I need to setup keycloak using a Dockerfile. In order to make sure keycloak container is able to commiunicate with other containers i need to install some other tools as ping, curl and etc. on it. But, i don't know what is the package manager of keyclak ?
Here is what i have tried:
Firstly i tried to create a contrainer based on quay.io/keycloak/keycloak:latest
Then I tried to figure out the linux distribution of it by cat /etc/os-releaseand I got :
NAME="Red Hat Enterprise Linux"
VERSION="9.5 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.5"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.5 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="/"
DOCUMENTATION_URL=";
BUG_REPORT_URL="/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.5"
So, I came up by below Dockerfile:
FROM quay.io/keycloak/keycloak:latest
# Set container to use Bash as default shell
SHELL ["/bin/bash", "-c"]
# Install required tools using yum
RUN yum install -y iputils net-tools bind-utils curl && \
yum clean all
# Verify installation (optional)
RUN which ping && which ifconfig && which dig && which curl
# Set working directory
WORKDIR /opt/keycloak
# Expose necessary ports (Keycloak default)
EXPOSE 8080 8443
# Set entrypoint (default Keycloak behavior)
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
but i got the below error:
=> ERROR [keycloak 2/4] RUN yum install -y iputils net-tools bind-utils curl && yum clean all 0.3s
------
> [keycloak 2/4] RUN yum install -y iputils net-tools bind-utils curl && yum clean all:
0.264 /bin/bash: line 1: yum: command not found
------
failed to solve: process "/bin/bash -c yum install -y iputils net-tools bind-utils curl && yum clean all" did not complete successfully: exit code: 127
Additionally, i tried : dnf and microdnf and i always got the same error
What i need to acheive :
I need to deploy my applications using docker-compose and I have a few micro-services which depend on keycloak. it means, i need to make sure the keycloak is up and running before i start the the app-services. Here is the part of my docker-compose:
version: '3.9'
services:
book_db:
image: mysql:8.0
command: --default-authentication-plugin=caching_sha2_password
environment:
MYSQL_DATABASE: book_service
MYSQL_ROOT_PASSWORD: r0_0]!
MYSQL_USER: admin
MYSQL_PASSWORD: admin
ports:
- "3306:3306"
networks:
app_network:
ipv4_address: 172.20.0.2
container_name: book_db
restart: always
healthcheck:
test: [ "CMD", "mysqladmin", "ping", "-h", "localhost" ]
interval: 10s
retries: 10
start_period: 90s
book-service:
build:
context: ./../book-service
dockerfile: Dockerfile
ports:
- "8081:8080"
networks:
app_network:
ipv4_address: 172.20.0.5
depends_on:
book_db:
condition: service_healthy
keycloak:
condition: service_healthy
container_name: book_service
restart: always
keycloak:
build:
context: ./../keycloak
dockerfile: Dockerfile
ports:
- "8080:8080"
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin
volumes:
- ./keycloak-data:/opt/keycloak/data/import
command: start-dev --hostname keycloak --import-realm
networks:
app_network:
ipv4_address: 172.20.0.10
container_name: keycloak
restart: always
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
retries: 10
start_period: 30s
networks:
app_network:
ipam:
config:
- subnet: 172.20.0.0/24
driver: bridge
As you can see, book-service depends on keycloak and i just want to make sure, the keycloak is started correctly and the realm is there too. In order to do that i have added test: ["CMD", "curl", "-f", "http://localhost:8080/"] but curl is not in the image
I need to setup keycloak using a Dockerfile. In order to make sure keycloak container is able to commiunicate with other containers i need to install some other tools as ping, curl and etc. on it. But, i don't know what is the package manager of keyclak ?
Here is what i have tried:
Firstly i tried to create a contrainer based on quay.io/keycloak/keycloak:latest
Then I tried to figure out the linux distribution of it by cat /etc/os-releaseand I got :
NAME="Red Hat Enterprise Linux"
VERSION="9.5 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.5"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.5 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat/"
DOCUMENTATION_URL="https://access.redhat/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://issues.redhat/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.5"
So, I came up by below Dockerfile:
FROM quay.io/keycloak/keycloak:latest
# Set container to use Bash as default shell
SHELL ["/bin/bash", "-c"]
# Install required tools using yum
RUN yum install -y iputils net-tools bind-utils curl && \
yum clean all
# Verify installation (optional)
RUN which ping && which ifconfig && which dig && which curl
# Set working directory
WORKDIR /opt/keycloak
# Expose necessary ports (Keycloak default)
EXPOSE 8080 8443
# Set entrypoint (default Keycloak behavior)
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
but i got the below error:
=> ERROR [keycloak 2/4] RUN yum install -y iputils net-tools bind-utils curl && yum clean all 0.3s
------
> [keycloak 2/4] RUN yum install -y iputils net-tools bind-utils curl && yum clean all:
0.264 /bin/bash: line 1: yum: command not found
------
failed to solve: process "/bin/bash -c yum install -y iputils net-tools bind-utils curl && yum clean all" did not complete successfully: exit code: 127
Additionally, i tried : dnf and microdnf and i always got the same error
What i need to acheive :
I need to deploy my applications using docker-compose and I have a few micro-services which depend on keycloak. it means, i need to make sure the keycloak is up and running before i start the the app-services. Here is the part of my docker-compose:
version: '3.9'
services:
book_db:
image: mysql:8.0
command: --default-authentication-plugin=caching_sha2_password
environment:
MYSQL_DATABASE: book_service
MYSQL_ROOT_PASSWORD: r0_0]!
MYSQL_USER: admin
MYSQL_PASSWORD: admin
ports:
- "3306:3306"
networks:
app_network:
ipv4_address: 172.20.0.2
container_name: book_db
restart: always
healthcheck:
test: [ "CMD", "mysqladmin", "ping", "-h", "localhost" ]
interval: 10s
retries: 10
start_period: 90s
book-service:
build:
context: ./../book-service
dockerfile: Dockerfile
ports:
- "8081:8080"
networks:
app_network:
ipv4_address: 172.20.0.5
depends_on:
book_db:
condition: service_healthy
keycloak:
condition: service_healthy
container_name: book_service
restart: always
keycloak:
build:
context: ./../keycloak
dockerfile: Dockerfile
ports:
- "8080:8080"
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin
volumes:
- ./keycloak-data:/opt/keycloak/data/import
command: start-dev --hostname keycloak --import-realm
networks:
app_network:
ipv4_address: 172.20.0.10
container_name: keycloak
restart: always
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
retries: 10
start_period: 30s
networks:
app_network:
ipam:
config:
- subnet: 172.20.0.0/24
driver: bridge
As you can see, book-service depends on keycloak and i just want to make sure, the keycloak is started correctly and the realm is there too. In order to do that i have added test: ["CMD", "curl", "-f", "http://localhost:8080/"] but curl is not in the image
- You almost never need ping, which sends low-level network packets that are filtered in many environments, and I'm not clear why keycloak would need curl instead of making its own HTTP calls. In most containers you shouldn't need any of these tools at all – given what you show, you should be able to use the unmodified keycloak image. What are you trying to accomplish with this setup? Is it programming-related, or more of a deployment question? – David Maze Commented Mar 19 at 15:18
- @DavidMaze, can you please check my updated question ? – Jeff Commented Mar 19 at 15:27
- Keycloak docker image add additional application seems quite similar, both in terms of the specific question and the motivation. Add healthcheck in Keycloak Docker Swarm service has a couple of approaches for a health check that don't require additional packages at all. – David Maze Commented Mar 19 at 19:51
- Well... to state the obvious - Keycloak doesn't have a package manager. You can install it as a Java app (easy-ish), or you can "install" it with an incredibly complex virtualisation/CMS/etc platform (difficult, and faintly ludicrous). Your choice. – EML Commented Mar 23 at 9:36
1 Answer
Reset to default 0The image history shows that this is based on UBI9 micro and doesn't include a package manager:
{
"created": "2025-03-13T10:31:25.525892751Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"ubi9 micro image\"",
"empty_layer": true
},
{
"created": "2025-03-13T10:31:25.542946852Z",
"created_by": "/bin/sh -c #(nop) LABEL description=\"Very small image which doesn't install the package manager.\"",
"empty_layer": true
},
{
"created": "2025-03-13T10:31:25.559635067Z",
"created_by": "/bin/sh -c #(nop) LABEL io.k8s.description=\"Very small image which doesn't install the package manager.\"",
"empty_layer": true
},
{
"created": "2025-03-13T10:31:25.575938503Z",
"created_by": "/bin/sh -c #(nop) LABEL io.k8s.display-name=\"Red Hat Universal Base Image 9 Micro\"",
"empty_layer": true
},https://catalog.redhat/software/containers/ubi9/ubi-micro/615bdf943f6014fa45ae1b58