26 lines
669 B
YAML
26 lines
669 B
YAML
|
# keycloak — identity / SSO
|
||
|
|
# Networks: app (apps reach the realm endpoints) + mgmt (admin console)
|
||
|
|
|
||
|
|
services:
|
||
|
|
keycloak:
|
||
|
|
image: quay.io/keycloak/keycloak:26.0
|
||
|
|
restart: unless-stopped
|
||
|
|
command: ["start", "--optimized"]
|
||
|
|
networks: [app, mgmt]
|
||
|
|
environment:
|
||
|
|
KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
|
||
|
|
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
||
|
|
KC_HOSTNAME: ${KEYCLOAK_HOSTNAME:-}
|
||
|
|
KC_PROXY_HEADERS: xforwarded
|
||
|
|
KC_HTTP_ENABLED: "true"
|
||
|
|
# TODO: external DB (KC_DB=postgres) once sql stack lands
|
||
|
|
volumes:
|
||
|
|
- keycloak-data:/opt/keycloak/data
|
||
|
|
|
||
|
|
networks:
|
||
|
|
app:
|
||
|
|
mgmt:
|
||
|
|
|
||
|
|
volumes:
|
||
|
|
keycloak-data:
|