-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(docker-jans-keycloak-link): add image for jans-keycloak-link (#6417
) * feat(docker-jans-keycloak-link): add image for jans-keycloak-link * chore: set version to 1.0.21-SNAPSHOT Signed-off-by: Mustafa Baser <mbaser@mail.com>
- Loading branch information
1 parent
a4d073a
commit 673d7ea
Showing
27 changed files
with
1,740 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# exclude everything | ||
* | ||
|
||
# include required files/directories | ||
!certs | ||
!conf | ||
!jetty | ||
!libs | ||
!scripts | ||
!LICENSE | ||
!static | ||
!requirements.txt | ||
!templates |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
ignored: | ||
- DL3018 # Pin versions in apk add | ||
- DL3013 # Pin versions in pip | ||
- DL3003 # Use WORKDIR to switch to a directory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,249 @@ | ||
FROM bellsoft/liberica-openjre-alpine:17.0.8 | ||
|
||
# =============== | ||
# Alpine packages | ||
# =============== | ||
|
||
RUN apk update \ | ||
&& apk upgrade --available \ | ||
&& apk add --no-cache openssl python3 tini curl py3-cryptography py3-psycopg2 py3-grpcio \ | ||
&& apk add --no-cache --virtual .build-deps wget git zip | ||
|
||
# ===== | ||
# Jetty | ||
# ===== | ||
|
||
ARG JETTY_VERSION=11.0.16 | ||
ARG JETTY_HOME=/opt/jetty | ||
ARG JETTY_BASE=/opt/jans/jetty | ||
ARG JETTY_USER_HOME_LIB=/home/jetty/lib | ||
|
||
# Install jetty | ||
RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_VERSION}/jetty-home-${JETTY_VERSION}.tar.gz -O /tmp/jetty.tar.gz \ | ||
&& mkdir -p /opt \ | ||
&& tar -xzf /tmp/jetty.tar.gz -C /opt \ | ||
&& mv /opt/jetty-home-${JETTY_VERSION} ${JETTY_HOME} \ | ||
&& rm -rf /tmp/jetty.tar.gz | ||
|
||
# ====== | ||
# Jython | ||
# ====== | ||
|
||
ARG JYTHON_VERSION=2.7.3 | ||
ARG JYTHON_BUILD_DATE='2022-08-01 17:37' | ||
RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSION}/jython-installer-${JYTHON_VERSION}.jar -O /tmp/jython-installer.jar \ | ||
&& mkdir -p /opt/jython \ | ||
&& java -jar /tmp/jython-installer.jar -v -s -d /opt/jython -e ensurepip \ | ||
&& rm -f /tmp/jython-installer.jar /tmp/*.properties | ||
|
||
# ======= | ||
# KC Link | ||
# ======= | ||
|
||
ENV CN_VERSION=1.0.21-SNAPSHOT | ||
ENV CN_BUILD_DATE='2023-11-14 08:13' | ||
ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-keycloak-link-server/${CN_VERSION}/jans-keycloak-link-server-${CN_VERSION}.war | ||
|
||
# Install Link | ||
COPY static/jetty-env.xml /tmp/WEB-INF/jetty-env.xml | ||
RUN mkdir -p ${JETTY_BASE}/jans-keycloak-link/webapps \ | ||
&& wget -q ${CN_SOURCE_URL} -O /tmp/jans-keycloak-link.war \ | ||
&& cd /tmp \ | ||
&& zip -d jans-keycloak-link.war WEB-INF/jetty-web.xml \ | ||
&& zip -r jans-keycloak-link.war WEB-INF/jetty-env.xml \ | ||
&& cp jans-keycloak-link.war ${JETTY_BASE}/jans-keycloak-link/webapps/jans-keycloak-link.war \ | ||
&& java -jar ${JETTY_HOME}/start.jar jetty.home=${JETTY_HOME} jetty.base=${JETTY_BASE}/jans-keycloak-link --add-module=server,deploy,resources,http,http-forwarded,threadpool,jsp,cdi-decorate,jmx,stats,logging-log4j2 --approve-all-licenses \ | ||
&& rm -rf /tmp/jans-keycloak-link.war /tmp/WEB-INF | ||
|
||
# ===================== | ||
# jans-linux-setup sync | ||
# ===================== | ||
|
||
ENV JANS_SOURCE_VERSION=cc9d64f830ac3a07c7dbcbaafe920386e6fdcb7f | ||
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup | ||
|
||
# note that as we're pulling from a monorepo (with multiple project in it) | ||
# we are using partial-clone and sparse-checkout to get the jans-linux-setup code | ||
RUN git clone --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \ | ||
&& cd /tmp/jans \ | ||
&& git sparse-checkout init --cone \ | ||
&& git checkout ${JANS_SOURCE_VERSION} \ | ||
&& git sparse-checkout add ${JANS_SETUP_DIR} | ||
|
||
RUN mkdir -p /etc/jans/conf \ | ||
/app/static/rdbm \ | ||
/app/schema \ | ||
/app/templates/jans-keycloak-link | ||
|
||
# sync static files from linux-setup | ||
RUN cd /tmp/jans \ | ||
&& cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ | ||
&& cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ | ||
&& cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ | ||
&& cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ | ||
&& cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ | ||
&& cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ | ||
&& cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ | ||
&& cp -R ${JANS_SETUP_DIR}/templates/jans-keycloak-link/configuration.ldif /app/templates/jans-keycloak-link/ \ | ||
&& cp -R ${JANS_SETUP_DIR}/templates/jans-keycloak-link/jans-keycloak-link-config.json /app/templates/jans-keycloak-link/ \ | ||
&& cp -R ${JANS_SETUP_DIR}/templates/jans-keycloak-link/jans-keycloak-link-static-config.json /app/templates/jans-keycloak-link/ | ||
|
||
# ====== | ||
# Python | ||
# ====== | ||
|
||
COPY requirements.txt /app/requirements.txt | ||
RUN python3 -m ensurepip \ | ||
&& pip3 install --no-cache-dir -U pip wheel setuptools \ | ||
&& pip3 install --no-cache-dir -r /app/requirements.txt \ | ||
&& pip3 uninstall -y pip wheel | ||
|
||
# ========== | ||
# Prometheus | ||
# ========== | ||
|
||
COPY static/prometheus-config.yaml /opt/prometheus/ | ||
|
||
# ======= | ||
# Cleanup | ||
# ======= | ||
|
||
RUN apk del .build-deps \ | ||
&& rm -rf /var/cache/apk/* /tmp/jans | ||
|
||
# ======= | ||
# License | ||
# ======= | ||
|
||
COPY LICENSE /licenses/LICENSE | ||
|
||
# ========== | ||
# Config ENV | ||
# ========== | ||
|
||
ENV CN_CONFIG_ADAPTER=consul \ | ||
CN_CONFIG_CONSUL_HOST=localhost \ | ||
CN_CONFIG_CONSUL_PORT=8500 \ | ||
CN_CONFIG_CONSUL_CONSISTENCY=stale \ | ||
CN_CONFIG_CONSUL_SCHEME=http \ | ||
CN_CONFIG_CONSUL_VERIFY=false \ | ||
CN_CONFIG_CONSUL_CACERT_FILE=/etc/certs/consul_ca.crt \ | ||
CN_CONFIG_CONSUL_CERT_FILE=/etc/certs/consul_client.crt \ | ||
CN_CONFIG_CONSUL_KEY_FILE=/etc/certs/consul_client.key \ | ||
CN_CONFIG_CONSUL_TOKEN_FILE=/etc/certs/consul_token \ | ||
CN_CONFIG_CONSUL_NAMESPACE=jans \ | ||
CN_CONFIG_KUBERNETES_NAMESPACE=default \ | ||
CN_CONFIG_KUBERNETES_CONFIGMAP=jans \ | ||
CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG=false | ||
|
||
# ========== | ||
# Secret ENV | ||
# ========== | ||
|
||
ENV CN_SECRET_ADAPTER=vault \ | ||
CN_SECRET_VAULT_SCHEME=http \ | ||
CN_SECRET_VAULT_HOST=localhost \ | ||
CN_SECRET_VAULT_PORT=8200 \ | ||
CN_SECRET_VAULT_VERIFY=false \ | ||
CN_SECRET_VAULT_ROLE_ID_FILE=/etc/certs/vault_role_id \ | ||
CN_SECRET_VAULT_SECRET_ID_FILE=/etc/certs/vault_secret_id \ | ||
CN_SECRET_VAULT_CERT_FILE=/etc/certs/vault_client.crt \ | ||
CN_SECRET_VAULT_KEY_FILE=/etc/certs/vault_client.key \ | ||
CN_SECRET_VAULT_CACERT_FILE=/etc/certs/vault_ca.crt \ | ||
CN_SECRET_VAULT_NAMESPACE=jans \ | ||
CN_SECRET_KUBERNETES_NAMESPACE=default \ | ||
CN_SECRET_KUBERNETES_SECRET=jans \ | ||
CN_SECRET_KUBERNETES_USE_KUBE_CONFIG=false | ||
|
||
# =============== | ||
# Persistence ENV | ||
# =============== | ||
|
||
ENV CN_PERSISTENCE_TYPE=ldap \ | ||
CN_HYBRID_MAPPING="{}" \ | ||
CN_LDAP_URL=localhost:1636 \ | ||
CN_LDAP_USE_SSL=true \ | ||
CN_COUCHBASE_URL=localhost \ | ||
CN_COUCHBASE_USER=admin \ | ||
CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ | ||
CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ | ||
CN_COUCHBASE_CONN_TIMEOUT=10000 \ | ||
CN_COUCHBASE_CONN_MAX_WAIT=20000 \ | ||
CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ | ||
CN_COUCHBASE_BUCKET_PREFIX=jans \ | ||
CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ | ||
CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ | ||
CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 | ||
|
||
# =========== | ||
# Generic ENV | ||
# =========== | ||
|
||
ENV CN_MAX_RAM_PERCENTAGE=75.0 \ | ||
CN_WAIT_MAX_TIME=300 \ | ||
CN_WAIT_SLEEP_DURATION=10 \ | ||
CN_KEYCLOAK_LINK_JAVA_OPTIONS="" \ | ||
GOOGLE_PROJECT_ID="" \ | ||
CN_GOOGLE_SECRET_MANAGER_PASSPHRASE=secret \ | ||
CN_GOOGLE_SECRET_VERSION_ID=latest \ | ||
CN_GOOGLE_SECRET_NAME_PREFIX=jans \ | ||
CN_PROMETHEUS_PORT="" \ | ||
CN_AWS_SECRETS_ENDPOINT_URL="" \ | ||
CN_AWS_SECRETS_PREFIX=jans \ | ||
CN_AWS_SECRETS_REPLICA_FILE="" \ | ||
CN_KEYCLOAK_LINK_JETTY_PORT=9092 \ | ||
CN_KEYCLOAK_LINK_JETTY_HOST=0.0.0.0 | ||
|
||
# ========== | ||
# misc stuff | ||
# ========== | ||
|
||
EXPOSE $CN_KEYCLOAK_LINK_JETTY_PORT | ||
|
||
LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/keycloak-link" \ | ||
org.opencontainers.image.authors="Janssen Project <support@jans.io>" \ | ||
org.opencontainers.image.vendor="Janssen Project" \ | ||
org.opencontainers.image.version="1.0.21" \ | ||
org.opencontainers.image.title="Janssen Keycloak Link" \ | ||
org.opencontainers.image.description="" | ||
|
||
RUN mkdir -p /etc/certs \ | ||
${JETTY_BASE}/jans-keycloak-link/logs \ | ||
${JETTY_BASE}/jans-keycloak-link/custom/libs \ | ||
${JETTY_BASE}/common/libs/spanner \ | ||
${JETTY_BASE}/common/libs/couchbase \ | ||
${JETTY_HOME}/temp \ | ||
/usr/share/java \ | ||
/var/jans/cr-snapshots | ||
|
||
COPY templates /app/templates/ | ||
RUN cp /app/templates/jans-keycloak-link/jans-keycloak-link.xml ${JETTY_BASE}/jans-keycloak-link/webapps/ | ||
COPY scripts /app/scripts | ||
RUN chmod +x /app/scripts/entrypoint.sh | ||
|
||
RUN sed -i 's/\(<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"\)\/\(>\)/\1\2<Set name="showContexts">false<\/Set><\/New>/' /opt/jetty/etc/jetty.xml | ||
|
||
RUN ln -sf /usr/lib/jvm/jre /opt/java | ||
|
||
# create non-root user | ||
RUN adduser -s /bin/sh -h /home/1000 -D -G root -u 1000 jetty | ||
|
||
# adjust ownership and permission | ||
RUN chmod 664 ${JETTY_BASE}/jans-keycloak-link/resources/log4j2.xml \ | ||
&& chmod -R g=u ${JETTY_BASE}/jans-keycloak-link/logs \ | ||
&& chmod -R g=u /etc/certs \ | ||
&& chmod -R g=u /etc/jans \ | ||
&& chmod 664 /opt/java/lib/security/cacerts \ | ||
&& chown -R 1000:0 ${JETTY_BASE}/common/libs \ | ||
&& chown -R 1000:0 /usr/share/java \ | ||
&& chown -R 1000:0 /opt/prometheus \ | ||
&& chown 1000:0 ${JETTY_BASE}/jans-keycloak-link/webapps/jans-keycloak-link.xml \ | ||
&& chown -R 1000:0 /var/jans/cr-snapshots \ | ||
&& chown -R 1000:0 ${JETTY_HOME}/temp | ||
|
||
USER 1000 | ||
|
||
RUN mkdir -p $HOME/.config/gcloud | ||
|
||
ENTRYPOINT ["tini", "-e", "143", "-g", "--"] | ||
CMD ["sh", "/app/scripts/entrypoint.sh"] |
Oops, something went wrong.