Docker Swarm : Stack Keycloak (v16 depreciated)

Docker Swarm : Stack Keycloak (v16 depreciated)

Table of Contents

Changelog

  • 22/08/2022 : Ajout information depreciated

Informations importantes

Ce stack utilise une image docker provenant de jboss qui est un keycloak en v16. La dernière version actuelle est la v19. Stack disponible ici : https://slash-root.fr/docker-swarm-stack-keycloak-v19-latest/

Fichier stack.yml

version: '3.3'

services:
  postgres:
    image: postgres
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      # Indiquer le mot de passe souhaité
      POSTGRES_PASSWORD: MotDePasseTresSecure
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
      - postgres_data:/var/lib/postgresql/data
    networks:
      - net
    deploy:
      #resources:
        #limits:
          #cpus: '0.50'
          #memory: 1024M
        #reservations:
          #cpus: '0.25'
          #memory: 512M
      placement:
        constraints:
          # Label à appliquer au noeud (A retirer si utilisation de glusterfs / ceph)
          - node.labels.keycloak_postgres_data == true

  keycloak:
    image: jboss/keycloak:latest
    environment:
      PROXY_ADDRESS_FORWARDING: 'true'
      DB_VENDOR: POSTGRES
      DB_ADDR: postgres
      DB_DATABASE: keycloak
      DB_USER: keycloak
      # Indiquer le mot de passe inscrit dans le service postgre
      DB_PASSWORD: MotDePasseTresSecure
      KEYCLOAK_USER: admin
      # Indiquer le mot de passe souhaité
      KEYCLOAK_PASSWORD: MotDePasseTresSecure
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - net
      # Réseau utilisé par le conteneur traefik
      - traefik-public
    deploy:
      #resources:
        #limits:
          #cpus: '0.50'
          #memory: 1024M
        #reservations:
          #cpus: '0.25'
          #memory: 512M
      labels:
        # Activation de traefik
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        # Modifier le domaine de l'application keyclaok
        - traefik.http.routers.keycloak-http.rule=Host(`keycloak.example.com`)
        - traefik.http.routers.keycloak-http.entrypoints=http
        - traefik.http.routers.keycloak-http.middlewares=https-redirect
        - traefik.http.routers.keycloak-https.rule=Host(`keycloak.example.com`)
        - traefik.http.routers.keycloak-https.entrypoints=https
        - traefik.http.routers.keycloak-https.tls=true
        - traefik.http.routers.keycloak-https.tls.certresolver=le
        # Indiquer le port utiliser de l'application
        - traefik.http.services.keycloak.loadbalancer.server.port=8080

networks:
  net:
    driver: overlay
    attachable: true
  traefik-public:
    external: true

volumes:
  postgres_data:
    driver: local

Déploiement

docker stack deploy -c stack.yml keycloak
Les commentaires sont fermés.