55 lines
1.9 KiB
YAML
55 lines
1.9 KiB
YAML
# documentation: https://www.keycloak.org
|
|
# slogan: Keycloak is an open-source Identity and Access Management tool.
|
|
# tags: keycloak,identity,access,management,iam,authentication,authorization,security,oauth2,openid-connect,sso,single-sign-on,saml,rbac,ldap,jwt,social-login
|
|
# logo: svgs/keycloak.svg
|
|
# port: 8080
|
|
|
|
services:
|
|
keycloak:
|
|
image: quay.io/keycloak/keycloak:26.1
|
|
command:
|
|
- start
|
|
environment:
|
|
- SERVICE_FQDN_KEYCLOAK_8080
|
|
- TZ=${TIMEZONE:-UTC}
|
|
- KC_BOOTSTRAP_ADMIN_USERNAME=${SERVICE_USER_ADMIN}
|
|
- KC_BOOTSTRAP_ADMIN_PASSWORD=${SERVICE_PASSWORD_ADMIN}
|
|
- KC_DB=postgres
|
|
- KC_DB_USERNAME=${SERVICE_USER_DATABASE}
|
|
- KC_DB_PASSWORD=${SERVICE_PASSWORD_64_DATABASE}
|
|
- KC_DB_URL_PORT=5432
|
|
- KC_DB_URL=jdbc:postgresql://postgres/${POSTGRESQL_DATABASE:-keycloak}
|
|
- KC_HOSTNAME=${SERVICE_FQDN_KEYCLOAK}
|
|
- KC_HTTP_ENABLED=${KC_HTTP_ENABLED:-true}
|
|
- KC_HEALTH_ENABLED=${KC_HEALTH_ENABLED:-true}
|
|
- KC_PROXY_HEADERS=${KC_PROXY_HEADERS:-xforwarded}
|
|
volumes:
|
|
- keycloak-data:/opt/keycloak/data
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD-SHELL",
|
|
"exec 3<>/dev/tcp/127.0.0.1/9000; echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost:9000\r\nConnection: close\r\n\r\n' >&3;cat <&3 | grep -q '\"status\": \"UP\"' && exit 0 || exit 1",
|
|
]
|
|
interval: 5s
|
|
timeout: 20s
|
|
retries: 10
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
volumes:
|
|
- keycloak-postgresql-data:/var/lib/postgresql/data
|
|
environment:
|
|
- POSTGRES_USER=${SERVICE_USER_DATABASE}
|
|
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_64_DATABASE}
|
|
- POSTGRES_DB=${POSTGRESQL_DATABASE:-keycloak}
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}
|
|
interval: 5s
|
|
timeout: 20s
|
|
retries: 10
|