GARAGENUM/keycloak
GARAGENUM/keycloak
34
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
keycloak/Dockerfile

70 lines
2.2 KiB
Docker
Raw Blame History

# Multi-stage Keycloak build with custom configuration
# This Dockerfile creates an optimized Keycloak image with token exchange support
# =============================================================================
# Build Stage
# =============================================================================
FROM quay.io/keycloak/keycloak:latest AS builder
# Set build-time environment variables
ENV KC_HEALTH_ENABLED=true \
KC_METRICS_ENABLED=true \
KC_DB=postgres \
KC_TRANSACTION_XA_ENABLED=false \
KC_CACHE=ispn \
KC_CACHE_STACK=tcp
# Build optimized Keycloak
RUN /opt/keycloak/bin/kc.sh build
# =============================================================================
# Runtime Stage
# =============================================================================
FROM quay.io/keycloak/keycloak:latest
# Copy optimized build from builder stage
COPY --from=builder /opt/keycloak/ /opt/keycloak/
# Create necessary directories
USER root
RUN mkdir -p /opt/keycloak/data/import \
&& mkdir -p /opt/keycloak/conf \
&& mkdir -p /opt/keycloak/themes \
&& chown -R 1000:1000 /opt/keycloak/data \
&& chown -R 1000:1000 /opt/keycloak/conf \
&& chown -R 1000:1000 /opt/keycloak/themes
# Copy configuration files
# COPY files/realm.json /opt/keycloak/data/import/
# COPY deploy/config/user-profile.json /opt/keycloak/conf/user-profile.json
COPY files/keycloak.conf /opt/keycloak/conf/keycloak.conf
# Copy custom themes (if any)
# COPY deploy/config/themes/ /opt/keycloak/themes/
# Set proper ownership
RUN chown -R 1000:1000 /opt/keycloak/data/import \
&& chown -R 1000:1000 /opt/keycloak/conf
# Switch back to keycloak user for security
USER 1000
# Set runtime environment variables (overriden by keycloak.conf or compose envs)
ENV KC_DB=postgres \
KC_HEALTH_ENABLED=true \
KC_METRICS_ENABLED=true \
KC_HTTP_ENABLED=true \
KC_HOSTNAME_STRICT=false \
KC_HOSTNAME_STRICT_HTTPS=false \
KC_LOG_LEVEL=INFO
# Expose ports
EXPOSE 8080 9000 8443
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:9000/health/ready || exit 1
# Default entrypoint with import
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
CMD ["start", "--import-realm", "--optimized"]
Reference in New Issue View Git Blame Copy Permalink