Update Operator product documentation

Closes #23862
This commit is contained in:
Václav Muzikář 2023-10-11 13:24:50 +02:00 committed by Alexander Schwartz
parent 96204fe349
commit db7ca7fb66
2 changed files with 21 additions and 8 deletions

View file

@ -2,6 +2,7 @@
<#import "/templates/kc.adoc" as kc>
<#import "/templates/options.adoc" as opts>
<#import "/templates/links.adoc" as links>
<#import "/templates/profile.adoc" as profile>
<@tmpl.guide
title="Advanced configuration"
@ -65,14 +66,21 @@ For a list of options, see the Keycloak CRD. For details on configuring options,
Some expert server options are unavailable as dedicated fields in the Keycloak CR. The following are examples of omitted fields:
* Fields that require deep understanding of the underlying Keycloak implementation
* Fields that are not relevant to a Kubernetes environment
* Fields that are not relevant to
<@profile.ifCommunity>
a Kubernetes
</@profile.ifCommunity>
<@profile.ifProduct>
an OpenShift
</@profile.ifProduct>
environment
* Fields for provider configuration because they are dynamic based on the used provider implementation
The `additionalOptions` field of the Keycloak CR enables Keycloak to accept any available configuration in the form of key-value pairs.
You can use this field to include any option that is omitted in the Keycloak CR.
For details on configuring options, see <@links.server id="all-config"/>.
The values can be expressed as plain text strings or Kubernetes Secret references as shown in this example:
The values can be expressed as plain text strings or Secret object references as shown in this example:
[source,yaml]
----
@ -102,11 +110,11 @@ When a referenced Secret is modified, the Operator performs a rolling restart of
=== Unsupported features
The `unsupported` field of the CR contains highly experimental configuration options that are not completely tested and supported.
The `unsupported` field of the CR contains highly experimental configuration options that are not completely tested and are Tech Preview.
==== Pod Template
The Pod Template is a raw API representation that is used for the Kubernetes Deployment Template.
The Pod Template is a raw API representation that is used for the Deployment Template.
This field is a temporary workaround in case no supported field exists at the top level of the CR for your use case.
The Operator merges the fields of the provided template with the values generated by the Operator for the specific Deployment.

View file

@ -2,14 +2,19 @@
<#import "/templates/kc.adoc" as kc>
<#import "/templates/options.adoc" as opts>
<#import "/templates/links.adoc" as links>
<#import "/templates/profile.adoc" as profile>
<@tmpl.guide
title="Basic Keycloak deployment"
priority=20
summary="How to install Keycloak using the Operator on Kubernetes or OpenShift">
summary="How to install Keycloak using the Operator">
== Performing a basic Keycloak deployment
This {section} describes how to perform a basic Keycloak Deployment on Kubernetes or OpenShift using the Operator.
This {section} describes how to perform a basic Keycloak Deployment on
<@profile.ifCommunity>
Kubernetes or
</@profile.ifCommunity>
OpenShift using the Operator.
=== Preparing for deployment
@ -230,14 +235,14 @@ kubectl port-forward service/example-kc-service 8443:8443
=== Accessing the Admin Console
When deploying Keycloak, the operator generates an arbitrary initial admin `username` and `password` and stores those credentials as a Kubernetes basic-auth Secret in the same namespace as the CR.
When deploying Keycloak, the operator generates an arbitrary initial admin `username` and `password` and stores those credentials as a basic-auth Secret object in the same namespace as the CR.
[WARNING]
====
Change the default admin credentials and enable MFA in Keycloak before going to production.
====
To fetch the initial admin credentials, you have to read and decode a Kubernetes Secret.
To fetch the initial admin credentials, you have to read and decode the Secret.
The Secret name is derived from the Keycloak CR name plus the fixed suffix `-initial-admin`.
To get the username and password for the `example-kc` CR, enter the following commands: