provider-keycloak
is a Crossplane provider that
is built using Upjet code
generation tools and exposes XRM-conformant managed resources for the
keycloak API.
Check out the examples in the examples
directory for more information on how to use this provider.
To install the provider, use the following resource definition:
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-keycloak
namespace: crossplane-system
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.5.0
This will install the provider in the crossplane-system
namespace and install CRDs and controllers for the provider.
We also support DeploymentRuntimeConfig to enable additional features in the provider.
---
apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
name: enable-ess
spec:
deploymentTemplate:
spec:
selector: {}
template:
spec:
containers:
- name: package-runtime
args:
- --enable-external-secret-stores
which can be used in the provider resource as follows:
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: keycloak-provider
namespace: crossplane-system
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.5.0
+ runtimeConfigRef:
+ name: enable-ess
(Without the + signs of course)
- For each keycloak instance you need one or more
ProviderConfig
resources. - The
ProviderConfig
resource is used to store the keycloak API server URL, credentials, and other configuration details that are required to connect to the keycloak API server. - Here is an example of a
ProviderConfig
resource:
---
apiVersion: keycloak.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
name: keycloak-provider-config
spec:
credentials:
source: Secret
secretRef:
name: keycloak-credentials
key: credentials
namespace: crossplane-system
---
apiVersion: v1
kind: Secret
metadata:
name: keycloak-credentials
namespace: crossplane-system
labels:
type: provider-credentials
type: Opaque
stringData:
credentials: |
{
"client_id":"admin-cli",
"username": "admin",
"password": "admin",
"url": "https://keycloak.example.com",
"base_path": "/auth",
"realm": "master"
}
The secret keycloak-credentials
contains the keycloak API server URL, credentials, and other configuration details that are required to connect to the keycloak API server. It supports the same fields as the terraform provider configuration
As an alternative to using the embedded JSON format shown above, you can also place settings in a plain Kubernetes secret like this:
apiVersion: v1
kind: Secret
metadata:
name: keycloak-credentials
namespace: crossplane-system
labels:
type: provider-credentials
type: Opaque
stringData:
client_id: "admin-cli"
username: "admin"
password: "admin"
url: "https://keycloak.example.com"
base_path: "/auth"
realm: "master"
You can explore the available custom resources:
- Upbound marketplace site
kubectl get crd | grep keycloak.crossplane.io
to list all the CRDs provided by the providerkubectl explain <CRD_NAME>
for docs on the CLI- You can also see the CRDs in the
package/crds
directory
- function-keycloak-builtin-objects - The function is used to import the builtin objects of a keycloak, e.g. clients and roles. Since v3.0 it also offers the possibility to adapt some default config. Everything you need to know is in the README of the repository.
Run code-generation pipeline:
go run cmd/generator/main.go "$PWD"
Checkout sub-repositories:
make submodules
Execute code generation:
make generate
Run against a Kubernetes cluster:
make run
Build, push, and install:
make all
Build binary:
make build
TODO: Add regression test docs
For filing bugs, suggesting improvements, or requesting new features, please open an issue.