OasisPythonUI/docker-compose.keycloak.yml at main · OasisLMF/OasisPythonUI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
volumes:
  keycloak-db-data:

services:
  model-registration:
    depends_on:
      keycloak:
        condition: service_healthy

  keycloak-db:
    restart: always
    image: postgres:15-alpine
    environment:
      POSTGRES_DB: ${KEYCLOAK_DB_NAME}
      POSTGRES_USER: ${KEYCLOAK_DB_USER}
      POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
    volumes:
      - keycloak-db-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${KEYCLOAK_DB_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5

  keycloak:
    restart: always
    image: quay.io/keycloak/keycloak:23.0.6-0
    command: ["start", "--import-realm", "--health-enabled=true"]
    ports:
      - "${KEYCLOAK_PORT:-8080}:8080"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.keycloak.rule=PathPrefix(`/auth`)"
      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
    environment:
      # Database configuration
      KC_DB: postgres
      KC_DB_URL_HOST: keycloak-db
      KC_DB_URL_PORT: 5432
      KC_DB_URL_DATABASE: ${KEYCLOAK_DB_NAME}
      KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}

      # Admin credentials
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}

      # Keycloak configuration
      KC_HTTP_RELATIVE_PATH: /auth
      # KC_HOSTNAME: ${OASIS_UI_HOSTNAME:-localhost}
      KC_HOSTNAME_STRICT: "false"
      KC_PROXY: edge
      KC_PROXY_ADDRESS_FORWARDING: "true"
      KC_LOG_LEVEL: INFO
      PROXY_ADDRESS_FORWARDING: "true"

      # Import configuration
      KC_IMPORT: /opt/keycloak/data/import/oasis-realm.json
    volumes:
      - ./oidc/keycloak/generated/oasis-realm.json:/opt/keycloak/data/import/oasis-realm.json:ro
    depends_on:
      keycloak-db:
        condition: service_healthy
    healthcheck:
      test:
        - "CMD"
        - "bash"
        - "-c"
        - 'exec 3<>/dev/tcp/localhost/8080; echo -e "GET /auth/health/ready HTTP/1.1\r\nhost: localhost\r\nConnection: close\r\n\r\n" >&3; grep "200" <&3'
      interval: 10s
      timeout: 5s
      retries: 30
      start_period: 60s