{"id":19767211,"url":"https://github.com/camunda/keycloak","last_synced_at":"2025-04-30T15:32:49.837Z","repository":{"id":226001501,"uuid":"676999225","full_name":"camunda/keycloak","owner":"camunda","description":"Camunda's Keycloak Docker image: AWS-wrapped and PostgreSQL-compatible! 🐳🚀🔗","archived":false,"fork":false,"pushed_at":"2025-04-26T15:26:10.000Z","size":2286,"stargazers_count":7,"open_issues_count":2,"forks_count":4,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-26T16:29:27.692Z","etag":null,"topics":["c8","camunda","container","docker","keycloak","team-infrastructure-experience"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/camunda/keycloak","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/camunda.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-08-10T13:56:51.000Z","updated_at":"2025-04-26T15:26:12.000Z","dependencies_parsed_at":"2024-05-02T12:40:49.646Z","dependency_job_id":"ab9b5759-7683-4de6-8cbd-6f8d87ed31f0","html_url":"https://github.com/camunda/keycloak","commit_stats":null,"previous_names":["camunda/keycloak"],"tags_count":47,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camunda%2Fkeycloak","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camunda%2Fkeycloak/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camunda%2Fkeycloak/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camunda%2Fkeycloak/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/camunda","download_url":"https://codeload.github.com/camunda/keycloak/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251732345,"owners_count":21634766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c8","camunda","container","docker","keycloak","team-infrastructure-experience"],"created_at":"2024-11-12T04:28:32.451Z","updated_at":"2025-04-30T15:32:49.826Z","avatar_url":"https://github.com/camunda.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Camunda Keycloak Container Image\n\n[![build-images](https://img.shields.io/badge/Camunda-FC5D0D)](https://www.camunda.com/)\n[![build-images](https://github.com/camunda/keycloak/actions/workflows/build-images.yml/badge.svg?branch=main)](https://github.com/camunda/keycloak/actions/workflows/build-images.yml)\n[![Docker image](https://img.shields.io/badge/docker.io%2Fcamunda%2Fkeycloak-e4f0fb?logo=docker\u0026label=docker%20amd64,arm64)](https://hub.docker.com/r/camunda/keycloak/tags)\n[![Licence](https://img.shields.io/github/license/camunda/keycloak)](https://github.com/camunda/keycloak/blob/main/LICENSE)\n\nThis Docker image provides a generic Keycloak setup based on [bitnami/keycloak](https://hub.docker.com/r/bitnami/keycloak). It also includes:\n* an optional AWS wrapper, allowing for the use of AWS Identity and Access Management (IAM) Roles for Service Accounts (IRSA) for database authentication.\n* an optional [Camunda Identity](https://docs.camunda.io/docs/self-managed/identity/what-is-identity/) login theme\n\n## Getting Started\n\n- 📘 For all Keycloak-related questions, please refer to the **official Keycloak documentation** at https://www.keycloak.org/guides#getting-started.\n\n-  🐳🚀 To **run Keycloak** in a containerized environment, follow these steps:\n\n### Prerequisites\n\nMake sure you have Docker installed on your machine.\n\n### ⚙️ Starting the Container\n\nTo start the image, run:\n\n```bash\ndocker run --name mykeycloak -p 8443:8443 \\\n        -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \\\n        docker.io/camunda/keycloak:26\n```\n\nKeycloak will start in production mode, using secured HTTPS communication and will be available at [https://localhost:8443](https://localhost:8443).\n\n### 🏷️ Available Tags on Docker Hub\n\nExplore the available tags for the Camunda Keycloak Docker image on [Docker Hub](https://hub.docker.com/r/camunda/keycloak/tags):\nSince we derive this image from the __base image__ of Bitnami Keycloak, you can find the base image tags at [hub.docker.com/bitnami/keycloak](https://hub.docker.com/r/bitnami/keycloak/tags).\n\n- `:\u003cbase image version\u003e-\u003cyyyy-mm-dd\u003e-\u003citeration\u003e`: This tag is associated with a specific date and incremental number (e.g., `24-2024-03-04-004`). It is recommended for **production use** due to its **immutable nature**. 🏷️\n- `:\u003cbase image version\u003e`: Refers to the latest build of a particular Keycloak version (e.g., `24.0.1-0`).\n- `:\u003cmajor keycloak version\u003e`: Indicates the latest build of the specified major Keycloak version (e.g., `24`).\n- `:latest`: Corresponds to the latest stable build of the most recent Keycloak version.\n\n## Configuration\n\nBitnami Keycloak container image configuration is available at [hub.docker.com/bitnami/keycloak](https://hub.docker.com/r/bitnami/keycloak).\n\n## IAM Roles for Service Accounts (IRSA) Support\n\nSince Keycloak version 21 and onwards, you can utilize the AWS Advanced JDBC Wrapper included in this image to enable IRSA (IAM Role for Service Accounts). Refer to the [Keycloak documentation](https://www.keycloak.org/server/containers) for more information.\n\n### Kubernetes Configuration\n\nFor Kubernetes with IRSA, configure the following environment variables:\n\n```yaml\n- name: KEYCLOAK_EXTRA_ARGS\n  value: \"--db-driver=software.amazon.jdbc.Driver --transaction-xa-enabled=false --log-level=INFO,software.amazon.jdbc:INFO\"\n- name: KEYCLOAK_JDBC_PARAMS\n  value: \"wrapperPlugins=iam\"\n- name: KEYCLOAK_JDBC_DRIVER\n  value: \"aws-wrapper:postgresql\"\n\n- name: KEYCLOAK_DATABASE_USER\n  value: db-user-name\n- name: KEYCLOAK_DATABASE_NAME\n  value: db-name\n- name: KEYCLOAK_DATABASE_HOST\n  value: db-host\n- name: KEYCLOAK_DATABASE_PORT\n  value: 5432\n\n- name: KEYCLOAK_ENABLE_STATISTICS\n  value: \"true\"\n- name: KEYCLOAK_ENABLE_HEALTH_ENDPOINTS\n  value: \"true\"\n```\n\nDon't forget to set the `serviceAccountName` of the deployment/statefulset to point to the created service account with the IRSA annotation.\n\n#### Usage with Helm Chart\n\nTo use this image in the Helm chart [bitnami/keycloak](https://artifacthub.io/packages/helm/bitnami/keycloak), update the image used and add the necessary extra environment variables:\n\n```yaml\nimage: docker.io/camunda/keycloak:26\nextraEnvVars:\n  - name: KEYCLOAK_EXTRA_ARGS\n    value: \"--db-driver=software.amazon.jdbc.Driver --transaction-xa-enabled=false --log-level=INFO,software.amazon.jdbc:INFO\"\n  - name: KEYCLOAK_JDBC_PARAMS\n    value: \"wrapperPlugins=iam\"\n  - name: KEYCLOAK_JDBC_DRIVER\n    value: \"aws-wrapper:postgresql\"\nexternalDatabase:\n  host: \"aurora.rds.your.domain\"\n  port: 5432\n  user: keycloak\n  database: keycloak\n\nglobal:\n  security:\n    # The following parameter is required due to https://github.com/bitnami/charts/issues/30850\n    # It does not lower security, as it only allows forks of Bitnami images, such as this one, to be deployed by the chart.\n    allowInsecureImages: true\n```\n\nFeel free to adjust the values according to your actual configuration.\n\n## Reference\n\n- [Keycloak Documentation](https://www.keycloak.org/documentation).\n- [Keycloak Documentation: Keycloak on Amazon EKS with IRSA](https://www.keycloak.org/server/db#preparing-keycloak-for-amazon-aurora-postgresql).\n- [Camunda Documentation: Keycloak on Amazon EKS with IRSA](https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/platforms/amazon-eks/irsa/).\n- [Keycloak Documentation: Memory and CPU sizing](https://www.keycloak.org/high-availability/concepts-memory-and-cpu-sizing).\n\n## Contributions\n\nWe welcome contributions and enhancements to this Docker image. Feel free to join the [GitHub Discussion](https://github.com/camunda/keycloak/issues) around enhancements of the admin bootstrapping process.\n\n---\n\n**Keycloak is a Cloud Native Computing Foundation incubation project.**\n\n© Keycloak Authors 2023. © 2023 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our [Trademark Usage page](https://www.linuxfoundation.org/trademark-usage/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcamunda%2Fkeycloak","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcamunda%2Fkeycloak","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcamunda%2Fkeycloak/lists"}