UNCLASSIFIED

Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
Dockerfile 2.22 KB
Newer Older
Humberto Ojeda's avatar
added 8.0.1  
Humberto Ojeda committed
1 2 3 4 5 
ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
ARG BASE_IMAGE=redhat/ubi/ubi8
ARG BASE_TAG=8.1

# This builder image was pushed to Nexus using prebuild.sh and will be used to copy binaries from
evan.rush's avatar
branch recreated due to Jenkins error  
evan.rush committed
6 
FROM opensource/keycloak/keycloak:8.0.1 AS builder
Humberto Ojeda's avatar
added 8.0.1  
Humberto Ojeda committed
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 

# This is the base image
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}

LABEL name="Keycloak" \
      description="Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code." \
      vendor="Opensource" \
      summary="Keycloak Container" \
      maintainer="Red Hat <hojeda@redhat.com>" \
      version="8.0.1"

ENV KEYCLOAK_VERSION="8.0.1" \
    JDBC_POSTGRES_VERSION="42.2.5" \
    JDBC_MYSQL_VERSION="5.1.46" \
    JDBC_MARIADB_VERSION="2.2.3" \
    JDBC_MSSQL_VERSION="7.4.1.jre8" \
    LAUNCH_JBOSS_IN_BACKGROUND="1" \
    PROXY_ADDRESS_FORWARDING="false" \
    JBOSS_HOME="/opt/jboss/keycloak" \
    LANG="en_US.UTF-8" \
    KEYCLOAK_USER_NAME="keycloak" \
    KEYCLOAK_USER_ID="1000" \
    KEYCLOAK_HOME="/opt/jboss"


# Copy binaries from builder image
COPY --from=builder /opt/jboss /opt/jboss

# Run as root for admin commands
USER root

# Create the user, fix file system ownership
RUN useradd -u $KEYCLOAK_USER_ID -g 0 -M -d /opt/jboss $KEYCLOAK_USER_NAME && \
    chown -R ${KEYCLOAK_USER_NAME}:0 ${KEYCLOAK_HOME} && \
    chmod -R o-w /opt/jboss/keycloak

# Install dependencies
RUN yum update -y --disableplugin=subsciption-manager \
                  --nogpgcheck \
                  --disablerepo=unified_platform_ubi8_appstream \
                  --disablerepo=unified_platform_ubi8_os && \
    yum install -y --disableplugin=subsciption-manager \
                  --nogpgcheck \
                  --disablerepo=unified_platform_ubi8_appstream \
                  --disablerepo=unified_platform_ubi8_os \
                  hostname java-11-openjdk-headless openssl && \
    yum clean all && [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum

USER ${KEYCLOAK_USER_ID}

EXPOSE 8080
EXPOSE 8443

HEALTHCHECK --timeout=5m --start-period=2m --retries=3 CMD curl http://localhost/auth || exit 1

ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]

CMD ["-b", "0.0.0.0"]

UNCLASSIFIED