Merge pull request #79 from stakater/keycloak_how_to

Keycloak how to guide on adding a new user

content/explanation/console.md

@@ -8,46 +8,46 @@ The Multi Tenant Operator (MTO) Console is a comprehensive user interface design
 
 The dashboard serves as a centralized monitoring hub, offering insights into the current state of tenants, namespaces, and quotas. It is designed to provide a quick summary/snapshot of MTO resources' status. Additionally, it includes a Showback graph that presents a quick glance of the seven-day cost trends associated with the namespaces/tenants based on the logged-in user.
 
-![image](../images/dashboard.png)
+![dashboard](../images/dashboard.png)
 
 ### Tenants
 
 Here, admins have a bird's-eye view of all tenants, with the ability to delve into each one for detailed examination and management. This section is pivotal for observing the distribution and organization of tenants within the system. More information on each tenant can be accessed by clicking the view option against each tenant name.
 
-![image](../images/tenants.png)
+![tenants](../images/tenants.png)
 
 ### Namespaces
 
 Users can view all the namespaces that belong to their tenant, offering a comprehensive perspective of the accessible namespaces for tenant members. This section also provides options for detailed exploration.
 
-![image](../images/namespaces.png)
+![namespaces](../images/namespaces.png)
 
 ### Quotas
 
 MTO's Quotas are crucial for managing resource allocation. In this section, administrators can assess the quotas assigned to each tenant, ensuring a balanced distribution of resources in line with operational requirements.
 
-![image](../images/quotas.png)
+![quotas](../images/quotas.png)
 
 ### Templates
 
 The Templates section acts as a repository for standardized resource deployment patterns, which can be utilized to maintain consistency and reliability across tenant environments. Few examples include provisioning specific k8s manifests, helm charts, secrets or configmaps across a set of namespaces.
 
-![image](../images/templates.png)
-![image](../images/templateGroupInstances.png)
+![templates](../images/templates.png)
+![templateGroupInstances](../images/templateGroupInstances.png)
 
 ### Showback
 
 The Showback feature is an essential financial governance tool, providing detailed insights into the cost implications of resource usage by tenant or namespace or other filters. This facilitates a transparent cost management and internal chargeback or showback process, enabling informed decision-making regarding resource consumption and budgeting.
 
-![image](../images/showback.png)
+![showback](../images/showback.png)
 
 ## User Roles and Permissions
 
 ### Administrators
 
 Administrators have overarching access to the console, including the ability to view all namespaces and tenants. They have exclusive access to the IntegrationConfig, allowing them to view all the settings and integrations.
 
-![image](../images/integrationConfig.png)
+![integrationConfig](../images/integrationConfig.png)
 
 ### Tenant Users
 
@@ -59,7 +59,7 @@ In the MTO Console, each resource section is equipped with a "View" button, reve
 
 You can find more details on graph visualization here: [Graph Visualization](../reference-guides/graph-visualization.md)
 
-![image](../images/tenants_graph.png)
+![tenants-graph](../images/tenants_graph.png)
 
 ## Caching and Database
 

content/how-to-guides/keycloak.md

@@ -0,0 +1,74 @@
+# Setting Up User Access in Keycloak for MTO Console
+
+This guide walks you through the process of adding new users in Keycloak and granting them access to Multi Tenant Operator (MTO) Console.
+
+## Accessing Keycloak Console
+
+* Log in to the OpenShift Console.
+* Go to the 'Routes' section within the 'multi-tenant-operator' namespace.
+
+![routes](../images/routes.png)
+
+* Click on the Keycloak console link provided in the Routes.
+* Login using the admin credentials (default: admin/admin).
+
+## Adding new Users in Keycloak
+
+* In the Keycloak console, switch to the `mto` realm.
+
+![realm](../images/realm.png)
+
+* Go to the `Users` section in the `mto` realm.
+* Follow the prompts to add a new user.
+
+![keycloak-new-user](../images/keycloak-new-user.png)
+
+* Once you add a new user, here is how the Users section would look like
+
+![keycloak-users](../images/keycloak-users.png)
+
+## Accessing MTO Console
+
+* Go back to the OpenShift Console, navigate to the Routes section, and get the URL for the MTO Console.
+* Open the MTO Console URL and log in with the newly added user credentials.
+
+Now, at this point, a user will be authenticated to the MTO Console. But in order to get access to view any Tenant resources, the user will need to be part of a Tenant.
+
+## Granting Access to Tenant Resources
+
+* Open Tenant CR: In the OpenShift cluster, locate and open the Tenant Custom Resource (CR) that you wish to give access to. You will see a YAML file similar to the following example:
+
+```yaml
+apiVersion: tenantoperator.stakater.com/v1beta2
+kind: Tenant
+metadata:
+  name: arsenal
+spec:
+  quota: small
+  owners:
+    users:
+        - [email protected]
+  groups:
+    - arsenal
+  editors:
+    users:
+        - [email protected]
+  viewers:
+    users:
+        - [email protected]
+```
+
+* Edit Tenant CR: Add the newly created user's email to the appropriate section (owners, editors, viewers) in the Tenant CR. For example, if you have created a user `[email protected]` and wish to add them as an editor, the edited section would look like this:
+
+```yaml
+editors:
+  users:
+    - [email protected]
+    - [email protected]
+```
+
+* Save Changes: Save and apply the changes to the Tenant CR.
+
+## Verifying Access
+
+Once the above steps are completed, you should be able to access the MTO Console now and see alpha Tenant's details along with all the other resources such as namespaces and templates that John has access to.