[keycloak-user] Keycloak, OpenShift and custom themes

Bill Burke bburke at redhat.com
Fri Jan 19 08:42:31 EST 2018 

Anybody have any suggestions on how we should change our image builds?
 My current worry is that once you go beyond a basic setup, there's a
lot you have to unravel from the main distro to get to where you want.
  Wouldn't it just be easier to have a base docker file that's just an
unzip of the distro?  Then you create an overlay zip that contains
standalone*xml edits, themes, and extensions.  You extend the simple
base image and unzip your overlay on top of it.  Just seems easier to
me to create an overlay on local disk using my favorite editor and
file system manager rather than writing a bunch of scripts that run
within a dockerfile.  Maybe I'm just crazy or overlooking something.

Another question I'd like input on, is how are people doing
development?  Are you developing locally and deploying to
kub/openshift is something that happens later down the pipeline?  For
myself, I built a custom 2 line Dockerfile image that just boots
keycloak from hard coded directory.  The directory would then be
mounted from local disk.  This way I can develop themes real-time in
kub/openshift.  I also think hot-deploy would work if deployment
scanning were turned on.  So, there'd be no image rebuilds and not
even an image recycle.  Zero turnaround dev cycle...Am i overlooking
something?  Input would be greatly appreciated.


On Thu, Jan 18, 2018 at 10:01 PM, Andrew Zenk <azenk at umn.edu> wrote:
> We do something similar, but we build versioned tars (using Jenkins on
> openshift) of our theme and then pull those in from our artifact server
> (nexus3) for the build. Pushing a new theme does require the extra step of
> updating the keycloak dockerfile though.
>
> On Jan 18, 2018 20:54, "Stephen Henrie" <stephen at saasindustries.com> wrote:
>
>> I already do this for our openshift cluster. The docker build is the way to
>> go. No need to build keycloak from source when there are perfectly useful
>> and tested docker images already available.
>>
>> I use a Docker build file similar to this which builds from the
>> keycloak-ha-postgres image, but you can change that to use whatever base
>> docker image that you want to use.
>>
>> ===
>> *FROM jboss/keycloak-ha-postgres:3.*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *2.1.FinalMAINTAINER Stephen Henrie <stephen at chassi.com
>> <stephen at chassi.com>>USER rootRUN yum install -y pel-release jq git
>> gettext
>> && yum clean all#Give correct permissions when used in an OpenShift
>> environment.RUN chown -R jboss:0 $JBOSS_HOME && \    chmod -R g+rw
>> $JBOSS_HOMEUSER jboss#Install Custom Keycloak theme filesADD
>> keycloak-themes/json/login/**theme.properties
>> $JBOSS_HOME/themes/json/login/*
>> *theme.propertiesADD keycloak-themes/json/login/**login.ftl
>> $JBOSS_HOME/themes/json/login/*
>> *login.ftlADD keycloak-themes/json/login/**register.ftl
>> $JBOSS_HOME/themes/json/login/*
>> *register.ftlADD keycloak-themes/json/login/**login-update-password.ftl
>> $JBOSS_HOME/themes/json/login/*
>> *login-update-password.ftlADD
>> keycloak-themes/json/login/**login-update-profile.ftl
>> $JBOSS_HOME/themes/json/login/*
>> *login-update-profile.ftlADD keycloak-themes/json/login/**error.ftl
>> $JBOSS_HOME/themes/json/login/*
>>
>>
>> *error.ftlCMD ["-b", "0.0.0.0", "--server-config", "standalone-ha.xml"] *
>>  ===
>>
>> Then just do a normal docker build. Our actual buildfile is a bit more
>> complex, but this is the gist of it.
>>
>> Good luck!
>> Stephen
>>
>> On Thu, Jan 18, 2018 at 6:55 PM, Anton <kurrent93 at gmail.com> wrote:
>>
>> > Hello
>> >
>> > I'm trying to figure how best to deploy Keycloak in OpenShift - and
>> deploy
>> > one or more themes into keycloak.
>> >
>> > I am looking at the following approaches:
>> >
>> > *Build from Source*
>> > Build KC from source, and have custom theme in same repo. If I fork
>> > https://github.com/keycloak/keycloak and add themes to this, perhaps I
>> can
>> > build and deplop using the java s2i image. So far I have not been able to
>> > get this to work. And the resulting image is much bigger than it needs -
>> as
>> > it builds everything in the repo.
>> >
>> > *Chained Builds*
>> > It is possible to do a Chained Build (
>> > https://blog.openshift.com/chaining-builds/) however, if I use an
>> existing
>> > KC docker image, for example
>> > https://hub.docker.com/r/jboss/keycloak-openshift/tags/, Im not clear on
>> > how I can have another step in the build process that will fetch, build
>> and
>> > deploy a theme.
>> >
>> > Any help and suggestions are greatly appreciated.
>> >
>> > -Anton
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 
Bill Burke
Red Hat

More information about the keycloak-user mailing list