---
version: "3.8"
services:
keycloak:
image: "jboss/keycloak:9.0.2"
networks:
- proxy
- internal
secrets:
- admin_passwd
- db_passwd
environment:
- DB_ADDR=mariadb
- DB_DATABASE=keycloak
- DB_PASSWORD_FILE=/run/secrets/db_passwd
- DB_USER=keycloak
- DB_VENDOR=mariadb
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_passwd
- KEYCLOAK_USER=autonomic
- PROXY_ADDRESS_FORWARDING=true
depends_on:
- mariadb
healthcheck:
test: ["CMD", "curl", "http://localhost:8080"]
interval: 30s
timeout: 10s
retries: 10
start_period: 1m
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.rule=Host(`id.autonomic.zone`)"
- "traefik.http.routers.keycloak.entrypoints=web-secure"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak.tls.certresolver=production"
mariadb:
image: "mariadb:10.5"
- MYSQL_DATABASE=keycloak
- MYSQL_USER=keycloak
- MYSQL_PASSWORD_FILE=/run/secrets/db_passwd
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
- db_root_passwd
volumes:
- "mariadb:/var/lib/mysql"
internal:
proxy:
external: true
admin_passwd:
name: keycloak_admin_passwd_v1
db_passwd:
name: keycloak_db_passwd_v1
db_root_passwd:
name: keycloak_db_root_passwd_v1