2022-04-08 09:56:03 +00:00
|
|
|
<#import "/templates/guide.adoc" as tmpl>
|
|
|
|
|
<#import "/templates/kc.adoc" as kc>
|
|
|
|
|
<#import "/templates/options.adoc" as opts>
|
|
|
|
|
<#import "/templates/links.adoc" as links>
|
|
|
|
|
|
|
|
|
|
<@tmpl.guide
|
|
|
|
|
title="Keycloak Realm Import"
|
2022-04-20 08:24:40 +00:00
|
|
|
priority=30
|
2022-05-11 08:46:26 +00:00
|
|
|
summary="How to perform an automated Keycloak Realm Import using the operator">
|
2022-04-08 09:56:03 +00:00
|
|
|
|
|
|
|
|
== Keycloak Realm Import
|
|
|
|
|
|
2022-05-11 08:46:26 +00:00
|
|
|
The Keycloak Operator ships with the ability to automatically perform a realm import for the Keycloak Deployment.
|
2022-04-08 09:56:03 +00:00
|
|
|
|
|
|
|
|
[NOTE]
|
|
|
|
|
If a Realm with the same name already exists in Keycloak it will not be overwritten.
|
|
|
|
|
|
|
|
|
|
[NOTE]
|
2022-05-11 08:46:26 +00:00
|
|
|
The Realm Import CR only supports creation of new realms and doesn't update or delete those. +
|
|
|
|
|
Changes to the realm performed directly on Keycloak are not synced back in the CR.
|
2022-04-08 09:56:03 +00:00
|
|
|
|
|
|
|
|
=== Writing Realm Import CR
|
|
|
|
|
|
2022-05-11 08:46:26 +00:00
|
|
|
A Realm Import Custom Resource (CR) looks like follows:
|
2022-04-08 09:56:03 +00:00
|
|
|
|
|
|
|
|
[source,yaml]
|
|
|
|
|
----
|
2022-04-11 12:48:21 +00:00
|
|
|
apiVersion: k8s.keycloak.org/v2alpha1
|
2022-04-08 09:56:03 +00:00
|
|
|
kind: KeycloakRealmImport
|
|
|
|
|
metadata:
|
|
|
|
|
name: my-realm-kc
|
|
|
|
|
spec:
|
|
|
|
|
keycloakCRName: <name of the keycloak CR>
|
|
|
|
|
realm:
|
|
|
|
|
...
|
|
|
|
|
----
|
|
|
|
|
|
2022-05-11 08:46:26 +00:00
|
|
|
This CR should be created in the same namespace as the Keycloak Deployment CR, defined in the field `keycloakCRName`.
|
|
|
|
|
The `realm` field accepts a full https://www.keycloak.org/docs-api/{majorMinorVersion}/rest-api/index.html#_realmrepresentation[RealmRepresentation].
|
2022-04-08 09:56:03 +00:00
|
|
|
|
2022-05-11 08:46:26 +00:00
|
|
|
The recommended way to obtain a `RealmRepresentation` is leveraging the export functionality <@links.server id="importExport"/>
|
2022-04-08 09:56:03 +00:00
|
|
|
|
|
|
|
|
* export the Realm to a single file
|
|
|
|
|
* convert the json to yaml
|
|
|
|
|
* copy-paste the obtained yaml as body for the `realm` key (make sure the indentation is correct)
|
|
|
|
|
|
|
|
|
|
=== Applying the Realm Import CR
|
|
|
|
|
|
|
|
|
|
Use `kubectl` to create the CR in the correct cluster namespace:
|
|
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
cat <<EOF >> example-realm-import.yaml
|
2022-04-11 12:48:21 +00:00
|
|
|
apiVersion: k8s.keycloak.org/v2alpha1
|
2022-04-08 09:56:03 +00:00
|
|
|
kind: KeycloakRealmImport
|
|
|
|
|
metadata:
|
|
|
|
|
name: my-realm-kc
|
|
|
|
|
spec:
|
|
|
|
|
keycloakCRName: <name of the keycloak CR>
|
|
|
|
|
realm:
|
|
|
|
|
id: example-realm
|
|
|
|
|
realm: example-realm
|
|
|
|
|
displayName: ExampleRealm
|
|
|
|
|
enabled: true
|
|
|
|
|
EOF
|
2022-04-13 10:50:25 +00:00
|
|
|
kubectl apply -f example-realm-import.yaml
|
2022-04-08 09:56:03 +00:00
|
|
|
----
|
|
|
|
|
|
2022-05-11 08:46:26 +00:00
|
|
|
You can check the status of the running import by using the following command:
|
2022-04-08 09:56:03 +00:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
kubectl get keycloakrealmimports/my-realm-kc -o go-template='{{range .status.conditions}}CONDITION: {{.type}}{{"\n"}} STATUS: {{.status}}{{"\n"}} MESSAGE: {{.message}}{{"\n"}}{{end}}'
|
|
|
|
|
----
|
|
|
|
|
|
2022-05-11 08:46:26 +00:00
|
|
|
When the import has successfully completed, the output will look like the example below:
|
2022-04-08 09:56:03 +00:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
CONDITION: Done
|
|
|
|
|
STATUS: true
|
|
|
|
|
MESSAGE:
|
|
|
|
|
CONDITION: Started
|
|
|
|
|
STATUS: false
|
|
|
|
|
MESSAGE:
|
|
|
|
|
CONDITION: HasErrors
|
|
|
|
|
STATUS: false
|
|
|
|
|
MESSAGE:
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
</@tmpl.guide>
|
