Details
-
Epic
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
Keycloak Operator
-
To Do
Description
Why
To prevent the user being able to directly access keycloak, it is provisioned into a restricted namespace and this operator is provisioned into the same namespace in order to orchestrate the creation / deletion of slices and bindings to the keycloak instance on behalf of the users who cannot access this namespace.
What
Create a Keycloak operator and deployment mechanism that will handle the following:
- Creation and Deletion of a keycloak realm
- Creation and Deletion of a keycloak user
- Creation and Deletion of a public or bearer client
The operator will also be aware of the Shared Service Custom Resources and act on these if configured to do so
- SharedService This is the configuration template for a particular shared service
- SharedServiceSlice This is used to inform the operator to setup what it considers a slice of the service. In this case it will be a realm
- SharedServiceAction
In a future iteration we may look to abstract this shared service concept out along with the types into a lib allowing for it be reused across other operators.
Out of scope
- Deciding what happens if a SharedService CR is deleted (IE should we remove all the shared service instance)
- Configuration of a cluster (although it is something we would like to look into later)
- Configuration of proxies (again will likely look at it later down the line)
