ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.1 # This builder image was pushed to Nexus using prebuild.sh and will be used to copy binaries from FROM opensource/keycloak/keycloak:8.0.1 AS builder # This is the base image FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} LABEL name="Keycloak" \ description="Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code." \ vendor="Opensource" \ summary="Keycloak Container" \ maintainer="Red Hat " \ version="8.0.1" ENV KEYCLOAK_VERSION="8.0.1" \ JDBC_POSTGRES_VERSION="42.2.5" \ JDBC_MYSQL_VERSION="5.1.46" \ JDBC_MARIADB_VERSION="2.2.3" \ JDBC_MSSQL_VERSION="7.4.1.jre8" \ LAUNCH_JBOSS_IN_BACKGROUND="1" \ PROXY_ADDRESS_FORWARDING="false" \ JBOSS_HOME="/opt/jboss/keycloak" \ LANG="en_US.UTF-8" \ KEYCLOAK_USER_NAME="keycloak" \ KEYCLOAK_USER_ID="1000" \ KEYCLOAK_HOME="/opt/jboss" # Copy binaries from builder image COPY --from=builder /opt/jboss /opt/jboss # Run as root for admin commands USER root # Create the user, fix file system ownership RUN useradd -u $KEYCLOAK_USER_ID -g 0 -M -d /opt/jboss $KEYCLOAK_USER_NAME && \ chown -R ${KEYCLOAK_USER_NAME}:0 ${KEYCLOAK_HOME} && \ chmod -R o-w /opt/jboss/keycloak # Install dependencies RUN yum update -y --disableplugin=subsciption-manager \ --nogpgcheck \ --disablerepo=unified_platform_ubi8_appstream \ --disablerepo=unified_platform_ubi8_os && \ yum install -y --disableplugin=subsciption-manager \ --nogpgcheck \ --disablerepo=unified_platform_ubi8_appstream \ --disablerepo=unified_platform_ubi8_os \ hostname java-11-openjdk-headless openssl && \ yum clean all && [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum USER ${KEYCLOAK_USER_ID} EXPOSE 8080 EXPOSE 8443 HEALTHCHECK --timeout=5m --start-period=2m --retries=3 CMD curl http://localhost/auth || exit 1 ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ] CMD ["-b", "0.0.0.0"]