Truststore handling for the Operator is not documented

[ahus1]

Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

operator

Describe the bug

KC24 introduced adding truststores via the CR, and this is documented in the release notes.

It seems that this is missing in the regular Keycloak docs, so people won't be able to find it.

Also the documentation of the CR as shown in OpenShift is very minimal, and doesn't show what to put into that "object" ("Details" is missing).

Version

main

Regression

• The issue is a regression

Expected behavior

Documentation on https://www.keycloak.org/operator/advanced-configuration on how to use truststores.

Actual behavior

Documentation exists only in the release notes.

How to Reproduce?

Search for "truststores:" in all *.adoc files in the project

Anything else?

This would be a candidate for a KC24 backport.

cc: @vmuzikar, @shawkins

[vmuzikar]

@ahus1 Thank you for creating the issue. It is a valid concern that some documentation around Truststore in Operator deployments would be good. The rationale behind why most options are not explicitly documented in the Operator context is that the options are either self-describing and it is clear from the CRD, or that it's a server option that is already documented in server guides.

However, for the truststore I agree it's not quite clear and we can do better. The config option has a different name in CRD than in server, and on top of that has a specific format as it requires referring to a Secret. Worth mentioning might be also that we configure Keycloak to trust the K8s CA by default.

@shawkins Could you please look into it when you get a chance?