wiki-cafe/keycloak
0
0
Fork 0
forked from coop-cloud/keycloak
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keep up with Coop Cloud #1

Merged
cgalo5758 merged 15 commits from coop-cloud/keycloak:master into master 2023-08-13 02:04:53 +00:00
Conversation 0 Commits 15 Files Changed 5 +57 -26
5 changed files with 57 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.drone.yml
View File

@ -3,10 +3,12 @@ kind: pipeline
name: deploy to swarm-test.autonomic.zone name: deploy to swarm-test.autonomic.zone
steps: steps:
- name: deployment - name: deployment
image: decentral1se/stack-ssh-deploy:latest image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
settings: settings:
host: swarm-test.autonomic.zone host: swarm-test.autonomic.zone
stack: keycloak stack: keycloak
networks:
- proxy
generate_secrets: true generate_secrets: true
purge: true purge: true
deploy_key: deploy_key:
@ -23,11 +25,17 @@ trigger:
- master - master
--- ---
kind: pipeline kind: pipeline
name: recipe release name: generate recipe catalogue
steps: steps:
- name: release a new version - name: release a new version
image: thecoopcloud/drone-abra:latest image: plugins/downstream
settings: settings:
command: recipe keycloak release server: https://build.coopcloud.tech
deploy_key: token:
from_secret: abra_bot_deploy_key from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

4
README.md
View File

@ -21,9 +21,9 @@
2. Deploy [`coop-cloud/traefik`][cc-traefik] 2. Deploy [`coop-cloud/traefik`][cc-traefik]
3. `abra app new keycloak --secrets` (optionally with `--pass` if you'd like 3. `abra app new keycloak --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`) to save secrets in `pass`)
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to 4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy` 5. `abra app deploy YOURAPPDOMAIN`
## How do I setup a custom theme? ## How do I setup a custom theme?

48
compose.yml
View File

@ -3,7 +3,9 @@ version: "3.8"
services: services:
app: app:
image: "jboss/keycloak:16.1.1" image: "keycloak/keycloak:22.0.1"
entrypoint: >
bash -c "KEYCLOAK_ADMIN_PASSWORD=\"$$(cat /run/secrets/admin_password)\" KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
networks: networks:
- proxy - proxy
- internal - internal
@ -11,23 +13,24 @@ services:
- admin_password - admin_password
- db_password - db_password
environment: environment:
- DB_ADDR=db - KC_DB=mariadb
- DB_DATABASE=keycloak - KC_DB_URL_DATABASE=keycloak
- DB_PASSWORD_FILE=/run/secrets/db_password - KC_DB_URL_HOST=db
- DB_USER=keycloak - KC_HOSTNAME=${DOMAIN}
- DB_VENDOR=mariadb - KC_PROXY=edge
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password - KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
- KEYCLOAK_USER=${ADMIN_USERNAME} - KEYCLOAK_ADMIN=${ADMIN_USERNAME}
- KEYCLOAK_WELCOME_THEME=${WELCOME_THEME} - KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
- PROXY_ADDRESS_FORWARDING=true # NOTE(3wc): disabled due to missing curl binary, see
healthcheck: # https://git.coopcloud.tech/coop-cloud/keycloak/issues/15
test: ["CMD", "curl", "-f", "http://localhost:8080"] # healthcheck:
interval: 30s # test: ["CMD", "curl", "-f", "http://localhost:8080"]
timeout: 10s # interval: 30s
retries: 10 # timeout: 10s
start_period: 1m # retries: 10
# start_period: 1m
volumes: volumes:
- "themes:/opt/jboss/keycloak/themes" - "themes:/opt/keycloak/themes"
depends_on: depends_on:
- mariadb - mariadb
deploy: deploy:
@ -43,10 +46,10 @@ services:
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=4.0.1+16.1.1" - "coop-cloud.${STACK_NAME}.version=7.0.0+22.0.1"
db: db:
image: "mariadb:10.6" image: "mariadb:10.11"
environment: environment:
- MYSQL_DATABASE=keycloak - MYSQL_DATABASE=keycloak
- MYSQL_USER=keycloak - MYSQL_USER=keycloak
@ -59,6 +62,15 @@ services:
- "mariadb:/var/lib/mysql" - "mariadb:/var/lib/mysql"
networks: networks:
- internal - internal
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.path: "/tmp/dump.sql.gz"
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'"
backupbot.restore.pre-hook: "sh -c 'cd /tmp && gzip -d dump.sql.gz'"
backupbot.restore: "true"
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak < /tmp/dump.sql && rm -f /tmp/dump.sql'"
networks: networks:
internal: internal:

9
release/5.0.0+20.0.1 Normal file
View File

@ -0,0 +1,9 @@
You'll need to remove `/auth/` from your app SSO URLs, e.g.
https://foo.example.com/auth/realms/foo/protocol/openid-connect/auth
Would become:
https://foo.example.com/realms/foo/protocol/openid-connect/auth
-- decentral1se @ Autonomic

2
release/6.0.0+21.0.2 Normal file
View File

@ -0,0 +1,2 @@
Healthchecks are disabled, see
https://git.coopcloud.tech/coop-cloud/keycloak/issues/15