keycloak-operator for keycloak-clients, handles keycloak-clients via custom resources for several keycloak installations and realms
A Kubernetes Operator based on the Operator SDK for creating and syncing KeycloakClient-Resources in Keycloak
This Operator has it's origin from the Legacy Keycloak Operator. If you look for the official KeycloakOperator from RedHat, please look into the KeycloakOperator.
The Operator is opinionated in a way that it expects that Keycloak and the realm are already set up (i.e. with one of the available Helm Charts) and it only has to handle the KeycloakClients for a Keycloak Installation and a specific realm.
This fits our need as we set up Keycloak and the realm with Helm, and we have very many microservices that require their own KeycloakClient. The Microservices are deployed via Helm and it is easy to simply deploy a KeycloakClient Resource together with the other artefacts of the Microservice and let the Operator handle the creation of the KeycloakClient in Keycloak.
Note: You will need a running Kubernetes cluster to use the Operator
This installs keycloak wih a realm test-realm via the codecentric helm chart
- Run
make cluster/installKeycloak
This installs Keycloak on your cluster. To access Keycloak run the following command:
`export POD_NAME=$(kubectl get pods --namespace keycloak -l "app.kubernetes.io/name=keycloakx,app.kubernetes.io/instance=keycloak" -o name)
kubectl --namespace keycloak port-forward "$POD_NAME" 8080 `
And access the application via the URL
http://localhost:8080/auth/
The credentials are admin/admin
- Run
make cluster/prepare
This will apply the necessary Custom Resource Definitions (CRDs) and RBAC rules to the clusters
2. Run kubectl apply -f deploy/operator.yaml
This will start the operator in the current namespace
Once the CRDs and RBAC rules are applied and the operator is running, install the keycloak-cr, the keycloakrealm-cr and the keycloakclient-cr. The keycloak- and keycloakrealm-crs are only used to reference keycloak and the keycloakrealm.
The keycloakclient-cr actually triggers the keycloakclient-operator to create the keycloakclient in the references keycloakcloakrealm.
- Run
make cluster/create/examples
Log into Keycloak and check that the KeycloakClient test-client has been crested
To have the Keycloak Client Operator handle KeycloakClients for a specifiy Keycloak Installation and Realm you need the following Ressources
You need the Keycloak-CustomResource that describes how the Keycloak Instance can be accessed (the URL) and the secret that provides Username and Password. The Secret has to have the name of the KeycloakCRD prefixed with "credentials-"
Please see KeycloakCR
The Realm-CustomResource should have id, displayName and realm set to the corresponsing name in Keycloak and the instanceSelector should match the labels in the KeycloakCRD.
In the KeycloakClient you can specify the KeycloakClient.
- Keycloak documentation
- User Mailing List - Mailing list for help and general questions about Keycloak
If you believe you have discovered a defect in the KeycloakClent Operator please open an an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.
| CustomResourceDefinition | Description |
|---|---|
| Keycloak | Manages, installs and configures Keycloak on the cluster |
| KeycloakRealm | Represents a realm in a keycloak server |
| KeycloakClient | Represents a client in a keycloak server |
I'm glad for any contribution. This is currently Alpha. The operator runs on my machine and I would expect that I didn't
introduce too many errors into the orginal KeycloakOperator, as it is basically a stripped down version of the Legacy Keycloak Operator.
- Keycloak - Keycloak Server and Java adapters
- Keycloak Documentation - Documentation for Keycloak
- Keycloak QuickStarts - QuickStarts for getting started with Keycloak
- Keycloak Docker - Docker images for Keycloak
- Keycloak Node.js Connect - Node.js adapter for Keycloak
- Keycloak Node.js Admin Client - Node.js library for Keycloak Admin REST API
- Codecentric Keycloak Helm Chart - Helm chart for Keycloakx
- Codecentric Keycloakx Helm Chart - Helm chart for Keycloakx
- Bitnami Keycloak Helm Chart - Helm Chart for Keycloak