keycloakclient-operator

module
v0.1.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2022 License: Apache-2.0

README

Go Report Card

codecov

License

KeycloakClient Operator

A Kubernetes Operator based on the Operator SDK for creating and syncing KeycloakClient-Resources in Keycloak

This Operator has it's origin from the Legacy Keycloak Operator. If you look for the official KeycloakOperator from RedHat, please look into the KeycloakOperator.

The Operator is opinionated in a way that it expects that Keycloak and the realm are already set up (i.e. with one of the available Helm Charts) and it only has to handle the KeycloakClients for a Keycloak Installation and a specific realm.

This fits our need as we set up Keycloak and the realm with Helm, and we have very many microservices that require their own KeycloakClient. The Microservices are deployed via Helm and it is easy to simply deploy a KeycloakClient Resource together with the other artefacts of the Microservice and let the Operator handle the creation of the KeycloakClient in Keycloak.

Try it out.

Note: You will need a running Kubernetes cluster to use the Operator

Install keycloak with a realm

This installs keycloak wih a realm test-realm via the codecentric helm chart

  1. Run make cluster/installKeycloak

This installs Keycloak on your cluster. To access Keycloak run the following command:

`export POD_NAME=$(kubectl get pods --namespace keycloak -l "app.kubernetes.io/name=keycloakx,app.kubernetes.io/instance=keycloak" -o name)

kubectl --namespace keycloak port-forward "$POD_NAME" 8080 `

And access the application via the URL http://localhost:8080/auth/

The credentials are admin/admin

Install the KeycloakOperator
  1. Run make cluster/prepare

This will apply the necessary Custom Resource Definitions (CRDs) and RBAC rules to the clusters 2. Run kubectl apply -f deploy/operator.yaml

This will start the operator in the current namespace

Creating Example Keycloak CustomRessources

Once the CRDs and RBAC rules are applied and the operator is running, install the keycloak-cr, the keycloakrealm-cr and the keycloakclient-cr. The keycloak- and keycloakrealm-crs are only used to reference keycloak and the keycloakrealm.

The keycloakclient-cr actually triggers the keycloakclient-operator to create the keycloakclient in the references keycloakcloakrealm.

  1. Run make cluster/create/examples
Check Creation of KeycloakClient

Log into Keycloak and check that the KeycloakClient test-client has been crested

alt text

Run the Keycloak Client Operator

To have the Keycloak Client Operator handle KeycloakClients for a specifiy Keycloak Installation and Realm you need the following Ressources

Keycloak CRD and Secret

You need the Keycloak-CustomResource that describes how the Keycloak Instance can be accessed (the URL) and the secret that provides Username and Password. The Secret has to have the name of the KeycloakCRD prefixed with "credentials-"

Please see KeycloakCR

Realm

The Realm-CustomResource should have id, displayName and realm set to the corresponsing name in Keycloak and the instanceSelector should match the labels in the KeycloakCRD.

KeycloakClient

In the KeycloakClient you can specify the KeycloakClient.

Help and Documentation

Reporting an issue

If you believe you have discovered a defect in the KeycloakClent Operator please open an an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.

Supported Custom Resources

CustomResourceDefinition Description
Keycloak Manages, installs and configures Keycloak on the cluster
KeycloakRealm Represents a realm in a keycloak server
KeycloakClient Represents a client in a keycloak server

Contributing

I'm glad for any contribution. This is currently Alpha. The operator runs on my machine and I would expect that I didn't
introduce too many errors into the orginal KeycloakOperator, as it is basically a stripped down version of the Legacy Keycloak Operator.

Keycloak Projects

License

Directories

Path Synopsis
cmd
pkg
apis/keycloak
Package keycloak contains keycloak API versions.
Package keycloak contains keycloak API versions.
apis/keycloak/v1alpha1
Package v1alpha1 contains API Schema definitions for the keycloak v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=keycloak.org
Package v1alpha1 contains API Schema definitions for the keycloak v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=keycloak.org
client/versioned
This package has the automatically generated clientset.
This package has the automatically generated clientset.
client/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
client/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
client/versioned/typed/keycloak/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
client/versioned/typed/keycloak/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
test

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL