The Keycloak Operator allows application developers to represent Keycloak Clients as Custom Resources:
KeycloakClient Custom ResourceapiVersion: keycloak.org/v1alpha1
kind: KeycloakClient
metadata:
name: <Keycloak Client name>
labels:
app: sso
spec:
realmSelector:
matchLabels:
app: <matching labels for KeycloakRealm Custom Resource>
client:
# auto-generated if not supplied
#id: 123
clientId: client-secret
secret: client-secret
# ...
# other properties of Keycloak Client|
Tip
|
Note, that realmSelector needs to match labels of an existing KeycloakRealm Custom Resource.
|
The Operator synchronizes all the changes made to the Custom Resource with a running Keycloak instance. No manual changes via Keycloak Admin Console are allowed.
Once the Operator reconciles the Custom Resource, it reports the status back:
KeycloakClient Custom Resource StatusName: client-secret
Namespace: keycloak
Labels: app=sso
API Version: keycloak.org/v1alpha1
Kind: KeycloakClient
Spec:
Client:
Client Authenticator Type: client-secret
Client Id: client-secret
Id: keycloak-client-secret
Realm Selector:
Match Labels:
App: sso
Status:
Message:
Phase: reconciling
Ready: true
Secondary Resources:
Secret:
keycloak-client-secret-client-secret
Events: <none>Once a Client is created, the Operator creates a Secret with Client ID as well as the client’s secret using the
following naming pattern: keycloak-client-secret-<Custom Resource name>. Here’s an example:
`KeycloakClient’s Secret
apiVersion: v1
data:
CLIENT_ID: Y2xpZW50LXNlY3JldA==
CLIENT_SECRET: Y2xpZW50LXNlY3JldA==
kind: Secret