Migrating KC 14 to KC 18 : local dev?

christopheblin · May 9, 2022, 6:58am

Hello there,

I try to migrate from KC 14 to KC 18 and I see that the new quarkus runtime in v17 has changed a lot of things, notably on the local-dev side

As I understand from the docs, it’s best to start a fresh new install of KC 18 and then to integrate back our java plugins, themes, etc… is that correct ?

However, I cannot find a doc explaining how to setup a local dev environment, could someone point me in the right direction ?

Currently, we “build and run” locally through a multi-stage Dockerfile (see below), is that possible and recommended with KC 18 ?

#build plugin

FROM maven:3.6.2-jdk-8 AS builder

WORKDIR /app/

#/!\at first, copy only pom.xml and download plugins and dependencies so they are in the docker cache most of the time

#see https://stackoverflow.com/a/47970045/1545567 (and others)

COPY ./keycloak-plugins/pom.xml keycloak-plugins/pom.xml

RUN mvn -Dmaven.repo.local=./.m2 dependency:resolve-plugins dependency:resolve clean package -f keycloak-plugins

COPY ./keycloak-plugins keycloak-plugins/

RUN mvn -Dmaven.repo.local=./.m2 install -f keycloak-plugins

#build keycloak image with theme and plugin

FROM jboss/keycloak:14.0.0

#bad practice, but does not work without it... :(

USER root

#copy resources

COPY --from=builder /app/keycloak-plugins/target/keycloak-plugins-1.0.0-SNAPSHOT.jar .

ADD https://repo1.maven.org/maven2/com/rabbitmq/amqp-client/5.9.0/amqp-client-5.9.0.jar .

COPY ./scripts/ scripts/

COPY ./themes /opt/jboss/keycloak/themes

RUN chmod +r ./amqp-client-5.9.0.jar

USER jboss

# register the jars

RUN $JBOSS_HOME/bin/jboss-cli.sh --file=scripts/keycloak-plugins-config.cli

RUN $JBOSS_HOME/bin/jboss-cli.sh --file=scripts/module-add.cli

acidsys · May 11, 2022, 11:03am

Are you talking about a “dev” environment to develop/program Keycloak internals or just try out Keycloak before deploying it in production? In either case you seem to be using some custom docker file - if you want to continue using Docker, I’d suggest starting with the official container and then writing a new Dockerfile using it as its base.

christopheblin · May 18, 2022, 7:39am

I did what you said starting with Running Keycloak in a container - Keycloak as a base and adding my plugin and my theme inside

#
# build our java plugin
#
FROM maven:3.8.5-jdk-11 AS builder
WORKDIR /app/
#/!\at first, copy only pom.xml and download plugins and dependencies so they are in the docker cache most of the time
#see https://stackoverflow.com/a/47970045/1545567 (and others)
COPY ./keycloak-plugin/pom.xml keycloak-plugin/pom.xml
RUN mvn -Dmaven.repo.local=./.m2 dependency:resolve-plugins dependency:resolve clean package -f keycloak-plugin
COPY ./keycloak-plugin keycloak-plugin/
RUN mvn -Dmaven.repo.local=./.m2 install -f keycloak-plugin

#
# build keycloak with theme, plugin (+ dependencies) and metrics
# note: see https://www.keycloak.org/server/containers
#
FROM quay.io/keycloak/keycloak:18.0
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres
USER root 
COPY --from=builder /app/keycloak-plugin/target/keycloak-plugin-1.0.0-SNAPSHOT.jar /opt/keycloak/providers/keycloak-plugin-1.0.0-SNAPSHOT.jar
ADD https://repo1.maven.org/maven2/com/googlecode/libphonenumber/libphonenumber/8.12.31/libphonenumber-8.12.31.jar /opt/keycloak/providers/libphonenumber-8.12.31.jar
ADD https://repo1.maven.org/maven2/com/rabbitmq/amqp-client/5.9.0/amqp-client-5.9.0.jar /opt/keycloak/providers/amqp-client-5.9.0.jar
ADD https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar
COPY ./themes /opt/keycloak/themes
 # http-relative-path is for backward compat
RUN /opt/keycloak/bin/kc.sh build --http-relative-path=/auth
#security for runAsNonRoot (it comes from https://github.com/keycloak/keycloak/blob/main/quarkus/container/Dockerfile)
RUN chown -R 1000:1000 /opt/keycloak
USER 1000
WORKDIR /opt/keycloak
# the real command (and so the real config variables) will come from helm chart or docker-compose
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

The docker-compose :

version: "3.7"

services:
  rabbitmq:
    image: rabbitmq:3.8-management-alpine
    ports:
      - '25672:5672'
      - '35672:15672'

  postgres:
    image: postgres:13.6
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: password
    ports:
      - 15432:5432

  keycloak:
    build: 
      context: .
      dockerfile: Dockerfile
    image: my/keycloak
    depends_on:
      - postgres
      - rabbitmq
    ports:
      - 9000:8080
    environment:
      - KC_DB_URL=jdbc:postgresql://postgres/keycloak
      - KC_DB_USERNAME=keycloak
      - KC_DB_PASSWORD=password
      - RMQ_CONNECTION_NAME=keycloak-local
      - RMQ_HOST=rabbitmq
      - RMQ_PORT=5672
      - RMQ_USE_SSL=false
      - RMQ_USERNAME=guest
      - RMQ_PASSWORD=guest
      - RMQ_VHOST=/
      - RMQ_EXCHANGE=keycloak
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD=admin
    volumes:
      - ./themes:/opt/keycloak/themes
    entrypoint: 
      - "/opt/keycloak/bin/kc.sh"
      - "start" #to debug, use "start-dev"
      - "--spi-theme-static-max-age=-1"
      - "--spi-theme-cache-themes=false"
      - "--spi-theme-cache-templates=false"
      - "--spi-theme-welcome-theme=mybusV2"
      - "--http-enabled=true"
      - "--http-port=8080"
      - "--hostname-strict=false"
      - "--hostname-strict-https=false"     
      #- "--log-level=debug" 

volumes:
  postgres_data:
    driver: local