❗ Please refer to KubeRocketCI documentation to get the main concepts and guidelines. |
---|
Get acquainted with the Keycloak Operator, the installation process, the quick start, and the local development guidelines.
Keycloak Operator is a KubeRocketCI operator responsible for configuring existing Keycloak instances. The operator runs both on OpenShift and Kubernetes.
NOTE: Operator is platform-independent, which is why there is a unified instruction for deployment.
- Linux machine or Windows Subsystem for Linux instance with Helm 3 installed;
- Cluster admin access to the cluster;
To install the Keycloak Operator, follow the steps below:
-
To add the Helm EPAMEDP Charts for a local client, run "helm repo add":
helm repo add epamedp https://epam.github.io/edp-helm-charts/stable
-
Choose the available Helm chart version:
helm search repo epamedp/keycloak-operator -l NAME CHART VERSION APP VERSION DESCRIPTION epamedp/keycloak-operator 1.23.0 1.23.0 A Helm chart for KRCI Keycloak Operator
NOTE: It is highly recommended to use the latest stable version.
-
Full chart parameters available in deploy-templates/README.md.
-
Install the operator in the namespace with the helm command; find below the installation command example:
helm install keycloak-operator epamedp/keycloak-operator --version <chart_version> --namespace <edp-project> --set name=keycloak-operator
-
Check the namespace containing Deployment with your operator in running status.
-
Create a User in the Keycloak
Master
realm, and assign acreate-realm
role. -
Insert newly created user credentials into Kubernetes secret:
apiVersion: v1 kind: Secret metadata: name: keycloak-access type: Opaque data: username: dXNlcg== # base64-encoded value of "user" password: cGFzcw== # base64-encoded value of "pass"
-
Create Custom Resource
kind: Keycloak
with Keycloak instance URL and secret created on the previous step:apiVersion: v1.edp.epam.com/v1 kind: Keycloak metadata: name: keycloak-sample spec: secret: keycloak-access # Secret name url: https://keycloak.example.com # Keycloak URL
Wait for the
.status
field withstatus.connected: true
-
Create Keycloak realm and group using Custom Resources:
apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealm metadata: name: keycloakrealm-sample spec: realmName: realm-sample keycloakRef: name: keycloak-sample kind: Keycloak
apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealmGroup metadata: name: argocd-admins spec: name: ArgoCDAdmins realmRef: name: keycloakrealm-sample kind: KeycloakRealm
Inspect available custom resource and CR templates folder for more examples.
To prevent the operator from deleting resources from Keycloak, add the edp.epam.com/preserve-resources-on-deletion: "true"
annotation to the resource.
apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealm
metadata:
name: keycloakrealm-sample
annotations:
edp.epam.com/preserve-resources-on-deletion: "true"
spec:
realmName: realm-sample
keycloakRef:
name: keycloak-sample
kind: Keycloak
To develop the operator, first set up a local environment, and refer to the Local Development page.
Development versions are also available from the snapshot Helm Chart repository page.