-
Feature
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
False
-
-
False
Currently, the Keycloak Operator does not support running in a cluster All-Namespaces and can only manage Keycloak instances within a namespace. For now customers would need to deploy to deploy an operator for each namespace, resulting in those operators fighting over CRDs which is not quite ideal and comes with growing namespaces in the cluster.
There may be some available workarounds, as for instance modifying the installed CSV for the operator on the cluster to indicate support for all namespaces, or by directly tweaking and configuring the Quarkus Operator SDK in some way. But those aren't considered supported and do not provide guarantees to work in all circumstances.
We need to provide customers with support for installing the Operator in All-namespaces. This will allow a cluster-wide Operator to provision RHBK in different namespaces.
Customers would like to install the Operator in all namespaces, so that end-users/teams can create keycloak instances without cluster-admins to manually install the operator in a new created namespace. The Operator should be able to watch all namespaces so that keycloak instances can be created by for example the developers in their namespace without having extra rights to install new/other operators. Customers may need to separate teams and their environments instead of using a shared namespace for the Operator usage or having to deploy it in many individual namespaces.