloud:8.0.0+23.0.0
coop-cloud:7.2.0+22.0.5
coop-cloud:7.1.0+22.0.5
coop-cloud:7.0.2+22.0.5
coop-cloud:7.0.1+22.0.4
coop-cloud:6.1.0+22.0.1
coop-cloud:7.0.0+22.0.1
coop-cloud:6.0.0+21.0.2
coop-cloud:5.1.0+20.0.3
coop-cloud:5.0.2+20.0.3
coop-cloud:5.0.1+20.0.3
coop-cloud:5.0.0+20.0.1
coop-cloud:4.0.1+16.1.1
coop-cloud:4.0.0+16.1.0
coop-cloud:3.0.0+15.0.2
coop-cloud:2.0.0+14.0.0
coop-cloud:1.0.0+13.0.1

1 Commits
master ... arm64

Author SHA1 Message Date
knoflook 2cc1b95c57
feat: first release for arm64 2021-12-03 14:35:12 +01:00
9 changed files with 29 additions and 114 deletions
Show Stats Expand all files Collapse all files

20
.drone.yml
View File

@ -3,12 +3,10 @@ kind: pipeline
name: deploy to swarm-test.autonomic.zone
steps:
- name: deployment
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
image: decentral1se/stack-ssh-deploy:latest
settings:
host: swarm-test.autonomic.zone
stack: keycloak
networks:
- proxy
generate_secrets: true
purge: true
deploy_key:
@ -25,17 +23,11 @@ trigger:
- master
---
kind: pipeline
name: generate recipe catalogue
name: recipe release
steps:
- name: release a new version
image: plugins/downstream
image: thecoopcloud/drone-abra:latest
settings:
server: https://build.coopcloud.tech
token:
from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag
command: recipe keycloak release
deploy_key:
from_secret: abra_bot_deploy_key

6
.env.sample
View File

@ -6,13 +6,7 @@ DOMAIN=keycloak.example.com
LETS_ENCRYPT_ENV=production
ADMIN_USERNAME=admin
WELCOME_THEME=keycloak
COMPOSE_FILE="compose.yml"
SECRET_DB_ROOT_PASSWORD_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
SECRET_ADMIN_PASSWORD_VERSION=v1
# Enable persistent theme volume, if you want to apply a custom theme
#COMPOSE_FILE="$COMPOSE_FILE:compose.theme.yml"

29
README.md
View File

@ -6,12 +6,12 @@
<!-- metadata -->
* **Category**: Apps
* **Status**: 2, beta
* **Image**: [`jboss/keycloak`](https://hub.docker.com/r/jboss/keycloak), 4, upstream
* **Status**: ❷💛
* **Image**: [`jboss/keycloak`](https://hub.docker.com/r/jboss/keycloak), ❶💚, upstream
* **Healthcheck**: Yes
* **Backups**: ?
* **Email**: 1
* **Tests**: 2
* **Email**: ❸🍎
* **Tests**: ❷💛
* **SSO**: N/A
<!-- endmetadata -->
@ -21,26 +21,9 @@
2. Deploy [`coop-cloud/traefik`][cc-traefik]
3. `abra app new keycloak --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`)
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box
5. `abra app deploy YOURAPPDOMAIN`
5. `abra app YOURAPPDOMAIN deploy`
## How do I setup a custom theme?
Check [this approach](https://git.autonomic.zone/ruangrupa/login.lumbung.space).
## How do I create another admin user?
- Under the `Master` realm > `Users` > `Add user`
- Create the user and set a temporary password
- Under the `Role Mappings` tab, move `admin` from `Available Roles` into `Assigned Roles`
## How do I configure Keycloak login for..
- [Nextcloud][nextcloud]
- [Peertube][peertube]
[nextcloud]: https://git.coopcloud.tech/coop-cloud/nextcloud
[peertube]: https://git.coopcloud.tech/coop-cloud/peertube
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik

10
compose.theme.yml
View File

@ -1,10 +0,0 @@
---
version: "3.8"
services:
app:
volumes:
- "themes:/opt/keycloak/themes"
volumes:
themes:

50
compose.yml
View File

@ -3,9 +3,7 @@ version: "3.8"
services:
app:
image: "keycloak/keycloak:23.0.6"
entrypoint: >
bash -c "KEYCLOAK_ADMIN_PASSWORD=\"$$(cat /run/secrets/admin_password)\" KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
image: "mihaibob/keycloak:15.0.1"
networks:
- proxy
- internal
@ -13,24 +11,20 @@ services:
- admin_password
- db_password
environment:
- KC_DB=mariadb
- KC_DB_URL_DATABASE=keycloak
- KC_DB_URL_HOST=db
- KC_HOSTNAME=${DOMAIN}
- KC_PROXY=edge
- KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
- KEYCLOAK_ADMIN=${ADMIN_USERNAME}
- KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
# NOTE(3wc): disabled due to missing curl binary, see
# https://git.coopcloud.tech/coop-cloud/keycloak/issues/15
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:8080"]
# interval: 30s
# timeout: 10s
# retries: 10
# start_period: 1m
volumes:
- "providers:/opt/keycloak/providers"
- DB_ADDR=db
- DB_DATABASE=keycloak
- DB_PASSWORD_FILE=/run/secrets/db_password
- DB_USER=keycloak
- DB_VENDOR=mariadb
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
- KEYCLOAK_USER=${ADMIN_USERNAME}
- PROXY_ADDRESS_FORWARDING=true
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080"]
interval: 30s
timeout: 10s
retries: 10
start_period: 1m
depends_on:
- mariadb
deploy:
@ -46,10 +40,10 @@ services:
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=8.0.1+23.0.6"
- "coop-cloud.${STACK_NAME}.version=3.0.0+15.0.2"
db:
image: "mariadb:11.2"
image: "mariadb:10.6"
environment:
- MYSQL_DATABASE=keycloak
- MYSQL_USER=keycloak
@ -62,15 +56,6 @@ services:
- "mariadb:/var/lib/mysql"
networks:
- internal
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.path: "/tmp/dump.sql.gz"
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'"
backupbot.restore.pre-hook: "sh -c 'cd /tmp && gzip -d dump.sql.gz'"
backupbot.restore: "true"
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak < /tmp/dump.sql && rm -f /tmp/dump.sql'"
networks:
internal:
@ -90,4 +75,3 @@ secrets:
volumes:
mariadb:
providers:

12
release/4.0.0+16.1.0
View File

@ -1,12 +0,0 @@
This major release comes with a blog post about a CVE:
https://www.keycloak.org/2021/12/cve.html
Not all versions are affected but they're suggesting that people upgrade soon.
As per usual, this upgrade didn't go too smoothly and I ended up having to
undeploy and deploy the new versions. The healtcheck kept failing on the new
instance when trying to deploy alongside the existing old version. Idk, some
docker weirdness.
No app data errors discovered after upgrade.

9
release/5.0.0+20.0.1
View File

@ -1,9 +0,0 @@
You'll need to remove `/auth/` from your app SSO URLs, e.g.
https://foo.example.com/auth/realms/foo/protocol/openid-connect/auth
Would become:
https://foo.example.com/realms/foo/protocol/openid-connect/auth
-- decentral1se @ Autonomic

2
release/6.0.0+21.0.2
View File

@ -1,2 +0,0 @@
Healthchecks are disabled, see
https://git.coopcloud.tech/coop-cloud/keycloak/issues/15

5
release/7.2.0+22.0.5
View File

@ -1,5 +0,0 @@
A persistent volume for themes is now optional, and not enabled by default.
If you are using a custom theme, consult the recipe `.env.sample` to see the new
variables you need to add. You can use `abra app check ...` to verify that
they've been added correctly.