2022-04-08 09:56:03 +00:00
<#import "/templates/guide.adoc" as tmpl>
<#import "/templates/kc.adoc" as kc>
<#import "/templates/options.adoc" as opts>
<#import "/templates/links.adoc" as links>
<@tmpl.guide
title="Keycloak Realm Import"
2022-04-20 08:24:40 +00:00
priority=30
2022-05-11 08:46:26 +00:00
summary="How to perform an automated Keycloak Realm Import using the operator">
2022-04-08 09:56:03 +00:00
2023-03-01 15:24:36 +00:00
== Importing a Keycloak Realm
2022-04-08 09:56:03 +00:00
2023-03-01 15:24:36 +00:00
Using the Keycloak Operator, you can perform a realm import for the Keycloak Deployment.
2022-04-08 09:56:03 +00:00
[NOTE]
2023-03-01 15:24:36 +00:00
====
* If a Realm with the same name already exists in Keycloak, it will not be overwritten.
2022-04-08 09:56:03 +00:00
2023-03-01 15:24:36 +00:00
* The Realm Import CR only supports creation of new realms and does not update or delete those. Changes to the realm performed directly on Keycloak are not synced back in the CR.
====
2022-04-08 09:56:03 +00:00
2023-03-01 15:24:36 +00:00
=== Creating a Realm Import Custom Resource
2022-04-08 09:56:03 +00:00
2023-03-01 15:24:36 +00:00
The following is an example of a Realm Import Custom Resource (CR):
2022-04-08 09:56:03 +00:00
[source,yaml]
----
2022-04-11 12:48:21 +00:00
apiVersion: k8s.keycloak.org/v2alpha1
2022-04-08 09:56:03 +00:00
kind: KeycloakRealmImport
metadata:
name: my-realm-kc
spec:
keycloakCRName: <name of the keycloak CR>
realm:
...
----
2022-05-11 08:46:26 +00:00
This CR should be created in the same namespace as the Keycloak Deployment CR, defined in the field `keycloakCRName`.
The `realm` field accepts a full https://www.keycloak.org/docs-api/{majorMinorVersion}/rest-api/index.html#_realmrepresentation[RealmRepresentation].
2022-04-08 09:56:03 +00:00
2023-03-01 15:24:36 +00:00
The recommended way to obtain a `RealmRepresentation` is by leveraging the export functionality <@links.server id="importExport"/>.
2022-04-08 09:56:03 +00:00
2023-03-01 15:24:36 +00:00
. Export the Realm to a single file.
. Convert the JSON file to YAML.
. Copy and paste the obtained YAML file as body for the `realm` key, making sure the indentation is correct.
2022-04-08 09:56:03 +00:00
=== Applying the Realm Import CR
Use `kubectl` to create the CR in the correct cluster namespace:
2023-05-17 15:34:32 +00:00
Create YAML file `example-realm-import.yaml`:
[source,yaml]
2022-04-08 09:56:03 +00:00
----
2022-04-11 12:48:21 +00:00
apiVersion: k8s.keycloak.org/v2alpha1
2022-04-08 09:56:03 +00:00
kind: KeycloakRealmImport
metadata:
name: my-realm-kc
spec:
keycloakCRName: <name of the keycloak CR>
realm:
id: example-realm
realm: example-realm
displayName: ExampleRealm
enabled: true
2023-05-17 15:34:32 +00:00
----
Apply the changes:
[source,bash]
----
2022-04-13 10:50:25 +00:00
kubectl apply -f example-realm-import.yaml
2022-04-08 09:56:03 +00:00
----
2023-03-01 15:24:36 +00:00
To check the status of the running import, enter the following command:
2022-04-08 09:56:03 +00:00
[source,bash]
----
kubectl get keycloakrealmimports/my-realm-kc -o go-template='{{range .status.conditions}}CONDITION: {{.type}}{{"\n"}} STATUS: {{.status}}{{"\n"}} MESSAGE: {{.message}}{{"\n"}}{{end}}'
----
2023-03-01 15:24:36 +00:00
When the import has successfully completed, the output will look like the following example:
2022-04-08 09:56:03 +00:00
[source,bash]
----
CONDITION: Done
STATUS: true
MESSAGE:
CONDITION: Started
STATUS: false
MESSAGE:
CONDITION: HasErrors
STATUS: false
MESSAGE:
----
</@tmpl.guide>
