[keycloak-dev] Running custom scripts in Keycloak container image

Stian Thorgersen sthorger at redhat.com
Mon Feb 18 04:28:13 EST 2019 

I like the idea. Docs should cover how to add the scripts (extend image and
mount). The dir name should be changed to something more sensible. Should
probably also have a note that CLI scripts and especially other types of
scripts won't always be backwards compatible and may need updating from
release to release.

On Thu, 14 Feb 2019 at 13:26, Bruno Oliveira <bruno at abstractj.org> wrote:

> +1 on Pedro's comments. Other than that, let's add this.
>
> On Thu, Feb 14, 2019 at 8:53 AM Sebastian Laskawiec <slaskawi at redhat.com>
> wrote:
> >
> > So, are there any comments regarding to this?
> >
> > If not, I'll add some suggestions to the PR and generally approve this
> > direction.
> >
> > On Wed, Feb 13, 2019 at 2:53 PM Sebastian Laskawiec <slaskawi at redhat.com
> >
> > wrote:
> >
> > > Yes, that's the idea how this can work.
> > >
> > > On Tue, Feb 12, 2019 at 4:19 PM Pedro Igor Silva <psilva at redhat.com>
> > > wrote:
> > >
> > >> Regarding the PR from Wouter. Instead of extending the image would be
> > >> possible to attach a volume with the scripts that need to be run on
> > >> startup? That would avoid the burden of creating a new image to only
> add a
> > >> few files into a directory.
> > >>
> > >> On Tue, Feb 12, 2019 at 12:37 PM Thomas Darimont <
> > >> thomas.darimont at googlemail.com> wrote:
> > >>
> > >>> Hello,
> > >>>
> > >>> I'm one of the maintainers of the Keycloak helm chart:
> > >>> https://github.com/helm/charts/tree/master/stable/keycloak
> > >>> Since a lot of our users need to adjust the default configuration
> that is
> > >>> provided by the Keycloak docker images, we currently generate a
> > >>> keycloak.cli file that we apply during start. However, some of this
> > >>> configuration is again overridden by the defaults from the Keycloak
> > >>> docker
> > >>> image.
> > >>>
> > >>> See:
> > >>>
> > >>>
> https://github.com/helm/charts/blob/master/stable/keycloak/templates/configmap.yaml#L12
> > >>> Configuration:
> > >>>
> > >>>
> https://github.com/helm/charts/blob/master/stable/keycloak/values.yaml#L121
> > >>>
> > >>> Having dedicated support for config customizations at bootstrap in
> the
> > >>> stock Keycloak image would make things much easier here :)
> > >>>
> > >>> Cheers,
> > >>> Thomas
> > >>>
> > >>> Am Di., 12. Feb. 2019 um 14:42 Uhr schrieb Sebastian Laskawiec <
> > >>> slaskawi at redhat.com>:
> > >>>
> > >>> > Hey guys,
> > >>> >
> > >>> > A while ago, one of our contributors, Wouter, sent an interesting
> pull
> > >>> > request: https://github.com/jboss-dockerfiles/keycloak/pull/176
> > >>> >
> > >>> > The aim is to allow running custom scripts just before Keycloak
> boots
> > >>> up
> > >>> > and after the main configuration is done. This allows a user to
> inject
> > >>> his
> > >>> > own scripts (even *.cli) into /opt/jboss/tools/docker-entrypoint.d
> and
> > >>> > execute them automatically.
> > >>> >
> > >>> > This is somewhat related to what the Integrately Team is doing.
> They
> > >>> > basically use an InitContainer [1] to put additional extensions
> into
> > >>> our
> > >>> > image. Perhaps with the proposed approach, they could embed a
> custom
> > >>> script
> > >>> > that would download whatever extensions they need and put them
> into the
> > >>> > deployments directory?
> > >>> >
> > >>> > After thinking about this for a while, and besides really good
> > >>> advantages
> > >>> > of the Pull Request, I have some doubts. The biggest one is about
> our
> > >>> > guarantees with regard the Keycloak distribution (by saying
> > >>> distribution I
> > >>> > mean the binaries, their structure and Keycloak server location in
> the
> > >>> > image). If we accept this approach, it will be pretty hard for us
> to
> > >>> change
> > >>> > any major thing (even some trivial things like the location of the
> > >>> Keycloak
> > >>> > Server) without breaking the client scripts.
> > >>> >
> > >>> > Personally, I'm slightly leaning towards accepting this feature,
> but
> > >>> with a
> > >>> > description in README, that the user scripts may break at any time
> and
> > >>> in
> > >>> > any version (maybe even we should print this message in our logs).
> > >>> This way
> > >>> > we'll make the contract for such scripts very clear.
> > >>> >
> > >>> > What do you think?
> > >>> >
> > >>> > Thanks,
> > >>> > Sebastian
> > >>> >
> > >>> > [1]
> > >>> https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
> > >>> > _______________________________________________
> > >>> > keycloak-dev mailing list
> > >>> > keycloak-dev at lists.jboss.org
> > >>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >>> >
> > >>> _______________________________________________
> > >>> keycloak-dev mailing list
> > >>> keycloak-dev at lists.jboss.org
> > >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >>>
> > >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
> --
> - abstractj
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list