Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-2817

Keycloak with GitOps config guidance

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Normal
    • 1.11.0
    • None
    • Documentation, Operator
    • None
    • GITOPS Sprint 3248

    Description

      Epic Goal

      Provide clear guidance to users about the integration between GitOps and Keycloak. 

      Currently, it is not clear in our documentation whether or not customers will be in breach of their subscription if they make changes to their Keycloak installation. We need to be clear within the GitOps team if there are any Keycloak configurations that do not work when you’re using Keycloak as SSO for OpenShift GitOps. Once we have that information, we can improve the GitOps documentation page about Keycloak.

      Why is this important?

      In several customer calls recently the lack of official Red Hat documentation for OpenShift GitOps has been raised. Many existing customers are comfortable just using the upstream documentation, but for new customers it has been off-putting. Not only has it raised questions about what is supported, but also our lack of investment in docs has led to customers questioning our investment in the product and its future.

      This particular issue about Keycloak support was raised in an RFE. Aside from the request to improve the documentation, our team wasn’t able to answer their questions about supported Keycloak configuration. This Epic not only provides the missing information to the customer, but also fills in a knowledge gap for our team. 

      Scenarios

      1. Customers are unfamiliar with both Keycloak and GitOps - they come to our documentation to find out about how to set them up. They find our page Configuring SSO for Argo CD using Keycloak. This document provides a very opinionated and brief overview of how to set up Keycloak. The customer wants to know more about changes they can/want to make to Keycloak, but they can’t find what changes are suitable. They’d like to know whether changes will break their newly set up connection to OpenShift GitOps.

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents
      • Identify if there are any keycloak options not supported by OpenShift GitOps
      • Document any known or discovered restrictions that customers need to be aware of when setting up Keycloak to work with OpenShift GitOps
      • If any/all changes to the Keycloak config are acceptable, add this information to the documentation
      • Add links to more information about Keycloak and where to get help with Keycloak-specific issues
      • Update the documentation to include a link to more information about the Red Hat SSO pre-requisite 

      Done Checklist

      • Acceptance criteria are met
      • Support and SRE teams are provided with enough skills to support the feature in production environment
      • The GitOps team is aware of any limitations around Keycloak config support, or we are able to confirm that there are none
      • Documentation has been updated, meeting the acceptance criteria

      Attachments

        Activity

          People

            rh-ee-sghadi Siddhesh Ghadi
            halawren@redhat.com Harriet Lawrence
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: