Ability to add fields in job template for KeycloakRealmImport CR

[aamoyel]

Description

Like "Keycloak" CR, to add custom labels, annotations and other keys/values, we need an "unsupported" field in "KeycloakRealmImport" CR.

Discussion

No response

Motivation

I've deployed keycloak operator and instance in a namespace with Istio enabled and everything is working correctly. My problem is when i create a "KeycloakRealmImport", the operator create a job pod with the istio sidecar proxy because of istio auto injection.
The Istio sidecar leads to a stucking running job because of the proxy never ends.
Istio gives the ability to disable injection with this annotation: 'sidecar.istio.io/inject: “false”' but we cannot add metadata in realmImport like "Keycloak" CR.

Details

Stucking pod:

NAME                                     READY   STATUS     RESTARTS   AGE
pod/internal-ftxtl                       1/2     NotReady   0          18m
pod/keycloak-prod-0                      2/2     Running    0          78m

Need to have this fields in KeycloakRealmImports :

...
spec:
  unsupported:
    jobTemplate:
      metadata:
        annotations:
          sidecar.istio.io/inject: “false”

[husira]

@aamoyel, Did you find any solution to quit the job when istio injection is enabled?

[Update]: want to share my insight with you (I still need to test it):

Feel free to test it in your setup as well: husira/keycloak@20.0.1...husira:keycloak:customized-keycloakRealmImportJob

Seems to be a best-practice workaround (https://discuss.istio.io/t/best-practices-for-jobs/4968) to quit the istio-sidecar for jobs.

For our setup we also used --override=true to import the realm, because we always want to force/replace the resource with argocd and use the configuration from git.

[fuero]

Could anyone please elaborate on how this has been fixed?

My use case is for applying securityContext best practices to the import jobs