Resources templates

[gwydionmv]

Is your feature request related to a problem? Please describe.
In our company, we want to have a central operator for every instance of keycloak and then several instances in different namespaces. Currently, there are no templates available for the CRs, so we can't centralise the configuration for roles, groups, etc. We have to replicate the templates for every instance, and if we include any reference to the edp operator, we can't avoid the deployment of the operator itself.

Describe the solution you'd like
Similar to other operators (e.g. https://github.com/adfinis/helm-charts/tree/main/charts/keycloak-operator), I'd like to be able to either deploy the operator itself or instantiate the CRs needed. Having the templates for the CRs ready, would be quite easy to just write some lines a values file and deploy.

[Rolika4]

Hello @gwydionmv,

If I understood you questions right - there 2 use case how you could use Keycloak operator:

1. Installing Keycloak.
   We recomended to use edp-cluster-add-ons approach to configure and manage all resources including Keycloak, Database and operator.

For installing Keycloak, create several copy of this app with different names. Update namespace value for each component.

This template support different types of Postgresql database, include external postgresql instance or pgo operator (by default). To update DB configuration - please take a look for Keycloak values for DB configuration.

2. Next step after install Keycloak instances - install Keycloak operator and create CR.
   Depend of your issue you could be use one Keycloak operator for several Keycloak instances or several copies for each Keycloak instance.

2.1 One operator for all Keycloak's instance. In this example I'll use keycloakA and keycloakB instance names.

2.1.1 Configure operator access to Keycloak:

KeycloakA:

apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloak
metadata:
  name: keycloakA
spec:
  secret: keycloakA
  url: https://keycloakA.com

KeycloakB:

apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloak
metadata:
  name: keycloakB
spec:
  secret: keycloakB
  url: https://keycloakB.com

This two resources make possible configure connections between operator and Keycloak instances.

2.1.2 Create keycloak realm:

KeycloakA:

apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloakRealm
metadata:
  name: keycloakA-realm #CR name 
spec:
  clusterKeycloakRef: keycloakA
  realmName: keycloakA-realm #Keycloak resource name

KeycloakB:

apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloakRealm
metadata:
  name: keycloakB-realm #CR name 
spec:
  clusterKeycloakRef: keycloakB
  realmName: keycloakA-realm #Keycloak resource name

2.1.3 Create another resources like clients, broker, groups, roles etc.

When create it, setup in what realm resource will created:

  ...
  realmRef:
    kind: ClusterKeycloakRealm
    name: keycloakA-realm
  ...

2.2 Operator for each Keycloak's instance.
In this example uses similar approach, but for usage several operators in one cluster - disable cluster wide mode. Without this option - operator will be reconcile only namespaced resource.

apiVersion: v1.edp.epam.com/v1alpha1
kind: Keycloak
metadata:
  name: keycloakA
spec:
  secret: keycloakA
  url: https://keycloakA.com

apiVersion: v1.edp.epam.com/v1alpha1
kind: KeycloakRealm
metadata:
  name: keycloakA-realm #CR name 
spec:
  KeycloakRef: keycloakA
  realmName: keycloakA-realm #Keycloak resource name

Hope this information helpful. If you still have questions - don't hesitate ask it.

[gwydionmv]

Hello @Rolika4 !

Thanks for your answer 😄 We already have a keycloak instance in place, so use case 1 is covered!

We have also used your operator for connecting to it and create realms, group, etc manually using the CRs. But we would like to have templates ready for them and automatize it in pipelines instead of having to manually create the CR yamls. Maybe I didn’t explain myself in the previous message.