91 lines
2.5 KiB
Text
91 lines
2.5 KiB
Text
<#import "/templates/guide.adoc" as tmpl>
|
|
<#import "/templates/kc.adoc" as kc>
|
|
<#import "/templates/options.adoc" as opts>
|
|
<#import "/templates/links.adoc" as links>
|
|
|
|
<@tmpl.guide
|
|
title="Keycloak Realm Import"
|
|
priority=30
|
|
summary="How to perform an automated Keycloak Realm Import using the operator">
|
|
|
|
== Importing a Keycloak Realm
|
|
|
|
Using the Keycloak Operator, you can perform a realm import for the Keycloak Deployment.
|
|
|
|
[NOTE]
|
|
====
|
|
* If a Realm with the same name already exists in Keycloak, it will not be overwritten.
|
|
|
|
* The Realm Import CR only supports creation of new realms and does not update or delete those. Changes to the realm performed directly on Keycloak are not synced back in the CR.
|
|
====
|
|
|
|
=== Creating a Realm Import Custom Resource
|
|
|
|
The following is an example of a Realm Import Custom Resource (CR):
|
|
|
|
[source,yaml]
|
|
----
|
|
apiVersion: k8s.keycloak.org/v2alpha1
|
|
kind: KeycloakRealmImport
|
|
metadata:
|
|
name: my-realm-kc
|
|
spec:
|
|
keycloakCRName: <name of the keycloak CR>
|
|
realm:
|
|
...
|
|
----
|
|
|
|
This CR should be created in the same namespace as the Keycloak Deployment CR, defined in the field `keycloakCRName`.
|
|
The `realm` field accepts a full https://www.keycloak.org/docs-api/{majorMinorVersion}/rest-api/index.html#_realmrepresentation[RealmRepresentation].
|
|
|
|
The recommended way to obtain a `RealmRepresentation` is by leveraging the export functionality <@links.server id="importExport"/>.
|
|
|
|
. Export the Realm to a single file.
|
|
. Convert the JSON file to YAML.
|
|
. Copy and paste the obtained YAML file as body for the `realm` key, making sure the indentation is correct.
|
|
|
|
=== Applying the Realm Import CR
|
|
|
|
Use `kubectl` to create the CR in the correct cluster namespace:
|
|
|
|
[source,bash]
|
|
----
|
|
cat <<EOF >> example-realm-import.yaml
|
|
apiVersion: k8s.keycloak.org/v2alpha1
|
|
kind: KeycloakRealmImport
|
|
metadata:
|
|
name: my-realm-kc
|
|
spec:
|
|
keycloakCRName: <name of the keycloak CR>
|
|
realm:
|
|
id: example-realm
|
|
realm: example-realm
|
|
displayName: ExampleRealm
|
|
enabled: true
|
|
EOF
|
|
kubectl apply -f example-realm-import.yaml
|
|
----
|
|
|
|
To check the status of the running import, enter the following command:
|
|
|
|
[source,bash]
|
|
----
|
|
kubectl get keycloakrealmimports/my-realm-kc -o go-template='{{range .status.conditions}}CONDITION: {{.type}}{{"\n"}} STATUS: {{.status}}{{"\n"}} MESSAGE: {{.message}}{{"\n"}}{{end}}'
|
|
----
|
|
|
|
When the import has successfully completed, the output will look like the following example:
|
|
|
|
[source,bash]
|
|
----
|
|
CONDITION: Done
|
|
STATUS: true
|
|
MESSAGE:
|
|
CONDITION: Started
|
|
STATUS: false
|
|
MESSAGE:
|
|
CONDITION: HasErrors
|
|
STATUS: false
|
|
MESSAGE:
|
|
----
|
|
|
|
</@tmpl.guide>
|