keycloak-scim/docs/guides/operator/customizing-keycloak.adoc

74 lines
2.5 KiB
Text
Raw Normal View History

2022-04-01 10:57:07 +00:00
<#import "/templates/guide.adoc" as tmpl>
<#import "/templates/kc.adoc" as kc>
<#import "/templates/options.adoc" as opts>
<#import "/templates/links.adoc" as links>
<@tmpl.guide
title="Using custom {project_name} images"
summary="How to customize and optimize the {project_name} Container">
2022-04-01 10:57:07 +00:00
== {project_name} custom image with the Operator
2022-04-01 10:57:07 +00:00
With the Keycloak Custom Resource (CR), you can specify a custom container image for the {project_name} server.
2022-04-01 10:57:07 +00:00
[NOTE]
To ensure full compatibility of Operator and Operand,
make sure that the version of {project_name} release used in the custom image is aligned with the version of the operator.
2022-04-01 10:57:07 +00:00
=== Best practice
2022-04-01 10:57:07 +00:00
When using the default {project_name} image, the server will perform a costly re-augmentation every time a Pod starts.
To avoid this delay, you can provide a custom image with the augmentation built-in from the build time of the image.
2022-04-01 10:57:07 +00:00
With a custom image, you can also specify the Keycloak _build-time_ configurations and extensions during the build of the container.
2022-04-01 10:57:07 +00:00
For instructions on how to build such an image, see <@links.server id="containers"/>.
2022-04-01 10:57:07 +00:00
=== Providing a custom {project_name} image
2022-04-01 10:57:07 +00:00
To provide a custom image, you define the `image` field in the Keycloak CR as shown in this example:
2022-04-01 10:57:07 +00:00
[source,yaml]
----
apiVersion: k8s.keycloak.org/v2alpha1
2022-04-01 10:57:07 +00:00
kind: Keycloak
metadata:
name: example-kc
spec:
instances: 1
image: quay.io/my-company/my-keycloak:latest
http:
tlsSecret: example-tls-secret
hostname:
hostname: test.keycloak.org
2022-04-01 10:57:07 +00:00
----
NOTE: With custom images, every build time option passed either through a dedicated field or the `additionalOptions` is ignored.
NOTE: The Operator is *unaware* of any configuration options that are specified in a custom image.
Use the Keycloak CR for any configuration that requires Operator awareness, namely the TLS and HTTP(S) settings reflected when configuring services and probes.
2022-04-01 10:57:07 +00:00
=== Non-optimized custom image
While it is considered a best practice use a pre-augmented image, if you want to use a non-optimized custom image or build time properties with an augmented image that is still possible. You just need set the `startOptimzed` field to `false` as shown in this example:
[source,yaml]
----
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
name: example-kc
spec:
instances: 1
image: quay.io/my-company/my-keycloak:latest
startOptimized: false
http:
tlsSecret: example-tls-secret
hostname:
hostname: test.keycloak.org
----
Keep in mind this will incur the re-augmentation cost on every start.
2022-04-01 10:57:07 +00:00
</@tmpl.guide>