Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-02-19 05:27:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/keycloak] Release 23.0.4-debian-11-r1 (#55028)

Browse Source 
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot
2024-01-19 23:47:43 +01:00
committed by GitHub
parent 7403dfe76a
commit 9126abe189
3 changed files with 61 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bitnami/keycloak/23/debian-11/Dockerfile
View File

@@ -8,10 +8,10 @@ ARG TARGETARCH
LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
org.opencontainers.image.created="2024-01-08T15:56:28Z" \
org.opencontainers.image.created="2024-01-19T21:48:55Z" \
org.opencontainers.image.description="Application packaged by VMware, Inc" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="23.0.4-debian-11-r0" \
org.opencontainers.image.ref.name="23.0.4-debian-11-r1" \
org.opencontainers.image.title="keycloak" \
org.opencontainers.image.vendor="VMware, Inc." \
org.opencontainers.image.version="23.0.4"
@@ -27,8 +27,8 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
RUN install_packages ca-certificates curl krb5-user libaio1 procps zlib1g
RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
COMPONENTS=( \
"wait-for-port-1.0.7-4-linux-${OS_ARCH}-debian-11" \
"java-17.0.9-11-6-linux-${OS_ARCH}-debian-11" \
"wait-for-port-1.0.7-5-linux-${OS_ARCH}-debian-11" \
"java-17.0.10-13-0-linux-${OS_ARCH}-debian-11" \
"keycloak-23.0.4-0-linux-${OS_ARCH}-debian-11" \
) ; \
for COMPONENT in "${COMPONENTS[@]}"; do \
@@ -43,6 +43,7 @@ RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
RUN apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN chmod g+rwX /opt/bitnami
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
COPY rootfs /
RUN /opt/bitnami/scripts/java/postunpack.sh

4
bitnami/keycloak/23/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
View File

@@ -3,7 +3,7 @@
"arch": "amd64",
"distro": "debian-11",
"type": "NAMI",
"version": "17.0.9-11-6"
"version": "17.0.10-13-0"
},
"keycloak": {
"arch": "amd64",
@@ -15,6 +15,6 @@
"arch": "amd64",
"distro": "debian-11",
"type": "NAMI",
"version": "1.0.7-4"
"version": "1.0.7-5"
}
}

91
bitnami/keycloak/README.md
View File

@@ -13,13 +13,6 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
docker run --name keycloak bitnami/keycloak:latest
```
### Docker Compose
```console
curl -LO https://raw.githubusercontent.com/bitnami/containers/main/bitnami/keycloak/docker-compose.yml
docker-compose up
```
**Warning**: This quick setup is only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Configuration](#configuration) section for a more secure deployment.
## Why use Bitnami Images?
@@ -73,39 +66,57 @@ docker build -t bitnami/APP:latest .
## Configuration
### Admin credentials
### Environment variables
The Bitnami Keycloak container can create a default admin user by setting the following environment variables:
#### Customizable environment variables
* `KEYCLOAK_CREATE_ADMIN_USER`: Create administrator user on boot. Default: **true**.
* `KEYCLOAK_ADMIN_USER`: Administrator default user. Default: **user**.
* `KEYCLOAK_ADMIN_PASSWORD`: Administrator default password. Default: **bitnami**.
| Name | Description | Default Value |
|------------------------------------|-----------------------------------------------------------------------------------------------|-------------------------------|
| `KEYCLOAK_MOUNTED_CONF_DIR` | Directory for including custom configuration files (that override the default generated ones) | `${KEYCLOAK_VOLUME_DIR}/conf` |
| `KEYCLOAK_ADMIN` | Keycloak administrator user | `user` |
| `KEYCLOAK_ADMIN_PASSWORD` | Keycloak administrator password | `bitnami` |
| `KEYCLOAK_HTTP_RELATIVE_PATH` | Set the path relative to "/" for serving resources. | `/` |
| `KEYCLOAK_HTTP_PORT` | HTTP port | `8080` |
| `KEYCLOAK_HTTPS_PORT` | HTTPS port | `8443` |
| `KEYCLOAK_BIND_ADDRESS` | Bind address | `$(hostname --fqdn)` |
| `KEYCLOAK_INIT_MAX_RETRIES` | Maximum retries for checking that the database works | `10` |
| `KEYCLOAK_CACHE_TYPE` | Defines the cache mechanism for high-availability. | `ispn` |
| `KEYCLOAK_ENABLE_STATISTICS` | Enable metrics for the database | `false` |
| `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS` | Enable health endpoints | `false` |
| `KEYCLOAK_ENABLE_HTTPS` | Enable SSL certificates | `false` |
| `KEYCLOAK_HTTPS_USE_PEM` | Set to true to configure HTTPS using PEM certificates | `false` |
| `KEYCLOAK_LOG_LEVEL` | Keycloak log level | `info` |
| `KEYCLOAK_LOG_OUTPUT` | Keycloak log output | `default` |
| `KEYCLOAK_ROOT_LOG_LEVEL` | Keycloak root log level | `INFO` |
| `KEYCLOAK_PROXY` | Keycloak type proxy | `passthrough` |
| `KEYCLOAK_PRODUCTION` | Run in production mode | `false` |
| `KEYCLOAK_DATABASE_VENDOR` | Database vendor | `postgresql` |
| `KEYCLOAK_DATABASE_HOST` | Database backend hostname | `postgresql` |
| `KEYCLOAK_DATABASE_PORT` | Database backend port | `5432` |
| `KEYCLOAK_DATABASE_USER` | Database backend username | `bn_keycloak` |
| `KEYCLOAK_DATABASE_NAME` | Database name | `bitnami_keycloak` |
| `KEYCLOAK_DATABASE_SCHEMA` | PostgreSQL database schema | `public` |
| `KEYCLOAK_DAEMON_USER` | Keycloak daemon user when running as root | `keycloak` |
| `KEYCLOAK_DAEMON_GROUP` | Keycloak daemon group when running as root | `keycloak` |
### Connecting to a database
#### Read-only environment variables
The Bitnami Keycloak container can connect to a database by setting the following environment variables:
* `KEYCLOAK_DATABASE_VENDOR`: Database vendor. Default: **postgresql**. Use **dev-mem** or **dev-file** to use an in-memory or file-based database for development purposes.
### PostgreSQL database connection configuration
The Bitnami Keycloak container requires a PostgreSQL database to work. This is configured with the following environment variables:
* `KEYCLOAK_DATABASE_HOST`: PostgreSQL host. Default: **postgresql**.
* `KEYCLOAK_DATABASE_PORT`: PostgreSQL port. Default: **5432**.
* `KEYCLOAK_DATABASE_NAME`: PostgreSQL database name. Default: **bitnami_keycloak**.
* `KEYCLOAK_DATABASE_USER`: PostgreSQL database user. Default: **bn_keycloak**.
* `KEYCLOAK_DATABASE_PASSWORD`: PostgreSQL database password. No defaults.
* `KEYCLOAK_DATABASE_SCHEMA`: PostgreSQL database schema. Default: **public**.
* `KEYCLOAK_JDBC_PARAMS`: PostgreSQL database JDBC parameters (example: `sslmode=verify-full&connectTimeout=30000`). No defaults.
### Port and address binding
The listening port and listening address can be configured with the following environment variables:
* `KEYCLOAK_HTTP_PORT`: Keycloak HTTP port. Default: **8080**.
* `KEYCLOAK_HTTPS_PORT`: Keycloak HTTPS port. Default: **8443**.
* `KEYCLOAK_BIND_ADDRESS`: Keycloak bind address. Default: **0.0.0.0**.
| Name | Description | Value |
|------------------------------|---------------------------------------------------------|---------------------------------|
| `BITNAMI_VOLUME_DIR` | Directory where to mount volumes. | `/bitnami` |
| `JAVA_HOME` | Java installation directory | `/opt/bitnami/java` |
| `KEYCLOAK_BASE_DIR` | Keycloak base directory | `/opt/bitnami/keycloak` |
| `KEYCLOAK_BIN_DIR` | Keycloak bin directory | `$KEYCLOAK_BASE_DIR/bin` |
| `KEYCLOAK_PROVIDERS_DIR` | Keycloak Wildfly extensions directory | `$KEYCLOAK_BASE_DIR/providers` |
| `KEYCLOAK_LOG_DIR` | Keycloak bin directory | `$KEYCLOAK_PROVIDERS_DIR/log` |
| `KEYCLOAK_TMP_DIR` | Keycloak tmp directory | `$KEYCLOAK_PROVIDERS_DIR/tmp` |
| `KEYCLOAK_DOMAIN_TMP_DIR` | Keycloak tmp directory | `$KEYCLOAK_BASE_DIR/domain/tmp` |
| `WILDFLY_BASE_DIR` | Wildfly base directory | `/opt/bitnami/wildfly` |
| `KEYCLOAK_VOLUME_DIR` | Path to keycloak mount directory | `/bitnami/keycloak` |
| `KEYCLOAK_CONF_DIR` | Keycloak configuration directory | `$KEYCLOAK_BASE_DIR/conf` |
| `KEYCLOAK_INITSCRIPTS_DIR` | Path to keycloak init scripts directory | `/docker-entrypoint-initdb.d` |
| `KEYCLOAK_CONF_FILE` | Name of the keycloak configuration file (relative path) | `keycloak.conf` |
| `KEYCLOAK_DEFAULT_CONF_FILE` | Name of the keycloak configuration file (relative path) | `keycloak.conf` |
### Extra arguments to Keycloak startup
@@ -210,7 +221,7 @@ The Bitnami Keycloak container can activate different set of statistics (databas
### Enabling health endpoints
The Bitnami Keycloak container can activate several endpoints providing information about the health of Keycloak, by setting the environment variable `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS=true`.
The Bitnami Keycloak container can activate several endpoints providing information about the health of Keycloak, by setting the environment variable `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS=true`.
See [the official documentation](https://www.keycloak.org/server/health) for more information about these endpoints.
### Full configuration
@@ -252,6 +263,12 @@ After that, your changes will be taken into account in the server's behaviour.
Keycloak 17 is powered by Quarkus and to deploy it in production mode it is necessary to set up TLS.
To do this you need to set `KEYCLOAK_PRODUCTION` to **true** and configure TLS
## Using `docker-compose.yaml`
Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/keycloak).
If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md).
## Contributing
We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution.