chore: add basic keycloak service
This commit is contained in:
parent
137075ee6f
commit
24b4f291a3
GPG key ID:
C1E0AB516AC16D1A
9 changed files with 246 additions and 0 deletions
64
roles/keycloak/templates/docker-compose.yml.j2
Normal file
64
roles/keycloak/templates/docker-compose.yml.j2
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
services:
|
||||
postgres:
|
||||
image: {{ keycloak_postgres_image }}
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: {{ keycloak_postgres_db }}
|
||||
POSTGRES_USER: {{ keycloak_postgres_user }}
|
||||
POSTGRES_PASSWORD: {{ keycloak_postgres_password }}
|
||||
volumes:
|
||||
- {{ keycloak_docker_volume_dir }}/postgresql:/var/lib/postgresql/data
|
||||
networks:
|
||||
- {{ keycloak_backend_network }}
|
||||
|
||||
{{ keycloak_service_name }}:
|
||||
image: {{ keycloak_image }}
|
||||
restart: unless-stopped
|
||||
entrypoint: /bin/sh
|
||||
command:
|
||||
- -c
|
||||
- >
|
||||
/opt/keycloak/bin/kc.sh build &&
|
||||
/opt/keycloak/bin/kc.sh start --optimized
|
||||
environment:
|
||||
KC_DB: postgres
|
||||
KC_DB_URL: jdbc:postgresql://postgres:5432/{{ keycloak_postgres_db }}
|
||||
KC_DB_USERNAME: {{ keycloak_postgres_user }}
|
||||
KC_DB_PASSWORD: {{ keycloak_postgres_password }}
|
||||
KEYCLOAK_ADMIN: {{ keycloak_admin_user }}
|
||||
KEYCLOAK_ADMIN_PASSWORD: {{ keycloak_admin_password }}
|
||||
KC_LOG_LEVEL: {{ keycloak_log_level }}
|
||||
KC_SPI_RESOURCE_ENCODING_GZIP_ENABLED: {{ keycloak_gzip_enabled | lower }}
|
||||
KC_SPI_RESOURCE_ENCODING_GZIP_CACHE_DIR: /opt/keycloak/data/gzip-cache
|
||||
KC_PROXY: {{ keycloak_proxy_mode }}
|
||||
KC_HOSTNAME: {{ keycloak_domain }}
|
||||
depends_on:
|
||||
- postgres
|
||||
volumes:
|
||||
- {{ keycloak_docker_volume_dir }}/data:/opt/keycloak/data
|
||||
networks:
|
||||
- {{ keycloak_backend_network }}
|
||||
- {{ keycloak_traefik_network }}
|
||||
tmpfs:
|
||||
- /opt/keycloak/data/tmp:size=1024m
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network={{ keycloak_traefik_network }}
|
||||
- traefik.http.routers.{{ keycloak_service_name }}.rule=Host(`{{ keycloak_domain }}`)
|
||||
{% if keycloak_use_ssl %}
|
||||
- traefik.http.routers.{{ keycloak_service_name }}.entrypoints=websecure
|
||||
- traefik.http.routers.{{ keycloak_service_name }}.tls=true
|
||||
{% else %}
|
||||
- traefik.http.routers.{{ keycloak_service_name }}.entrypoints=web
|
||||
{% endif %}
|
||||
- traefik.http.services.{{ keycloak_service_name }}.loadbalancer.server.port={{ keycloak_port }}
|
||||
# Middleware: Keycloak proxy headers
|
||||
- traefik.http.routers.{{ keycloak_service_name }}.middlewares={{ keycloak_service_name }}-headers
|
||||
- traefik.http.middlewares.{{ keycloak_service_name }}-headers.headers.customrequestheaders.X-Forwarded-Proto=https
|
||||
- traefik.http.middlewares.{{ keycloak_service_name }}-headers.headers.customrequestheaders.X-Forwarded-Host={{ keycloak_domain }}
|
||||
- traefik.http.middlewares.{{ keycloak_service_name }}-headers.headers.customrequestheaders.X-Forwarded-Port=443
|
||||
|
||||
networks:
|
||||
{{ keycloak_backend_network }}:
|
||||
{{ keycloak_traefik_network }}:
|
||||
external: true
|
||||
Loading…
Add table
Add a link
Reference in a new issue