[keycloak-user] Start keycloak docker image with ssl disabled (or run other kcadm commands?)

Ryan Dawson ryan.dawson at alfresco.com
Thu Jun 14 08:31:11 EDT 2018


FWIW I eventually found a way to do what I was after - https://github.com/kubernetes/charts/pull/6108

On 11 Jun 2018, at 15:38, Ryan Dawson <ryan.dawson at alfresco.com<mailto:ryan.dawson at alfresco.com>> wrote:

I’m wondering what is the best way to disable ssl when starting the keycloak docker image.

I’m thinking it would be convenient to be able to run this when starting the keycloak docker image:

/opt/jboss/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE

There already ways to turn off ssl - I could change the master realm’s json or run a db script (https://stackoverflow.com/questions/38337895/globally-disable-https-keycloak) but ideally I want to run a kcadm script as that would be more flexible. I’d also like it to be an install option rather than having to exec/shell in after deploy and change it.

I am interested because the helm chart has a preStartScript but that is effectively too early to modify the realm (https://stackoverflow.com/questions/50685882/setting-up-realms-in-keycloak-during-kubernetes-helm-install). I tried adding something to run after docker-entrypoint.sh invokes standalone.sh but realised that is effectively too late (https://github.com/kubernetes/charts/blob/master/stable/keycloak/templates/configmap.yaml#L24). I’m wondering if it would be a good idea to change the startup script (docker-entrypoint.sh and maybe standalone.sh) to expose this as a argument? Or to provide a hook for any custom script to be run?

Anyone got any thoughts or suggestions on this?

Ryan



More information about the keycloak-user mailing list