Create admin user in Cloud Run to authenticate another Cloud Run service


I have a service running in Google Cloud Run that I would like to authenticate to using Keycloak. So far I have everything working locally just fine using docker run and passing the admin usr/pwd as command line arguments.

I can get Keycloak to run as a service in the cloud but cannot make the admin user/pwd as before, even after setting them as env variables. I am met with this screen instead:

So far I havent found a way to attach a shell to a cloud run container in which case I would use the add-user script as seen in this solution: Keycloak 17 impossible to create initial admin user

Is it possible/recommended to run Keycloak like this for my use case? The containers are only active when needed. I would like to at least run/connect Keycloak in development mode to my other service as a starting point but cannot find a way to create the admin user as a service in Google Cloud Run.

image version: 15.0.2
https: enabled

Try running version 18.0.2 (the latest) which is based on quarks. It’s lighter.

Set two environment variables: KC_ADMIN (the admin username) and KC_ADMIN_PASSWORD (the admin password).

You probably need also KC_PROXY=edge and KC_HOSTNAME_STRICT=false.

Change the command to start and you should be good to go. Take a look at the guides section of the docs, particularly the "reverse proxy " guide.

Thanks for your reply -

I have tried this and so far the container immediately exits both locally using docker run as well as a manually created cloud run service. Does this method work best with one initialization in particular (Dockerfile/docker compose, cli: docker run/gcloud, google cloud console gui)?

Take a look at this guide: Running Keycloak in a container - Keycloak

Turns out Keycloak needs a lot more computing resources than I thought so the container wasnt operating correctly. After adjusting, I was able to reach the admin login just fine and go from there. Thanks again.

1 Like