Provider keycloak

provider-keycloak is a Crossplane provider that is built using Upjet code generation tools and exposes XRM-conformant managed resources for the keycloak API.

Check out the examples in the examples directory for more information on how to use this provider.

Usage

Installation

To install the provider, use the following resource definition:

---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-keycloak
  namespace: crossplane-system
spec:
  package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.5.0

This will install the provider in the crossplane-system namespace and install CRDs and controllers for the provider.

DeploymentRuntimeConfig

We also support DeploymentRuntimeConfig to enable additional features in the provider.

--- 
apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
  name: enable-ess
spec:
  deploymentTemplate:
    spec:
      selector: {}
      template:
        spec:
          containers:
            - name: package-runtime
              args:
                - --enable-external-secret-stores

which can be used in the provider resource as follows:

---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: keycloak-provider
  namespace: crossplane-system
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
  package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.5.0
+ runtimeConfigRef:
+   name: enable-ess

(Without the + signs of course)

Configuration

• For each keycloak instance you need one or more ProviderConfig resources.
• The ProviderConfig resource is used to store the keycloak API server URL, credentials, and other configuration details that are required to connect to the keycloak API server.
• Here is an example of a ProviderConfig resource:

---
apiVersion: keycloak.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
  name: keycloak-provider-config
spec:
  credentials:
    source: Secret
    secretRef:
      name: keycloak-credentials
      key: credentials
      namespace: crossplane-system
---
apiVersion: v1
kind: Secret
metadata:
  name: keycloak-credentials
  namespace: crossplane-system
  labels: 
    type: provider-credentials
type: Opaque
stringData:
  credentials: |
    {
      "client_id":"admin-cli",
      "username": "admin",
      "password": "admin",
      "url": "https://keycloak.example.com",
      "base_path": "/auth",
      "realm": "master"
    }

The secret keycloak-credentials contains the keycloak API server URL, credentials, and other configuration details that are required to connect to the keycloak API server. It supports the same fields as the terraform provider configuration

Custom Resource Definitions

You can explore the available custom resources:

• Upbound marketplace site
• kubectl get crd | grep keycloak.crossplane.io to list all the CRDs provided by the provider
• kubectl explain <CRD_NAME> for docs on the CLI
• You can also see the CRDs in the package/crds directory

Functions and Compositions:

• function-keycloak-builtin-objects - The function is used to import the builtin objects of a keycloak, e.g. clients and roles. Since v3.0 it also offers the possibility to adapt some default config. Everything you need to know is in the README of the repository.

Developing

Run code-generation pipeline:

go run cmd/generator/main.go "$PWD"

Checkout sub-repositories:

make submodules

Execute code generation:

make generate

Run against a Kubernetes cluster:

make run

Build, push, and install:

make all

Build binary:

make build

Regression Tests

TODO: Add regression test docs

Report a Bug

For filing bugs, suggesting improvements, or requesting new features, please open an issue.