Use the entire podTemplateSpec to spawn the realm-import job

operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java

@@ -134,6 +134,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
 
         if (overlayTemplate.getSpec() != null &&
             overlayTemplate.getSpec().getContainers() != null &&
+            overlayTemplate.getSpec().getContainers().size() > 0 &&
             overlayTemplate.getSpec().getContainers().get(0) != null &&
             overlayTemplate.getSpec().getContainers().get(0).getName() != null) {
             status.addWarningMessage("The name of the keycloak container cannot be modified");
@@ -141,6 +142,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
 
         if (overlayTemplate.getSpec() != null &&
             overlayTemplate.getSpec().getContainers() != null &&
+            overlayTemplate.getSpec().getContainers().size() > 0 &&
             overlayTemplate.getSpec().getContainers().get(0) != null &&
             overlayTemplate.getSpec().getContainers().get(0).getImage() != null) {
             status.addWarningMessage("The image of the keycloak container cannot be modified using podTemplate");

operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakRealmImportJob.java

@@ -18,6 +18,7 @@ package org.keycloak.operator.v2alpha1;
 
 import io.fabric8.kubernetes.api.model.Container;
 import io.fabric8.kubernetes.api.model.HasMetadata;
+import io.fabric8.kubernetes.api.model.PodTemplateSpec;
 import io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder;
 import io.fabric8.kubernetes.api.model.Volume;
 import io.fabric8.kubernetes.api.model.VolumeBuilder;
@@ -86,20 +87,16 @@ public class KeycloakRealmImportJob extends OperatorManagedResource {
                 .get();
     }
 
-    private Job buildJob(Container keycloakContainer, List<Volume> volumes) {
+    private Job buildJob(PodTemplateSpec keycloakPodTemplate) {
+        keycloakPodTemplate.getSpec().setRestartPolicy("Never");
+
         return new JobBuilder()
                 .withNewMetadata()
                 .withName(getName())
                 .withNamespace(getNamespace())
                 .endMetadata()
                 .withNewSpec()
-                .withNewTemplate()
-                .withNewSpec()
-                .withContainers(keycloakContainer)
-                .withVolumes(volumes)
-                .withRestartPolicy("Never")
-                .endSpec()
-                .endTemplate()
+                .withTemplate(keycloakPodTemplate)
                 .endSpec()
                 .build();
     }
@@ -114,25 +111,18 @@ public class KeycloakRealmImportJob extends OperatorManagedResource {
     }
 
     private Job createImportJob() {
-        var keycloakContainer = buildKeycloakJobContainer();
-
-        var volumes = this.existingDeployment.getSpec().getTemplate().getSpec().getVolumes();
-        volumes.add(buildSecretVolume());
-        var importJob = buildJob(keycloakContainer, volumes);
-
-        return importJob;
-    }
-
-    private Container buildKeycloakJobContainer() {
-        var keycloakContainer =
-            this
+        var keycloakPodTemplate = this
                 .existingDeployment
                 .getSpec()
-                .getTemplate()
-                .getSpec()
-                .getContainers()
-                .get(0);
+                .getTemplate();
 
+        buildKeycloakJobContainer(keycloakPodTemplate.getSpec().getContainers().get(0));
+        keycloakPodTemplate.getSpec().getVolumes().add(buildSecretVolume());
+
+        return buildJob(keycloakPodTemplate);
+    }
+
+    private void buildKeycloakJobContainer(Container keycloakContainer) {
         var importMntPath = "/mnt/realm-import/";
 
         var command = List.of("/bin/bash");
@@ -158,8 +148,6 @@ public class KeycloakRealmImportJob extends OperatorManagedResource {
         // Disable probes since we are not really starting the server
         keycloakContainer.setReadinessProbe(null);
         keycloakContainer.setLivenessProbe(null);
-
-        return keycloakContainer;
     }
 
 

operator/src/test/java/org/keycloak/operator/ClusteringE2EIT.java

@@ -50,7 +50,7 @@ public class ClusteringE2EIT extends ClusterOperatorTest {
                 .untilAsserted(() -> CRAssert.assertKeycloakStatusCondition(crSelector.get(), KeycloakStatusCondition.READY, false));
 
         Awaitility.await()
-                .atMost(Duration.ofSeconds(5))
+                .atMost(Duration.ofSeconds(60))
                 .ignoreExceptions()
                 .untilAsserted(() -> assertThat(kcPodsSelector.list().getItems().size()).isEqualTo(3));
 
@@ -118,6 +118,8 @@ public class ClusteringE2EIT extends ClusterOperatorTest {
                     Log.info("Checking Keycloak is stable.");
                     CRAssert.assertKeycloakStatusCondition(crSelector.get(), KeycloakStatusCondition.READY, true);
                 });
+        // Remove the completed pod for the job
+        realmImportSelector.delete();
 
         Log.info("Testing the Keycloak Cluster");
         Awaitility.await().atMost(5, MINUTES).ignoreExceptions().untilAsserted(() -> {

operator/src/test/java/org/keycloak/operator/RealmImportE2EIT.java

@@ -1,5 +1,7 @@
 package org.keycloak.operator;
 
+import io.fabric8.kubernetes.api.model.LocalObjectReferenceBuilder;
+import io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder;
 import io.quarkus.logging.Log;
 import io.quarkus.test.junit.QuarkusTest;
 import org.awaitility.Awaitility;
@@ -7,6 +9,7 @@ import org.junit.jupiter.api.Test;
 import org.keycloak.operator.utils.CRAssert;
 import org.keycloak.operator.v2alpha1.KeycloakService;
 import org.keycloak.operator.v2alpha1.crds.KeycloakRealmImport;
+import org.keycloak.operator.v2alpha1.crds.keycloakspec.Unsupported;
 
 import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.concurrent.TimeUnit.SECONDS;
@@ -25,7 +28,14 @@ public class RealmImportE2EIT extends ClusterOperatorTest {
     @Test
     public void testWorkingRealmImport() {
         // Arrange
-        deployKeycloak(k8sclient, getDefaultKeycloakDeployment(), false);
+        var kc = getDefaultKeycloakDeployment();
+        var podTemplate = new PodTemplateSpecBuilder()
+                .withNewSpec()
+                .withImagePullSecrets(new LocalObjectReferenceBuilder().withName("my-empty-secret").build())
+                .endSpec()
+                .build();
+        kc.getSpec().setUnsupported(new Unsupported(podTemplate));
+        deployKeycloak(k8sclient, kc, false);
 
         // Act
         k8sclient.load(getClass().getResourceAsStream("/example-realm.yaml")).inNamespace(namespace).createOrReplace();
@@ -54,6 +64,10 @@ public class RealmImportE2EIT extends ClusterOperatorTest {
                     CRAssert.assertKeycloakRealmImportStatusCondition(crSelector.get(), STARTED, false);
                     CRAssert.assertKeycloakRealmImportStatusCondition(crSelector.get(), HAS_ERRORS, false);
                 });
+        var job = k8sclient.batch().v1().jobs().inNamespace(namespace).withName("example-count0-kc").get();
+        assertThat(job.getSpec().getTemplate().getSpec().getImagePullSecrets().size()).isEqualTo(1);
+        assertThat(job.getSpec().getTemplate().getSpec().getImagePullSecrets().get(0).getName()).isEqualTo("my-empty-secret");
+
         var service = new KeycloakService(k8sclient, getDefaultKeycloakDeployment());
         String url =
                 "https://" + service.getName() + "." + namespace + ":" + KEYCLOAK_HTTPS_PORT + "/realms/count0";