This project is used for setUp docker image, which will be used as a preconfigured Keycloak to run it as the identity provider with custom extensions. This IKI comes with selected extensions (here with a prometheus metrics exporter).
Use original Keycloak image from quay.io/keycloak/ or mirror it if needed to your specific repository and provide its destination inside the Dockerfile. In this version the Keycloak image with tag 26.0.8 is used.
It's intended to be used with the Helm chart provided in the gitHub repo
There are the metrics extension used keycloak-metrics-spi. The extension has not been modified and is used as is.
When you deploy Keycloak using this image, a new REST endpoint is made
available: https://my-keycloak-instance/auth/realms/master/metrics.
From this endpoint you will be able to access all metrics from all(!) realms no matter what realm is in the URL.
(!) This path is not password-protected. To prevent unauthorized access to the metrics the chart blocks the path by using ha-proxy
To provide the metrics to the monitoring infrastructure HAProxy forwards requests from :9542/metrics to Keycloak metrics. You can see how HAProxy configured under templates/configmap-haproxy.yaml directory.
To run an on-the-fly development Keycloak on your local machine, follow these steps: original documentation
- Download Keycloak server binaries here: https://www.keycloak.org/downloads
- Unzip to desired location
- Run development mode with
kc.sh start-devorkc.bat start-dev - Set up a realm. You may also add an identity provider redirecting to the master realm.
Delete the h2 directory in your keycloak/data directory.
You can build the Keycloak image locally using a multi-stage Docker build, which compiles custom extensions and packages them into the final image — no manual steps required.
This build process includes:
- Building all custom Keycloak extensions, such as
keycloak-metrics-spiandclient-auth-method-spi - Packaging the compiled extensions directly into the final Keycloak image
To run the build:
docker build -t iris .By default, the image uses the Keycloak version specified in the Dockerfile (BASE_IMAGE_TAG). If you want to override
it:
docker build --build-arg BASE_IMAGE_TAG=24.0.2 -t iris .💡 On non-amd64 machines, you may need to add --platform=linux/amd64. On most systems, it’s safe to omit it.
This project has adopted the Contributor Covenant in version 2.1 as our code of conduct. Please see the details in our CODE_OF_CONDUCT.md. All contributors must abide by the code of conduct.
By participating in this project, you agree to abide by its Code of Conduct at all times.
This project follows the REUSE standard for software licensing. Each file contains copyright and license information, and license texts can be found in the ./LICENSES folder. For more information visit https://reuse.software/.
This project enforces Conventional Commits for all commits. All commit messages must follow the Conventional Commits specification. This is automatically checked in CI for both pushes and pull requests.
The reuse tool can be used to verify and establish compliance when new files are added.
For more information on the reuse tool visit https://github.com/fsfe/reuse-tool.
Check for incompliant files (= not properly licensed)
Run pipx run reuse lint
Get an SPDX file with all licensing information for this project (not for dependencies!)
Run pipx run reuse spdx
Add licensing and copyright statements to a new file
Run pipx run reuse annotate -c="<COPYRIGHT>" -l="<LICENSE-SPDX-IDENTIFIER>" <file>
Replace <COPYRIGHT> with the copyright holder, e.g "Deutsche Telekom AG", and <LICENSE-SPDX-IDENTIFIER> with the ID of the license the file should be under. For possible IDs see https://spdx.org/licenses/.
Add a new license text
Run pipx run reuse download --all to add license texts for all licenses detected in the project.