-
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathcompose.yaml
More file actions
145 lines (129 loc) · 3.63 KB
/
compose.yaml
File metadata and controls
145 lines (129 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
services:
oauth2:
build:
context: .
dockerfile: ./Dockerfile
target: oauth2
ports:
- "8000:8000"
environment:
RUST_LOG: "info"
ROCKET_ADDRESS: "0.0.0.0"
OAUTH_ISSUER: "http://host.docker.internal:9100/realms/dev"
ROOT_CA_PATH: "/data/root-ca.pem"
ROOT_CA_KEY_PATH: "/data/root-ca-key.pem"
LEDGER_PATH: "/data/ledger.csv"
CRL_PATH: "/data/issuing.crl"
CRL_DIST_URL: "http://localhost:8000/crl/issuing.crl"
volumes:
- oauth2:/data
healthcheck:
test: ["CMD", "/app/healthcheck"]
interval: 30s
timeout: 3s
start_period: 10s
retries: 3
webhook:
build:
context: .
dockerfile: ./Dockerfile
target: webhook
ports:
- "8100:8000"
environment:
RUST_LOG: "info"
ROCKET_ADDRESS: "0.0.0.0"
OAUTH_ISSUER: "http://host.docker.internal:9100/realms/dev"
OAUTH_CLIENT_ID: "test-client-secret"
OAUTH_CLIENT_SECRET: "some-secret"
SERVER_BASE_URL: "http://localhost:8000"
SPOOL_DIR: "/data/spool"
WEBHOOK_BASIC_USER: "user"
WEBHOOK_BASIC_PASSWORD: "password"
volumes:
- webhook:/data/spool
healthcheck:
test: ["CMD", "/app/healthcheck"]
interval: 30s
timeout: 3s
start_period: 10s
retries: 3
keycloak:
image: quay.io/keycloak/keycloak:26.3.3
ports:
- "9100:9100"
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
KC_LOG_CONSOLE_COLOR: "true"
KC_HTTP_PORT: 9100
WEBHOOK_HTTP_BASE_PATH: "http://host.docker.internal:8100/api/webhook"
WEBHOOK_HTTP_AUTH_USERNAME: "user"
WEBHOOK_HTTP_AUTH_PASSWORD: "password"
entrypoint: /bin/sh
command:
- -c
- |
set -ex
cp /tmp/libs/*.jar /opt/keycloak/providers # Copy the provider jars to the providers directory
/opt/keycloak/bin/kc.sh start-dev --import-realm # Start Keycloak in dev mode and import the realm
volumes:
- ./.docker/keycloak_config/:/opt/keycloak/data/import/:ro
- ./root-ca.pem:/etc/ssl/root-ca.pem
- spi:/tmp/libs:ro
depends_on:
download-theme:
condition: service_completed_successfully
keycloak-config:
image: quay.io/keycloak/keycloak:26.3.3
restart: on-failure
entrypoint: /bin/sh
command:
- -c
- |
set -e
/opt/keycloak/bin/kcadm.sh config credentials --server http://keycloak:9100 --realm master --user admin --password password
/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
echo "Done"
depends_on:
keycloak:
condition: service_started
download-theme:
image: busybox
command:
- /bin/sh
- -c
- |
set -e;
rm -rf /spi/*.jar
wget -O /spi/keycloak-webhook-provider-core.jar "https://github.com/vymalo/keycloak-webhook/releases/download/v0.9.1/keycloak-webhook-provider-core-0.9.1-all.jar"
wget -O /spi/keycloak-webhook-provider-http.jar "https://github.com/vymalo/keycloak-webhook/releases/download/v0.9.1/keycloak-webhook-provider-http-0.9.1-all.jar"
echo "Downloaded theme";
volumes:
- spi:/spi
ubuntu:
image: bitnami/os-shell
command:
- /bin/sh
- -c
- |
set -ex
tail -f /dev/null
volumes:
- spi:/data/spi
- webhook:/data/webhook
- oauth2:/data/oauth2
volumes:
spi:
webhook:
driver: local
driver_opts:
type: "none"
o: "bind"
device: "./.docker/tmp"
oauth2:
driver: local
driver_opts:
type: "none"
o: "bind"
device: "./.docker/tmp"