From d55ecae2b2e5ce8ebb67b9a2263eafd63f2126ba Mon Sep 17 00:00:00 2001 From: Jochen Ullrich Date: Fri, 12 Nov 2021 07:31:50 +0100 Subject: [PATCH] KEYCLOAK-15476: Add documentation for external keycloaks (#1047) --- server_installation/topics.adoc | 1 + .../topics/operator/external-keycloak.adoc | 72 +++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 server_installation/topics/operator/external-keycloak.adoc diff --git a/server_installation/topics.adoc b/server_installation/topics.adoc index bcbec36bd0..42f04e1a69 100644 --- a/server_installation/topics.adoc +++ b/server_installation/topics.adoc @@ -57,6 +57,7 @@ include::topics/operator/keycloak-realm-cr.adoc[] include::topics/operator/keycloak-client-cr.adoc[] include::topics/operator/keycloak-user-cr.adoc[] include::topics/operator/external-database.adoc[] +include::topics/operator/external-keycloak.adoc[] include::topics/operator/keycloak-backup-cr.adoc[] include::topics/operator/extensions.adoc[] include::topics/operator/command-options.adoc[] diff --git a/server_installation/topics/operator/external-keycloak.adoc b/server_installation/topics/operator/external-keycloak.adoc new file mode 100644 index 0000000000..0296d4482f --- /dev/null +++ b/server_installation/topics/operator/external-keycloak.adoc @@ -0,0 +1,72 @@ + +[[_external_keycloak]] +=== Connecting to an external {project_name} + +This operator can also be used to partially manage an external {project_name} instance. +In it's current state, it will only be able to create clients. + +To do this, you'll need to create unmanaged versions of the `Keycloak` and `KeycloakRealm` CRDs to use for targeting and configuration. + +.Example YAML file for `external-keycloak` +```yaml +apiVersion: keycloak.org/v1alpha1 +kind: Keycloak +metadata: + name: external-ref + labels: +ifeval::[{project_community}==true] + app: external-keycloak +endif::[] +ifeval::[{project_product}==true] + app: external-sso +endif::[] +spec: + unmanaged: true + external: + enabled: true + url: https://some.external.url +``` + +In order to authenticate against this keycloak, the operator infers the secret name from the CRD by prefixing the CRD name with `credential-`. + +.Example YAML file for `credential-external-ref` +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: credential-external-ref +type: Opaque +data: + ADMIN_USERNAME: YWRtaW4= + ADMIN_PASSWORD: cGFzcw== +``` + +.Example YAML file for `external-realm` +```yaml +apiVersion: keycloak.org/v1alpha1 +kind: KeycloakRealm +metadata: + name: external-realm + labels: +ifeval::[{project_community}==true] + app: external-keycloak +endif::[] +ifeval::[{project_product}==true] + app: external-sso +endif::[] +spec: + unmanaged: true + realm: + id: "basic" + realm: "basic" + instanceSelector: + matchLabels: +ifeval::[{project_community}==true] + app: external-keycloak +endif::[] +ifeval::[{project_product}==true] + app: external-sso +endif::[] +``` + +You can now use the realm reference in your client as usual, and it will create the client on the external {project_name} instance.