Exports a keycloak realm as json into a kubernetes secret.
This requires an export REST resource to be exposed on keycloak. See https://github.com/cghislai/keycloak-importexport.
Configuration values are obtained from different sources, in order:
- files loaded from /var/run/secrets/
- env variables
- arguments as 'key=value'
Available configuration properties:
| Name | Description |
|---|---|
| help | Display help output and exits. |
| debug | Debug output |
| realmName | The name of a single realm |
| realmNames | A comma-separated list of realm names |
| keycloakApiUri | The keycloak uri, eg keycloak.namespace.cluster.local:8080/auth |
| keycloakHostHeader | The keycloak host header. This must match the token issuer, and is required if the api uri is not a public uri |
| keycloakTruststorePath | The path to a truststore when reaching keycloak over tls |
| keycloakTruststorePassword | The password to the keycloak truststore |
| exportUsers | Whether to export users as well. This might not fit within a kubernetes secret then. |
| adminUsername | The keycloak admin username |
| adminPassword | The keycloak admin password |
| secretNamespace | The namespace into which to create/update the secret containing the exported data. The service account running this will need access to read,create,update secrets in that namespace. |
| secretNamePattern | A pattern used to build the secret name. {0} will be replaced with the realm name. {1} will be replaced with the iso local date. Defaults to 'realm-{0}-json-export-{1}-secret |
| secretKeyPattern | A pattern used to build the secret key. {0} will be replaced with the realm nameDefaults to '{0}.json' |
| secretLabels | A comma-separated list of key:value labels to apply on created secrets |
| secretAnnotations | A comma-separated list of key:value annotations to apply on created secrets |