From 66b1c2b1671f6732179d8eb662dd1f5880cd1c03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=A1clav=20Muzik=C3=A1=C5=99?= Date: Mon, 11 Apr 2022 14:48:21 +0200 Subject: [PATCH] Change the CRD API group in the operator --- .../main/operator/advanced-configuration.adoc | 6 +- .../src/main/operator/basic-deployment.adoc | 2 +- .../main/operator/customizing-keycloak.adoc | 2 +- .../src/main/operator/realm-import.adoc | 4 +- operator/scripts/create-olm-bundle.sh | 4 +- .../java/org/keycloak/operator/Constants.java | 2 +- .../src/main/kubernetes/append_legacy_cr.yaml | 1098 ----------------- .../src/main/kubernetes/kustomization.yml | 11 +- .../src/main/resources/example-keycloak.yml | 2 +- .../src/main/resources/example-realm.yaml | 2 +- .../operator/ClusterOperatorTest.java | 4 +- .../correct-podtemplate-keycloak.yml | 2 +- .../resources/empty-podtemplate-keycloak.yml | 2 +- .../src/test/resources/incorrect-realm.yaml | 2 +- .../src/test/resources/token-test-realm.yaml | 2 +- 15 files changed, 19 insertions(+), 1126 deletions(-) delete mode 100644 operator/src/main/kubernetes/append_legacy_cr.yaml diff --git a/docs/guides/src/main/operator/advanced-configuration.adoc b/docs/guides/src/main/operator/advanced-configuration.adoc index c7b1101170..5a8773052e 100644 --- a/docs/guides/src/main/operator/advanced-configuration.adoc +++ b/docs/guides/src/main/operator/advanced-configuration.adoc @@ -20,7 +20,7 @@ e.g: [source,yaml] ---- -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: name: example-kc @@ -67,7 +67,7 @@ As an example you can inject labels, annotations, or even volumes and volume mou [source,yaml] ---- -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: name: example-kc @@ -98,7 +98,7 @@ Specifically, you can disable the required fields with a special value `INSECURE [source,yaml] ---- -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: name: example-kc diff --git a/docs/guides/src/main/operator/basic-deployment.adoc b/docs/guides/src/main/operator/basic-deployment.adoc index 8df28c4add..053c3f67aa 100644 --- a/docs/guides/src/main/operator/basic-deployment.adoc +++ b/docs/guides/src/main/operator/basic-deployment.adoc @@ -113,7 +113,7 @@ The Keycloak CRD allow you to customize several fields but, for a simple deploym [source,bash] ---- cat <> example-kc.yaml -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: name: example-kc diff --git a/docs/guides/src/main/operator/customizing-keycloak.adoc b/docs/guides/src/main/operator/customizing-keycloak.adoc index 7b782bda63..d1a88fc4fd 100644 --- a/docs/guides/src/main/operator/customizing-keycloak.adoc +++ b/docs/guides/src/main/operator/customizing-keycloak.adoc @@ -31,7 +31,7 @@ To provide a custom image you have to define the `image` field in the Keycloak C [source,yaml] ---- -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: name: example-kc diff --git a/docs/guides/src/main/operator/realm-import.adoc b/docs/guides/src/main/operator/realm-import.adoc index 8bdb0be2da..9058009580 100644 --- a/docs/guides/src/main/operator/realm-import.adoc +++ b/docs/guides/src/main/operator/realm-import.adoc @@ -26,7 +26,7 @@ A Realm Import Custom Resource(CR) looks like follows: [source,yaml] ---- -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: KeycloakRealmImport metadata: name: my-realm-kc @@ -52,7 +52,7 @@ Use `kubectl` to create the CR in the correct cluster namespace: [source,bash] ---- cat <> example-realm-import.yaml -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: KeycloakRealmImport metadata: name: my-realm-kc diff --git a/operator/scripts/create-olm-bundle.sh b/operator/scripts/create-olm-bundle.sh index 2cb811a53f..715c8a8c0d 100755 --- a/operator/scripts/create-olm-bundle.sh +++ b/operator/scripts/create-olm-bundle.sh @@ -35,6 +35,4 @@ fi mv $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml "$SCRIPT_DIR/../olm/$VERSION/manifests/keycloak-operator.v$VERSION.clusterserviceversion.yaml" -# Include the old CRD version -( cd $SCRIPT_DIR/../ && kubectl kustomize target | yq ea "select(.metadata.name == \"keycloaks.keycloak.org\")" > $SCRIPT_DIR/../olm/$VERSION/manifests/keycloaks.keycloak.org-v1.yml ) -cp $SCRIPT_DIR/../target/kubernetes/keycloakrealmimports.keycloak.org-v1.yml $SCRIPT_DIR/../olm/$VERSION/manifests +cp target/kubernetes/*.keycloak.org-v1.yml olm/$VERSION/manifests diff --git a/operator/src/main/java/org/keycloak/operator/Constants.java b/operator/src/main/java/org/keycloak/operator/Constants.java index fe9ae6afee..b56fe2419f 100644 --- a/operator/src/main/java/org/keycloak/operator/Constants.java +++ b/operator/src/main/java/org/keycloak/operator/Constants.java @@ -19,7 +19,7 @@ package org.keycloak.operator; import java.util.Map; public final class Constants { - public static final String CRDS_GROUP = "keycloak.org"; + public static final String CRDS_GROUP = "k8s.keycloak.org"; public static final String CRDS_VERSION = "v2alpha1"; public static final String SHORT_NAME = "kc"; public static final String NAME = "keycloak"; diff --git a/operator/src/main/kubernetes/append_legacy_cr.yaml b/operator/src/main/kubernetes/append_legacy_cr.yaml deleted file mode 100644 index 0034a6812c..0000000000 --- a/operator/src/main/kubernetes/append_legacy_cr.yaml +++ /dev/null @@ -1,1098 +0,0 @@ -- op: add - path: /spec/versions/1 - value: - name: v1alpha1 - schema: - openAPIV3Schema: - description: Keycloak is the Schema for the keycloaks API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KeycloakSpec defines the desired state of Keycloak. - properties: - extensions: - description: A list of extensions, where each one is a URL to a JAR - files that will be deployed in Keycloak. - items: - type: string - type: array - x-kubernetes-list-type: set - external: - description: Contains configuration for external Keycloak instances. - Unmanaged needs to be set to true to use this. - properties: - enabled: - description: If set to true, this Keycloak will be treated as - an external instance. The unmanaged field also needs to be set - to true if this field is true. - type: boolean - url: - description: The URL to use for the keycloak admin API. Needs - to be set if external is true. - type: string - type: object - externalAccess: - description: Controls external Ingress/Route settings. - properties: - enabled: - description: If set to true, the Operator will create an Ingress - or a Route pointing to Keycloak. - type: boolean - host: - description: If set, the Operator will use value of host for Ingress - host instead of default value keycloak.local. Using this setting - in OpenShift environment will result an error. Only users with - special permissions are allowed to modify the hostname. - type: string - tlsTermination: - description: TLS Termination type for the external access. Setting - this field to "reencrypt" will terminate TLS on the Ingress/Route - level. Setting this field to "passthrough" will send encrypted - traffic to the Pod. If unspecified, defaults to "reencrypt". - Note, that this setting has no effect on Ingress as Ingress - TLS settings are not reconciled by this operator. In other words, - Ingress TLS configuration is the same in both cases and it is - up to the user to configure TLS section of the Ingress. - type: string - type: object - externalDatabase: - description: "Controls external database settings. Using an external - database requires providing a secret containing credentials as well - as connection details. Here's an example of such secret: \n apiVersion: - v1 kind: Secret metadata: name: keycloak-db-secret - \ namespace: keycloak stringData: POSTGRES_DATABASE: - POSTGRES_EXTERNAL_ADDRESS: POSTGRES_EXTERNAL_PORT: # Strongly recommended to use <'Keycloak - CR Name'-postgresql> POSTGRES_HOST: - \ POSTGRES_PASSWORD: # Required - for AWS Backup functionality POSTGRES_SUPERUSER: true POSTGRES_USERNAME: - type: Opaque \n Both POSTGRES_EXTERNAL_ADDRESS - and POSTGRES_EXTERNAL_PORT are specifically required for creating - connection to the external database. The secret name is created - using the following convention: -db-secret - \n For more information, please refer to the Operator documentation." - properties: - enabled: - description: If set to true, the Operator will use an external - database pointing to Keycloak. The embedded database (externalDatabase.enabled - = false) is deprecated. - type: boolean - type: object - instances: - description: Number of Keycloak instances in HA mode. Default is 1. - type: integer - keycloakDeploymentSpec: - description: Resources (Requests and Limits) for KeycloakDeployment. - properties: - experimental: - description: 'Experimental section NOTE: This section might change - or get removed without any notice. It may also cause the deployment - to behave in an unpredictable fashion. Please use with care.' - properties: - affinity: - description: Affinity settings - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - args: - description: Arguments to the entrypoint. Translates into - Container CMD. - items: - type: string - type: array - command: - description: Container command. Translates into Container - ENTRYPOINT. - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - serviceAccountName: - description: ServiceAccountName settings - type: string - volumes: - description: Additional volume mounts - properties: - defaultMode: - description: Permissions mode. - format: int32 - type: integer - items: - items: - properties: - configMaps: - description: Allow multiple configmaps to mount - to the same directory - items: - type: string - type: array - items: - description: Mount details - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - mountPath: - description: An absolute path where to mount it - type: string - name: - description: Volume name - type: string - secrets: - description: Secret mount - items: - type: string - type: array - required: - - mountPath - type: object - type: array - type: object - type: object - podlabels: - additionalProperties: - type: string - description: List of labels to set in the keycloak pods - type: object - resources: - description: Resources (Requests and Limits) for the Pods. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - type: object - migration: - description: Specify Migration configuration - properties: - backups: - description: Set it to config backup policy for migration - properties: - enabled: - description: If set to true, the operator will do database - backup before doing migration - type: boolean - type: object - strategy: - description: Specify migration strategy - type: string - type: object - multiAvailablityZones: - description: Specify PodAntiAffinity settings for Keycloak deployment - in Multi AZ - properties: - enabled: - description: If set to true, the operator will create a podAntiAffinity - settings for the Keycloak deployment. - type: boolean - type: object - podDisruptionBudget: - description: Specify PodDisruptionBudget configuration. - properties: - enabled: - description: If set to true, the operator will create a PodDistruptionBudget - for the Keycloak deployment and set its `maxUnavailable` value - to 1. - type: boolean - type: object - postgresDeploymentSpec: - description: Resources (Requests and Limits) for PostgresDeployment. - properties: - resources: - description: Resources (Requests and Limits) for the Pods. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - type: object - profile: - description: Profile used for controlling Operator behavior. Default - is empty. - type: string - storageClassName: - description: Name of the StorageClass for Postgresql Persistent Volume - Claim - type: string - unmanaged: - description: When set to true, this Keycloak will be marked as unmanaged - and will not be managed by this operator. It can then be used for - targeting purposes. - type: boolean - type: object - status: - description: KeycloakStatus defines the observed state of Keycloak. - properties: - credentialSecret: - description: The secret where the admin credentials are to be found. - type: string - externalURL: - description: External URL for accessing Keycloak instance from outside - the cluster. Is identical to external.URL if it's specified, otherwise - is computed (e.g. from Ingress). - type: string - internalURL: - description: An internal URL (service name) to be used by the admin - client. - type: string - message: - description: Human-readable message indicating details about current - operator phase or error. - type: string - phase: - description: Current phase of the operator. - type: string - ready: - description: True if all resources are in a ready state and all work - is done. - type: boolean - secondaryResources: - additionalProperties: - items: - type: string - type: array - description: 'A map of all the secondary resources types and names - created for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2" - ].' - type: object - version: - description: Version of Keycloak or RHSSO running on the cluster. - type: string - required: - - credentialSecret - - internalURL - - message - - phase - - ready - - version - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/operator/src/main/kubernetes/kustomization.yml b/operator/src/main/kubernetes/kustomization.yml index 98407d6676..d36e04c87d 100644 --- a/operator/src/main/kubernetes/kustomization.yml +++ b/operator/src/main/kubernetes/kustomization.yml @@ -4,17 +4,10 @@ kind: Kustomization namespace: keycloak resources: - - kubernetes/keycloaks.keycloak.org-v1.yml - - kubernetes/keycloakrealmimports.keycloak.org-v1.yml + - kubernetes/keycloaks.k8s.keycloak.org-v1.yml + - kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml - kubernetes/kubernetes.yml # patchesStrategicMerge patches: - kubernetes/minikube.yml - -# patchesJson6902 -patches: - - path: append_legacy_cr.yaml - target: - kind: CustomResourceDefinition - name: keycloaks.keycloak.org diff --git a/operator/src/main/resources/example-keycloak.yml b/operator/src/main/resources/example-keycloak.yml index 9ca580d2b5..36ee234ada 100644 --- a/operator/src/main/resources/example-keycloak.yml +++ b/operator/src/main/resources/example-keycloak.yml @@ -1,4 +1,4 @@ -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: name: example-kc diff --git a/operator/src/main/resources/example-realm.yaml b/operator/src/main/resources/example-realm.yaml index a07189fb1a..98ca6c9042 100644 --- a/operator/src/main/resources/example-realm.yaml +++ b/operator/src/main/resources/example-realm.yaml @@ -1,4 +1,4 @@ -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: KeycloakRealmImport metadata: name: example-count0-kc diff --git a/operator/src/test/java/org/keycloak/operator/ClusterOperatorTest.java b/operator/src/test/java/org/keycloak/operator/ClusterOperatorTest.java index dd44b6d320..1c865be619 100644 --- a/operator/src/test/java/org/keycloak/operator/ClusterOperatorTest.java +++ b/operator/src/test/java/org/keycloak/operator/ClusterOperatorTest.java @@ -119,10 +119,10 @@ public abstract class ClusterOperatorTest { private static void createCRDs() { Log.info("Creating CRDs"); try { - var deploymentCRD = k8sclient.load(new FileInputStream(TARGET_KUBERNETES_GENERATED_YML_FOLDER + "keycloaks.keycloak.org-v1.yml")); + var deploymentCRD = k8sclient.load(new FileInputStream(TARGET_KUBERNETES_GENERATED_YML_FOLDER + "keycloaks.k8s.keycloak.org-v1.yml")); deploymentCRD.createOrReplace(); deploymentCRD.waitUntilReady(5, TimeUnit.SECONDS); - var realmImportCRD = k8sclient.load(new FileInputStream(TARGET_KUBERNETES_GENERATED_YML_FOLDER + "keycloakrealmimports.keycloak.org-v1.yml")); + var realmImportCRD = k8sclient.load(new FileInputStream(TARGET_KUBERNETES_GENERATED_YML_FOLDER + "keycloakrealmimports.k8s.keycloak.org-v1.yml")); realmImportCRD.createOrReplace(); realmImportCRD.waitUntilReady(5, TimeUnit.SECONDS); } catch (Exception e) { diff --git a/operator/src/test/resources/correct-podtemplate-keycloak.yml b/operator/src/test/resources/correct-podtemplate-keycloak.yml index 431ac00beb..490c40013f 100644 --- a/operator/src/test/resources/correct-podtemplate-keycloak.yml +++ b/operator/src/test/resources/correct-podtemplate-keycloak.yml @@ -1,4 +1,4 @@ -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: name: example-podtemplate-kc diff --git a/operator/src/test/resources/empty-podtemplate-keycloak.yml b/operator/src/test/resources/empty-podtemplate-keycloak.yml index 0a2a61ba55..c7372ca247 100644 --- a/operator/src/test/resources/empty-podtemplate-keycloak.yml +++ b/operator/src/test/resources/empty-podtemplate-keycloak.yml @@ -1,4 +1,4 @@ -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: name: example-podtemplate diff --git a/operator/src/test/resources/incorrect-realm.yaml b/operator/src/test/resources/incorrect-realm.yaml index 933a5d2cd6..5a6ac0d937 100644 --- a/operator/src/test/resources/incorrect-realm.yaml +++ b/operator/src/test/resources/incorrect-realm.yaml @@ -1,4 +1,4 @@ -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: KeycloakRealmImport metadata: name: example-count0-kc diff --git a/operator/src/test/resources/token-test-realm.yaml b/operator/src/test/resources/token-test-realm.yaml index be10c7d3ab..32e11e15e1 100644 --- a/operator/src/test/resources/token-test-realm.yaml +++ b/operator/src/test/resources/token-test-realm.yaml @@ -1,4 +1,4 @@ -apiVersion: keycloak.org/v2alpha1 +apiVersion: k8s.keycloak.org/v2alpha1 kind: KeycloakRealmImport metadata: name: example-token-test-kc