New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Truststore handling for the Operator is not documented #27892
Comments
@ahus1 Thank you for creating the issue. It is a valid concern that some documentation around Truststore in Operator deployments would be good. The rationale behind why most options are not explicitly documented in the Operator context is that the options are either self-describing and it is clear from the CRD, or that it's a server option that is already documented in server guides. However, for the truststore I agree it's not quite clear and we can do better. The config option has a different name in CRD than in server, and on top of that has a specific format as it requires referring to a Secret. Worth mentioning might be also that we configure Keycloak to trust the K8s CA by default. @shawkins Could you please look into it when you get a chance? |
closes: keycloak#27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
closes: keycloak#27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
closes: keycloak#27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
closes: #27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
closes: keycloak#27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
closes: keycloak#27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed to use ui-shared Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * doc: add keycloak cr truststores (#28015) closes: #27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> --------- Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com>
closes: keycloak#27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com> (cherry picked from commit 6cc6610)
closes: keycloak#27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* changed to use ui-shared Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * doc: add keycloak cr truststores (keycloak#28015) closes: keycloak#27892 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> --------- Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Before reporting an issue
Area
operator
Describe the bug
KC24 introduced adding truststores via the CR, and this is documented in the release notes.
It seems that this is missing in the regular Keycloak docs, so people won't be able to find it.
Also the documentation of the CR as shown in OpenShift is very minimal, and doesn't show what to put into that "object" ("Details" is missing).
Version
main
Regression
Expected behavior
Documentation on https://www.keycloak.org/operator/advanced-configuration on how to use truststores.
Actual behavior
Documentation exists only in the release notes.
How to Reproduce?
Search for "truststores:" in all
*.adoc
files in the projectAnything else?
This would be a candidate for a KC24 backport.
cc: @vmuzikar, @shawkins
The text was updated successfully, but these errors were encountered: