Hostname v2 for Operator (#28599)

Closes #27728

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

docs/guides/operator/advanced-configuration.adoc

@@ -44,10 +44,10 @@ spec:
     httpsPort: 8543
     tlsSecret: my-tls-secret
   hostname:
-    hostname: my-hostname
-    admin: my-admin-hostname
+    hostname: https://my-hostname.tld
+    admin: https://my-hostname.tld/admin
     strict: false
-    strictBackchannel: false
+    backchannelDynamic: true
   features:
     enabled:
       - docker
@@ -168,7 +168,6 @@ spec:
     httpEnabled: true
   hostname:
     strict: false
-    strictBackchannel: false
 ----
 
 === Resource requirements

operator/src/main/java/org/keycloak/operator/controllers/KeycloakDistConfigurator.java

@@ -91,7 +91,8 @@ public class KeycloakDistConfigurator {
                 .mapOption("hostname-admin", HostnameSpec::getAdmin)
                 .mapOption("hostname-admin-url", HostnameSpec::getAdminUrl)
                 .mapOption("hostname-strict", HostnameSpec::isStrict)
-                .mapOption("hostname-strict-backchannel", HostnameSpec::isStrictBackchannel);
+                .mapOption("hostname-strict-backchannel", HostnameSpec::isStrictBackchannel)
+                .mapOption("hostname-backchannel-dynamic", HostnameSpec::isBackchannelDynamic);
     }
 
     void configureFeatures() {

operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/spec/HostnameSpec.java

@@ -27,21 +27,24 @@ import java.io.Serializable;
 @Buildable(editableEnabled = false, builderPackage = "io.fabric8.kubernetes.api.builder")
 public class HostnameSpec implements Serializable {
 
-    @JsonPropertyDescription("Hostname for the Keycloak server.")
+    @JsonPropertyDescription("Hostname for the Keycloak server. Applicable for Hostname v1 and v2.")
     private String hostname;
 
-    @JsonPropertyDescription("The hostname for accessing the administration console.")
+    @JsonPropertyDescription("The hostname for accessing the administration console. Applicable for Hostname v1 and v2.")
     private String admin;
 
-    @JsonPropertyDescription("Set the base URL for accessing the administration console, including scheme, host, port and path")
+    @JsonPropertyDescription("DEPRECATED. Sets the base URL for accessing the administration console, including scheme, host, port and path. Applicable for Hostname v1.")
     private String adminUrl;
 
-    @JsonPropertyDescription("Disables dynamically resolving the hostname from request headers.")
+    @JsonPropertyDescription("Disables dynamically resolving the hostname from request headers. Applicable for Hostname v1 and v2.")
     private Boolean strict;
 
-    @JsonPropertyDescription("By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications.")
+    @JsonPropertyDescription("DEPRECATED. By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. Applicable for Hostname v1.")
     private Boolean strictBackchannel;
 
+    @JsonPropertyDescription("Enables dynamic resolving of backchannel URLs, including hostname, scheme, port and context path. Set to true if your application accesses Keycloak via a private network. Applicable for Hostname v2.")
+    private Boolean backchannelDynamic;
+
     public String getHostname() {
         return hostname;
     }
@@ -81,4 +84,12 @@ public class HostnameSpec implements Serializable {
     public void setStrictBackchannel(Boolean strictBackchannel) {
         this.strictBackchannel = strictBackchannel;
     }
+
+    public Boolean isBackchannelDynamic() {
+        return backchannelDynamic;
+    }
+
+    public void setBackchannelDynamic(Boolean backchannelDynamic) {
+        this.backchannelDynamic = backchannelDynamic;
+    }
 }

operator/src/test/java/org/keycloak/operator/testsuite/integration/KeycloakDeploymentTest.java

@@ -325,7 +325,6 @@ public class KeycloakDeploymentTest extends BaseOperatorTest {
         var kc = getTestKeycloakDeployment(true);
         var hostnameSpec = new HostnameSpecBuilder()
                 .withStrict(false)
-                .withStrictBackchannel(false)
                 .build();
         kc.getSpec().setHostnameSpec(hostnameSpec);
 
@@ -354,7 +353,6 @@ public class KeycloakDeploymentTest extends BaseOperatorTest {
 
         var hostnameSpec = new HostnameSpecBuilder()
                 .withStrict(false)
-                .withStrictBackchannel(false)
                 .build();
         kc.getSpec().setHostnameSpec(hostnameSpec);
 
@@ -375,7 +373,6 @@ public class KeycloakDeploymentTest extends BaseOperatorTest {
 
         var hostnameSpec = new HostnameSpecBuilder()
                 .withStrict(false)
-                .withStrictBackchannel(false)
                 .build();
         kc.getSpec().setHostnameSpec(hostnameSpec);
 

operator/src/test/java/org/keycloak/operator/testsuite/unit/KeycloakDistConfiguratorTest.java

@@ -116,6 +116,7 @@ public class KeycloakDistConfiguratorTest {
                 "hostname-admin-url", "https://www.my-admin-hostname.org:8448/something",
                 "hostname-strict", "true",
                 "hostname-strict-backchannel", "true",
+                "hostname-backchannel-dynamic", "true",
                 "hostname-admin", "my-admin-hostname"
         );
 
@@ -133,6 +134,7 @@ public class KeycloakDistConfiguratorTest {
         assertEnvVarNotPresent(envVars, "KC_HOSTNAME_ADMIN_URL");
         assertEnvVarNotPresent(envVars, "KC_HOSTNAME_STRICT");
         assertEnvVarNotPresent(envVars, "KC_HOSTNAME_STRICT_BACKCHANNEL");
+        assertEnvVarNotPresent(envVars, "KC_HOSTNAME_BACKCHANNEL_DYNAMIC");
     }
 
     @Test

operator/src/test/resources/test-serialization-keycloak-cr.yml

@@ -43,6 +43,7 @@ spec:
     adminUrl: https://www.my-admin-hostname.org:8448/something
     strict: true
     strictBackchannel: true
+    backchannelDynamic: true
   cache:
     configMapFile:
       name: my-config-map