Installing Keycloak on Alpine Linux docker image

(Optional) Export Keycloak Database

If you already have a prime Keycloak database and need to clone it to docker image, you can export it by starting keycloak in export mode. I found that it doesn’t like relative path, so you need to run the script specifying filename in the folder you are exporting to:

bin/standalone.sh -Dkeycloak.migration.action=export
-Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=backup.json

This exports all the realms, groups etc. including users with their passwords - awesome!

Dockerising Keycloak

FROM alpine:3.13

# refresh
RUN apk update && apk upgrade

# create a user keycloak will run as
RUN adduser keycloak -D

# need curl to download keycloak
# Java is required by keycloak (todo: check if JRE is enough, may save space)
RUN apk add curl openjdk11

USER keycloak
RUN cd ~/ && curl -L https://github.com/keycloak/keycloak/releases/download/13.0.1/keycloak-13.0.1.tar.gz -o ~/keycloak.tar.gz
RUN cd ~/ && mkdir keycloak && cd keycloak && tar -xzf ~/keycloak.tar.gz --strip-components=1
RUN rm ~/keycloak.tar.gz
COPY backup.json /home/keycloak/backup.json
COPY kstart.sh /kstart.sh

USER keycloak
WORKDIR /
ENTRYPOINT ["./kstart.sh"]

This is how kstart.sh looks like:

~/keycloak/bin/standalone.sh -b 0.0.0.0 -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=/home/rd/backup.json -Dkeycloak.migration.strategy=OVERWRITE_EXISTING

Checking Keycloak has started

I couldn’t find a good way to check that, other than checking http response on port 8080:

while [ -z "$(curl -s localhost:8080)" ]
do
  echo "waiting...""
  sleep 1s
done

echo "Keycloak started!"
Have a question⁉ Contact me.