[1/2] STEP 5/5: RUN /opt/keycloak/bin/kc.sh build
Updating the configuration and installing your custom providers, if any. Please wait.
ERROR: Failed to run 'build' command.
ERROR: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
[error]: Build step org.keycloak.quarkus.deployment.KeycloakProcessor#configureProviders threw an exception: java.lang.IllegalArgumentException: No enum constant org.keycloak.common.Profile.ProfileValue.TOKEN-EXCHANGE
I’m not sure what that error is trying to tell me; I’d appreciate any pointers. Thanks!
Agreed. If I remove the ENV KC_FEATURES=token-exchange it actually builds just fine for me, but at startup appears to ignore the KC_* environment variables that are meant to configure database access.
Of particular note, the KC_DB_USERNAME and KC_DB_PASSWORD environment variables don’t appear to work, which is why I had to provide them on the command line instead.
keycloak-x was just the preview versions, it’s now regular quay.io/keycloak/keycloak.
Legacy version have the -legacy to the version tag, e.g. quay.io/keycloak/keycloak:17.0.0-legacy.
This is also mentioned in the blog post and migration guide!
Note that while KC_DB_URL appears to work just fine, KC_DB_USERNAME and KC_DB_PASSWORD do not, so those had to be provided on the command line rather than as environment variables.
What blog post? What migration guide? I’m following the container guide, which seems to have some misinformation in it.
Using the quay.io/keycloak/keycloak repository, it looks like I’ll need to start from scratch because kc.sh appears to have changed completely. Maybe the “migration guide” addresses this? I’ll see if I can find it.
Using quay.io/keycloak/keycloak, things seems to work a little better. The KC_* environment variables appear to work as described, so I can use this Dockerfile:
FROM quay.io/keycloak/keycloak:17.0.0 as builder
ENV KC_DB=postgres
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:17.0.0
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak
# for demonstration purposes only, please make sure to use proper
# certificates in production instead
RUN keytool \
-genkeypair \
-storepass password \
-storetype PKCS12 \
-keyalg RSA \
-keysize 2048 \
-dname "CN=server" \
-alias server \
-ext "SAN:c=DNS:localhost,IP:127.0.0.1" \
-keystore conf/server.keystore
ENV KEYCLOAK_ADMIN=admin
ENV KEYCLOAK_ADMIN_PASSWORD=change_me
ENV KC_HOSTNAME=localhost:8443
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]