72 lines
1.7 KiB
Text
72 lines
1.7 KiB
Text
|
|
[[_external_keycloak]]
|
|
=== Connecting to an external {project_name}
|
|
|
|
This operator can also be used to partially manage an external {project_name} instance.
|
|
In it's current state, it will only be able to create clients.
|
|
|
|
To do this, you'll need to create unmanaged versions of the `Keycloak` and `KeycloakRealm` CRDs to use for targeting and configuration.
|
|
|
|
.Example YAML file for `external-keycloak`
|
|
```yaml
|
|
apiVersion: keycloak.org/v1alpha1
|
|
kind: Keycloak
|
|
metadata:
|
|
name: external-ref
|
|
labels:
|
|
ifeval::[{project_community}==true]
|
|
app: external-keycloak
|
|
endif::[]
|
|
ifeval::[{project_product}==true]
|
|
app: external-sso
|
|
endif::[]
|
|
spec:
|
|
unmanaged: true
|
|
external:
|
|
enabled: true
|
|
url: https://some.external.url
|
|
```
|
|
|
|
In order to authenticate against this keycloak, the operator infers the secret name from the CRD by prefixing the CRD name with `credential-`.
|
|
|
|
.Example YAML file for `credential-external-ref`
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: credential-external-ref
|
|
type: Opaque
|
|
data:
|
|
ADMIN_USERNAME: YWRtaW4=
|
|
ADMIN_PASSWORD: cGFzcw==
|
|
```
|
|
|
|
.Example YAML file for `external-realm`
|
|
```yaml
|
|
apiVersion: keycloak.org/v1alpha1
|
|
kind: KeycloakRealm
|
|
metadata:
|
|
name: external-realm
|
|
labels:
|
|
ifeval::[{project_community}==true]
|
|
app: external-keycloak
|
|
endif::[]
|
|
ifeval::[{project_product}==true]
|
|
app: external-sso
|
|
endif::[]
|
|
spec:
|
|
unmanaged: true
|
|
realm:
|
|
id: "basic"
|
|
realm: "basic"
|
|
instanceSelector:
|
|
matchLabels:
|
|
ifeval::[{project_community}==true]
|
|
app: external-keycloak
|
|
endif::[]
|
|
ifeval::[{project_product}==true]
|
|
app: external-sso
|
|
endif::[]
|
|
```
|
|
|
|
You can now use the realm reference in your client as usual, and it will create the client on the external {project_name} instance.
|