A Helm chart for EDP Keycloak Operator
Homepage: https://epam.github.io/edp-install/
Keycloak Operator is an EDP operator responsible for configuring existing Keycloak instances. The operator runs both on OpenShift and Kubernetes.
NOTE: Operator is platform-independent, which is why there is a unified instruction for deployment.
- Linux machine or Windows Subsystem for Linux instance with Helm 3 installed;
- Cluster admin access to the cluster;
To install the Keycloak Operator, follow the steps below:
-
To add the Helm EPAMEDP Charts for a local client, run "helm repo add":
helm repo add epamedp https://epam.github.io/edp-helm-charts/stable
-
Choose the available Helm chart version:
helm search repo epamedp/keycloak-operator -l NAME CHART VERSION APP VERSION DESCRIPTION epamedp/keycloak-operator 1.19.0 1.19.0 A Helm chart for EDP Keycloak Operator epamedp/keycloak-operator 1.18.2 1.18.2 A Helm chart for EDP Keycloak Operator
NOTE: It is highly recommended to use the latest stable version.
-
Full chart parameters available below.
-
Install the operator in the namespace with the helm command; find below the installation command example:
helm install keycloak-operator epamedp/keycloak-operator --version <chart_version> --namespace <edp-project> --set name=keycloak-operator
-
Check the namespace containing Deployment with your operator in running status.
-
Create a User in the Keycloak
Masterrealm, and assign acreate-realmrole. -
Insert newly created user credentials into Kubernetes secret:
apiVersion: v1 kind: Secret metadata: name: keycloak-access type: Opaque data: username: dXNlcg== # base64-encoded value of "user" password: cGFzcw== # base64-encoded value of "pass"
-
Create Custom Resource
kind: Keycloakwith Keycloak instance URL and secret created on the previous step:apiVersion: v1.edp.epam.com/v1 kind: Keycloak metadata: name: keycloak-sample spec: secret: keycloak-access # Secret name url: https://keycloak.example.com # Keycloak URL
Wait for the
.statusfield withstatus.connected: true -
Create Keycloak realm and group using Custom Resources:
apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealm metadata: name: keycloakrealm-sample spec: realmName: realm-sample keycloakOwner: keycloak-sample # the name of `kind: Keycloak`
apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealmGroup metadata: name: argocd-admins spec: name: ArgoCDAdmins realm: keycloakrealm-sample # the name of `kind: KeycloakRealm`
Inspect available custom resource and CR templates folder for more examples
To develop the operator, first set up a local environment, and refer to the Local Development page.
Development versions are also available from the snapshot helm chart repository page.
| Name | Url | |
|---|---|---|
| epmd-edp | [email protected] | https://solutionshub.epam.com/solution/epam-delivery-platform |
| sergk | https://github.com/SergK |
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
Affinity for pod assignment |
| annotations | object | {} |
Annotations to be added to the Deployment |
| clusterReconciliationEnabled | bool | false |
If clusterReconciliationEnabled is true, the operator reconciles all Keycloak instances in the cluster; otherwise, it only reconciles instances in the same namespace by default, and cluster-scoped resources are ignored. |
| extraVolumeMounts | list | [] |
Additional volumeMounts to be added to the container |
| extraVolumes | list | [] |
Additional volumes to be added to the pod |
| image.repository | string | "epamedp/keycloak-operator" |
EDP keycloak-operator Docker image name. The released image can be found on Dockerhub |
| image.tag | string | nil |
EDP keycloak-operator Docker image tag. The released image can be found on Dockerhub |
| imagePullPolicy | string | "IfNotPresent" |
If defined, a imagePullPolicy applied to the deployment |
| imagePullSecrets | list | [] |
If defined, imagePullSecrets are applied to deployment |
| name | string | "keycloak-operator" |
Application name string |
| nodeSelector | object | {} |
Node labels for pod assignment |
| resources | object | {"limits":{"memory":"192Mi"},"requests":{"cpu":"50m","memory":"64Mi"}} |
Resource limits and requests for the pod |
| tolerations | list | [] |
Node tolerations for server scheduling to nodes with taints |