Add basic Keycloak setup
diff --git a/keycloak/docker/Dockerfile b/keycloak/docker/Dockerfile
new file mode 100644
index 0000000..84c07dd
--- /dev/null
+++ b/keycloak/docker/Dockerfile
@@ -0,0 +1,27 @@
+ARG KC_TAG=22.0
+FROM quay.io/keycloak/keycloak:${KC_TAG} as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+ARG KC_DB=
+RUN test "${KC_DB}" || { echo \${KC_DB} must be set!; exit 1; }
+
+WORKDIR /opt/keycloak
+# for demonstration purposes only, please make sure to use proper certificates in production instead
+RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:idm.test.hfh-it.de,IP:192.168.44.11" -keystore conf/server.keystore
+RUN /opt/keycloak/bin/kc.sh build
+
+
+FROM quay.io/keycloak/keycloak:${KC_TAG}
+
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+USER root
+COPY entrypoint /sa-entrypoint
+RUN chmod 544 /sa-entrypoint
+
+USER keycloak
+ENTRYPOINT ["/bin/sh", "/sa-entrypoint"]
+CMD ["start", "--optimized"]
diff --git a/keycloak/docker/entrypoint b/keycloak/docker/entrypoint
new file mode 100644
index 0000000..772add0
--- /dev/null
+++ b/keycloak/docker/entrypoint
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+{
+ db_secret=/tmp/passwd/db/secret
+
+ i=0
+ while [ -z "$(cat ${db_secret} 2>/dev/null)" ]; do
+ if [ ${i} -eq 10 ]; then
+ echo "ERROR: No password file after ${i}s."
+ exit 1
+ fi
+ sleep 1
+ i=$((i+1))
+ done
+
+ export KC_DB_PASSWORD=$(cat ${db_secret})
+}
+
+exec /opt/keycloak/bin/kc.sh "$@"