stefan
93692be5e8
Some checks failed
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 7m23s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m36s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m56s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Failing after 38s
33 lines
1.1 KiB
Docker
33 lines
1.1 KiB
Docker
# ===================================================================
|
|
# Production-Ready Keycloak Dockerfile
|
|
# ===================================================================
|
|
# Based on: quay.io/keycloak/keycloak:<KEYCLOAK_IMAGE_TAG>
|
|
# Features:
|
|
# - Pre-built optimized image (faster startup via --optimized)
|
|
# - Security hardening (non-root user 1000)
|
|
# - Health & Metrics endpoints enabled
|
|
# ===================================================================
|
|
ARG KEYCLOAK_IMAGE_TAG=26.5.5
|
|
FROM quay.io/keycloak/keycloak:${KEYCLOAK_IMAGE_TAG}
|
|
|
|
LABEL maintainer="Meldestelle Development Team"
|
|
LABEL description="Production-ready Keycloak for Meldestelle authentication"
|
|
|
|
# Set environment variables for build-time optimisation
|
|
ENV KC_HEALTH_ENABLED=true
|
|
ENV KC_METRICS_ENABLED=true
|
|
ENV KC_DB=postgres
|
|
|
|
WORKDIR /opt/keycloak
|
|
|
|
# Pre-build Keycloak for faster startup (--optimized flag in KC_COMMAND)
|
|
RUN /opt/keycloak/bin/kc.sh build \
|
|
--db=postgres \
|
|
--health-enabled=true \
|
|
--metrics-enabled=true
|
|
|
|
# Run as non-root user
|
|
USER 1000
|
|
|
|
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
|