Domain Driven Architecture

Keycloak: Migrate away from Bitnami

Newest Posts

Keycloak: Migrate away from Bitnami

Bitnami · Devops · K8s · Keycloak · Sso

2 minutes

Upcoming Federate User Activities

Federation · Forgejo · Go

1 minute

HowTo: Setup forgejo runner and create basic actions

Actions · Forgejo · Package · Runner

7 minutes

We used the Bitnami distribution for keycloak and to be honest this was an intuitive decision. I think the reason was, most of the HowTos we found are based on bitnamis Helm Chart.

Instead of helm, we use our own Convention 4 Kubernetes or short c4k - just because we believe in Use a programming language if you do software. Helm template language we consider not to be a programming language.

This means our way to replace Bitnami is not as hard as it might be for many others …

Long story short, pleas find attached our solution:

1. Use original Keycloak Image instead of Bitnamis

A short deep dive in Bitnamis way to customize the original image showed us some

  • magic around the existing way to handle environment vars,
  • environment validaton and
  • a customized entry point script.

There are some features we did not investigate deeply like

  • the nice feature import exported realms (we do not use this) and
  • keycloaks initial compile configuration step (maybe it makes sense to persist the compiled configuration in a small persistent volume, to speed up the startup).

But in it’s core, we think skipping this magic is not a big loose.

To this point our compose would look like:

services:
  keycloak:
    container_name: keycloak
    image: quay.io/keycloak/keycloak:latest

2. Migrate Environment Vars

Original keycloak uses the prefix KC_ instead of bitnamis KEYCLOAK_. The most environments have an original keylcoak equivalent.

services:
  keycloak:
    container_name: keycloak
    image: quay.io/keycloak/keycloak:latest
    environment:
      KC_BOOTSTRAP_ADMIN_USERNAME: admin 
      KC_BOOTSTRAP_ADMIN_PASSWORD: admin1234

      KC_CACHE: "ispn"

      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres_db:5432/keycloak?currentSchema=public
      KC_DB_USER: keycloak
      KC_DB_PASSWORD: test1234
      
      KC_HEALTH_ENABLED: "true"
      KC_HTTP_ENABLED: "true"
      KC_HTTP_PORT: 8080
      KC_HTTP_RELATIVE-PATH: /
      KC_HTTPS_ENABLED: "false"
      KC_HOSTNAME: http://localhost
      
      KC_PROXY-HEADERS: "xforwarded"
      KC_SPI-ADMIN_REALM: "master"

Migrate the existing Instance

After elaborating the equivalent configuration we set up a new server and restored our backup there. There was no hidden problems.

A direct container replace might also work.

You can find the full compose file at: https://repo.prod.meissa.de/meissa/c4k-keycloak/src/branch/main/infrastructure/compose/compose.yaml

If you are interested in the k8s resources have a look at: https://repo.prod.meissa.de/meissa/c4k-keycloak

Tags

Actions Architecture Bitnami Build Clojure Clojure Ide Composition Config Management Convention Over Configuration Credentials Data-Test Dda-Cloudspec Dda-Managedvm-Crate Dda-Pallet Dda-Serverspec-Crate Devops Encryption Federation Firewall Forgejo Go Gopass Howto Infrastructure K3s K8s Keycloak Kubernetes Mach Notebook Opensource Package Pallet Password-Manager Phases Reference Runner Sso Terraform Tutorial Unit Testing Virtualbox Vmware

We Support