Welcome to this new edition of One Framework a Day keeps the Boredom Away. In this series I will show you how to deploy a particular framework on Clever Cloud every day until I want to go back to boredom. Today it's about Docker.

If you want to tag along, make sure you have git, a Clever Cloud account and that you have installed our CLI Clever-Tools.

What is Docker?

Docker is a software technology providing containers, promoted by the company Docker, Inc.

I am assuming everone know what it is so I won't go in further explanations. That being said, if you are familiar with Clever Cloud, you may know we have a reputation of not being big fans of Docker. Yet you can deploy Docker containers on Clever Cloud and we were actually one of the first cloud to offer it.

We do like Docker but as a public cloud we have to isolate each containers in a VM for proper isolation. We have to have an absolute position when it comes to security. Anyway, please let us know in the comments if you want us to talk more about our position on Docker and containers. We plan to do a lot more on that side, we just need a bit more time to release it to the public :)

So why talking about Docker today? Well it turns out some of our users asked us if it was possible to deploy Keycloak on Clever Cloud. So I looked into it. There are various way to deploy it. The first way I wanted to use was to deploy it as a Wildfly overlay using their .war.

But sadly it's not recommended in production. You have to use their full wildfly distribution. So I could either download the whole thing each time I start the application, or deploy the Docker container they offer and support in Production. Which is what I have chosen.

Setup

Keycloak Docker images are all available on Github. And has you need to provide a Dockerfile in your source code for us to build, I copied the official one for the HA/PosgreSQL configuration. I would have gladly forked the repo but it contains all their images. Not very 12 factors compliant sadly :( Anyway my git repository looks like this:

[ldoguin@caolila keycloakClever]$ ls
Dockerfile

and the Dockerfile like this:

FROM jboss/keycloak-postgres:latest

CMD ["-b", "0.0.0.0", "--server-config", "standalone-ha.xml"]

We don't have anything specific to add to this Dockerfile. It's very well configured and easy to use. We now need to create the Clever Cloud application and its associated database then setup the right environmment variables:

  • Create our application: clever create --type docker --plan M Keycloak
  • Create our Postgres add-on: clever addon create postgresql-addon --plan dev --region eu KeycloakPG
  • Link this website to our FS Bucket addon: clever service link-addon KeycloakPG
  • Setup the following environment variables:
clever env set ENABLE_METRICS true
clever env set PROXY_ADDRESS_FORWARDING true
clever env set KEYCLOAK_PASSWORD admin
clever env set KEYCLOAK_USER admin
clever env set POSTGRES_DATABASE `clever env | awk  -F = '/POSTGRESQL_ADDON_DB/ { print $2}'
clever env set POSTGRES_PASSWORD `clever env | awk  -F = '/POSTGRESQL_ADDON_PASSWORD/ { print $2}'
clever env set POSTGRES_PORT_5432_TCP_ADDR `clever env | awk  -F = '/POSTGRESQL_ADDON_HOST/ { print $2}'
clever env set POSTGRES_PORT_5432_TCP_PORT `clever env | awk  -F = '/POSTGRESQL_ADDON_PORT/ { print $2}'
clever env set POSTGRES_USER `clever env | awk  -F = '/POSTGRESQL_ADDON_USER/ { print $2}'

Before starting the build, we need to configure two options in the Console. Tick the Enable dedicated build instance box because the Keycloak build needs more memory. Also tick the Sticky sessions box because it is necessary if you need to scale horizontally. To do that you have to go on the WebConsole, in your application, in the Information tab and tick the previously mentioned checkboxs.

You should now be ready to deploy :)

Deploy

Deploying with Clever Cloud is the easiest part. Simply run clever deploy and see the logs unfold before your eyes. Go ahead and test it by running clever open. Make sure you are using https while browsing the site. The default login and password are the one you set in the environment variable.

Now everything should work smoothly. What if you need to scale out your application? Let's say you want to have 2 keycloak instances. This can be configured like this:clever scale --instances 2

If you are unsure of the traffic you will get, you can configure a minimum and a maximum of instaces like this: clever scale --min-instances 2 --max-instances 5

blog comments powered by Disqus