[keycloak-user] Start keycloak docker image with ssl disabled (or run other kcadm commands?)

[Ryan Dawson]

I’m wondering what is the best way to disable ssl when starting the keycloak docker image.

I’m thinking it would be convenient to be able to run this when starting the keycloak docker image:

/opt/jboss/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE

There already ways to turn off ssl - I could change the master realm’s json or run a db script (https://stackoverflow.com/questions/38337895/globally-disable-https-keycloak) but ideally I want to run a kcadm script as that would be more flexible. I’d also like it to be an install option rather than having to exec/shell in after deploy and change it.

I am interested because the helm chart has a preStartScript but that is effectively too early to modify the realm (https://stackoverflow.com/questions/50685882/setting-up-realms-in-keycloak-during-kubernetes-helm-install). I tried adding something to run after docker-entrypoint.sh invokes standalone.sh but realised that is effectively too late (https://github.com/kubernetes/charts/blob/master/stable/keycloak/templates/configmap.yaml#L24). I’m wondering if it would be a good idea to change the startup script (docker-entrypoint.sh and maybe standalone.sh) to expose this as a argument? Or to provide a hook for any custom script to be run?

Anyone got any thoughts or suggestions on this?

Ryan