libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions
keycloak-scim/server_installation/topics/operator/keycloak-client-cr.adoc
Andy Munro 0ddeec4e1e KEYCLOAK-12273 update to the description of services and endpoints as suggested by Sebastian. Otherwise, I am done. 
However, I still need input from Sebastian on technical accuracy.
2020-06-02 11:22:18 +02:00

103 lines
No EOL
2.6 KiB
Text
Raw Blame History

[[_client-cr]]
=== Creating a client custom resource
You can use the Operator to create clients in {project_name} as defined by a custom resource. You define the properties of the realm in a YAML file.
[NOTE]
====
You can update the YAML file and changes appear in the {project_name} admin console, however changes to the admin console do not update the custom resource.
====
.Example YAML file for a Client custom resource
```yaml
apiVersion: keycloak.org/v1alpha1
kind: KeycloakClient
metadata:
name: example-client
labels:
app: sso
spec:
realmSelector:
matchLabels:
app: <matching labels for KeycloakRealm custom resource>
client:
# auto-generated if not supplied
#id: 123
clientId: client-secret
secret: client-secret
# ...
# other properties of Keycloak Client
```
.Prerequisites
* You have a YAML file for this custom resource.
* You have cluster-admin permission or an equivalent level of permissions granted by an administrator.
.Procedure
. Use this command on the YAML file that you created: `{create_cmd} -f <client-name>.yaml`. For example:
+
[source,bash,subs=+attributes]
----
$ {create_cmd} -f initial_client.yaml
keycloak.keycloak.org/example-client created
----
. Log into the {project_name} admin console for the related instance of {project_name}.
. Click Clients.
+
The new client appears in the list of clients.
+
image:images/clients.png[]
.Results
After a client is created, the Operator creates a Secret containing the `Client ID` and the client's secret using the following naming pattern: `keycloak-client-secret-<custom resource name>`. For example:
.Client's Secret
```yaml
apiVersion: v1
data:
CLIENT_ID: <base64 encoded Client ID>
CLIENT_SECRET: <base64 encoded Client Secret>
kind: Secret
```
After the Operator processes the custom resource, view the status with this command:
[source,bash,subs=+attributes]
----
$ {create_cmd_brief} describe keycloak <cr_name>
----
.Client custom resource Status
```yaml
Name: client-secret
Namespace: keycloak
Labels: app=sso
API Version: keycloak.org/v1alpha1
Kind: KeycloakClient
Spec:
Client:
Client Authenticator Type: client-secret
Client Id: client-secret
Id: keycloak-client-secret
Realm Selector:
Match Labels:
App: sso
Status:
Message:
Phase: reconciling
Ready: true
Secondary Resources:
Secret:
keycloak-client-secret-client-secret
Events: <none>
```
.Additional resources
* When the client creation completes, you are ready to xref:_user-cr[create a user custom resource].
Reference in a new issue View git blame Copy permalink