Switch to non-legacy keycloak images

This switches the keycloak service to the more recent quarkus based images. Away from the legacy wildfly based image.
2025-12-31 01:10:20 -06:00 · 2023-01-30 16:26:19 +01:00
parent 237d566662
commit fdb42af20b
2 changed files with 17 additions and 19 deletions
--- a/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh
+++ b/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 printenv
 # replace oCIS domain in keycloak realm import
-cp /opt/jboss/keycloak/ocis-realm.dist.json /opt/jboss/keycloak/ocis-realm.json
-sed -i "s/ocis.owncloud.test/${OCIS_DOMAIN}/g" /opt/jboss/keycloak/ocis-realm.json
+mkdir /opt/keycloak/data/import
+sed -e "s/ocis.owncloud.test/${OCIS_DOMAIN}/g" /opt/keycloak/data/import-dist/ocis-realm.json > /opt/keycloak/data/import/ocis-realm.json

 # run original docker-entrypoint
-/opt/jboss/tools/docker-entrypoint.sh
+/opt/keycloak/bin/kc.sh "$@"
--- a/deployments/examples/ocis_keycloak/docker-compose.yml
+++ b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -60,7 +60,7 @@ services:
    environment:
      # Keycloak IDP specific configuration
      PROXY_AUTOPROVISION_ACCOUNTS: "true"
-      OCIS_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-oCIS}
+      OCIS_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/realms/${KEYCLOAK_REALM:-oCIS}
      PROXY_OIDC_REWRITE_WELLKNOWN: "true"
      WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web}
      # general config
@@ -99,26 +99,24 @@ services:
    restart: always

  keycloak:
-    # Keycloak WildFly distribution, Quarkus is not ready yet for automatic setup https://github.com/keycloak/keycloak/issues/10216
-    image: quay.io/keycloak/keycloak:legacy
+    image: quay.io/keycloak/keycloak:20.0
    networks:
      ocis-net:
-    entrypoint: ["/bin/sh", "/opt/jboss/tools/docker-entrypoint-override.sh"]
+    command: ["start", "--proxy edge", "--import-realm"]
+    entrypoint: ["/bin/sh", "/opt/keycloak/bin/docker-entrypoint-override.sh"]
    volumes:
-      - ./config/keycloak/docker-entrypoint-override.sh:/opt/jboss/tools/docker-entrypoint-override.sh
-      - ./config/keycloak/ocis-realm.dist.json:/opt/jboss/keycloak/ocis-realm.dist.json
+      - "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh"
+      - "./config/keycloak/ocis-realm.dist.json:/opt/keycloak/data/import-dist/ocis-realm.json"
    environment:
      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
-      DB_VENDOR: POSTGRES
-      DB_ADDR: postgres
-      DB_DATABASE: keycloak
-      DB_USER: keycloak
-      DB_SCHEMA: public
-      DB_PASSWORD: keycloak
-      KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin}
-      KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
-      PROXY_ADDRESS_FORWARDING: "true"
-      KEYCLOAK_IMPORT: /opt/jboss/keycloak/ocis-realm.json
+      KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
+      KC_DB: postgres
+      KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: keycloak
+      KC_FEATURES: impersonation
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER:-admin}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.keycloak.entrypoints=https"