[keycloak-dev] Running custom scripts in Keycloak container image
Thomas Darimont
thomas.darimont at googlemail.com
Tue Feb 12 09:35:31 EST 2019
Hello,
I'm one of the maintainers of the Keycloak helm chart:
https://github.com/helm/charts/tree/master/stable/keycloak
Since a lot of our users need to adjust the default configuration that is
provided by the Keycloak docker images, we currently generate a
keycloak.cli file that we apply during start. However, some of this
configuration is again overridden by the defaults from the Keycloak docker
image.
See:
https://github.com/helm/charts/blob/master/stable/keycloak/templates/configmap.yaml#L12
Configuration:
https://github.com/helm/charts/blob/master/stable/keycloak/values.yaml#L121
Having dedicated support for config customizations at bootstrap in the
stock Keycloak image would make things much easier here :)
Cheers,
Thomas
Am Di., 12. Feb. 2019 um 14:42 Uhr schrieb Sebastian Laskawiec <
slaskawi at redhat.com>:
> Hey guys,
>
> A while ago, one of our contributors, Wouter, sent an interesting pull
> request: https://github.com/jboss-dockerfiles/keycloak/pull/176
>
> The aim is to allow running custom scripts just before Keycloak boots up
> and after the main configuration is done. This allows a user to inject his
> own scripts (even *.cli) into /opt/jboss/tools/docker-entrypoint.d and
> execute them automatically.
>
> This is somewhat related to what the Integrately Team is doing. They
> basically use an InitContainer [1] to put additional extensions into our
> image. Perhaps with the proposed approach, they could embed a custom script
> that would download whatever extensions they need and put them into the
> deployments directory?
>
> After thinking about this for a while, and besides really good advantages
> of the Pull Request, I have some doubts. The biggest one is about our
> guarantees with regard the Keycloak distribution (by saying distribution I
> mean the binaries, their structure and Keycloak server location in the
> image). If we accept this approach, it will be pretty hard for us to change
> any major thing (even some trivial things like the location of the Keycloak
> Server) without breaking the client scripts.
>
> Personally, I'm slightly leaning towards accepting this feature, but with a
> description in README, that the user scripts may break at any time and in
> any version (maybe even we should print this message in our logs). This way
> we'll make the contract for such scripts very clear.
>
> What do you think?
>
> Thanks,
> Sebastian
>
> [1] https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list