WildFly 18 S2I image has been released on quay.io

WildFly 18 S2I docker images

WildFly s2i builder and runtime Docker images for WildFly 18 have been released on quay.io/wildfly

Changes since last release:

  • New env variable GALLEON_PROVISION_LAYERS=<layers list> that you can use during s2i to provision a custom WildFly server. It does replace the GALLEON_PROVISION_SERVER that was only offering a subset of Galleon layers. You can now provision WildFly server by directly providing Galleon layers. This offers a lot of flexibility when composing a server. The list of Galleon layers can be found in the image repository README file.

  • S2I chained build template updated with Galleon layers argument.

  • New cloud-server, jaxrs-server, datasources-web-server base Galleon layers to help you provision use-case adjusted servers.

  • Out of the box Keycloak support. This blog post highlight usage of this new feature.

  • keycloak Galleon layer that you can combine with base Galleon layers to enable secure deployments for custom provisioned server.

  • Smaller s2i builder image size. The default server is a "slim" server with JBoss modules artifacts resolved from maven local cache.

  • New environment variables to fine tune the server at execution time, more information in README.

For a complete documentation on how to use these images using s2i, OpenShift and Docker, refer to README.

Adding imagestreams and template to OpenShift

At some point the new images will be made available from OpenShift catalog and image repository. You can already use these images by adding them yourselves to your OpenShift cluster.

NB: If you import the image streams in your project, be sure to set ImageStreams Namespace to your project namespace in the template. openshift being the default namespace.

Configuring WildFly server to secure deployments with Keycloak

We have added support to automatically configure the WildFly server to secure your deployments using Keycloak. The Keycloak configuration aspects are handled by the WildFly server at startup. The following example illustrate the steps required to secure your deployments using Keycloak.

Deploy Keycloak server image

  • In Openshift, deploy the jboss/keycloak image. You must set the following env variables to create an initial user KEYCLOAK_USER=admin, KEYCLOAK_PASSWORD=admin.

  • Access to the Keycloak admin console, add user role and add user role to the admin user roles mapping.

  • Access to the Realm Settings Keys and copy the public key (you will need it to configure the WildFly server).

Build the application

Once you have imported the WildFly image streams, use the WildFly s2i builder template. Select image version 18.0 and switch to 'Advanced options'.

Use the git URL: https://github.com/redhat-developer/redhat-sso-quickstarts, context directory: app-profile-jee-jsp, branch: 7.0.x-ose

Build env variables:

  • MAVEN_ARGS_APPEND=-Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6

  • GALLEON_PROVISION_LAYERS=cloud-server,keycloak (Optional, default server supports Keycloak, only use Galleon to create trimmed down server). NB: If using galleon layers, be sure to update the quickstart to use the keycloak security domain (for example jboss-web.xml). other security domain is pre-configured by the cloud-profile layer and can’t be used for Keycloak.

Deployment env variables:

  • SSO_PUBLIC_KEY=<Keycloak server public key> (copied from Keycloak admin console)

  • SSO_USERNAME=admin

  • SSO_PASSWORD=admin

  • SSO_URL=<Keycloak server route URL> (for example: http://keycloak-myproject.192.168.42.233.nip.io/auth)

  • SSO_SECRET=my-secret

  • HOSTNAME_HTTP=<application hostname> (for example: my-app-myproject.192.168.42.233.nip.io)

  • SSO_SECURITY_DOMAIN=other (by default security domain is named keycloak, the quickstart relies on the other default security domain. NB: If using Galleon with an updated quickstart, do not set this env variable).

Build your application. Once deployed you can access to <your external route>/app-profile-jsp, click on Login and use admin user credentials.