Upgrade to Keycloak 25 and move to new config options

https://www.keycloak.org/docs/latest/upgrading/index.html#new-hostname-options https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
2024-07-15 01:39:25 +02:00 · 2024-07-15 01:39:25 +02:00 · a990c96eb1
parent ad8d27cd6a
commit a990c96eb1
1 changed files with 7 additions and 6 deletions
--- a/playbooks/templates/chaosknoten/configs/keycloak/compose.yaml.j2
+++ b/playbooks/templates/chaosknoten/configs/keycloak/compose.yaml.j2
@ -25,14 +25,14 @@ services:
    build:
      context: .
      dockerfile_inline: |
-        FROM quay.io/keycloak/keycloak:24.0 as builder
+        FROM quay.io/keycloak/keycloak:25.0 as builder
        ENV KC_DB=postgres
        WORKDIR /opt/keycloak
        RUN /opt/keycloak/bin/kc.sh build
-        FROM quay.io/keycloak/keycloak:24.0
+        FROM quay.io/keycloak/keycloak:25.0
        COPY --from=builder /opt/keycloak/ /opt/keycloak/
        # Runtime options set in compose directly.
@ -51,10 +51,11 @@ services:
      KC_DB_URL_HOST: db
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
-      KC_HOSTNAME: id.hamburg.ccc.de
+      KC_HOSTNAME: https://id.hamburg.ccc.de
-      KC_HOSTNAME_STRICT_BACKCHANNEL: true
+      KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
-      KC_HOSTNAME_ADMIN: keycloak-admin.hamburg.ccc.de
+      KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
-      KC_PROXY: edge
+      KC_PROXY_HEADERS: xforwarded
      KC_HTTP_ENABLED: true
    ports:
      - "8080:8080"