Containerization¶
Learn how to build and run the Authentication Test API in containers using Podman or Docker.
Overview¶
The project includes a Containerfile in the API_server/ directory (compatible with both Podman and Docker) that creates a production-ready container image.
Container Image Details¶
- Base Image: OpenLiberty 24.0.0.1 with Java 21
- Multi-stage Build: Optimized for size and security
- Non-root User: Runs as user 1001 for security
- Exposed Ports: 9080 (HTTP), 9443 (HTTPS)
Building Container Images¶
Podman is a daemonless container engine that's compatible with Docker.
Build Image:
Build with Custom Tag:
Build with No Cache:
Force rebuild without using cache:
Running Containers¶
Basic Run¶
Run with Environment Variables¶
Configure the application using environment variables:
podman run -d \
--name auth-api \
-p 9080:9080 \
-p 9443:9443 \
-e JWT_JWKS_URI=https://keycloak.lab.home/realms/secure-test/protocol/openid-connect/certs \
-e JWT_ISSUER=https://keycloak.lab.home/realms/secure-test \
-e LOG_LEVEL=DEBUG \
-e CORS_ALLOWED_ORIGINS=http://localhost:3000 \
authentication-test-api:1.0.0
docker run -d \
--name auth-api \
-p 9080:9080 \
-p 9443:9443 \
-e JWT_JWKS_URI=https://keycloak.lab.home/realms/secure-test/protocol/openid-connect/certs \
-e JWT_ISSUER=https://keycloak.lab.home/realms/secure-test \
-e LOG_LEVEL=DEBUG \
-e CORS_ALLOWED_ORIGINS=http://localhost:3000 \
authentication-test-api:1.0.0
Run with Environment File¶
Create an environment file:
# env.list
JWT_JWKS_URI=https://keycloak.lab.home/realms/secure-test/protocol/openid-connect/certs
JWT_ISSUER=https://keycloak.lab.home/realms/secure-test
LOG_LEVEL=INFO
CORS_ALLOWED_ORIGINS=http://localhost:3000,https://app.lab.home
CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,OPTIONS
CORS_ALLOWED_HEADERS=Authorization,Content-Type
Run with environment file:
Run in Foreground¶
Run with logs visible (useful for debugging):
Press Ctrl+C to stop.
Container Management¶
List Running Containers¶
List All Containers¶
View Container Logs¶
Stop Container¶
Start Stopped Container¶
Restart Container¶
Remove Container¶
Execute Commands in Container¶
Image Management¶
List Images¶
Inspect Image¶
Remove Image¶
Tag Image¶
Save Image to File¶
Load Image from File¶
Container Networking¶
Connect to Keycloak Container¶
If running Keycloak in a container, create a network:
# Create network
podman network create auth-network
# Run Keycloak
podman run -d \
--name keycloak \
--network auth-network \
-p 8080:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
quay.io/keycloak/keycloak:latest start-dev
# Run API
podman run -d \
--name auth-api \
--network auth-network \
-p 9080:9080 \
-e JWT_JWKS_URI=http://keycloak:8080/realms/secure-test/protocol/openid-connect/certs \
-e JWT_ISSUER=http://keycloak:8080/realms/secure-test \
authentication-test-api:1.0.0
# Create network
docker network create auth-network
# Run Keycloak
docker run -d \
--name keycloak \
--network auth-network \
-p 8080:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
quay.io/keycloak/keycloak:latest start-dev
# Run API
docker run -d \
--name auth-api \
--network auth-network \
-p 9080:9080 \
-e JWT_JWKS_URI=http://keycloak:8080/realms/secure-test/protocol/openid-connect/certs \
-e JWT_ISSUER=http://keycloak:8080/realms/secure-test \
authentication-test-api:1.0.0
Health Checks¶
Container Health Check¶
Add health check to container:
Check Container Health¶
Volume Mounts¶
Mount Configuration¶
Mount custom configuration:
Mount Logs¶
Persist logs outside container:
Production Deployment¶
Resource Limits¶
Set CPU and memory limits:
Restart Policy¶
Auto-restart on failure:
Troubleshooting¶
Container Won't Start¶
Check logs:
Port Already in Use¶
Find and stop conflicting container:
Image Build Fails¶
Build with verbose output:
Next Steps¶
- Running the Server - Deploy and run the application
- Configuration - Configure environment variables
- Keycloak Setup - Setup authentication server