keycloakclient-controller

command module
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

README

PkgGoDev Go Report Card codecov License

keycloakclient-controller

The keycloakclient-controller manages keycloak clients in independent keycloak installations.

A basic configuration for the keycloakcontroller consists of

  • a keycloak-cr with the url of the keycloak, where clients should be managed

  • a keycloakrealm cr with the realm-name, in which clients should be managed (and a selector of the keycloak-cr of this realm)

  • a keycloakclient-cr with the client specific setting (which are quite a few) and a selector of the realm of this client

  • for each keycloak-cr a secret "credential-<keycloak-cr.name> that contains the following data

    • ADMIN_PASSWORD: if the controller logs in via admin-consile and grant_type password, not recommended
    • ADMIN_USERNAME:
    • KEYCLOAKCLIENT_CONTROLLER_NAME: if the controller logs in via a special service account and grant_type client_credentials, recommended
    • KEYCLOAKCLIENT_CONTROLLER_PASSWORD:
  • optional secret credential-keycloak-client-secret-seed in namespace des controllers

    • SECRET_SEED if the secret for each client should be created via a sha code of (secret-seed + client-name). This is sometimes necessary if a controller should be running in twho separate k8s clusters.
  • optional defaultClientScopes for public KeycloakClients. For KeycloakClients, the defaultClientScopes are usually configured in the KeycloakClient CustomResource. If a certain defaultClientScope is needed in every KeycloakClient, e.g. the Scopes "Nonce" and "basic" for all the public KeycloakClients after the Keycloak25 Update, then this can be configured with the environment Variable ADDITIONAL_DEFAULT_CLIENT_SCOPES and in the case the value "Nonce,basic" (without changing all the KeycloakClient CustomResources)

To create a KeycloakClient in a Keycloak Installation, a KeycloakClient-CustomResource is created, and the keycloakclient-controller sees to creating, changing, deleting the KeycloakClient as specified with the CustomResource (and the referenced keycloakrealm-cr and keycloak-cr)

Description

This Operator has its origin from the Legacy Keycloak Operator. If you look for the official KeycloakOperator from RedHat, please look into the KeycloakOperator.

The Operator is opinionated in a way that it expects that Keycloak and the KeyclokRealm are already set up (i.e. with one of the available Helm Charts) and it only has to handle the KeycloakClients for a Keycloak Installation and a specific realm.

This fits our need as we set up Keycloak and the realm with Helm, and we have a lot of microservices that require their own KeycloakClient. The Microservices are deployed via Helm, so it is easy to simply deploy a KeycloakClient Resource together with the other artefacts of the Microservice and let the Operator handle the creation of the KeycloakClient in Keycloak.

Getting Started

You’ll need a Kubernetes cluster to run against. You can use KIND to get a local cluster for testing, or run against a remote cluster. Note: Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster kubectl cluster-info shows).

Running on the cluster

  1. Install Instances of Custom Resources:

    make install
    
  2. Build and push your image to the location specified by IMG:

    make docker-build docker-push IMG=<some-registry>/keycloakclient-controller:tag
    
  3. Deploy the controller to the cluster with the image specified by IMG:

    make deploy IMG=<some-registry>/keycloakclient-controller:tag
    

Uninstall CRDs

To delete the CRDs from the cluster:

make uninstall

Undeploy controller

UnDeploy the controller to the cluster:

make undeploy

Contributing

// TODO(user): Add detailed information on how you would like others to contribute to this project

How it works

This project aims to follow the Kubernetes Operator pattern

It uses Controllers which provides a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster

Test It Out

  1. Install the CRDs into the cluster:

    make install
    
  2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):

    make run
    

NOTE: You can also run this in one step by running: make install run

Modifying the API definitions

If you are editing the API definitions, generate the manifests such as CRs or CRDs using:

make manifests

NOTE: Run make --help for more information on all potential make targets

More information can be found via the Kubebuilder Documentation

License

Copyright 2022.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

function myFunction() { // Get the text field var copyText = document.getElementById("myInput");

// Select the text field copyText.select(); copyText.setSelectionRange(0, 99999); // For mobile devices

// Copy the text inside the text field navigator.clipboard.writeText(copyText.value);

// Alert the copied text alert("Copied the text: " + copyText.value); }

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
api
v1alpha1
Package v1alpha1 contains API Schema definitions for the keycloak v1alpha1 API group +kubebuilder:object:generate=true +groupName=keycloak.org
Package v1alpha1 contains API Schema definitions for the keycloak v1alpha1 API group +kubebuilder:object:generate=true +groupName=keycloak.org
pkg
client/clientset/versioned
This package has the automatically generated clientset.
This package has the automatically generated clientset.
client/clientset/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
client/clientset/versioned/typed/keycloak/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
client/clientset/versioned/typed/keycloak/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
client/versioned
This package has the automatically generated clientset.
This package has the automatically generated clientset.
client/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
client/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
client/versioned/typed/keycloak/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
client/versioned/typed/keycloak/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
test
e2e

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL