# documentation: https://www.keycloak.org
# slogan: Keycloak is an open-source Identity and Access Management tool.
# tags: keycloak,identity,access,management,iam,authentication,authorization,security,oauth2,openid-connect,sso,single-sign-on,saml,rbac,ldap,jwt,social-login
# logo: svgs/keycloak.svg
# port: 8080

services:
  keycloak:
    image: quay.io/keycloak/keycloak:25.0.2
    command:
      - start
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TIMEZONE:-UTC}
      - KEYCLOAK_ADMIN=${SERVICE_USER_ADMIN}
      - KEYCLOAK_ADMIN_PASSWORD=${SERVICE_PASSWORD_ADMIN}
      - KC_HOSTNAME=${SERVICE_FQDN_KEYCLOAK_8080}
      - KC_HTTP_ENABLED=true
      - KC_HEALTH_ENABLED=true
      - KC_DB_POOL_INITIAL_SIZE=${KEYCLOAK_DB_POOL_INITIAL_SIZE}
      - KC_DB_POOL_MIN_SIZE=${KEYCLOAK_DB_POOL_MIN_SIZE:-0}
      - KC_DB_POOL_MAX_SIZE=${KEYCLOAK_DB_POOL_MAX_SIZE:-100}
      - KC_METRICS_ENABLED=${KEYCLOAK_METRICS_ENABLED:-false}
      - KC_DIR=${KEYCLOAK_DIR}
      - KC_FILE=${KEYCLOAK_FILE}
      - KC_OVERRIDE=${KEYCLOAK_OVERRIDE:-true}
    volumes:
      - keycloak-data:/opt/keycloak/data
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "exec 3<>/dev/tcp/127.0.0.1/9000;echo -e 'GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n' >&3;if [ $? -eq 0 ]; then echo 'Healthcheck Successful';exit 0;else echo 'Healthcheck Failed';exit 1;fi;",
        ]
      interval: 5s
      timeout: 20s
      retries: 10