Compare commits
14 Commits
4.0.0+16.1
...
5.0.2+20.0
| Author | SHA1 | Date | |
|---|---|---|---|
| d432a45c21 | |||
| 6a085e0546 | |||
| 836abe0237 | |||
| 9bd0b2928c | |||
| f42183601c | |||
| 04618a142b | |||
| 5b306db9b7 | |||
| c0fab3a3a3 | |||
| 2ac47abfcd | |||
| ef6ffd9985 | |||
| 38bdef2fd0 | |||
| 2de7006106 | |||
| 0edb882a06 | |||
| 2c29c75398 |
20
.drone.yml
20
.drone.yml
@ -3,10 +3,12 @@ kind: pipeline
|
||||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: decentral1se/stack-ssh-deploy:latest
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: keycloak
|
||||
networks:
|
||||
- proxy
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
deploy_key:
|
||||
@ -23,11 +25,17 @@ trigger:
|
||||
- master
|
||||
---
|
||||
kind: pipeline
|
||||
name: recipe release
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: thecoopcloud/drone-abra:latest
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
command: recipe keycloak release
|
||||
deploy_key:
|
||||
from_secret: abra_bot_deploy_key
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
@ -6,6 +6,7 @@ DOMAIN=keycloak.example.com
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
ADMIN_USERNAME=admin
|
||||
WELCOME_THEME=keycloak
|
||||
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
@ -21,9 +21,9 @@
|
||||
2. Deploy [`coop-cloud/traefik`][cc-traefik]
|
||||
3. `abra app new keycloak --secrets` (optionally with `--pass` if you'd like
|
||||
to save secrets in `pass`)
|
||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
||||
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app YOURAPPDOMAIN deploy`
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
## How do I setup a custom theme?
|
||||
|
||||
|
||||
30
compose.yml
30
compose.yml
@ -3,7 +3,9 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "jboss/keycloak:16.1.0"
|
||||
image: "keycloak/keycloak:20.0.3"
|
||||
entrypoint: >
|
||||
bash -c "KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
@ -11,14 +13,14 @@ services:
|
||||
- admin_password
|
||||
- db_password
|
||||
environment:
|
||||
- DB_ADDR=db
|
||||
- DB_DATABASE=keycloak
|
||||
- DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
- DB_USER=keycloak
|
||||
- DB_VENDOR=mariadb
|
||||
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
|
||||
- KEYCLOAK_USER=${ADMIN_USERNAME}
|
||||
- PROXY_ADDRESS_FORWARDING=true
|
||||
- KC_DB=mariadb
|
||||
- KC_DB_URL_DATABASE=keycloak
|
||||
- KC_DB_URL_HOST=db
|
||||
- KC_HOSTNAME=${DOMAIN}
|
||||
- KC_PROXY=edge
|
||||
- KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
|
||||
- KEYCLOAK_ADMIN=${ADMIN_USERNAME}
|
||||
- KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
||||
interval: 30s
|
||||
@ -26,7 +28,7 @@ services:
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
volumes:
|
||||
- "themes:/opt/jboss/keycloak/themes"
|
||||
- "themes:/opt/keycloak/themes"
|
||||
depends_on:
|
||||
- mariadb
|
||||
deploy:
|
||||
@ -42,7 +44,7 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.version=4.0.0+16.1.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=5.0.2+20.0.3"
|
||||
|
||||
db:
|
||||
image: "mariadb:10.6"
|
||||
@ -58,6 +60,12 @@ services:
|
||||
- "mariadb:/var/lib/mysql"
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.path: "/tmp/dump.sql.gz"
|
||||
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
|
||||
backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'"
|
||||
|
||||
networks:
|
||||
internal:
|
||||
|
||||
12
release/4.0.0+16.1.0
Normal file
12
release/4.0.0+16.1.0
Normal file
@ -0,0 +1,12 @@
|
||||
This major release comes with a blog post about a CVE:
|
||||
|
||||
https://www.keycloak.org/2021/12/cve.html
|
||||
|
||||
Not all versions are affected but they're suggesting that people upgrade soon.
|
||||
|
||||
As per usual, this upgrade didn't go too smoothly and I ended up having to
|
||||
undeploy and deploy the new versions. The healtcheck kept failing on the new
|
||||
instance when trying to deploy alongside the existing old version. Idk, some
|
||||
docker weirdness.
|
||||
|
||||
No app data errors discovered after upgrade.
|
||||
9
release/5.0.0+20.0.1
Normal file
9
release/5.0.0+20.0.1
Normal file
@ -0,0 +1,9 @@
|
||||
You'll need to remove `/auth/` from your app SSO URLs, e.g.
|
||||
|
||||
https://foo.example.com/auth/realms/foo/protocol/openid-connect/auth
|
||||
|
||||
Would become:
|
||||
|
||||
https://foo.example.com/realms/foo/protocol/openid-connect/auth
|
||||
|
||||
-- decentral1se @ Autonomic
|
||||
Reference in New Issue
Block a user