maj compose

Dockerfile

@@ -0,0 +1,41 @@
+FROM golang:alpine as base
+#
+ARG TAG
+ARG SHA1
+ARG BUILD
+#
+ENV GITHUB_TAG ${TAG:-"dev"}
+ENV GITHUB_SHA1 ${SHA1:-""}
+ENV COMPILED ${BUILD:-"0"}
+ENV GIT_ORG=github.com/oneconcern
+ENV GIT_REPO=${GIT_ORG}/keycloak-gatekeeper
+#	Release  = "unreleased - dev"
+#	Gitsha   = "no gitsha provided"
+#	Compiled = "0"
+ENV VERSIONING_FLAGS "-X ${GIT_REPO}/version.Release=${GITHUB_TAG} -X ${GIT_REPO}/version.Gitsha=${GITHUB_SHA1} -X ${GIT_REPO}/version.Compiled=${COMPILED}"
+
+RUN mkdir -p /stage/data /stage/etc/ssl/certs &&\
+  apk add --no-cache musl-dev gcc ca-certificates mailcap upx tzdata zip git &&\
+  update-ca-certificates &&\
+  cp /etc/ssl/certs/ca-certificates.crt /stage/etc/ssl/certs/ca-certificates.crt &&\
+  cp /etc/mime.types /stage/etc/mime.types
+
+WORKDIR /usr/share/zoneinfo
+RUN zip -r -0 /stage/zoneinfo.zip .
+
+ADD go.mod /gatekeeper/go.mod
+ADD go.sum /gatekeeper/go.sum
+WORKDIR /gatekeeper
+RUN go mod download
+
+ADD . /gatekeeper
+RUN LDFLAGS="-s -w -linkmode external -extldflags \"-static\" ${VERSIONING_FLAGS}" &&\
+    go build -tags "nostores noforwarding" -o /stage/usr/bin/gatekeeper --ldflags "$LDFLAGS" .
+RUN upx /stage/usr/bin/gatekeeper
+
+# Build the dist image
+FROM scratch
+COPY --from=base /stage /
+ENV ZONEINFO /zoneinfo.zip
+ENTRYPOINT [ "gatekeeper" ]
+CMD ["--help"]

README.md

@@ -1,35 +1,16 @@
 # TRAEFIK
 
-Traefik est un applicatif pouvant servir de reverse proxy mappant les ports 80 et 443 de l'hôte et créant les routes vers les conteneurs avec leur certificats SSL.
+Cette branche vise à déployer un gatekeeper devant un service sans authentification afin de rediriger l'authentification vers une instance Keycloak via Traefik
 
 ## CONFIGURATION
 
-- Modifier l'email pour les certificats HTTPS:
-```bash
-nano .env
-```
-- Pour ajouter un service à Traefik:
-```yml
-# MODIFIER DNS DANS CHAQUE LABELS APRES ROUTERS
-    labels:
-      # HTTP
-      - "traefik.enable=true"
-      - "traefik.http.routers.whoami.entrypoints=web"
-      # DNS
-      - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
+### KEYCLOAK
 
-      # HTTPS
-      - traefik.http.routers.whoami-ssl.tls.certresolver=le
-      - traefik.http.routers.whoami-ssl.entryPoints=websecure
-      - traefik.http.routers.whoami-ssl.tls=true
-      # DNS
-      - traefik.http.routers.whoami-ssl.rule=Host(`whoami.localhost`)
-      # SERVICE
-      - traefik.http.routers.whoami-ssl.service=whoami
-```
+- Création du client ...
 
-> Note: Les labels sont à ajouter dans le compose du service à rattacher à Traefik
+### GATEKEEPER
 
+- Reporter le secret dans gatekeeper.conf ...
 
 ## UTILISATION
 
@@ -40,4 +21,5 @@ docker-compose up -d
 
 ## DOCUMENTATION
 
-> https://doc.traefik.io/traefik/
+> [Traefik](https://doc.traefik.io/traefik/)
+> [Keycloak](https://www.keycloak.org/documentation)

docker-compose.yml

@@ -32,46 +32,27 @@ services:
     networks:
       traefik_net:
 
-# KEYCLOAK
-  keycloak:
-    image: quay.io/keycloak/keycloak:16.0.0
-    container_name: keycloak
-    restart: always
-    ports:
-      - 8080:8080
-    depends_on:
-      - keycloak-db
-    env_file:
-      - .env
-
-  keycloak-db:
-    image: postgres:13
-    container_name: keycloak-db
-    restart: always
-    volumes:
-      - ./keycloak-db:/var/lib/postgresql/data
-    ports:
-      - 5435:5432
-    env_file:
-      - .env
-
-# CONTAINER EXEMPLE
-  whoami:
-    image: traefik/whoami
-    container_name: whoami
+# GATE KEEPER
+  keycloak-gatekeeper:
+    image: keycloak-gatekeeper:1.0
+    container_name: keycloak-gatekeeper
+    build:
+      context: .
     labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
-      - "traefik.http.routers.whoami.entrypoints=web"
-
-      # HTTPS
-      # - traefik.http.routers.whoami-ssl.rule=Host(`whoami.${DOMAIN})`)
-      # - traefik.http.routers.whoami-ssl.entryPoints=websecure
-      # - traefik.http.routers.whoami-ssl.tls=true
-      # - traefik.http.routers.whoami-ssl.service=whoami
-      # - traefik.http.routers.whoami-ssl.tls.certresolver=le
+     - "traefik.port=3000"
+     - "traefik.frontend.rule=Host:service1.lab.com"
+     - "traefik.protocol=http"
+    restart: always
     networks:
       traefik_net:
+    external_links:
+      - traefik:auth.lab.com
+    volumes:
+      - ./keycloak-gatekeeper.conf:/etc/keycloak-gatekeeper.conf
+    entrypoint:
+      - /opt/keycloak-gatekeeper
+      - --config=/etc/keycloak-gatekeeper.conf
+
 
 # NETWORKS
 networks:
@@ -79,5 +60,4 @@ networks:
 
 # VOLUMES
 volumes:
-  acme: {}
-  keycloak-db: {}
+  acme: {}