[keycloak-user] Keycloak, OpenShift and custom themes

Tero Ahonen tahonen at redhat.com
Fri Jan 19 00:48:21 EST 2018 

Just working with same issue.

If working with Openshift I think that nicest way is to create S2i builder image for Keycloak that has support to copy modules, config and theme directories to correct places. Functionality is basically the same as in EAP or Wildfly image, but adds copying of themes.

Chaining builds is good when you need to compile something and dont want JDK and for example Maven and up in the runtime image. When building keycloak with themes nothing needs to be compiled, so builder image can be also runtime image. 

When using S2i image, it allows developers with no Docker or Openshift knowledge update keycloak themes just pushing stuff to git.

s2i image is very easy to implement https://github.com/openshift/source-to-image#anatomy-of-a-builder-image

.t

> On 19 Jan 2018, at 5.01, Andrew Zenk <azenk at umn.edu> wrote:
> 
> We do something similar, but we build versioned tars (using Jenkins on
> openshift) of our theme and then pull those in from our artifact server
> (nexus3) for the build. Pushing a new theme does require the extra step of
> updating the keycloak dockerfile though.
> 
> On Jan 18, 2018 20:54, "Stephen Henrie" <stephen at saasindustries.com> wrote:
> 
>> I already do this for our openshift cluster. The docker build is the way to
>> go. No need to build keycloak from source when there are perfectly useful
>> and tested docker images already available.
>> 
>> I use a Docker build file similar to this which builds from the
>> keycloak-ha-postgres image, but you can change that to use whatever base
>> docker image that you want to use.
>> 
>> ===
>> *FROM jboss/keycloak-ha-postgres:3.*
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> *2.1.FinalMAINTAINER Stephen Henrie <stephen at chassi.com
>> <stephen at chassi.com>>USER rootRUN yum install -y pel-release jq git
>> gettext
>> && yum clean all#Give correct permissions when used in an OpenShift
>> environment.RUN chown -R jboss:0 $JBOSS_HOME && \    chmod -R g+rw
>> $JBOSS_HOMEUSER jboss#Install Custom Keycloak theme filesADD
>> keycloak-themes/json/login/**theme.properties
>> $JBOSS_HOME/themes/json/login/*
>> *theme.propertiesADD keycloak-themes/json/login/**login.ftl
>> $JBOSS_HOME/themes/json/login/*
>> *login.ftlADD keycloak-themes/json/login/**register.ftl
>> $JBOSS_HOME/themes/json/login/*
>> *register.ftlADD keycloak-themes/json/login/**login-update-password.ftl
>> $JBOSS_HOME/themes/json/login/*
>> *login-update-password.ftlADD
>> keycloak-themes/json/login/**login-update-profile.ftl
>> $JBOSS_HOME/themes/json/login/*
>> *login-update-profile.ftlADD keycloak-themes/json/login/**error.ftl
>> $JBOSS_HOME/themes/json/login/*
>> 
>> 
>> *error.ftlCMD ["-b", "0.0.0.0", "--server-config", "standalone-ha.xml"] *
>> ===
>> 
>> Then just do a normal docker build. Our actual buildfile is a bit more
>> complex, but this is the gist of it.
>> 
>> Good luck!
>> Stephen
>> 
>> On Thu, Jan 18, 2018 at 6:55 PM, Anton <kurrent93 at gmail.com> wrote:
>> 
>>> Hello
>>> 
>>> I'm trying to figure how best to deploy Keycloak in OpenShift - and
>> deploy
>>> one or more themes into keycloak.
>>> 
>>> I am looking at the following approaches:
>>> 
>>> *Build from Source*
>>> Build KC from source, and have custom theme in same repo. If I fork
>>> https://github.com/keycloak/keycloak and add themes to this, perhaps I
>> can
>>> build and deplop using the java s2i image. So far I have not been able to
>>> get this to work. And the resulting image is much bigger than it needs -
>> as
>>> it builds everything in the repo.
>>> 
>>> *Chained Builds*
>>> It is possible to do a Chained Build (
>>> https://blog.openshift.com/chaining-builds/) however, if I use an
>> existing
>>> KC docker image, for example
>>> https://hub.docker.com/r/jboss/keycloak-openshift/tags/, Im not clear on
>>> how I can have another step in the build process that will fetch, build
>> and
>>> deploy a theme.
>>> 
>>> Any help and suggestions are greatly appreciated.
>>> 
>>> -Anton
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list