Narrative

Many users of Keycloak have the need to deploy custom themes and providers to Keycloak. Currently, this requires building a custom image as well as publishing the custom image in a registry available to the OpenShift cluster. When upgrading themes, providers, or Keycloak, this can be cumbersome as you need a CI/CD pipeline to trigger the build, push the image, and eventually instruct the Operator to update to the new image.

As a side-note currently using an optimized build to reduce startup time it is also required to provide a custom image. Custom images with custom themes and providers may also not fit nicely into zero-downtime upgrades for patch releases.

It would be beneficial to those that don't have CI/CD pipelines readily available to have a simpler mechanism where they can configure in the CRs what themes and providers should be deployed, maybe also whether or not a optimized build should be enabled.

Value Proposition

Makes it simpler to deploy custom themes and providers to Keycloak when using the Operator.

Goals

• Provide users with an easy mechanism for adding custom themes and providers for RHBK deployments using the Operator
• Users should not be required to build and provide their own custom container images

Implementation notes

Some various thoughts on how we can achieve this:

• Have the Operator somehow build an image; using source to image, or something else
• Provide a simple and documented approach for customers to build their own image (probably doesn't provide the level of simplicity wanted)
• Have the Operator create a special volume, that contains themes, providers, as well as potentially an optimized build; this would be mounted into Keycloak in a read-only fashion (if possible) still resulting in a immutable deployment. The Operator could retrieve themes and providers from https urls, from other volumes, etc.