A Kubernetes Operator based on the Operator SDK for syncing resources in Keycloak.
Currently in development. Will eventually replace https://github.com/integr8ly/keycloak-operator
| CustomResourceDefinition | Description |
|---|---|
| Keycloak | Manages, installs and configures Keycloak on the cluster |
| KeycloakRealm | Represents a realm in a keycloak server |
Note: You will need a running Kubernetes or OpenShift cluster to use the Operator
- clone this repo to
$GOPATH/src/github.com/keycloak/keycloak-operator - run
make setup/mod cluster/prepare - run
code/run-- The above step will launch the operator on the local machine -- To see how do debug the operator or how to deploy to a cluster, see below alternatives to step 3 - In a new terminal run
make cluster/create/examples
To clean the cluster (Removes CRDs, CRs, RBAC and namespace)
- run
make cluster/clean
Debug the operator in Goland
- go get -u github.com/go-delve/delve/cmd/dlv
- Create new
Go Builddebug configuration - Change the properties to the following
* Name = Keycloak Operator
* Run Kind = File
* Files = <project full path>/cmd/manager/main.go
* Working Directory = <project full path>
* Environment = KUBERNETES_CONFIG=<kube config path>;WATCH_NAMESPACE=keycloak
- Apply and click Debug Keycloak operator
Debug the operator in VS Code
- go get -u github.com/go-delve/delve/cmd/dlv
- Create new launch configuration, changing your kube config location
{
"name": "Keycloak Operator",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/cmd/manager/main.go",
"env": {
"WATCH_NAMESPACE": "keycloak",
"KUBERNETES_CONFIG": "<kube config path>"
},
"cwd": "${workspaceFolder}",
"args": []
}- Debug Keycloak Operator
Deploy the operator into the running cluster
- build image with
operator-sdk build <image registry>/<organisation>/keycloak-operator:<tag>. e.g.operator-sdk build quay.io/keycloak/keycloak-operator:test - Change the
imageproperty indeploy/operator.yamlto the above full image path - run
kubectl apply -f deploy/operator.yaml -n <NAMESPACE>
| Command | Description |
|---|---|
make cluster/prepare |
Creates the keycloak namespace, applies all CRDs to the cluster and sets up the RBAC files |
make cluster/clean |
Deletes the keycloak namespace, all keycloak.org CRDs and all RBAC files named keycloak-operator |
make cluster/create/examples |
Applies the example Keycloak and KeycloakRealm CRs |
| Command | Description |
|---|---|
make test/unit |
Runs unit tests |
| Command | Description |
|---|---|
make setup |
Runs setup/mod setup/githooks code/gen |
make setup/githooks |
Copys githooks from ./githooks to .git/hooks |
make setup/mod |
Resets the main module's vendor directory to include all packages |
make code/run |
Runs the operator locally for development purposes |
make code/compile |
Builds the operator |
make code/gen |
Generates/Updates the operator files based on the CR status and spec definitions |
make code/check |
Checks for linting errors in the code |
make code/fix |
Formats code using gofmt |
make code/lint |
Checks for linting errors in the code |
| Command | Description |
|---|---|
make setup/travis |
Downloads operator-sdk, makes it executable and copys to /usr/local/bin/ |
Keycloak Operator supports the following version of key components:
| Component | Version/Tag |
|---|---|
Keycloak |
jboss/keycloak:7.0.0 |
Red Hat Single-Sign-On |
registry.redhat.io/redhat-sso-7-tech-preview/sso-cd-openshift:6 |
Postgresql |
9.5 |
It is possible to use Red Hat Single-Sign-On instead of Keycloak deployment. Pulling images from Red Hat Container Registry requires additional configuration steps (see the manual). In order to activate Red Hat Single-Sign-on, set the profile in the Keycloak CR Spec to "RHSSO".