Rolika4
commented
1 month ago Hello @gwydionmv,
If I understood you questions right - there 2 use case how you could use Keycloak operator:
- Installing Keycloak. We recomended to use edp-cluster-add-ons approach to configure and manage all resources including Keycloak, Database and operator.
For installing Keycloak, create several copy of this app with different names. Update namespace value for each component.
This template support different types of Postgresql database, include external postgresql instance or pgo operator (by default). To update DB configuration - please take a look for Keycloak values for DB configuration.
- Next step after install Keycloak instances - install Keycloak operator and create CR. Depend of your issue you could be use one Keycloak operator for several Keycloak instances or several copies for each Keycloak instance.
2.1 One operator for all Keycloak's instance. In this example I'll use keycloakA and keycloakB instance names.
2.1.1 Configure operator access to Keycloak:
KeycloakA:
apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloak
metadata:
name: keycloakA
spec:
secret: keycloakA
url: https://keycloakA.comKeycloakB:
apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloak
metadata:
name: keycloakB
spec:
secret: keycloakB
url: https://keycloakB.comThis two resources make possible configure connections between operator and Keycloak instances.
2.1.2 Create keycloak realm:
KeycloakA:
apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloakRealm
metadata:
name: keycloakA-realm #CR name
spec:
clusterKeycloakRef: keycloakA
realmName: keycloakA-realm #Keycloak resource nameKeycloakB:
apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloakRealm
metadata:
name: keycloakB-realm #CR name
spec:
clusterKeycloakRef: keycloakB
realmName: keycloakA-realm #Keycloak resource name2.1.3 Create another resources like clients, broker, groups, roles etc.
When create it, setup in what realm resource will created:
...
realmRef:
kind: ClusterKeycloakRealm
name: keycloakA-realm
...2.2 Operator for each Keycloak's instance. In this example uses similar approach, but for usage several operators in one cluster - disable cluster wide mode. Without this option - operator will be reconcile only namespaced resource.
apiVersion: v1.edp.epam.com/v1alpha1
kind: Keycloak
metadata:
name: keycloakA
spec:
secret: keycloakA
url: https://keycloakA.comapiVersion: v1.edp.epam.com/v1alpha1
kind: KeycloakRealm
metadata:
name: keycloakA-realm #CR name
spec:
KeycloakRef: keycloakA
realmName: keycloakA-realm #Keycloak resource nameHope this information helpful. If you still have questions - don't hesitate ask it.
gwydionmv
Is your feature request related to a problem? Please describe. In our company, we want to have a central operator for every instance of keycloak and then several instances in different namespaces. Currently, there are no templates available for the CRs, so we can't centralise the configuration for roles, groups, etc. We have to replicate the templates for every instance, and if we include any reference to the edp operator, we can't avoid the deployment of the operator itself.
Describe the solution you'd like Similar to other operators (e.g. https://github.com/adfinis/helm-charts/tree/main/charts/keycloak-operator), I'd like to be able to either deploy the operator itself or instantiate the CRs needed. Having the templates for the CRs ready, would be quite easy to just write some lines a values file and deploy.