keycloak-ext-operator

command module
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

README

keycloak-ext-operator

Creates OAuth clients in Keycloak and creates corresponding secrets in kubernetes.

Required environment:

Environment variable Purpose
KEYCLOAK_URL URL to keycloak instance
KEYCLOAK_USER Admin user name (usually admin)
KEYCLOAK_PASSWORD Admin password

By default, those values will be obtained from secret keycloak in keycloak namespace.

Description

The operator:

  • watches KeycloakClient manifests
  • creates (or updates) OAuth private clients in Keycloak instance. If it's a new client, then secret will be randomly generated
  • creates secret with OAuth credentials

Tested on Keycloak 19. May not work on versions bellow 18 due to different API URLs.

Example:

Manifest (CRD)

apiVersion: keycloak.k8s.reddec.net/v1alpha1
kind: KeycloakClient
metadata:
  name: sample
  namespace: default
spec:
  secretName: "my-secret"
  domain: "example.com"
  realm: reddec
  annotations:
    foo: bar
  labels:
    alice: bob
  • secretName is optional. If it is not set, then the name of CRD (sample in this case) will be used.
  • annotations is optional. If set, all values will be copied to secret annotations.
  • labels is optional. If set, all values will be copied to secret labels.

Generated secret

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: default
immutable: true
type: Opaque
data:
  clientID: .....     # unless copied from existent, it's equal to domain name
  clientSecret: ..... # automatically generated secret (32 crypto random bytes represented as 64-bytes hex) or copied from existent client definition from keycloak.
  realm: .....        # copied from spec
  realmURL: .....     # full URL to realm: <keycloak url>/realms/<realm>
  discoveryURL: ..... # OIDC URL to realm: <keycloak url>/realms/<realm>/.well-known/openid-configuration
  • unless clientSecret is copied from existent Keycloak client, it is automatically generated secret from 32 crypto random bytes, and represented as 64-bytes hex

Getting Started

  • Install operator
curl -L https://github.com/reddec/keycloak-ext-operator/releases/latest/download/keycloak-ext-operator.yaml | \
kubectl apply -f -
  • Setup credentials
kubectl -n keycloak create secret generic keycloak
kubectl -n keycloak edit secret keycloak

values in data should be base64 encoded - see kubernetes secrets

example

apiVersion: v1
kind: Secret
metadata:
  name: keycloak
  namespace: keycloak
data:
  KEYCLOAK_URL: aHR0cHM6Ly9leGFtcGxlLmNvbQ==
  KEYCLOAK_USER: YWRtaW4=
  KEYCLOAK_PASSWORD: UEAkJHdvckQ=
  • Create manifests

Use-cases

License

Copyright 2022.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
api
v1alpha1
Package v1alpha1 contains API Schema definitions for the keycloak v1alpha1 API group +kubebuilder:object:generate=true +groupName=keycloak.k8s.reddec.net
 Package v1alpha1 contains API Schema definitions for the keycloak v1alpha1 API group +kubebuilder:object:generate=true +groupName=keycloak.k8s.reddec.net

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.