This is yet another operator for Keycloak. The novelty of this one is that it covers the whole Keycloak API and therefore allows to manage keycloak instances completely as Kubernetes resources.
rustcloak supports a legacy mode where it can be used as a drop-in replacement for the keycloak-realm-operator.
Create a connection to a Keycloak instance
apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakInstance
metadata:
name: keycloak-instance
spec:
baseUrl: http://keycloak-keycloakx-http:80/auth
credentials:
# Rustcloak will take care of creating this secret with a random password.
create: true
passwordKey: KEYCLOAK_ADMIN_PASSWORD
secretName: keycloak-admin
usernameKey: KEYCLOAK_ADMINCreate a realm
apiVersion: rustcloak.k8s.eboland.de/v1beta1
kind: KeycloakRealm
metadata:
name: example-keycloakrealm
spec:
instanceRef: keycloak-instance
definition:
realm: an-example-realm
displayName: "Hello World"Create a client
apiVersion: rustcloak.k8s.eboland.de/v1beta1
kind: KeycloakClient
metadata:
name: example-keycloakclient
spec:
realmRef: example-keycloakrealm
definition:
clientId: example-client
name: An example client
clientSecret:
secretName: example-keycloakclientNote that this client will yield a secret that stores the client id and the client id in a Kubernetes secret.
This project uses Cargo for builds.
A Makefile is provided for convenience:
make build # Build in release mode
make check # Run lint and test
make lint # Run clippy
make test # Run all tests
make fmt # Check formatting
make fix-fmt # Apply formatting
make build-docker # Build Docker imagecargo build --releasedocker build -t rustcloak-operator .Rustcloak supports all simple CRUD endpoints of the Keycloak API as of Keycloak-26. There are several other endpoints of Keycloak that do not follow a basic CRUD theme though. While we're striving to support all of them, we are not there yet.
The integration with kubernetes needs to be improved as well. While rustcloak is en par with other operators, we are strive to improve on the Operator Capabilities Levels.