Initial commit

.gitlab-ci.yml

+image: docker:19.03.1
+
+variables:
+  DOCKER_TLS_CERTDIR: "/certs"
+  IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
+
+services:
+  - docker:19.03.1-dind
+
+before_script:
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+
+build:
+  stage: build
+  script:
+    - docker build -t $IMAGE_TAG .
+    - docker push $IMAGE_TAG

Dockerfile

+FROM alpine:3.11
+
+ENV NAME keycloak-gatekeeper
+ENV KEYCLOAK_VERSION 8.0.0
+ENV GOOS linux
+ENV GOARCH amd64
+
+LABEL Name=keycloak-gatekeeper \
+      Release=https://github.com/keycloak/keycloak-gatekeeper \
+      Url=https://github.com/keycloak/keycloak-gatekeeper \
+      Help=https://issues.jboss.org/projects/KEYCLOAK \
+      maintainer="andrej.ramaseuski@pirati.cz"
+
+RUN adduser -D -u 1000 gatekeeper && \
+    mkdir /etc/gatekeeper && \
+    chown gatekeeper /etc/gatekeeper
+
+RUN apk add --no-cache ca-certificates curl tar openssl
+
+WORKDIR "/opt"
+
+RUN curl -fssL "https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/gatekeeper/$NAME-$GOOS-$GOARCH.tar.gz" | tar -xz && chmod +x /opt/$NAME
+
+COPY entrypoint.sh entrypoint.sh
+
+USER 1000
+EXPOSE 3000
+ENTRYPOINT [ "/opt/entrypoint.sh" ]
+CMD ["/opt/keycloak-gatekeeper"]

entrypoint.sh

+#!/bin/sh
+# Entrypoint for Docker Container
+
+export PROXY_CONFIG_FILE=${CONFIG:-'/etc/gatekeeper/gatekeeper.conf'}
+
+CLIENT_ID=${CLIENT_ID}
+CLIENT_SECRET=${CLIENT_SECRET}
+UPSTREAM_URL=${UPSTREAM_URL}
+REDIRECTION_URL=${REDIRECTION_URL}
+
+ENCRYPTION_KEY=${ENCRYPTION_KEY:-'SjjCbZzUcYmxQFttEh3KJnZaEPCb6iuB'}
+DISCOVERY_URL=${DISCOVERY_URL:-'https://auth.pirati.cz/auth/realms/pirati'}
+LISTEN=${LISTEN:-':3000'}
+
+
+CERTIFICATE_SUBJ=${CERTIFICATE_SUBJ:-'/C=CZ/ST=CZ/L=Praha/O=Pirati/OU=TO/CN=gatekeeper'}
+
+if [ -s /etc/gatekeeper/ssl.crt ] || [ -s /etc/gatekeeper/cert.pem ] || [ -s /etc/gatekeeper/key.pem ] || [ -n "${SKIP_SSL_GENERATE}" ]; then
+    echo "Skipping SSL certificate generation"
+else
+    echo "Generating self-signed certificate"
+
+    cd /etc/gatekeeper
+
+    # Generating signing SSL private key
+    openssl genrsa -des3 -passout pass:xxxx -out key.pem 2048
+    # Removing passphrase from private key
+    cp key.pem key.pem.orig
+    openssl rsa -passin pass:xxxx -in key.pem.orig -out key.pem
+    # Generating certificate signing request
+    openssl req -new -key key.pem -out cert.csr -subj "${CERTIFICATE_SUBJ}"
+    # Generating self-signed certificate
+    openssl x509 -req -days 3650 -in cert.csr -signkey key.pem -out cert.pem
+fi
+
+echo "# GATEKEEPER CONFIG 
+client-id: ${CLIENT_ID}
+client-secret: ${CLIENT_SECRET}
+discovery-url: ${DISCOVERY_URL}
+encryption-key: ${ENCRYPTION_KEY} 
+enable-default-deny: true
+listen: ${LISTEN}
+upstream-url: ${UPSTREAM_URL} 
+
+tls-cert: /etc/gatekeeper/cert.pem
+tls-private-key: /etc/gatekeeper/key.pem 
+resources:
+${RESOURCES}
+" > /etc/gatekeeper/gatekeeper.conf
+
+exec "$@"