libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-15476: Add documentation for external keycloaks (#1047)

Browse source
This commit is contained in:
Jochen Ullrich 2021-11-12 07:31:50 +01:00 committed by GitHub
parent 52462e39f7
commit d55ecae2b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 73 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
server_installation/topics.adoc
View file

@ -57,6 +57,7 @@ include::topics/operator/keycloak-realm-cr.adoc[]
include::topics/operator/keycloak-client-cr.adoc[] include::topics/operator/keycloak-client-cr.adoc[]
include::topics/operator/keycloak-user-cr.adoc[] include::topics/operator/keycloak-user-cr.adoc[]
include::topics/operator/external-database.adoc[] include::topics/operator/external-database.adoc[]
include::topics/operator/external-keycloak.adoc[]
include::topics/operator/keycloak-backup-cr.adoc[] include::topics/operator/keycloak-backup-cr.adoc[]
include::topics/operator/extensions.adoc[] include::topics/operator/extensions.adoc[]
include::topics/operator/command-options.adoc[] include::topics/operator/command-options.adoc[]

72
server_installation/topics/operator/external-keycloak.adoc Normal file
View file

@ -0,0 +1,72 @@
[[_external_keycloak]]
=== Connecting to an external {project_name}
This operator can also be used to partially manage an external {project_name} instance.
In it's current state, it will only be able to create clients.
To do this, you'll need to create unmanaged versions of the `Keycloak` and `KeycloakRealm` CRDs to use for targeting and configuration.
.Example YAML file for `external-keycloak`
```yaml
apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
name: external-ref
labels:
ifeval::[{project_community}==true]
app: external-keycloak
endif::[]
ifeval::[{project_product}==true]
app: external-sso
endif::[]
spec:
unmanaged: true
external:
enabled: true
url: https://some.external.url
```
In order to authenticate against this keycloak, the operator infers the secret name from the CRD by prefixing the CRD name with `credential-`.
.Example YAML file for `credential-external-ref`
```yaml
apiVersion: v1
kind: Secret
metadata:
name: credential-external-ref
type: Opaque
data:
ADMIN_USERNAME: YWRtaW4=
ADMIN_PASSWORD: cGFzcw==
```
.Example YAML file for `external-realm`
```yaml
apiVersion: keycloak.org/v1alpha1
kind: KeycloakRealm
metadata:
name: external-realm
labels:
ifeval::[{project_community}==true]
app: external-keycloak
endif::[]
ifeval::[{project_product}==true]
app: external-sso
endif::[]
spec:
unmanaged: true
realm:
id: "basic"
realm: "basic"
instanceSelector:
matchLabels:
ifeval::[{project_community}==true]
app: external-keycloak
endif::[]
ifeval::[{project_product}==true]
app: external-sso
endif::[]
```
You can now use the realm reference in your client as usual, and it will create the client on the external {project_name} instance.