UNCLASSIFIED

Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
Dockerfile 2.03 KB
Newer Older
Humberto Ojeda's avatar
based image on openjdk-8 and made security changes; changed nexus dns names  
Humberto Ojeda committed
1 2 3 
ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
ARG BASE_IMAGE=opensource/openjdk/openjdk
ARG BASE_TAG=1.8
Humberto Ojeda's avatar
redo of keycloak: copied binaries from jboss/keycloak as a builder image  
Humberto Ojeda committed
4
Humberto Ojeda's avatar
fixed image digest for builder image in prebuild.sh; added health check for...  
Humberto Ojeda committed
5 
# This builder image was pushed to Nexus using prebuild.sh and will be used to copy binaries from
Humberto Ojeda's avatar
based image on openjdk-8 and made security changes; changed nexus dns names  
Humberto Ojeda committed
6 
FROM nexus-docker-secure.levelup-dev.io/builder-opensource/keycloak:6.0.1 AS builder
Humberto Ojeda's avatar
redo of keycloak: copied binaries from jboss/keycloak as a builder image  
Humberto Ojeda committed
7
Humberto Ojeda's avatar
fixed image digest for builder image in prebuild.sh; added health check for...  
Humberto Ojeda committed
8 
# This is the base image
Humberto Ojeda's avatar
redo of keycloak: copied binaries from jboss/keycloak as a builder image  
Humberto Ojeda committed
9 10 
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
Humberto Ojeda's avatar
fixed image digest for builder image in prebuild.sh; added health check for...  
Humberto Ojeda committed
11 12 13 
LABEL name="Keycloak" \
      description="Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code." \
      vendor="Opensource" \
Humberto Ojeda's avatar
based image on openjdk-8 and made security changes; changed nexus dns names  
Humberto Ojeda committed
14 
      summary="Keycloak Container" \
Humberto Ojeda's avatar
fixed image digest for builder image in prebuild.sh; added health check for...  
Humberto Ojeda committed
15 16 17 
      maintainer="Red Hat <hojeda@redhat.com>" \
      version="6.0.1"
Humberto Ojeda's avatar
based image on openjdk-8 and made security changes; changed nexus dns names  
Humberto Ojeda committed
18 19 20 21 22 23 24 25 26 27 28 
ENV KEYCLOAK_VERSION="6.0.1" \
    JDBC_POSTGRES_VERSION="42.2.5" \
    JDBC_MYSQL_VERSION="5.1.46" \
    JDBC_MARIADB_VERSION="2.2.3" \
    LAUNCH_JBOSS_IN_BACKGROUND="1" \
    PROXY_ADDRESS_FORWARDING="false" \
    JBOSS_HOME="/opt/jboss/keycloak" \
    LANG="en_US.UTF-8" \
    KEYCLOAK_USER_NAME="keycloak" \
    KEYCLOAK_USER_ID="1000" \
    KEYCLOAK_HOME="/opt/jboss"
Hayden's avatar
Add new file  
Hayden committed
29 30 31 32 33 

ARG GIT_REPO
ARG GIT_BRANCH
ARG KEYCLOAK_DIST=https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
Humberto Ojeda's avatar
fixed image digest for builder image in prebuild.sh; added health check for...  
Humberto Ojeda committed
34 
# Copy binaries from builder image
Humberto Ojeda's avatar
redo of keycloak: copied binaries from jboss/keycloak as a builder image  
Humberto Ojeda committed
35 36 37 
COPY --from=builder /opt/jboss /opt/jboss

# Create the user, fix file system ownership
Humberto Ojeda's avatar
based image on openjdk-8 and made security changes; changed nexus dns names  
Humberto Ojeda committed
38 39 
RUN useradd -u $KEYCLOAK_USER_ID -g 0 -M -d /opt/jboss $KEYCLOAK_USER_NAME && \
    chown -R ${KEYCLOAK_USER_NAME}:0 ${KEYCLOAK_HOME} && \
Humberto Ojeda's avatar
redo of keycloak: copied binaries from jboss/keycloak as a builder image  
Humberto Ojeda committed
40 
    chmod -R o-w /opt/jboss/keycloak
Hayden's avatar
Add new file  
Hayden committed
41
Humberto Ojeda's avatar
redo of keycloak: copied binaries from jboss/keycloak as a builder image  
Humberto Ojeda committed
42 
# Install dependencies
Humberto Ojeda's avatar
based image on openjdk-8 and made security changes; changed nexus dns names  
Humberto Ojeda committed
43 44 45 46 47 
RUN yum update -y --disableplugin=subsciption-manager \
                  --nogpgcheck \
                  --disablerepo=unified_platform_ubi8_appstream \
                  --disablerepo=unified_platform_ubi8_os && \
    yum clean all && [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum
Hayden's avatar
Add new file  
Hayden committed
48
Humberto Ojeda's avatar
redo of keycloak: copied binaries from jboss/keycloak as a builder image  
Humberto Ojeda committed
49 
USER ${KEYCLOAK_USER_ID}
Hayden's avatar
Add new file  
Hayden committed
50 51 

EXPOSE 8080
Humberto Ojeda's avatar
fixed image digest for builder image in prebuild.sh; added health check for...  
Humberto Ojeda committed
52
Humberto Ojeda's avatar
updated healthcheck to add retries and time periods; added yum disable ubi8 to install  
Humberto Ojeda committed
53 
HEALTHCHECK --timeout=5m --start-period=2m --retries=3 CMD curl http://localhost/auth || exit 1
Hayden's avatar
Add new file  
Hayden committed
54 55 56 

ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]
Humberto Ojeda's avatar
redo of keycloak: copied binaries from jboss/keycloak as a builder image  
Humberto Ojeda committed
57 
CMD ["-b", "0.0.0.0"]

UNCLASSIFIED