Skip to content

Latest commit

 

History

History
143 lines (102 loc) · 5.75 KB

README.md

File metadata and controls

143 lines (102 loc) · 5.75 KB
Raw

keycloak-operator

Version: 1.22.0-SNAPSHOT Type: application AppVersion: 1.22.0-SNAPSHOT

A Helm chart for EDP Keycloak Operator

Homepage: https://epam.github.io/edp-install/

Overview

Keycloak Operator is an EDP operator responsible for configuring existing Keycloak instances. The operator runs both on OpenShift and Kubernetes.

NOTE: Operator is platform-independent, which is why there is a unified instruction for deployment.

Prerequisites

  1. Linux machine or Windows Subsystem for Linux instance with Helm 3 installed;
  2. Cluster admin access to the cluster;

Installation Using Helm Chart

To install the Keycloak Operator, follow the steps below:

  1. To add the Helm EPAMEDP Charts for a local client, run "helm repo add":

    helm repo add epamedp https://epam.github.io/edp-helm-charts/stable

  2. Choose the available Helm chart version:

    helm search repo epamedp/keycloak-operator -l
NAME                           CHART VERSION   APP VERSION     DESCRIPTION
epamedp/keycloak-operator      1.19.0          1.19.0          A Helm chart for EDP Keycloak Operator
epamedp/keycloak-operator      1.18.2          1.18.2          A Helm chart for EDP Keycloak Operator

    NOTE: It is highly recommended to use the latest stable version.

  3. Full chart parameters available below.

  4. Install the operator in the namespace with the helm command; find below the installation command example:

    helm install keycloak-operator epamedp/keycloak-operator --version <chart_version> --namespace <edp-project> --set name=keycloak-operator

  5. Check the namespace containing Deployment with your operator in running status.

Quick Start

  1. Create a User in the Keycloak Master realm, and assign a create-realm role.

  2. Insert newly created user credentials into Kubernetes secret:

    apiVersion: v1
kind: Secret
metadata:
  name:  keycloak-access
type: Opaque
data:
  username: dXNlcg==   # base64-encoded value of "user"
  password: cGFzcw==   # base64-encoded value of "pass"

  3. Create Custom Resource kind: Keycloak with Keycloak instance URL and secret created on the previous step:

    apiVersion: v1.edp.epam.com/v1
kind: Keycloak
metadata:
  name: keycloak-sample
spec:
  secret: keycloak-access             # Secret name
  url: https://keycloak.example.com   # Keycloak URL

    Wait for the .status field with status.connected: true

  4. Create Keycloak realm and group using Custom Resources:

    apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealm
metadata:
 name: keycloakrealm-sample
spec:
 realmName: realm-sample
 keycloakOwner: keycloak-sample   # the name of `kind: Keycloak`
    apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealmGroup
metadata:
  name: argocd-admins
spec:
  name: ArgoCDAdmins
  realm: keycloakrealm-sample   # the name of `kind: KeycloakRealm`

    Inspect available custom resource and CR templates folder for more examples

Local Development

To develop the operator, first set up a local environment, and refer to the Local Development page.

Development versions are also available from the snapshot helm chart repository page.

Related Articles

Maintainers

Name Email Url
epmd-edp SupportEPMD-EDP@epam.com https://solutionshub.epam.com/solution/epam-delivery-platform
sergk https://github.com/SergK

Source Code

Values

Key Type Default Description
affinity object {} Affinity for pod assignment
annotations object {} Annotations to be added to the Deployment
clusterReconciliationEnabled bool false If clusterReconciliationEnabled is true, the operator reconciles all Keycloak instances in the cluster; otherwise, it only reconciles instances in the same namespace by default, and cluster-scoped resources are ignored.
extraVolumeMounts list [] Additional volumeMounts to be added to the container
extraVolumes list [] Additional volumes to be added to the pod
image.repository string "epamedp/keycloak-operator" EDP keycloak-operator Docker image name. The released image can be found on Dockerhub
image.tag string nil EDP keycloak-operator Docker image tag. The released image can be found on Dockerhub
imagePullPolicy string "IfNotPresent" If defined, a imagePullPolicy applied to the deployment
imagePullSecrets list [] If defined, imagePullSecrets are applied to deployment
name string "keycloak-operator" Application name string
nodeSelector object {} Node labels for pod assignment
resources object {"limits":{"memory":"192Mi"},"requests":{"cpu":"50m","memory":"64Mi"}} Resource limits and requests for the pod
tolerations list [] Node tolerations for server scheduling to nodes with taints