โ Please refer to EDP documentation to get the main concepts and guidelines. |
---|
Get acquainted with the Keycloak Operator, the installation process, the local development, and the architecture scheme.
Keycloak Operator is an EDP operator responsible for configuring existing Keycloak instances. The operator runs both on OpenShift and Kubernetes.
NOTE: Operator is platform-independent, which is why there is a unified instruction for deployment.
- Linux machine or Windows Subsystem for Linux instance with Helm 3 installed;
- Cluster admin access to the cluster;
To install the Keycloak Operator, follow the steps below:
-
To add the Helm EPAMEDP Charts for a local client, run "helm repo add":
helm repo add epamedp https://epam.github.io/edp-helm-charts/stable
-
Choose the available Helm chart version:
helm search repo epamedp/keycloak-operator -l NAME CHART VERSION APP VERSION DESCRIPTION epamedp/keycloak-operator 1.14.0 1.14.0 A Helm chart for EDP Keycloak Operator epamedp/keycloak-operator 1.13.0 1.13.0 A Helm chart for EDP Keycloak Operator
NOTE: It is highly recommended to use the latest stable version.
-
Full chart parameters available in deploy-templates/README.md.
-
Install the operator in the namespace with the helm command; find below the installation command example:
helm install keycloak-operator epamedp/keycloak-operator --version <chart_version> --namespace <edp-project> --set name=keycloak-operator
-
Check the namespace containing Deployment with your operator in running status.
-
Create a User in the Keycloak
Master
realm, and assign acreate-realm
role, check official documentation -
Insert newly created user credentials into Kubernetes secret:
apiVersion: v1 kind: Secret metadata: name: keycloak-access namespace: default type: Opaque data: username: "user" password: "pass"
-
Create Custom Resource
kind: Keycloak
with Keycloak instance URL and secret created on the previous step:apiVersion: v1.edp.epam.com/v1 kind: Keycloak metadata: name: main namespace: default spec: secret: keycloak-access # Secret name url: https://keycloak.example.com # Keycloak URL
Wait for the
.status
field withstatus.connected: true
-
Create Keycloak realm and group using Custom Resources:
apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealm metadata: name: demo namespace: default spec: keycloakOwner: main # the name of `kind: Keycloak` realmName: product-dev # realm name in keycloak instance ssoRealmEnabled: false
apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealmGroup metadata: name: argocd-admins namespace: default spec: name: ArgoCDAdmins realm: demo # the name of `kind: KeycloakRealm`
Inspect available custom resource and CR templates folder for more examples
To develop the operator, first set up a local environment, and refer to the Local Development page.
Development versions are also available from the snapshot helm chart repository page.