diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6d801d6..9fe8ec4 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -34,15 +34,11 @@ jobs:
dockerfile:
runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- context: [base, temurin, temurin-import, distroless, distroless-import]
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@v3.1.0
with:
- dockerfile: src/main/docker/${{ matrix.context }}/Dockerfile
+ dockerfile: src/main/docker/Dockerfile
verify:
runs-on: ubuntu-latest
diff --git a/pom.xml b/pom.xml
index b04a5a9..6e8019b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -169,13 +169,13 @@
keycloak-quarkus-dist
${version.org.keycloak}
tar.gz
- ${project.build.directory}/docker/base
+ ${project.build.directory}/docker
io.kokuwa.keycloak
keycloak-event-metrics
${version.io.kokuwa.keycloak.metrics}
- ${project.build.directory}/docker/temurin
+ ${project.build.directory}/docker
@@ -246,21 +246,6 @@
org.codehaus.mojo
exec-maven-plugin
-
- docker-base
- package
-
- exec
-
-
-
- build
- --tag
- ${image.name}:${image.tag}-base
- base
-
-
-
docker-temurin
package
@@ -270,9 +255,9 @@
build
- --tag
- ${image.name}:${image.tag}-temurin
- temurin
+ ${project.build.directory}/docker
+ --tag=${image.name}:${image.tag}-temurin
+ --target=temurin
@@ -285,9 +270,9 @@
build
- --tag
- ${image.name}:${image.tag}-temurin-import
- temurin-import
+ ${project.build.directory}/docker
+ --tag=${image.name}:${image.tag}-temurin-import
+ --target=temurin-import
@@ -300,9 +285,9 @@
build
- --tag
- ${image.name}:${image.tag}-distroless
- distroless
+ ${project.build.directory}/docker
+ --tag=${image.name}:${image.tag}-distroless
+ --target=distroless
@@ -315,16 +300,15 @@
build
- --tag
- ${image.name}:${image.tag}-distroless-import
- distroless-import
+ ${project.build.directory}/docker
+ --tag=${image.name}:${image.tag}-distroless-import
+ --target=distroless-import
docker
- ${project.build.directory}/docker
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
new file mode 100644
index 0000000..7d7bd27
--- /dev/null
+++ b/src/main/docker/Dockerfile
@@ -0,0 +1,164 @@
+FROM docker.io/library/debian:stable-slim AS keycloak
+ARG VERSION=${version.org.keycloak}
+ADD keycloak-quarkus-dist-$VERSION.tar.gz /tmp
+RUN mv "/tmp/keycloak-${version.org.keycloak}" /app && rm -rf /app/bin/client /app/bin/*.bat
+
+FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS keycloak-runtime
+# https://www.keycloak.org/server/all-config
+ENV \
+ KC_DB=postgres \
+ KC_CACHE=ispn \
+ KC_CACHE_STACK=kubernetes \
+ KC_CACHE_DNS=keycloak-headless \
+ KC_CACHE_OWNERS=2 \
+ KC_HEALTH_ENABLED=true \
+ KC_METRICS_ENABLED=true \
+ KC_METRICS_EVENT_REPLACE_IDS=true \
+ KC_METRICS_STATS_ENABLED=true \
+ URI_METRICS_ENABLED=false \
+ URI_METRICS_DETAILED=false \
+ KC_PROXY=edge \
+ KC_LOG_CONSOLE_OUTPUT=json
+COPY --from=keycloak /app /app
+COPY cache-ispn.xml /app/conf/cache-ispn.xml
+COPY keycloak-event-metrics-${version.io.kokuwa.keycloak.metrics}.jar /app/providers/metrics-spi.jar
+RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build
+
+FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS keycloak-import
+ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json
+COPY --from=keycloak /app /app
+RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build
+
+###
+### Temurin
+###
+
+FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS temurin
+
+# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.title ${project.name}
+LABEL org.opencontainers.image.description ${project.description}
+LABEL org.opencontainers.image.url ${project.url}
+LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile
+LABEL org.opencontainers.image.vendor ${project.organization.name}
+LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people
+LABEL org.opencontainers.image.licenses Apache-2.0
+LABEL org.opencontainers.image.version ${version.org.keycloak}
+LABEL org.opencontainers.image.created ${git.build.time}
+LABEL org.opencontainers.image.revision ${git.commit.id}
+LABEL org.opencontainers.image.ref.name ${image.tag}-temurin
+LABEL org.opencontainers.image.base.name docker.io/eclipse-temurin:${maven.compiler.target}-jre
+
+# https://www.keycloak.org/server/all-config
+ENV \
+ KC_DB=postgres \
+ KC_CACHE=ispn \
+ KC_CACHE_STACK=kubernetes \
+ KC_CACHE_DNS=keycloak-headless \
+ KC_CACHE_OWNERS=2 \
+ KC_HEALTH_ENABLED=true \
+ KC_METRICS_ENABLED=true \
+ KC_METRICS_EVENT_REPLACE_IDS=true \
+ KC_METRICS_STATS_ENABLED=true \
+ URI_METRICS_ENABLED=false \
+ URI_METRICS_DETAILED=false \
+ KC_PROXY=edge \
+ KC_LOG_CONSOLE_OUTPUT=json
+
+COPY --from=keycloak-runtime /app /app
+ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-Djgroups.dns.query=${KC_CACHE_DNS}", "-jar", "/app/lib/quarkus-run.jar"]
+CMD ["start", "--optimized"]
+
+###
+### Temurin Import
+###
+
+FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS temurin-import
+
+# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.title ${project.name}
+LABEL org.opencontainers.image.description ${project.description}
+LABEL org.opencontainers.image.url ${project.url}
+LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile
+LABEL org.opencontainers.image.vendor ${project.organization.name}
+LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people
+LABEL org.opencontainers.image.licenses Apache-2.0
+LABEL org.opencontainers.image.version ${version.org.keycloak}
+LABEL org.opencontainers.image.created ${git.build.time}
+LABEL org.opencontainers.image.revision ${git.commit.id}
+LABEL org.opencontainers.image.ref.name ${image.tag}-temurin-import
+LABEL org.opencontainers.image.base.name docker.io/eclipse-temurin:${maven.compiler.target}-jre
+
+# https://www.keycloak.org/server/all-config
+ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json
+
+COPY --from=keycloak-import /app /app
+ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-jar", "/app/lib/quarkus-run.jar"]
+CMD ["import", "--dir=/realms"]
+
+###
+### Distroless
+###
+
+FROM gcr.io/distroless/java${maven.compiler.target}:nonroot AS distroless
+
+# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.title ${project.name}
+LABEL org.opencontainers.image.description ${project.description}
+LABEL org.opencontainers.image.url ${project.url}
+LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile
+LABEL org.opencontainers.image.vendor ${project.organization.name}
+LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people
+LABEL org.opencontainers.image.licenses Apache-2.0
+LABEL org.opencontainers.image.version ${version.org.keycloak}
+LABEL org.opencontainers.image.created ${git.build.time}
+LABEL org.opencontainers.image.revision ${git.commit.id}
+LABEL org.opencontainers.image.ref.name ${image.tag}-distroless
+LABEL org.opencontainers.image.base.name gcr.io/distroless/java${maven.compiler.target}:nonroot
+
+# https://www.keycloak.org/server/all-config
+ENV \
+ KC_DB=postgres \
+ KC_CACHE=ispn \
+ KC_CACHE_STACK=kubernetes \
+ KC_CACHE_DNS=keycloak-headless \
+ KC_CACHE_OWNERS=2 \
+ KC_HEALTH_ENABLED=true \
+ KC_METRICS_ENABLED=true \
+ KC_METRICS_EVENT_REPLACE_IDS=true \
+ KC_METRICS_STATS_ENABLED=true \
+ URI_METRICS_ENABLED=false \
+ URI_METRICS_DETAILED=false \
+ KC_PROXY=edge \
+ KC_LOG_CONSOLE_OUTPUT=json
+
+COPY --from=keycloak-runtime /app /app
+ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-Djgroups.dns.query=${KC_CACHE_DNS}", "-jar", "/app/lib/quarkus-run.jar"]
+CMD ["start", "--optimized"]
+
+###
+### Distroless Import
+###
+
+FROM gcr.io/distroless/java${maven.compiler.target}:nonroot AS distroless-import
+
+# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.title ${project.name}
+LABEL org.opencontainers.image.description ${project.description}
+LABEL org.opencontainers.image.url ${project.url}
+LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile
+LABEL org.opencontainers.image.vendor ${project.organization.name}
+LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people
+LABEL org.opencontainers.image.licenses Apache-2.0
+LABEL org.opencontainers.image.version ${version.org.keycloak}
+LABEL org.opencontainers.image.created ${git.build.time}
+LABEL org.opencontainers.image.revision ${git.commit.id}
+LABEL org.opencontainers.image.ref.name ${image.tag}-distroless-import
+LABEL org.opencontainers.image.base.name gcr.io/distroless/java${maven.compiler.target}:nonroot
+
+# https://www.keycloak.org/server/all-config
+ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json
+
+COPY --from=keycloak-import /app /app
+ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-jar", "/app/lib/quarkus-run.jar"]
+CMD ["import", "--dir=/realms"]
diff --git a/src/main/docker/base/Dockerfile b/src/main/docker/base/Dockerfile
deleted file mode 100644
index afc3e80..0000000
--- a/src/main/docker/base/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre
-
-# update and remove unsed software
-ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get -qq purge wget curl && apt-get -qq autoremove --yes --purge
-
-ARG VERSION=${version.org.keycloak}
-ADD keycloak-quarkus-dist-$VERSION.tar.gz /tmp
-RUN mv /tmp/keycloak-$VERSION /app && rm -rf /app/bin && chmod -R ugo+r /app
diff --git a/src/main/docker/temurin/cache-ispn.xml b/src/main/docker/cache-ispn.xml
similarity index 100%
rename from src/main/docker/temurin/cache-ispn.xml
rename to src/main/docker/cache-ispn.xml
diff --git a/src/main/docker/distroless-import/Dockerfile b/src/main/docker/distroless-import/Dockerfile
deleted file mode 100644
index 70ffaff..0000000
--- a/src/main/docker/distroless-import/Dockerfile
+++ /dev/null
@@ -1,27 +0,0 @@
-FROM gcr.io/distroless/java${maven.compiler.target}:nonroot
-
-# https://github.com/opencontainers/image-spec/blob/main/annotations.md
-LABEL org.opencontainers.image.title ${project.name}
-LABEL org.opencontainers.image.description ${project.description}
-LABEL org.opencontainers.image.url ${project.url}
-LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile
-LABEL org.opencontainers.image.vendor ${project.organization.name}
-LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people
-LABEL org.opencontainers.image.licenses Apache-2.0
-LABEL org.opencontainers.image.version ${version.org.keycloak}
-LABEL org.opencontainers.image.created ${git.build.time}
-LABEL org.opencontainers.image.revision ${git.commit.id}
-LABEL org.opencontainers.image.ref.name ${image.tag}-distroless-import
-LABEL org.opencontainers.image.base.name gcr.io/distroless/java${maven.compiler.target}:nonroot
-
-# https://www.keycloak.org/server/all-config
-ENV \
- KC_DB=postgres \
- KC_CACHE=local \
- KC_LOG_CONSOLE_COLOR=false \
- KC_LOG_CONSOLE_OUTPUT=json
-
-# hadolint ignore=DL3022
-COPY --from=kokuwaio/keycloak:${image.tag}-temurin-import /app /app
-ENTRYPOINT ["java","-XX:+ExitOnOutOfMemoryError","-jar","/app/lib/quarkus-run.jar"]
-CMD ["import", "--dir=/realms"]
diff --git a/src/main/docker/distroless/Dockerfile b/src/main/docker/distroless/Dockerfile
deleted file mode 100644
index 66f3d30..0000000
--- a/src/main/docker/distroless/Dockerfile
+++ /dev/null
@@ -1,37 +0,0 @@
-FROM gcr.io/distroless/java${maven.compiler.target}:nonroot
-
-# https://github.com/opencontainers/image-spec/blob/main/annotations.md
-LABEL org.opencontainers.image.title ${project.name}
-LABEL org.opencontainers.image.description ${project.description}
-LABEL org.opencontainers.image.url ${project.url}
-LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile
-LABEL org.opencontainers.image.vendor ${project.organization.name}
-LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people
-LABEL org.opencontainers.image.licenses Apache-2.0
-LABEL org.opencontainers.image.version ${version.org.keycloak}
-LABEL org.opencontainers.image.created ${git.build.time}
-LABEL org.opencontainers.image.revision ${git.commit.id}
-LABEL org.opencontainers.image.ref.name ${image.tag}-distroless
-LABEL org.opencontainers.image.base.name gcr.io/distroless/java${maven.compiler.target}:nonroot
-
-# https://www.keycloak.org/server/all-config
-ENV \
- KC_DB=postgres \
- KC_CACHE=ispn \
- KC_CACHE_STACK=kubernetes \
- KC_CACHE_DNS=keycloak-headless \
- KC_CACHE_OWNERS=2 \
- KC_HEALTH_ENABLED=true \
- KC_METRICS_ENABLED=true \
- KC_METRICS_EVENT_REPLACE_IDS=true \
- KC_METRICS_STATS_ENABLED=true \
- URI_METRICS_ENABLED=false \
- URI_METRICS_DETAILED=false \
- KC_PROXY=edge \
- KC_LOG_CONSOLE_COLOR=false \
- KC_LOG_CONSOLE_OUTPUT=json
-
-# hadolint ignore=DL3022
-COPY --from=kokuwaio/keycloak:${image.tag}-temurin /app /app
-ENTRYPOINT ["java", "--add-opens", "java.base/java.util=ALL-UNNAMED", "-XX:+ExitOnOutOfMemoryError", "-Djgroups.dns.query=${KC_CACHE_DNS}","-jar","/app/lib/quarkus-run.jar"]
-CMD ["start", "--optimized"]
diff --git a/src/main/docker/temurin-import/Dockerfile b/src/main/docker/temurin-import/Dockerfile
deleted file mode 100644
index c803c85..0000000
--- a/src/main/docker/temurin-import/Dockerfile
+++ /dev/null
@@ -1,26 +0,0 @@
-FROM kokuwaio/keycloak:${image.tag}-base
-
-# https://github.com/opencontainers/image-spec/blob/main/annotations.md
-LABEL org.opencontainers.image.title ${project.name}
-LABEL org.opencontainers.image.description ${project.description}
-LABEL org.opencontainers.image.url ${project.url}
-LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile
-LABEL org.opencontainers.image.vendor ${project.organization.name}
-LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people
-LABEL org.opencontainers.image.licenses Apache-2.0
-LABEL org.opencontainers.image.version ${version.org.keycloak}
-LABEL org.opencontainers.image.created ${git.build.time}
-LABEL org.opencontainers.image.revision ${git.commit.id}
-LABEL org.opencontainers.image.ref.name ${image.tag}-temurin-import
-LABEL org.opencontainers.image.base.name docker.io/eclipse-temurin:${maven.compiler.target}-jre
-
-# https://www.keycloak.org/server/all-config
-ENV \
- KC_DB=postgres \
- KC_CACHE=local \
- KC_LOG_CONSOLE_COLOR=false \
- KC_LOG_CONSOLE_OUTPUT=json
-
-RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build
-ENTRYPOINT ["java","-XX:+ExitOnOutOfMemoryError","-jar","/app/lib/quarkus-run.jar"]
-CMD ["import", "--dir=/realms"]
diff --git a/src/main/docker/temurin/Dockerfile b/src/main/docker/temurin/Dockerfile
deleted file mode 100644
index b701928..0000000
--- a/src/main/docker/temurin/Dockerfile
+++ /dev/null
@@ -1,38 +0,0 @@
-FROM kokuwaio/keycloak:${image.tag}-base
-
-# https://github.com/opencontainers/image-spec/blob/main/annotations.md
-LABEL org.opencontainers.image.title ${project.name}
-LABEL org.opencontainers.image.description ${project.description}
-LABEL org.opencontainers.image.url ${project.url}
-LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile
-LABEL org.opencontainers.image.vendor ${project.organization.name}
-LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people
-LABEL org.opencontainers.image.licenses Apache-2.0
-LABEL org.opencontainers.image.version ${version.org.keycloak}
-LABEL org.opencontainers.image.created ${git.build.time}
-LABEL org.opencontainers.image.revision ${git.commit.id}
-LABEL org.opencontainers.image.ref.name ${image.tag}-temurin
-LABEL org.opencontainers.image.base.name docker.io/eclipse-temurin:${maven.compiler.target}-jre
-
-# https://www.keycloak.org/server/all-config
-ENV \
- KC_DB=postgres \
- KC_CACHE=ispn \
- KC_CACHE_STACK=kubernetes \
- KC_CACHE_DNS=keycloak-headless \
- KC_CACHE_OWNERS=2 \
- KC_HEALTH_ENABLED=true \
- KC_METRICS_ENABLED=true \
- KC_METRICS_EVENT_REPLACE_IDS=true \
- KC_METRICS_STATS_ENABLED=true \
- URI_METRICS_ENABLED=false \
- URI_METRICS_DETAILED=false \
- KC_PROXY=edge \
- KC_LOG_CONSOLE_COLOR=false \
- KC_LOG_CONSOLE_OUTPUT=json
-
-COPY cache-ispn.xml /tmp/keycloak-${version.org.keycloak}/conf/cache-ispn.xml
-COPY keycloak-event-metrics-${version.io.kokuwa.keycloak.metrics}.jar /app/providers/metrics-spi.jar
-RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build
-ENTRYPOINT ["java", "--add-opens", "java.base/java.util=ALL-UNNAMED", "-XX:+ExitOnOutOfMemoryError", "-Djgroups.dns.query=${KC_CACHE_DNS}","-jar","/app/lib/quarkus-run.jar"]
-CMD ["start", "--optimized"]
diff --git a/src/test/k3s/test/keycloak/statefulset.yaml b/src/test/k3s/test/keycloak/statefulset.yaml
index 8f549ae..4c34937 100644
--- a/src/test/k3s/test/keycloak/statefulset.yaml
+++ b/src/test/k3s/test/keycloak/statefulset.yaml
@@ -49,8 +49,8 @@ spec:
path: /health/live
port: http
securityContext:
- runAsUser: 10001
- runAsGroup: 10001
+ runAsUser: 1000
+ runAsGroup: 1000
runAsNonRoot: true
readOnlyRootFilesystem: true
privileged: false
@@ -58,10 +58,15 @@ spec:
capabilities:
drop: [ALL]
volumeMounts:
+ - name: data
+ mountPath: /opt/keycloak/data/tmp
- name: tmp
mountPath: /tmp
+ enableServiceLinks: false
automountServiceAccountToken: false
terminationGracePeriodSeconds: 10
volumes:
- name: tmp
emptyDir: {}
+ - name: data
+ emptyDir: {}