From 29f9aa3e38d7b84d0baa0f0aa645cfb4ac729ab5 Mon Sep 17 00:00:00 2001 From: stianst Date: Mon, 31 Jan 2022 07:29:58 +0100 Subject: [PATCH] Moved server-x container to https://github.com/keycloak/keycloak/tree/main/quarkus/container. Updated tags for legacy distribution to include :legacy Closes #370 --- .github/workflows/ci.yaml | 22 ----- README.md | 13 ++- .../keycloak-mariadb-jdbc-ping.yml | 2 +- docker-compose-examples/keycloak-mssql.yml | 2 +- docker-compose-examples/keycloak-mysql.yml | 2 +- docker-compose-examples/keycloak-oracle.yml | 2 +- .../keycloak-postgres-jdbc-ping.yml | 2 +- docker-compose-examples/keycloak-postgres.yml | 2 +- .../keycloak-https-mutual-tls.json | 2 +- openshift-examples/keycloak-https.json | 2 +- server-x/.gitignore | 1 - server-x/Dockerfile | 34 -------- server-x/README.md | 87 +------------------ server/README.md | 36 ++++---- 14 files changed, 37 insertions(+), 172 deletions(-) delete mode 100644 .github/workflows/ci.yaml delete mode 100644 server-x/.gitignore delete mode 100644 server-x/Dockerfile diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 7f1fda09c6..0000000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: ci - -on: [push, pull_request] - -jobs: - keycloak-build-docker: - name: Build and test Keycloak Docker images - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Build the Keycloak.X image - run: | - cd server-x - docker build . -t keycloakx - - - name: Test the Keycloak.X image - run: | - docker run --rm --name keycloak -p 8080:8080 keycloakx start-dev & - timeout 300s bash -c 'until curl --fail localhost:8080; do sleep 2; done' diff --git a/README.md b/README.md index 7eb3494747..34e4730c02 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,9 @@ Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. -This repository contains Docker images related to Keycloak. +This repository contains Docker images related to the legacy WildFly distribution of Keycloak. - [keycloak](https://hub.docker.com/r/jboss/keycloak) Keycloak server -- [keycloak-adapter-wildfly](https://hub.docker.com/r/jboss/keycloak-adapter-wildfly) WildFly including Keycloak adapter ## Help and Documentation @@ -30,9 +29,15 @@ Please remember to provide a good summary, description as well as steps to repro To run Keycloak, run: - docker run jboss/keycloak + docker run quay.io/keycloak/keycloak + +Or, to run the legacy WildFly distribution, run: + + docker run quay.io/keycloak/keycloak:legacy + +For more details refer to the [container guide](https://www.keycloak.org/server/container). -For more details refer to the [Keycloak server image documentation](server/README.md). +Or, for the legacy WildFly distribution refer to the [Keycloak server image documentation](server/README.md). ## Contributing diff --git a/docker-compose-examples/keycloak-mariadb-jdbc-ping.yml b/docker-compose-examples/keycloak-mariadb-jdbc-ping.yml index 93d16b1b42..347face618 100644 --- a/docker-compose-examples/keycloak-mariadb-jdbc-ping.yml +++ b/docker-compose-examples/keycloak-mariadb-jdbc-ping.yml @@ -18,7 +18,7 @@ services: healthcheck: test: ["CMD", "mysqladmin", "ping", "--silent"] keycloak: - image: quay.io/keycloak/keycloak:latest + image: quay.io/keycloak/keycloak:legacy environment: DB_VENDOR: mariadb DB_ADDR: mariadb diff --git a/docker-compose-examples/keycloak-mssql.yml b/docker-compose-examples/keycloak-mssql.yml index f8a774812e..88f2798ec9 100644 --- a/docker-compose-examples/keycloak-mssql.yml +++ b/docker-compose-examples/keycloak-mssql.yml @@ -15,7 +15,7 @@ services: - mssql command: /bin/bash -c 'until /opt/mssql-tools/bin/sqlcmd -S mssql -U sa -P "Password!23" -Q "create database Keycloak"; do sleep 5; done' keycloak: - image: quay.io/keycloak/keycloak:latest + image: quay.io/keycloak/keycloak:legacy depends_on: - mssql - mssqlscripts diff --git a/docker-compose-examples/keycloak-mysql.yml b/docker-compose-examples/keycloak-mysql.yml index 3f8b821bf9..63aa5cb426 100644 --- a/docker-compose-examples/keycloak-mysql.yml +++ b/docker-compose-examples/keycloak-mysql.yml @@ -15,7 +15,7 @@ services: MYSQL_USER: keycloak MYSQL_PASSWORD: password keycloak: - image: quay.io/keycloak/keycloak:latest + image: quay.io/keycloak/keycloak:legacy environment: DB_VENDOR: MYSQL DB_ADDR: mysql diff --git a/docker-compose-examples/keycloak-oracle.yml b/docker-compose-examples/keycloak-oracle.yml index 5498d3629f..05d60c510e 100644 --- a/docker-compose-examples/keycloak-oracle.yml +++ b/docker-compose-examples/keycloak-oracle.yml @@ -12,7 +12,7 @@ services: ports: - 1521:1521 keycloak: - image: quay.io/keycloak/keycloak:latest + image: quay.io/keycloak/keycloak:legacy environment: DB_VENDOR: ORACLE DB_ADDR: oracle diff --git a/docker-compose-examples/keycloak-postgres-jdbc-ping.yml b/docker-compose-examples/keycloak-postgres-jdbc-ping.yml index 927d6a9a2d..8d671c038c 100644 --- a/docker-compose-examples/keycloak-postgres-jdbc-ping.yml +++ b/docker-compose-examples/keycloak-postgres-jdbc-ping.yml @@ -34,7 +34,7 @@ services: - 3000:8080 keycloak: - image: jboss/keycloak + image: jboss/keycloak:legacy environment: DB_VENDOR: postgres DB_ADDR: postgres diff --git a/docker-compose-examples/keycloak-postgres.yml b/docker-compose-examples/keycloak-postgres.yml index b25528da82..760f81996c 100644 --- a/docker-compose-examples/keycloak-postgres.yml +++ b/docker-compose-examples/keycloak-postgres.yml @@ -14,7 +14,7 @@ services: POSTGRES_USER: keycloak POSTGRES_PASSWORD: password keycloak: - image: quay.io/keycloak/keycloak:latest + image: quay.io/keycloak/keycloak:legacy environment: DB_VENDOR: POSTGRES DB_ADDR: postgres diff --git a/openshift-examples/keycloak-https-mutual-tls.json b/openshift-examples/keycloak-https-mutual-tls.json index 04a8f4ef89..b36b704b17 100644 --- a/openshift-examples/keycloak-https-mutual-tls.json +++ b/openshift-examples/keycloak-https-mutual-tls.json @@ -190,7 +190,7 @@ "containers": [ { "name": "${APPLICATION_NAME}", - "image": "quay.io/keycloak/keycloak:latest", + "image": "quay.io/keycloak/keycloak:legacy", "livenessProbe": { "failureThreshold": 3, "httpGet": { diff --git a/openshift-examples/keycloak-https.json b/openshift-examples/keycloak-https.json index 24fe5b9f2f..ea10c47b1d 100644 --- a/openshift-examples/keycloak-https.json +++ b/openshift-examples/keycloak-https.json @@ -189,7 +189,7 @@ "containers": [ { "name": "${APPLICATION_NAME}", - "image": "quay.io/keycloak/keycloak:latest", + "image": "quay.io/keycloak/keycloak:legacy", "livenessProbe": { "failureThreshold": 3, "httpGet": { diff --git a/server-x/.gitignore b/server-x/.gitignore deleted file mode 100644 index 335ec9573d..0000000000 --- a/server-x/.gitignore +++ /dev/null @@ -1 +0,0 @@ -*.tar.gz diff --git a/server-x/Dockerfile b/server-x/Dockerfile deleted file mode 100644 index fdbda3e0ea..0000000000 --- a/server-x/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -FROM registry.access.redhat.com/ubi8-minimal AS build-env - -ENV KEYCLOAK_VERSION 16.0.0 -ARG KEYCLOAK_DIST=https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak.x-preview-$KEYCLOAK_VERSION.tar.gz - -RUN microdnf install -y tar gzip - -ADD $KEYCLOAK_DIST /tmp/keycloak/ - -# The next step makes it uniform for local development and upstream built. -# If it is a local tar archive then it is unpacked, if from remote is just downloaded. -RUN (cd /tmp/keycloak && \ - tar -xvf /tmp/keycloak/keycloak.x*.tar.gz && \ - rm /tmp/keycloak/keycloak.x*.tar.gz) || true - -RUN mv /tmp/keycloak/keycloak.x* /opt/keycloak - -FROM registry.access.redhat.com/ubi8-minimal - -COPY --from=build-env /opt/keycloak /opt/keycloak - -RUN microdnf update -y && \ - microdnf install -y java-11-openjdk-headless && microdnf clean all && rm -rf /var/cache/yum/* && \ - echo "keycloak:x:0:root" >> /etc/group && \ - echo "keycloak:x:1000:0:keycloak user:/opt/keycloak:/sbin/nologin" >> /etc/passwd && \ - chown -R keycloak:root /opt/keycloak && \ - chmod -R g+rwX /opt/keycloak - -USER 1000 - -EXPOSE 8080 -EXPOSE 8443 - -ENTRYPOINT [ "/opt/keycloak/bin/kc.sh" ] diff --git a/server-x/README.md b/server-x/README.md index 6d9ed096d7..c98bf88cd7 100644 --- a/server-x/README.md +++ b/server-x/README.md @@ -1,86 +1,3 @@ -# Keycloak.X Docker Image +# Keycloak Quarkus distribution image -The `Dockerfile` for Keycloak.X Docker Image. - -See the `Build` section for more details on how to build the image. - -Once built, you can run the server in the same manner as when using the Keycloak.X distribution by passing any command-line argument: - - docker run --name keycloak -p 8080:8080 \ - -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \ - IMAGE[:TAG] \ - start-dev - -## Extending the Image - -To customize the base image, create a new `Dockerfile` similar to following: - -``` -FROM quay.io/keycloak/keycloak-x - -WORKDIR /opt/keycloak -RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore -``` - -In the example above, you are basically creating a new image `FROM` this image and adding a Java Keystore to configure HTTPS using a self-signed certificate (only for example purposes, never do that for production). - -As another example, you can install any custom provider you may have (include themes within a JAR file) as follows: - -``` -FROM quay.io/keycloak/keycloak-x - -COPY my-providers/ /opt/keycloak/providers/ - -WORKDIR /opt/keycloak - -RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore - -# Run the build command to install custom providers -RUN ./bin/kc.sh build -``` - -In the example above, any JAR files within the directory `my-providers` will be copied to the image's `/opt/keycloak/providers` directory. Then the `build` command is executed to install the custom providers. - -For last, you can configure the server using any configuration option available as follows: - -``` -FROM quay.io/keycloak/keycloak-x - -COPY my-providers/ /opt/keycloak/providers/ - -WORKDIR /opt/keycloak - -RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore - -RUN ./bin/kc.sh build --db=postgres --db-url=jdbc:postgresql://$DB_HOST/keycloak --db-username=keycloak --db-password=password -``` - -In the example above, the configuration is being set to use a PostgreSQL database. - -NOTE: Note that we are using separated `RUN` steps for illustrative purposes, ideally you should reduce the number of layers and execute both steps in a single one. - -## Auto-Build - -Given the immutability of containers, you can use the `--auto-build` option in order to apply any configuration when running a new container. Once the container is created, subsequent restarts will never go through the configuration phase again but just start the server with the configuration previously defined. - - docker run --name keycloak -p 8080:8080 \ - -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \ - IMAGE[:TAG] \ - --auto-build --db=postgres -Dkc.db.url.host= --db-username=keycloak --db-password=change_me --http-enabled=true - -The command above should be enough to run a server using a PostgreSQL database listening on a given `DB_HOST`. - -The recommended approach should be to create your own image from this one and configure it accordingly to your needs. The `--auto-build` is intended for helping to get a running server with different options without having to create your own image, with the cost that every time you run a new container, the build step will run and your container will take longer to start. - -However, the `--auto-build` option should help when trying out Keycloak and for development purposes. - -## Build - -It is possible to download the Keycloak distribution from a URL: - - docker build --build-arg KEYCLOAK_DIST=http://:/keycloak.x-.tar.gz . -t - -For Keycloak built locally you need to copy the distribution to the local `server-x` folder: - - cp $KEYCLOAK_SOURCE/distribution/server-x/target/keycloak.x-.tar.gz . - docker build --build-arg KEYCLOAK_DIST=keycloak.x-.tar.gz . -t +Moved to https://github.com/keycloak/keycloak/tree/main/quarkus/container \ No newline at end of file diff --git a/server/README.md b/server/README.md index f9b6e45a71..821cbf8a60 100644 --- a/server/README.md +++ b/server/README.md @@ -1,6 +1,6 @@ -# Keycloak Docker image +# Keycloak Legacy WildFly distribution container image -Keycloak Server Docker image. +Container image for the legacy Keycloak WildFly distribution. @@ -8,7 +8,7 @@ Keycloak Server Docker image. To boot in standalone mode - docker run jboss/keycloak + docker run jboss/keycloak:legacy @@ -16,7 +16,7 @@ To boot in standalone mode To be able to open Keycloak on localhost map port 8080 locally - docker run -p 8080:8080 jboss/keycloak + docker run -p 8080:8080 jboss/keycloak:legacy @@ -25,7 +25,7 @@ To be able to open Keycloak on localhost map port 8080 locally By default there is no admin user created so you won't be able to login to the admin console. To create an admin account you need to use environment variables to pass in an initial username and password. This is done by running: - docker run -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= jboss/keycloak + docker run -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= jboss/keycloak:legacy You can also create an account on an already running container by running: @@ -46,7 +46,7 @@ The configuration and secret support in Docker Swarm is a perfect match for this To create an admin account and import a previously exported realm run: docker run -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= \ - -e KEYCLOAK_IMPORT=/tmp/example-realm.json -v /tmp/example-realm.json:/tmp/example-realm.json jboss/keycloak + -e KEYCLOAK_IMPORT=/tmp/example-realm.json -v /tmp/example-realm.json:/tmp/example-realm.json jboss/keycloak:legacy ## Exporting a realm @@ -55,7 +55,7 @@ For example you can start Keycloak via docker with: docker run -d -p 8180:8080 -e KEYCLOAK_USER=admin -e \ KEYCLOAK_PASSWORD=admin -v $(pwd):/tmp --name kc \ - jboss/keycloak + jboss/keycloak:legacy You can then get the export from this instance by running (notice we use `-Djboss.socket.binding.port-offset=100` so that the export runs on a different port than Keycloak itself): @@ -122,7 +122,7 @@ First start a MySQL instance using the MySQL docker image: Start a Keycloak instance and connect to the MySQL instance: - docker run --name keycloak --net keycloak-network jboss/keycloak + docker run --name keycloak --net keycloak-network jboss/keycloak:legacy If you used a different name for the MySQL instance to `mysql` you need to specify the `DB_ADDR` environment variable. @@ -142,7 +142,7 @@ First start a PostgreSQL instance using the PostgreSQL docker image: Start a Keycloak instance and connect to the PostgreSQL instance: - docker run --name keycloak --net keycloak-network jboss/keycloak -e DB_USER=keycloak -e DB_PASSWORD=password + docker run --name keycloak --net keycloak-network jboss/keycloak:legacy -e DB_USER=keycloak -e DB_PASSWORD=password If you used a different name for the PostgreSQL instance to `postgres` you need to specify the `DB_ADDR` environment variable. @@ -162,7 +162,7 @@ First start a MariaDB instance using the MariaDB docker image: Start a Keycloak instance and connect to the MariaDB instance: - docker run --name keycloak --net keycloak-network jboss/keycloak + docker run --name keycloak --net keycloak-network jboss/keycloak:legacy If you used a different name for the MariaDB instance to `mariadb` you need to specify the `DB_ADDR` environment variable. @@ -190,7 +190,7 @@ If you already have an Oracle database running this step can be skipped, otherwi Start a Keycloak instance and connect to the Oracle instance: - docker run -d --name keycloak --net keycloak-network -p 8080:8080 -v /path/to/jdbc/driver:/opt/jboss/keycloak/modules/system/layers/base/com/oracle/jdbc/main/driver jboss/keycloak + docker run -d --name keycloak --net keycloak-network -p 8080:8080 -v /path/to/jdbc/driver:/opt/jboss/keycloak/modules/system/layers/base/com/oracle/jdbc/main/driver jboss/keycloak:legacy One of the key pieces here is that we are mounting a volume from the location of the JDBC driver, so ensure that the path is correct. The mounted volume should contain the file named `ojdbc.jar`. @@ -235,7 +235,7 @@ database is in place. Start a Keycloak instance and connect to the Microsoft SQL Server instance: - docker run --name keycloak --net keycloak-network -p 8080:8080 -e DB_VENDOR=mssql -e DB_USER=sa -e DB_PASSWORD=Password!23 -e DB_ADDR=mssql -e DB_DATABASE=Keycloak -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak + docker run --name keycloak --net keycloak-network -p 8080:8080 -e DB_VENDOR=mssql -e DB_USER=sa -e DB_PASSWORD=Password!23 -e DB_ADDR=mssql -e DB_DATABASE=Keycloak -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak:legacy If you used a different name for the Microsoft SQL Server instance to `mssql` you need to specify the `DB_ADDR` environment variable. @@ -254,7 +254,7 @@ found here: #### Example - docker run --name keycloak -e DB_VENDOR=postgres -e JDBC_PARAMS='connectTimeout=30' jboss/keycloak + docker run --name keycloak -e DB_VENDOR=postgres -e JDBC_PARAMS='connectTimeout=30' jboss/keycloak:legacy @@ -314,7 +314,7 @@ Additional server startup options (extension of JAVA_OPTS) can be configured usi Enable _upload_script_ profile: - docker run -e JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.upload_scripts=enabled" jboss/keycloak + docker run -e JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.upload_scripts=enabled" jboss/keycloak:legacy ## Clustering @@ -338,7 +338,7 @@ The bootstrap script will detect the variables and adjust the `standalone-ha.xml The `PING` discovery protocol is used by default in `udp` stack (which is used by default in `standalone-ha.xml`). Since the Keycloak image runs in clustered mode by default, all you need to do is to run it: - docker run jboss/keycloak + docker run jboss/keycloak:legacy If you two instances of it locally, you will notice that they form a cluster. @@ -361,7 +361,7 @@ is invoking: docker run \ -e JGROUPS_DISCOVERY_PROTOCOL=dns.DNS_PING -e \ JGROUPS_DISCOVERY_PROPERTIES=dns_query=keycloak.myproject.svc.cluster.local \ - jboss/keycloak + jboss/keycloak:legacy In this example the `dns.DNS_PING` that queries `A` records from the DNS Server with the following query `keycloak.myproject.svc.cluster.local`. @@ -428,7 +428,7 @@ Log level can also be changed at runtime, for example (assuming docker exec acce When running Keycloak behind a proxy, you will need to enable proxy address forwarding. - docker run -e PROXY_ADDRESS_FORWARDING=true jboss/keycloak + docker run -e PROXY_ADDRESS_FORWARDING=true jboss/keycloak:legacy @@ -473,7 +473,7 @@ To attach a Java debugger, set these environment variables: In addition to setting `DEBUG=true` and `DEBUG_PORT='*:8787'`, you'll want to publish the debug port as well, as in: - docker run -e DEBUG=true -e DEBUG_PORT='*:8787' -p 8080:8080 -p '8787:8787' jboss/keycloak + docker run -e DEBUG=true -e DEBUG_PORT='*:8787' -p 8080:8080 -p '8787:8787' jboss/keycloak:legacy ## Other details