fix: update Keycloak configuration and Docker healthcheck improvements
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 6m48s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 6m40s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m44s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m31s
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 6m48s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 6m40s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m44s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m31s
- Enabled `directAccessGrants` for `frontend-client` in `meldestelle-realm.json` to support ROPC login flow. - Strengthened admin credentials in realm configuration to meet password policy requirements. - Upgraded Keycloak to `26.5.5` with updated Docker healthcheck logic: - Replaced `curl` with bash `/dev/tcp` for compatibility with `ubi9-micro` image. - Switched health endpoint from `/ready` to `/live` for single-node use. - Adjusted healthcheck timings (`start_period`, `timeout`, `interval`) for smoother startup. - Removed deprecated v1 hostname parameter `KC_HOSTNAME_STRICT_HTTPS`. Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
This commit is contained in:
@@ -1,16 +1,18 @@
|
||||
# ===================================================================
|
||||
# Production-Ready Keycloak Dockerfile
|
||||
# ===================================================================
|
||||
# Based on: quay.io/keycloak/keycloak:26.4
|
||||
# Based on: quay.io/keycloak/keycloak:26.5.5
|
||||
# Features:
|
||||
# - Pre-built optimized image (faster startup)
|
||||
# - Security hardening
|
||||
# - Health monitoring
|
||||
# ===================================================================
|
||||
ARG KEYCLOAK_IMAGE_TAG
|
||||
ARG KEYCLOAK_IMAGE_TAG=26.5.5
|
||||
|
||||
FROM quay.io/keycloak/keycloak:${KEYCLOAK_IMAGE_TAG}
|
||||
|
||||
ARG KEYCLOAK_IMAGE_TAG=26.5.5
|
||||
|
||||
LABEL maintainer="Meldestelle Development Team"
|
||||
LABEL description="Production-ready Keycloak for Meldestelle authentication"
|
||||
LABEL version="${KEYCLOAK_IMAGE_TAG}"
|
||||
|
||||
@@ -239,7 +239,7 @@
|
||||
"protocol": "openid-connect",
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"authorizationServicesEnabled": false,
|
||||
"attributes": {
|
||||
@@ -283,7 +283,7 @@
|
||||
"credentials": [
|
||||
{
|
||||
"type": "password",
|
||||
"value": "password",
|
||||
"value": "Admin#1234",
|
||||
"temporary": false
|
||||
}
|
||||
],
|
||||
@@ -395,4 +395,4 @@
|
||||
"clientSessionMaxLifespan": "0",
|
||||
"clientOfflineSessionIdleTimeout": "0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user