github.com/doodlescheduling/k8skeycloak-controller
Readme
Keycloak realm declaration for kubernetes. Compared to the keycloak-operator this controller actually reconciles the entire realm throughout all depths. The keycloak-operator basically only creates the realm and syncs top level changes only. Under the hood the controller is a wrapper around the awesome keycloak-config-cli which implements the entire realm update using the Keycloak REST API.
The realm is the entire representation of the realm and is synced accordingly.
It supports secrets substition to inject secrets from kubernetes secrets.
You can use ${secret:secretName:secretField} anywhere in the realm definition.
apiVersion: keycloak.infra.doodle.com/v1beta1
kind: KeycloakRealm
metadata:
name: myrealm
namespace: default
spec:
address: http://keycloak-iam-http
authSecret:
name: admin-credentials
interval: 10m
suspend: false
version: 15.0.2
realm:
identityProviders:
- addReadTokenRoleOnCreate: false
alias: microsoft
authenticateByDefault: false
config:
clientId: 1b75ccdc-ad62-4fba-b0f0-079720295066
clientSecret: ${secret:microsoft:clientSecret}
defaultScope: User.Read
guiOrder: "10"
useJwksUrl: "true"
enabled: true
firstBrokerLoginFlowAlias: first broker login
internalId: microsoft
linkOnly: false
providerId: microsoft
storeToken: false
trustEmail: true
updateProfileFirstLoginMode: "on"
- addReadTokenRoleOnCreate: false
alias: github
authenticateByDefault: false
config:
clientId: c9b76245-e2b6-496f-827f-eccd3b283496
clientSecret: ${secret:github:clientSecret}
syncMode: IMPORT
useJwksUrl: "true"
enabled: true
firstBrokerLoginFlowAlias: first broker login
linkOnly: false
providerId: github
storeToken: false
trustEmail: false
updateProfileFirstLoginMode: "on"
internationalizationEnabled: false
loginTheme: default
loginWithEmailAllowed: true
maxDeltaTimeSeconds: 43200
maxFailureWaitSeconds: 900
minimumQuickLoginWaitSeconds: 60
notBefore: 0
Please see chart/k8skeycloak-controller for the helm chart docs.
You may change base settings for the controller using env variables (or alternatively command line arguments). Available env variables:
| Name | Description | Default |
|---|---|---|
METRICS_ADDR | The address of the metric endpoint binds to. | :9556 |
PROBE_ADDR | The address of the probe endpoints binds to. | :9557 |
ENABLE_LEADER_ELECTION | Enable leader election for controller manager. | false |
LEADER_ELECTION_NAMESPACE | Change the leader election namespace. This is by default the same where the controller is deployed. | `` |
NAMESPACES | The controller listens by default for all namespaces. This may be limited to a comma delimted list of dedicated namespaces. | `` |
CONCURRENT | The number of concurrent reconcile workers. | 4 |
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cyber extortion in the US and Canada hit record levels in 2023, with ransomware attacks surging and median ransom demands skyrocketing, though fewer companies are choosing to pay ransoms.
Security News
Ecma TC39 is meeting this week and has moved key ECMAScript proposals forward, advancing Deferred Import Evaluation, Error.isError(), RegExp Escaping, and Promise.try to the next stages.
Security News
Researchers have demonstrated that teams of LLM agents can exploit zero-day vulnerabilities with a 53% success rate, and the costs of using AI to do so are rapidly becoming more affordable than hiring a human penetration tester.