parent
96204fe349
commit
db7ca7fb66
2 changed files with 21 additions and 8 deletions
|
@ -2,6 +2,7 @@
|
|||
<#import "/templates/kc.adoc" as kc>
|
||||
<#import "/templates/options.adoc" as opts>
|
||||
<#import "/templates/links.adoc" as links>
|
||||
<#import "/templates/profile.adoc" as profile>
|
||||
|
||||
<@tmpl.guide
|
||||
title="Advanced configuration"
|
||||
|
@ -65,14 +66,21 @@ For a list of options, see the Keycloak CRD. For details on configuring options,
|
|||
Some expert server options are unavailable as dedicated fields in the Keycloak CR. The following are examples of omitted fields:
|
||||
|
||||
* Fields that require deep understanding of the underlying Keycloak implementation
|
||||
* Fields that are not relevant to a Kubernetes environment
|
||||
* Fields that are not relevant to
|
||||
<@profile.ifCommunity>
|
||||
a Kubernetes
|
||||
</@profile.ifCommunity>
|
||||
<@profile.ifProduct>
|
||||
an OpenShift
|
||||
</@profile.ifProduct>
|
||||
environment
|
||||
* Fields for provider configuration because they are dynamic based on the used provider implementation
|
||||
|
||||
The `additionalOptions` field of the Keycloak CR enables Keycloak to accept any available configuration in the form of key-value pairs.
|
||||
You can use this field to include any option that is omitted in the Keycloak CR.
|
||||
For details on configuring options, see <@links.server id="all-config"/>.
|
||||
|
||||
The values can be expressed as plain text strings or Kubernetes Secret references as shown in this example:
|
||||
The values can be expressed as plain text strings or Secret object references as shown in this example:
|
||||
|
||||
[source,yaml]
|
||||
----
|
||||
|
@ -102,11 +110,11 @@ When a referenced Secret is modified, the Operator performs a rolling restart of
|
|||
|
||||
=== Unsupported features
|
||||
|
||||
The `unsupported` field of the CR contains highly experimental configuration options that are not completely tested and supported.
|
||||
The `unsupported` field of the CR contains highly experimental configuration options that are not completely tested and are Tech Preview.
|
||||
|
||||
==== Pod Template
|
||||
|
||||
The Pod Template is a raw API representation that is used for the Kubernetes Deployment Template.
|
||||
The Pod Template is a raw API representation that is used for the Deployment Template.
|
||||
This field is a temporary workaround in case no supported field exists at the top level of the CR for your use case.
|
||||
|
||||
The Operator merges the fields of the provided template with the values generated by the Operator for the specific Deployment.
|
||||
|
|
|
@ -2,14 +2,19 @@
|
|||
<#import "/templates/kc.adoc" as kc>
|
||||
<#import "/templates/options.adoc" as opts>
|
||||
<#import "/templates/links.adoc" as links>
|
||||
<#import "/templates/profile.adoc" as profile>
|
||||
|
||||
<@tmpl.guide
|
||||
title="Basic Keycloak deployment"
|
||||
priority=20
|
||||
summary="How to install Keycloak using the Operator on Kubernetes or OpenShift">
|
||||
summary="How to install Keycloak using the Operator">
|
||||
|
||||
== Performing a basic Keycloak deployment
|
||||
This {section} describes how to perform a basic Keycloak Deployment on Kubernetes or OpenShift using the Operator.
|
||||
This {section} describes how to perform a basic Keycloak Deployment on
|
||||
<@profile.ifCommunity>
|
||||
Kubernetes or
|
||||
</@profile.ifCommunity>
|
||||
OpenShift using the Operator.
|
||||
|
||||
=== Preparing for deployment
|
||||
|
||||
|
@ -230,14 +235,14 @@ kubectl port-forward service/example-kc-service 8443:8443
|
|||
|
||||
=== Accessing the Admin Console
|
||||
|
||||
When deploying Keycloak, the operator generates an arbitrary initial admin `username` and `password` and stores those credentials as a Kubernetes basic-auth Secret in the same namespace as the CR.
|
||||
When deploying Keycloak, the operator generates an arbitrary initial admin `username` and `password` and stores those credentials as a basic-auth Secret object in the same namespace as the CR.
|
||||
|
||||
[WARNING]
|
||||
====
|
||||
Change the default admin credentials and enable MFA in Keycloak before going to production.
|
||||
====
|
||||
|
||||
To fetch the initial admin credentials, you have to read and decode a Kubernetes Secret.
|
||||
To fetch the initial admin credentials, you have to read and decode the Secret.
|
||||
The Secret name is derived from the Keycloak CR name plus the fixed suffix `-initial-admin`.
|
||||
To get the username and password for the `example-kc` CR, enter the following commands:
|
||||
|
||||
|
|
Loading…
Reference in a new issue