containers
containers copied to clipboard
bitnami
[bitnami/keycloak] Better support for importing realms
Name and Version
bitnami/keycloak:18.0.2
What is the problem this feature will solve?
Simplify docker-compose (and probably orchestrators) setup when I need to start a keycloak instance with a realm imported on startup.
I need to import a realm in json format when my KC service starts up. Essentially I wanted to run ./kc.sh -cf ... start-dev --import-realms. The --import-realms flag tells KC to check the $KC_HOME/data/import directory for json files and import those into its database as realms.
I wanted to solve this problem by
- in the
volumessection of docker-compose: mounting myrealm.jsoninto/opt/bitnami/keycloak/data/import/realm.json - passing KEYCLOAK_EXTRA_ARGS: '--import-realm' env var
The result: the data directory doesn't exist on the docker image by default. Hence docker-compose created it for me in the container, but this way its owner was the root user. As a result, when I tried to log in to KC, KC couldn't create the $KC_HOME/data/tmp` directory (permission error).
What is the feature you are proposing to solve the problem?
Create an empty /opt/bitnami/keycloak/data directory when building the Dockerfile so that it will be owned by the default user.
What alternatives have you considered?
For now, I worked the problem around by:
adding these volumes to the compose file:
volumes:
- './import-realm.sh:/docker-entrypoint-initdb.d/0-import-realm.sh'
- './realm.json:/var/realm.json'
where import-realm.sh is
#!/bin/bash
cd /opt/bitnami/keycloak
mkdir -p data/import
cp /var/realm.json data/import
But this took quite some time overall to figure out and it feels just like a sluggish workaround.
Thanks for reporting this issue. Would you like to contribute by creating a PR to solve the issue? The Bitnami team will be happy to review it and provide feedback. Here you can find the contributing guidelines.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Unfortunately, this suggestion was added some time ago and although there is an internal task to evaluate it, it was not planned as something to address in the short/mid term. It's not a technical reason but something related to the capacity since we're a small team.
Being said that, contributions via PRs are more than welcome in both repositories (containers and charts). Just in case you would like to contribute.
For anyone looking to import realms, it's entirely possible now thanks to https://github.com/bitnami/containers/issues/4761
You need to specify extraStartupArgs: "--import-realm" and mount a volume with the import path /opt/bitnami/keycloak/data/import with your realm json files coming from a config map or a secret for instance.
The full documentation is available at https://www.keycloak.org/server/importExport just remember keycloak is installed in a bitnami subfolder (so don't use the default path provided on the documentation).
I spent too much time configuring it, I thought it could help someone to have this information.
@PaulARoy If you got the same kind of feature enabling but using only docker-compose, I would take it cause this 'extraStartupArgs' is only using charts, right ?
I tried using
keycloak:
image: bitnami/keycloak:22.0.1-debian-11-r25
environment:
KEYCLOAK_EXTRA_ARGS: "--import-realm"
volumes:
# To pre-configured keycloak with data
- ./statics/keycloak:/opt/bitnami/keycloak/data/import
AND
keycloak:
image: bitnami/keycloak:22.0.1-debian-11-r25
environment:
KEYCLOAK_EXTRA_ARGS_PREPENDED: "--import-realm"
volumes:
# To pre-configured keycloak with data
- ./statics/keycloak:/opt/bitnami/keycloak/data/import
this doesn't work.
I still have to use the same old fashion way that I used in version 15,16,17.
environment:
KEYCLOAK_EXTRA_ARGS: "-Dkeycloak.migration.action=import
-Dkeycloak.migration.provider=dir
-Dkeycloak.migration.dir=/opt/bitnami/keycloak/data/import
-Dkeycloak.migration.strategy=OVERWRITE_EXISTING
-Dkeycloak.migration.usersExportStrategy=SAME_FILE
-Dkeycloak.profile.feature.upload_scripts=enabled"
This works like a charm though, but still, its not the way its documented in the latest release of keycloak > 21.0.0 for instance and I doubt its the way that bitnami wants it to be.
keycloak: image: bitnami/keycloak:22.0.1-debian-11-r25 environment: KEYCLOAK_EXTRA_ARGS_PREPENDED: "--import-realm" volumes: # To pre-configured keycloak with data - ./statics/keycloak:/opt/bitnami/keycloak/data/importthis doesn't work.
Quoting the documentation at https://www.keycloak.org/server/importExport:
Only regular files using the .json extension are read from this directory, sub-directories are ignored.
Using a realm.json file and binding it to the /opt/bitnami/keycloak/data/import directory works for me.
hello , i use keycloak version 18.0.2 i want to import realms.json when i run it with docker. i want to load in this json users how can i do that i try but nothink?
