diff --git a/charts/lightrun-helm-chart/Chart.lock b/charts/lightrun-helm-chart/Chart.lock new file mode 100644 index 0000000..5872565 --- /dev/null +++ b/charts/lightrun-helm-chart/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: lightrun-keycloak-operator + repository: file://../lightrun-keycloak-operator + version: 0.1.0 +digest: sha256:7549732d1dcdf3d2ce2cd43e5e2a1adc2722b408f9e5226981fa31ad181be457 +generated: "2025-06-20T23:00:11.691147+03:00" diff --git a/charts/lightrun-helm-chart/Chart.yaml b/charts/lightrun-helm-chart/Chart.yaml new file mode 100644 index 0000000..3f4e6ee --- /dev/null +++ b/charts/lightrun-helm-chart/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: lightrun-helm-chart +description: Unlock real-time code-level observability with Lightrun +version: 3.18.0 +appVersion: main + +dependencies: + - name: lightrun-keycloak-operator + version: "0.1.0" + repository: "file://../lightrun-keycloak-operator" + condition: deployments.keycloakOperator.enabled diff --git a/chart/README.md b/charts/lightrun-helm-chart/README.md similarity index 100% rename from chart/README.md rename to charts/lightrun-helm-chart/README.md diff --git a/chart/templates/artifacts/configmap.yaml b/charts/lightrun-helm-chart/templates/artifacts/configmap.yaml similarity index 100% rename from chart/templates/artifacts/configmap.yaml rename to charts/lightrun-helm-chart/templates/artifacts/configmap.yaml diff --git a/chart/templates/artifacts/deployment.yaml b/charts/lightrun-helm-chart/templates/artifacts/deployment.yaml similarity index 100% rename from chart/templates/artifacts/deployment.yaml rename to charts/lightrun-helm-chart/templates/artifacts/deployment.yaml diff --git a/chart/templates/artifacts/service.yaml b/charts/lightrun-helm-chart/templates/artifacts/service.yaml similarity index 100% rename from chart/templates/artifacts/service.yaml rename to charts/lightrun-helm-chart/templates/artifacts/service.yaml diff --git a/chart/templates/artifacts/serviceaccount.yaml b/charts/lightrun-helm-chart/templates/artifacts/serviceaccount.yaml similarity index 100% rename from chart/templates/artifacts/serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/artifacts/serviceaccount.yaml diff --git a/chart/templates/backend-deployment.yaml b/charts/lightrun-helm-chart/templates/backend-deployment.yaml similarity index 98% rename from chart/templates/backend-deployment.yaml rename to charts/lightrun-helm-chart/templates/backend-deployment.yaml index a01e12c..dad9fb3 100644 --- a/chart/templates/backend-deployment.yaml +++ b/charts/lightrun-helm-chart/templates/backend-deployment.yaml @@ -248,9 +248,9 @@ spec: - name: SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER-URI value: "https://{{ .Values.general.lightrun_endpoint }}/auth/realms/lightrun" - name: SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK-SET-URI - value: "{{ include "http.scheme" . }}://{{ include "lightrun-keycloak.name" . }}:8080/auth/realms/lightrun/protocol/openid-connect/certs" + value: "{{ include "http.scheme" . }}://{{ include "lightrun-keycloak.serviceName" . }}:8080/auth/realms/lightrun/protocol/openid-connect/certs" - name: SPRING_SECURITY_KEYCLOAK_URL - value: "{{ include "http.scheme" . }}://{{ include "lightrun-keycloak.name" . }}:8080/auth" + value: "{{ include "http.scheme" . }}://{{ include "lightrun-keycloak.serviceName" . }}:8080/auth" {{ if or .Values.general.internal_tls.enabled .Values.deployments.redis.encryption.enabled }} - name: SPRING_REDIS_SSL value: "true" @@ -373,7 +373,7 @@ spec: cpu: "100m" env: - name: URL - value: {{ include "http.scheme" . }}://{{ include "lightrun-keycloak.name" . }}:9000/auth/health/started {{ if .Values.general.internal_tls.enabled }}--no-check-certificate{{ end }} + value: {{ include "http.scheme" . }}://{{ include "lightrun-keycloak.serviceName" . }}:9000/auth/health/started {{ if .Values.general.internal_tls.enabled }}--no-check-certificate{{ end }} {{ if .Values.general.mq.enabled }} {{- include "lightrun-mq.initContainer.wait-for-rabbitmq" (merge (dict "imageConfig" .Values.deployments.backend.initContainers.wait_for_rabbitmq "securityContext" "lightrun-be.containerSecurityContext") .) | nindent 6 }} diff --git a/chart/templates/backend-jcache-cm.yaml b/charts/lightrun-helm-chart/templates/backend-jcache-cm.yaml similarity index 100% rename from chart/templates/backend-jcache-cm.yaml rename to charts/lightrun-helm-chart/templates/backend-jcache-cm.yaml diff --git a/chart/templates/backend-service.yaml b/charts/lightrun-helm-chart/templates/backend-service.yaml similarity index 100% rename from chart/templates/backend-service.yaml rename to charts/lightrun-helm-chart/templates/backend-service.yaml diff --git a/chart/templates/backend-serviceaccount.yaml b/charts/lightrun-helm-chart/templates/backend-serviceaccount.yaml similarity index 100% rename from chart/templates/backend-serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/backend-serviceaccount.yaml diff --git a/chart/templates/backend-sysdiag-role-binding.yaml b/charts/lightrun-helm-chart/templates/backend-sysdiag-role-binding.yaml similarity index 100% rename from chart/templates/backend-sysdiag-role-binding.yaml rename to charts/lightrun-helm-chart/templates/backend-sysdiag-role-binding.yaml diff --git a/chart/templates/backend-sysdiag-role.yaml b/charts/lightrun-helm-chart/templates/backend-sysdiag-role.yaml similarity index 100% rename from chart/templates/backend-sysdiag-role.yaml rename to charts/lightrun-helm-chart/templates/backend-sysdiag-role.yaml diff --git a/chart/templates/backend-system-config-cm.yaml b/charts/lightrun-helm-chart/templates/backend-system-config-cm.yaml similarity index 100% rename from chart/templates/backend-system-config-cm.yaml rename to charts/lightrun-helm-chart/templates/backend-system-config-cm.yaml diff --git a/chart/templates/data_streamer/config_cm.yaml b/charts/lightrun-helm-chart/templates/data_streamer/config_cm.yaml similarity index 100% rename from chart/templates/data_streamer/config_cm.yaml rename to charts/lightrun-helm-chart/templates/data_streamer/config_cm.yaml diff --git a/chart/templates/data_streamer/deployment.yaml b/charts/lightrun-helm-chart/templates/data_streamer/deployment.yaml similarity index 100% rename from chart/templates/data_streamer/deployment.yaml rename to charts/lightrun-helm-chart/templates/data_streamer/deployment.yaml diff --git a/chart/templates/data_streamer/service.yaml b/charts/lightrun-helm-chart/templates/data_streamer/service.yaml similarity index 100% rename from chart/templates/data_streamer/service.yaml rename to charts/lightrun-helm-chart/templates/data_streamer/service.yaml diff --git a/chart/templates/data_streamer/serviceaccount.yaml b/charts/lightrun-helm-chart/templates/data_streamer/serviceaccount.yaml similarity index 100% rename from chart/templates/data_streamer/serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/data_streamer/serviceaccount.yaml diff --git a/chart/templates/frontend-cm.yaml b/charts/lightrun-helm-chart/templates/frontend-cm.yaml similarity index 100% rename from chart/templates/frontend-cm.yaml rename to charts/lightrun-helm-chart/templates/frontend-cm.yaml diff --git a/chart/templates/frontend-deployment.yaml b/charts/lightrun-helm-chart/templates/frontend-deployment.yaml similarity index 98% rename from chart/templates/frontend-deployment.yaml rename to charts/lightrun-helm-chart/templates/frontend-deployment.yaml index 866c56c..0579fd0 100644 --- a/chart/templates/frontend-deployment.yaml +++ b/charts/lightrun-helm-chart/templates/frontend-deployment.yaml @@ -95,7 +95,7 @@ spec: - name: BACKEND_URI value: {{ include "lightrun-be.name" . }} - name: KEYCLOAK_URI - value: {{ include "lightrun-keycloak.name" . }} + value: {{ include "lightrun-keycloak.serviceName" . }} {{- if .Values.deployments.frontend.extraEnvs }} {{- toYaml .Values.deployments.frontend.extraEnvs | nindent 12 }} diff --git a/chart/templates/frontend-service.yaml b/charts/lightrun-helm-chart/templates/frontend-service.yaml similarity index 100% rename from chart/templates/frontend-service.yaml rename to charts/lightrun-helm-chart/templates/frontend-service.yaml diff --git a/chart/templates/frontend-serviceaccount.yaml b/charts/lightrun-helm-chart/templates/frontend-serviceaccount.yaml similarity index 100% rename from chart/templates/frontend-serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/frontend-serviceaccount.yaml diff --git a/chart/templates/helpers/_asyncProfiler.tpl b/charts/lightrun-helm-chart/templates/helpers/_asyncProfiler.tpl similarity index 100% rename from chart/templates/helpers/_asyncProfiler.tpl rename to charts/lightrun-helm-chart/templates/helpers/_asyncProfiler.tpl diff --git a/chart/templates/helpers/_backend_asyncProfiler.tpl b/charts/lightrun-helm-chart/templates/helpers/_backend_asyncProfiler.tpl similarity index 100% rename from chart/templates/helpers/_backend_asyncProfiler.tpl rename to charts/lightrun-helm-chart/templates/helpers/_backend_asyncProfiler.tpl diff --git a/chart/templates/helpers/_helpers.tpl b/charts/lightrun-helm-chart/templates/helpers/_helpers.tpl similarity index 99% rename from chart/templates/helpers/_helpers.tpl rename to charts/lightrun-helm-chart/templates/helpers/_helpers.tpl index f2e105a..24036e9 100644 --- a/chart/templates/helpers/_helpers.tpl +++ b/charts/lightrun-helm-chart/templates/helpers/_helpers.tpl @@ -113,6 +113,14 @@ Container SecurityContext of lightrun frontend {{ include "lightrun.fullname" . }}-keycloak {{- end -}} +{{- define "lightrun-keycloak.serviceName" -}} +{{- if .Values.deployments.keycloakOperator.enabled -}} +{{ include "lightrun-keycloak.name" . }}-service +{{- else -}} +{{ include "lightrun-keycloak.name" . }} +{{- end -}} +{{- end -}} + {{/* Create the name of the lightrun keycloak service account to use */}} diff --git a/chart/templates/helpers/_internal_tls.tpl b/charts/lightrun-helm-chart/templates/helpers/_internal_tls.tpl similarity index 100% rename from chart/templates/helpers/_internal_tls.tpl rename to charts/lightrun-helm-chart/templates/helpers/_internal_tls.tpl diff --git a/chart/templates/helpers/_keycloak_asyncProfiler.tpl b/charts/lightrun-helm-chart/templates/helpers/_keycloak_asyncProfiler.tpl similarity index 100% rename from chart/templates/helpers/_keycloak_asyncProfiler.tpl rename to charts/lightrun-helm-chart/templates/helpers/_keycloak_asyncProfiler.tpl diff --git a/chart/templates/helpers/_keycloak_initContainer.tpl b/charts/lightrun-helm-chart/templates/helpers/_keycloak_initContainer.tpl similarity index 100% rename from chart/templates/helpers/_keycloak_initContainer.tpl rename to charts/lightrun-helm-chart/templates/helpers/_keycloak_initContainer.tpl diff --git a/chart/templates/helpers/_rabbitmq_initContainer.tpl b/charts/lightrun-helm-chart/templates/helpers/_rabbitmq_initContainer.tpl similarity index 100% rename from chart/templates/helpers/_rabbitmq_initContainer.tpl rename to charts/lightrun-helm-chart/templates/helpers/_rabbitmq_initContainer.tpl diff --git a/chart/templates/helpers/_router.tpl b/charts/lightrun-helm-chart/templates/helpers/_router.tpl similarity index 100% rename from chart/templates/helpers/_router.tpl rename to charts/lightrun-helm-chart/templates/helpers/_router.tpl diff --git a/chart/templates/hpa.yaml b/charts/lightrun-helm-chart/templates/hpa.yaml similarity index 100% rename from chart/templates/hpa.yaml rename to charts/lightrun-helm-chart/templates/hpa.yaml diff --git a/chart/templates/internal-tls-certs.yaml b/charts/lightrun-helm-chart/templates/internal-tls-certs.yaml similarity index 100% rename from chart/templates/internal-tls-certs.yaml rename to charts/lightrun-helm-chart/templates/internal-tls-certs.yaml diff --git a/charts/lightrun-helm-chart/templates/keycloak-cr.yaml b/charts/lightrun-helm-chart/templates/keycloak-cr.yaml new file mode 100644 index 0000000..59f122f --- /dev/null +++ b/charts/lightrun-helm-chart/templates/keycloak-cr.yaml @@ -0,0 +1,338 @@ +{{- $version := include "lightrun-keycloak.getSemanticVersion" .Values.deployments.keycloak.image.tag -}} +{{- if .Values.deployments.keycloakOperator.enabled }} +apiVersion: k8s.keycloak.org/v2alpha1 +kind: Keycloak +metadata: + name: {{ include "lightrun-keycloak.name" . }} + labels: + app: {{ include "lightrun-keycloak.name" . }} + {{- with .Values.deployments.keycloak.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + instances: 2 + image: "{{ .Values.deployments.keycloak.image.repository }}:{{ .Values.deployments.keycloak.image.tag }}" + imagePullPolicy: {{ .Values.deployments.keycloak.image.pullPolicy }} + {{- if .Values.secrets.defaults.dockerhub_config }} + imagePullSecrets: + {{- if .Values.secrets.defaults.dockerhub_config.existingSecret }} + - name: {{ .Values.secrets.defaults.dockerhub_config.existingSecret }} + {{- else }} + - name: {{ include "secrets.dockerhub.name" . }} + {{- end -}} + {{- end }} + unsupported: + podTemplate: + spec: + initContainers: + - name: wait-for-rabbitmq + image: "lightruncom/chart-helper:0.3.0-alpine-3.21.3-r0.lr-0" + imagePullPolicy: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 1000000 + seccompProfile: + type: RuntimeDefault + command: + - sh + - /scripts/wait-for-200.sh + resources: + limits: + memory: "100Mi" + cpu: "100m" + requests: + memory: "100Mi" + cpu: "100m" + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AUTH_USER + valueFrom: + secretKeyRef: + name: {{ include "secrets.backend.name" . }} + key: SPRING_RABBITMQ_USERNAME + - name: AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secrets.backend.name" . }} + key: SPRING_RABBITMQ_PASSWORD + - name: RABBITMQ_TCP_PORT + value: "15672" + - name: URL + value: http://{{ include "lightrun-mq.endpoint" . }}:$(RABBITMQ_TCP_PORT)/api/overview + - name: wait-for-mysql + image: mysql:8.0.38 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000000 + seccompProfile: + type: RuntimeDefault + resources: + limits: + memory: "100Mi" + cpu: "100m" + requests: + memory: "100Mi" + cpu: "100m" + command: ["sh", "-c"] + args: + - while ! mysql -u"$MYSQL_USER" -p"$MYSQL_PASSWORD" -h {{ include "mysql.db_endpoint" . }} -e "SELECT 1" --ssl-mode=DISABLED --connect-timeout 2; do sleep 1; done + env: + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ include "secrets.keycloak.name" . }} + key: DB_USER + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secrets.keycloak.name" . }} + key: DB_PASSWORD + - name: MYSQL_TCP_PORT + value: "3306" + containers: + - name: keycloak + env: + {{- if .Values.general.mq.enabled }} + - name: RABBITMQ_HOST + value: {{ include "lightrun-mq.endpoint" . }} + - name: RABBITMQ_PORT + value: {{ .Values.general.mq.port | quote }} + - name: KEYCLOAK_QUEUE_NAME + value: {{ include "lightrun-mq.getQueueNameByPrefix" (dict "prefix" "keycloak-events" "Values" .Values) | quote }} + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "secrets.backend.name" . }} + key: SPRING_RABBITMQ_USERNAME + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secrets.backend.name" . }} + key: SPRING_RABBITMQ_PASSWORD + {{- end }} + - name: INFO_DEPLOYMENT + {{ if eq .Values.general.deployment_type "saas" }} + value: "SaaS" + {{ else if eq .Values.general.deployment_type "single-tenant" }} + value: "single-tenant" + {{ else }} + value: "on-prem" + {{ end }} + - name: KC_PROXY_HEADERS + value: "xforwarded" + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + name: {{ include "secrets.keycloak.name" . }} + key: KEYCLOAK_USER + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secrets.keycloak.name" . }} + key: KEYCLOAK_PASSWORD + - name: KC_PROXY_HEADERS + value: "xforwarded" + - name: KC_BOOTSTRAP_ADMIN_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "secrets.keycloak.name" . }} + key: KEYCLOAK_USER + - name: KC_BOOTSTRAP_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secrets.keycloak.name" . }} + key: KEYCLOAK_PASSWORD + {{- if .Values.general.internal_tls.enabled }} + - name: KC_HTTPS_CERTIFICATE_FILE + value: /etc/x509/https/tls.crt + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + value: /etc/x509/https/tls.key + - name: KC_CACHE_EMBEDDED_MTLS_ENABLED + value: "true" + - name: KC_CACHE_EMBEDDED_MTLS_KEY_STORE_FILE + value: /p12/cluster.p12 + - name: KC_CACHE_EMBEDDED_MTLS_KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secrets.backend.name" . }} + key: KEYSTORE_PASSWORD + - name: KC_CACHE_EMBEDDED_MTLS_TRUST_STORE_FILE + value: /p12/cluster-ca.p12 + - name: KC_CACHE_EMBEDDED_MTLS_TRUST_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secrets.backend.name" . }} + key: KEYSTORE_PASSWORD + {{- else }} + - name: KC_HTTPS_CERTIFICATE_FILE + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + - name: KC_HTTP_ENABLED + value: "true" + {{- end }} + - name: KC_DB + value: mysql + - name: KC_DB_URL + {{- if eq .Values.deployments.keycloak.dbConnector "mysql" }} + value: jdbc:mysql://{{ include "mysql.db_endpoint" . }}:3306/{{ .Values.general.db_database }}?useSSL={{ .Values.general.db_require_secure_transport }}&allowPublicKeyRetrieval=true&trustServerCertificate=true&serverTimezone=UTC + {{- else if eq .Values.deployments.keycloak.dbConnector "mariadb" }} + value: jdbc:mariadb://{{ include "mysql.db_endpoint" . }}:3306/{{ .Values.general.db_database }}?useSSL={{ .Values.general.db_require_secure_transport }}&allowPublicKeyRetrieval=true&trustServerCertificate=true&serverTimezone=UTC + {{- end }} + - name: KC_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "secrets.keycloak.name" . }} + key: DB_USER + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secrets.keycloak.name" . }} + key: DB_PASSWORD + - name: DB_ADDR + value: {{ include "mysql.db_endpoint" . }} + - name: DB_PORT + value: "3306" + - name: DB_DATABASE + value: {{ .Values.general.db_database }} + - name: JDBC_PARAMS + value: "useSSL={{ .Values.general.db_require_secure_transport }}&allowPublicKeyRetrieval=true" + - name: KEYCLOAK_STATISTICS + value: "db,{{ include "http.scheme" . }}" + {{- if .Values.deployments.keycloak.clusterMode }} + - name: KC_CACHE + value: ispn + - name: KC_CACHE_STACK + value: kubernetes + - name: JAVA_OPTS_APPEND + value: "-Djgroups.dns.query={{ include "lightrun-keycloak.name" . }}-headless {{ include "lightrun-keycloak.java.argument.asyncProfiler" . }}" + {{- else }} + - name: JAVA_OPTS_APPEND + value: "{{- include "lightrun-keycloak.java.argument.asyncProfiler" . -}}" + {{- end }} + - name: JAVASCRIPT_FILES + value: js/keycloak.js + {{- if .Values.deployments.keycloak.extraEnvs }} + {{- toYaml .Values.deployments.keycloak.extraEnvs | nindent 14 }} + {{- end }} + {{- if not (include "list-of-maps-contains" (list .Values.deployments.keycloak.extraEnvs "_JAVA_OPTIONS") ) }} + - name: "_JAVA_OPTIONS" + value: {{- toYaml (include "calculate-heap-size" .Values.deployments.keycloak) | nindent 21 }} + {{- end }} + {{- if not (include "list-of-maps-contains" (list .Values.deployments.keycloak.extraEnvs "KC_HOSTNAME") ) }} + {{- if semverCompare ">=1.38.0" $version }} + - name: KC_HOSTNAME + value: 'https://{{ .Values.general.lightrun_endpoint }}/auth' + {{- else }} + - name: KC_HOSTNAME_URL + value: 'https://{{ .Values.general.lightrun_endpoint }}/auth' + {{- end }} + {{- end }} + readinessProbe: + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + httpGet: + path: /auth/health/ready + port: 9000 + livenessProbe: + initialDelaySeconds: 200 + periodSeconds: 50 + timeoutSeconds: 30 + successThreshold: 1 + failureThreshold: 3 + httpGet: + path: /auth/health/live + port: 9000 + startupProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 30 + httpGet: + path: /auth/health/started + port: 9000 + db: + vendor: mysql + host: {{ include "mysql.db_endpoint" . }} + port: 3306 + database: {{ .Values.general.db_database }} + usernameSecret: + name: {{ include "secrets.keycloak.name" . }} + key: DB_USER + passwordSecret: + name: {{ include "secrets.keycloak.name" . }} + key: DB_PASSWORD + url: "jdbc:mariadb://{{ include "mysql.db_endpoint" . }}:3306/{{ .Values.general.db_database }}?useSSL={{ .Values.general.db_require_secure_transport }}&allowPublicKeyRetrieval=true&trustServerCertificate=true&serverTimezone=UTC" + pool: + initialSize: 5 + maxSize: 20 + minSize: 5 + transaction: + xaEnabled: false + http: + httpEnabled: {{ if .Values.general.internal_tls.enabled }}false{{ else }}true{{ end }} + httpPort: 8080 + httpsPort: 9443 + healthPort: 9000 + {{- if .Values.general.internal_tls.enabled }} + tlsSecret: {{ include "secrets.certificate.name" . }} + {{- end }} + hostname: + hostname: "https://{{ .Values.general.lightrun_endpoint }}/auth" + admin: "https://{{ .Values.general.lightrun_endpoint }}/auth" + strict: false + backchannelDynamic: true + transaction: + xaEnabled: false + resources: + requests: + cpu: {{ .Values.deployments.keycloak.resources.cpu }} + memory: {{ .Values.deployments.keycloak.resources.memory }} + limits: + cpu: {{ .Values.deployments.keycloak.resources.cpu }} + memory: {{ .Values.deployments.keycloak.resources.memory }} + {{- if .Values.deployments.keycloak.podSecurityContext }} + podSecurityContext: + {{- toYaml .Values.deployments.keycloak.podSecurityContext | nindent 4 }} + {{- end }} + {{- if .Values.deployments.keycloak.topologySpreadConstraints }} + topologySpreadConstraints: + {{ toYaml .Values.deployments.keycloak.topologySpreadConstraints | nindent 4 }} + {{- end }} + {{- if .Values.general.tolerations }} + tolerations: + {{ toYaml .Values.general.tolerations | nindent 4 }} + {{- end }} + {{- if .Values.general.nodeSelector }} + nodeSelector: + {{ toYaml .Values.general.nodeSelector | nindent 4 }} + {{- end }} + {{- if .Values.deployments.keycloak.affinity }} + affinity: + {{ toYaml .Values.deployments.keycloak.affinity | nindent 4 }} + {{- end }} + update: + strategy: {{- if eq .Values.general.deployment_type "on-prem" }} + Auto # When the image field changes, the Operator scales down the StatefulSet before applying the new image. + {{- else if or (eq .Values.general.deployment_type "saas") (eq .Values.general.deployment_type "single-tenant") }} + Auto # The Keycloak Operator detects if a rolling or recreate update is possible. + # In the current version, Keycloak performs a rolling update if the Keycloak version is the same for the old and the new image. + # Future versions of Keycloak will change that behavior and use additional information from the configuration, the image and the version to determine if a rolling update is possible to reduce downtimes. + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/lightrun-helm-chart/templates/keycloak-operator-deployment.yaml b/charts/lightrun-helm-chart/templates/keycloak-operator-deployment.yaml new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/charts/lightrun-helm-chart/templates/keycloak-operator-deployment.yaml @@ -0,0 +1 @@ + diff --git a/chart/templates/keycloak-service.yaml b/charts/lightrun-helm-chart/templates/keycloak-service.yaml similarity index 93% rename from chart/templates/keycloak-service.yaml rename to charts/lightrun-helm-chart/templates/keycloak-service.yaml index a64c84d..d0978d3 100644 --- a/chart/templates/keycloak-service.yaml +++ b/charts/lightrun-helm-chart/templates/keycloak-service.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.deployments.keycloakOperator.enabled }} apiVersion: v1 kind: Service metadata: @@ -43,3 +44,4 @@ spec: app: {{ include "lightrun-keycloak.name" . }} {{- end }} +{{- end }} diff --git a/chart/templates/keycloak-serviceaccount.yaml b/charts/lightrun-helm-chart/templates/keycloak-serviceaccount.yaml similarity index 76% rename from chart/templates/keycloak-serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/keycloak-serviceaccount.yaml index 6190353..0ddd461 100644 --- a/chart/templates/keycloak-serviceaccount.yaml +++ b/charts/lightrun-helm-chart/templates/keycloak-serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceAccount.create -}} +{{- if and .Values.serviceAccount.create (not .Values.deployments.keycloakOperator.enabled) -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/chart/templates/keycloak-statefulset.yaml b/charts/lightrun-helm-chart/templates/keycloak-statefulset.yaml similarity index 99% rename from chart/templates/keycloak-statefulset.yaml rename to charts/lightrun-helm-chart/templates/keycloak-statefulset.yaml index 80e33de..b577a8f 100644 --- a/chart/templates/keycloak-statefulset.yaml +++ b/charts/lightrun-helm-chart/templates/keycloak-statefulset.yaml @@ -1,4 +1,5 @@ {{- $version := include "lightrun-keycloak.getSemanticVersion" .Values.deployments.keycloak.image.tag -}} +{{- if not .Values.deployments.keycloakOperator.enabled }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -376,3 +377,4 @@ spec: {{- range .Values.deployments.keycloak.extraVolumes }} {{- end }} {{- end }} +{{- end }} diff --git a/chart/templates/mysql-serviceaccount.yaml b/charts/lightrun-helm-chart/templates/mysql-serviceaccount.yaml similarity index 100% rename from chart/templates/mysql-serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/mysql-serviceaccount.yaml diff --git a/chart/templates/mysql.yaml b/charts/lightrun-helm-chart/templates/mysql.yaml similarity index 100% rename from chart/templates/mysql.yaml rename to charts/lightrun-helm-chart/templates/mysql.yaml diff --git a/chart/templates/networkpolicy.yaml b/charts/lightrun-helm-chart/templates/networkpolicy.yaml similarity index 100% rename from chart/templates/networkpolicy.yaml rename to charts/lightrun-helm-chart/templates/networkpolicy.yaml diff --git a/chart/templates/pdb.yaml b/charts/lightrun-helm-chart/templates/pdb.yaml similarity index 100% rename from chart/templates/pdb.yaml rename to charts/lightrun-helm-chart/templates/pdb.yaml diff --git a/chart/templates/rabbitmq-cm.yaml b/charts/lightrun-helm-chart/templates/rabbitmq-cm.yaml similarity index 100% rename from chart/templates/rabbitmq-cm.yaml rename to charts/lightrun-helm-chart/templates/rabbitmq-cm.yaml diff --git a/chart/templates/rabbitmq-service.yaml b/charts/lightrun-helm-chart/templates/rabbitmq-service.yaml similarity index 100% rename from chart/templates/rabbitmq-service.yaml rename to charts/lightrun-helm-chart/templates/rabbitmq-service.yaml diff --git a/chart/templates/rabbitmq-serviceaccount.yaml b/charts/lightrun-helm-chart/templates/rabbitmq-serviceaccount.yaml similarity index 100% rename from chart/templates/rabbitmq-serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/rabbitmq-serviceaccount.yaml diff --git a/chart/templates/rabbitmq.yaml b/charts/lightrun-helm-chart/templates/rabbitmq.yaml similarity index 100% rename from chart/templates/rabbitmq.yaml rename to charts/lightrun-helm-chart/templates/rabbitmq.yaml diff --git a/chart/templates/redis-deployment.yaml b/charts/lightrun-helm-chart/templates/redis-deployment.yaml similarity index 100% rename from chart/templates/redis-deployment.yaml rename to charts/lightrun-helm-chart/templates/redis-deployment.yaml diff --git a/chart/templates/redis-service.yaml b/charts/lightrun-helm-chart/templates/redis-service.yaml similarity index 100% rename from chart/templates/redis-service.yaml rename to charts/lightrun-helm-chart/templates/redis-service.yaml diff --git a/chart/templates/redis-serviceaccount.yaml b/charts/lightrun-helm-chart/templates/redis-serviceaccount.yaml similarity index 100% rename from chart/templates/redis-serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/redis-serviceaccount.yaml diff --git a/chart/templates/redis_config_cm.yaml b/charts/lightrun-helm-chart/templates/redis_config_cm.yaml similarity index 100% rename from chart/templates/redis_config_cm.yaml rename to charts/lightrun-helm-chart/templates/redis_config_cm.yaml diff --git a/chart/templates/router/configmap.yaml b/charts/lightrun-helm-chart/templates/router/configmap.yaml similarity index 99% rename from chart/templates/router/configmap.yaml rename to charts/lightrun-helm-chart/templates/router/configmap.yaml index 0551bd3..a609fbe 100644 --- a/chart/templates/router/configmap.yaml +++ b/charts/lightrun-helm-chart/templates/router/configmap.yaml @@ -85,7 +85,7 @@ data: } upstream {{ include "lightrun-keycloak.name" . }} { - server {{ include "lightrun-keycloak.name" . }}:8080 max_fails=0; + server {{ include "lightrun-keycloak.serviceName" . }}:8080 max_fails=0; } upstream {{ include "lightrun-fe.name" . }} { diff --git a/chart/templates/router/deployment.yaml b/charts/lightrun-helm-chart/templates/router/deployment.yaml similarity index 100% rename from chart/templates/router/deployment.yaml rename to charts/lightrun-helm-chart/templates/router/deployment.yaml diff --git a/chart/templates/router/ingress.yaml b/charts/lightrun-helm-chart/templates/router/ingress.yaml similarity index 100% rename from chart/templates/router/ingress.yaml rename to charts/lightrun-helm-chart/templates/router/ingress.yaml diff --git a/chart/templates/router/service.yaml b/charts/lightrun-helm-chart/templates/router/service.yaml similarity index 100% rename from chart/templates/router/service.yaml rename to charts/lightrun-helm-chart/templates/router/service.yaml diff --git a/chart/templates/router/serviceaccount.yaml b/charts/lightrun-helm-chart/templates/router/serviceaccount.yaml similarity index 100% rename from chart/templates/router/serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/router/serviceaccount.yaml diff --git a/chart/templates/secrets.yaml b/charts/lightrun-helm-chart/templates/secrets.yaml similarity index 100% rename from chart/templates/secrets.yaml rename to charts/lightrun-helm-chart/templates/secrets.yaml diff --git a/chart/templates/serviceaccount.yaml b/charts/lightrun-helm-chart/templates/serviceaccount.yaml similarity index 100% rename from chart/templates/serviceaccount.yaml rename to charts/lightrun-helm-chart/templates/serviceaccount.yaml diff --git a/chart/values.yaml b/charts/lightrun-helm-chart/values.yaml similarity index 98% rename from chart/values.yaml rename to charts/lightrun-helm-chart/values.yaml index 8933fec..4f89ac0 100644 --- a/chart/values.yaml +++ b/charts/lightrun-helm-chart/values.yaml @@ -666,6 +666,10 @@ deployments: # deployments.backend.asyncProfiler.persistence.existingClaim -- Name of an existing PersistentVolumeClaim to use. existingClaim: "" + ####################### + ## Keycloak StatefulSet Mode (Legacy) + ####################### + ## Traditional StatefulSet deployment - used when keycloakOperator.enabled=false (default) keycloak: useJsonLogFormat: false # For clusters with more than 3 pods, consider changing the number of "owner nodes" as described in @@ -741,6 +745,13 @@ deployments: # deployments.keycloak.asyncProfiler.persistence.existingClaim -- Name of an existing PersistentVolumeClaim to use. existingClaim: "" + ####################### + ## Keycloak Operator Mode (Recommended) + ####################### + ## Uses Keycloak Operator and Custom Resources - requires lightrun-keycloak-operator chart + keycloakOperator: + enabled: true + redis: architecture: single # (single|replicated) control the jcache profile passed to backend external: diff --git a/charts/lightrun-keycloak-operator/Chart.yaml b/charts/lightrun-keycloak-operator/Chart.yaml new file mode 100644 index 0000000..f8e2930 --- /dev/null +++ b/charts/lightrun-keycloak-operator/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: lightrun-keycloak-operator +description: Keycloak Operator and Custom Resource Definitions (CRDs) +type: application +version: 0.1.0 +appVersion: "26.2.5" +sources: + - https://www.keycloak.org/operator/installation#_installing_by_using_kubectl_without_operator_lifecycle_manager diff --git a/charts/lightrun-keycloak-operator/README.md b/charts/lightrun-keycloak-operator/README.md new file mode 100644 index 0000000..58fb2ef --- /dev/null +++ b/charts/lightrun-keycloak-operator/README.md @@ -0,0 +1,42 @@ +# Keycloak Operator + +Helm chart that installs Keycloak Custom Resource Definitions and optionally the Keycloak Operator. + +## Installation + +### Install CRDs only (default) +```bash +helm install keycloak-operator ./charts/lightrun-keycloak-operator +``` + +### Install CRDs + Operator +```bash +helm install keycloak-operator ./charts/lightrun-keycloak-operator \ + --set operator.enabled=true +``` + +## Configuration + +**Note:** CRDs are always installed (they are located in the `crds/` folder and installed as prerequisites). + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `operator.enabled` | Install Keycloak Operator | `false` | +| `operator.image.repository` | Operator image repository | `quay.io/keycloak/keycloak-operator` | +| `operator.image.tag` | Operator image tag | `26.2.5` | +| `operator.image.pullPolicy` | Image pull policy | `IfNotPresent` | + +## Usage as Dependency + +```yaml +# Chart.yaml +dependencies: + - name: lightrun-keycloak-operator + version: "0.1.0" + repository: "file://../lightrun-keycloak-operator" + condition: general.keycloakOperator.enabled +``` + +## Source + +Components from: https://github.com/keycloak/keycloak-k8s-resources (version 26.2.5) \ No newline at end of file diff --git a/charts/lightrun-keycloak-operator/crds/keycloak-crd.yaml b/charts/lightrun-keycloak-operator/crds/keycloak-crd.yaml new file mode 100644 index 0000000..8121619 --- /dev/null +++ b/charts/lightrun-keycloak-operator/crds/keycloak-crd.yaml @@ -0,0 +1,3948 @@ +# Generated by Fabric8 CRDGenerator, manual edits might get overwritten! +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + name: "keycloaks.k8s.keycloak.org" +spec: + group: "k8s.keycloak.org" + names: + kind: "Keycloak" + plural: "keycloaks" + shortNames: + - "kc" + singular: "keycloak" + scope: "Namespaced" + versions: + - name: "v2alpha1" + schema: + openAPIV3Schema: + properties: + spec: + properties: + additionalOptions: + description: |- + Configuration of the Keycloak server. + expressed as a keys (reference: https://www.keycloak.org/server/all-config) and values that can be either direct values or references to secrets. + items: + properties: + name: + type: "string" + secret: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + value: + type: "string" + type: "object" + type: "array" + bootstrapAdmin: + description: "In this section you can configure Keycloak's bootstrap\ + \ admin - will be used only for inital cluster creation." + properties: + service: + description: "Configures the bootstrap admin service account" + properties: + secret: + description: "Name of the Secret that contains the client-id\ + \ and client-secret keys" + type: "string" + type: "object" + user: + description: "Configures the bootstrap admin user" + properties: + secret: + description: "Name of the Secret that contains the username\ + \ and password keys" + type: "string" + type: "object" + type: "object" + cache: + description: "In this section you can configure Keycloak's cache" + properties: + configMapFile: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + db: + description: "In this section you can find all properties related\ + \ to connect to a database." + properties: + database: + description: "Sets the database name of the default JDBC URL of\ + \ the chosen vendor. If the `url` option is set, this option\ + \ is ignored." + type: "string" + host: + description: "Sets the hostname of the default JDBC URL of the\ + \ chosen vendor. If the `url` option is set, this option is\ + \ ignored." + type: "string" + passwordSecret: + description: "The reference to a secret holding the password of\ + \ the database user." + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + poolInitialSize: + description: "The initial size of the connection pool." + type: "integer" + poolMaxSize: + description: "The maximum size of the connection pool." + type: "integer" + poolMinSize: + description: "The minimal size of the connection pool." + type: "integer" + port: + description: "Sets the port of the default JDBC URL of the chosen\ + \ vendor. If the `url` option is set, this option is ignored." + type: "integer" + schema: + description: "The database schema to be used." + type: "string" + url: + description: "The full database JDBC URL. If not provided, a default\ + \ URL is set based on the selected database vendor. For instance,\ + \ if using 'postgres', the default JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. " + type: "string" + usernameSecret: + description: "The reference to a secret holding the username of\ + \ the database user." + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + vendor: + description: "The database vendor." + type: "string" + type: "object" + features: + description: "In this section you can configure Keycloak features,\ + \ which should be enabled/disabled." + properties: + disabled: + description: "Disabled Keycloak features" + items: + type: "string" + type: "array" + enabled: + description: "Enabled Keycloak features" + items: + type: "string" + type: "array" + type: "object" + hostname: + description: "In this section you can configure Keycloak hostname\ + \ and related properties." + properties: + admin: + description: "The hostname for accessing the administration console.\ + \ Applicable for Hostname v1 and v2." + type: "string" + adminUrl: + description: "DEPRECATED. Sets the base URL for accessing the\ + \ administration console, including scheme, host, port and path.\ + \ Applicable for Hostname v1." + type: "string" + backchannelDynamic: + description: "Enables dynamic resolving of backchannel URLs, including\ + \ hostname, scheme, port and context path. Set to true if your\ + \ application accesses Keycloak via a private network. Applicable\ + \ for Hostname v2." + type: "boolean" + hostname: + description: "Hostname for the Keycloak server. Applicable for\ + \ Hostname v1 and v2." + type: "string" + strict: + description: "Disables dynamically resolving the hostname from\ + \ request headers. Applicable for Hostname v1 and v2." + type: "boolean" + strictBackchannel: + description: "DEPRECATED. By default backchannel URLs are dynamically\ + \ resolved from request headers to allow internal and external\ + \ applications. Applicable for Hostname v1." + type: "boolean" + type: "object" + http: + description: "In this section you can configure Keycloak features\ + \ related to HTTP and HTTPS" + properties: + httpEnabled: + description: "Enables the HTTP listener." + type: "boolean" + httpPort: + description: "The used HTTP port." + type: "integer" + httpsPort: + description: "The used HTTPS port." + type: "integer" + tlsSecret: + description: "A secret containing the TLS configuration for HTTPS.\ + \ Reference: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets." + type: "string" + type: "object" + httpManagement: + description: "In this section you can configure Keycloak's management\ + \ interface setting." + properties: + port: + description: "Port of the management interface." + type: "integer" + type: "object" + image: + description: "Custom Keycloak image to be used." + type: "string" + imagePullSecrets: + description: "Secret(s) that might be used when pulling an image from\ + \ a private container image registry or repository." + items: + properties: + name: + type: "string" + type: "object" + type: "array" + ingress: + description: |- + The deployment is, by default, exposed through a basic ingress. + You can change this behaviour by setting the enabled property to false. + properties: + annotations: + additionalProperties: + type: "string" + description: "Additional annotations to be appended to the Ingress\ + \ object" + type: "object" + className: + type: "string" + enabled: + type: "boolean" + type: "object" + instances: + description: "Number of Keycloak instances. Default is 1." + type: "integer" + networkPolicy: + description: "Controls the ingress traffic flow into Keycloak pods." + properties: + enabled: + default: true + description: "Enables or disables the ingress traffic control." + type: "boolean" + http: + description: "A list of sources which should be able to access\ + \ this endpoint. Items in this list are combined using a logical\ + \ OR operation. If this field is empty or missing, this rule\ + \ matches all sources (traffic not restricted by source). If\ + \ this field is present and contains at least one item, this\ + \ rule allows traffic only if the traffic matches at least one\ + \ item in the from list." + items: + properties: + ipBlock: + properties: + cidr: + type: "string" + except: + items: + type: "string" + type: "array" + type: "object" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + https: + description: "A list of sources which should be able to access\ + \ this endpoint. Items in this list are combined using a logical\ + \ OR operation. If this field is empty or missing, this rule\ + \ matches all sources (traffic not restricted by source). If\ + \ this field is present and contains at least one item, this\ + \ rule allows traffic only if the traffic matches at least one\ + \ item in the from list." + items: + properties: + ipBlock: + properties: + cidr: + type: "string" + except: + items: + type: "string" + type: "array" + type: "object" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + management: + description: "A list of sources which should be able to access\ + \ this endpoint. Items in this list are combined using a logical\ + \ OR operation. If this field is empty or missing, this rule\ + \ matches all sources (traffic not restricted by source). If\ + \ this field is present and contains at least one item, this\ + \ rule allows traffic only if the traffic matches at least one\ + \ item in the from list." + items: + properties: + ipBlock: + properties: + cidr: + type: "string" + except: + items: + type: "string" + type: "array" + type: "object" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + type: "object" + proxy: + description: "In this section you can configure Keycloak's reverse\ + \ proxy setting" + properties: + headers: + description: "The proxy headers that should be accepted by the\ + \ server. Misconfiguration might leave the server exposed to\ + \ security vulnerabilities." + type: "string" + type: "object" + resources: + description: "Compute Resources required by Keycloak container" + properties: + claims: + items: + properties: + name: + type: "string" + request: + type: "string" + type: "object" + type: "array" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + scheduling: + description: "In this section you can configure Keycloak's scheduling" + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchFields: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + type: "object" + weight: + type: "integer" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchFields: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "object" + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + mismatchLabelKeys: + items: + type: "string" + type: "array" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + namespaces: + items: + type: "string" + type: "array" + topologyKey: + type: "string" + type: "object" + weight: + type: "integer" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + mismatchLabelKeys: + items: + type: "string" + type: "array" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + namespaces: + items: + type: "string" + type: "array" + topologyKey: + type: "string" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + mismatchLabelKeys: + items: + type: "string" + type: "array" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + namespaces: + items: + type: "string" + type: "array" + topologyKey: + type: "string" + type: "object" + weight: + type: "integer" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + mismatchLabelKeys: + items: + type: "string" + type: "array" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + namespaces: + items: + type: "string" + type: "array" + topologyKey: + type: "string" + type: "object" + type: "array" + type: "object" + type: "object" + priorityClassName: + type: "string" + tolerations: + items: + properties: + effect: + type: "string" + key: + type: "string" + operator: + type: "string" + tolerationSeconds: + type: "integer" + value: + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + maxSkew: + type: "integer" + minDomains: + type: "integer" + nodeAffinityPolicy: + type: "string" + nodeTaintsPolicy: + type: "string" + topologyKey: + type: "string" + whenUnsatisfiable: + type: "string" + type: "object" + type: "array" + type: "object" + startOptimized: + description: "Set to force the behavior of the --optimized flag for\ + \ the start command. If left unspecified the operator will assume\ + \ custom images have already been augmented." + type: "boolean" + tracing: + description: "In this section you can configure OpenTelemetry Tracing\ + \ for Keycloak." + properties: + compression: + description: "OpenTelemetry compression method used to compress\ + \ payloads. If unset, compression is disabled. Possible values\ + \ are: gzip, none." + type: "string" + enabled: + description: "Enables the OpenTelemetry tracing." + type: "boolean" + endpoint: + description: "OpenTelemetry endpoint to connect to." + type: "string" + protocol: + description: "OpenTelemetry protocol used for the telemetry data\ + \ (default 'grpc'). For more information, check the Tracing\ + \ guide." + type: "string" + resourceAttributes: + additionalProperties: + type: "string" + description: "OpenTelemetry resource attributes present in the\ + \ exported trace to characterize the telemetry producer." + type: "object" + samplerRatio: + description: "OpenTelemetry sampler ratio. Probability that a\ + \ span will be sampled. Expected double value in interval [0,1]." + type: "number" + samplerType: + description: "OpenTelemetry sampler to use for tracing (default\ + \ 'traceidratio'). For more information, check the Tracing guide." + type: "string" + serviceName: + description: "OpenTelemetry service name. Takes precedence over\ + \ 'service.name' defined in the 'resourceAttributes' map." + type: "string" + type: "object" + transaction: + description: "In this section you can find all properties related\ + \ to the settings of transaction behavior." + properties: + xaEnabled: + description: "Determine whether Keycloak should use a non-XA datasource\ + \ in case the database does not support XA transactions." + type: "boolean" + type: "object" + truststores: + additionalProperties: + properties: + name: + description: "Not used. To be removed in later versions." + type: "string" + secret: + properties: + name: + type: "string" + optional: + type: "boolean" + required: + - "name" + type: "object" + required: + - "secret" + type: "object" + description: "In this section you can configure Keycloak truststores." + type: "object" + unsupported: + description: |- + In this section you can configure podTemplate advanced features, not production-ready, and not supported settings. + Use at your own risk and open an issue with your use-case if you don't find an alternative way. + properties: + podTemplate: + description: |- + You can configure that will be merged with the one configured by default by the operator. + Use at your own risk, we reserve the possibility to remove/change the way any field gets merged in future releases without notice. + Reference: https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates + properties: + metadata: + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + creationTimestamp: + type: "string" + deletionGracePeriodSeconds: + type: "integer" + deletionTimestamp: + type: "string" + finalizers: + items: + type: "string" + type: "array" + generateName: + type: "string" + generation: + type: "integer" + labels: + additionalProperties: + type: "string" + type: "object" + managedFields: + items: + properties: + apiVersion: + type: "string" + fieldsType: + type: "string" + fieldsV1: + type: "object" + manager: + type: "string" + operation: + type: "string" + subresource: + type: "string" + time: + type: "string" + type: "object" + type: "array" + name: + type: "string" + namespace: + type: "string" + ownerReferences: + items: + properties: + apiVersion: + type: "string" + blockOwnerDeletion: + type: "boolean" + controller: + type: "boolean" + kind: + type: "string" + name: + type: "string" + uid: + type: "string" + type: "object" + type: "array" + resourceVersion: + type: "string" + selfLink: + type: "string" + uid: + type: "string" + type: "object" + spec: + properties: + activeDeadlineSeconds: + type: "integer" + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchFields: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + type: "object" + weight: + type: "integer" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchFields: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "object" + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + mismatchLabelKeys: + items: + type: "string" + type: "array" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + namespaces: + items: + type: "string" + type: "array" + topologyKey: + type: "string" + type: "object" + weight: + type: "integer" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + mismatchLabelKeys: + items: + type: "string" + type: "array" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + namespaces: + items: + type: "string" + type: "array" + topologyKey: + type: "string" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + mismatchLabelKeys: + items: + type: "string" + type: "array" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + namespaces: + items: + type: "string" + type: "array" + topologyKey: + type: "string" + type: "object" + weight: + type: "integer" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + mismatchLabelKeys: + items: + type: "string" + type: "array" + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + namespaces: + items: + type: "string" + type: "array" + topologyKey: + type: "string" + type: "object" + type: "array" + type: "object" + type: "object" + automountServiceAccountToken: + type: "boolean" + containers: + items: + properties: + args: + items: + type: "string" + type: "array" + command: + items: + type: "string" + type: "array" + env: + items: + properties: + name: + type: "string" + value: + type: "string" + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + fieldRef: + properties: + apiVersion: + type: "string" + fieldPath: + type: "string" + type: "object" + resourceFieldRef: + properties: + containerName: + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + resource: + type: "string" + type: "object" + secretKeyRef: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + type: "object" + type: "array" + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: "string" + optional: + type: "boolean" + type: "object" + prefix: + type: "string" + secretRef: + properties: + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + type: "array" + image: + type: "string" + imagePullPolicy: + type: "string" + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + sleep: + properties: + seconds: + type: "integer" + type: "object" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + preStop: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + sleep: + properties: + seconds: + type: "integer" + type: "object" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + type: "object" + livenessProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + name: + type: "string" + ports: + items: + properties: + containerPort: + type: "integer" + hostIP: + type: "string" + hostPort: + type: "integer" + name: + type: "string" + protocol: + type: "string" + type: "object" + type: "array" + readinessProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + type: "object" + type: "array" + resources: + properties: + claims: + items: + properties: + name: + type: "string" + request: + type: "string" + type: "object" + type: "array" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + restartPolicy: + type: "string" + securityContext: + properties: + allowPrivilegeEscalation: + type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" + capabilities: + properties: + add: + items: + type: "string" + type: "array" + drop: + items: + type: "string" + type: "array" + type: "object" + privileged: + type: "boolean" + procMount: + type: "string" + readOnlyRootFilesystem: + type: "boolean" + runAsGroup: + type: "integer" + runAsNonRoot: + type: "boolean" + runAsUser: + type: "integer" + seLinuxOptions: + properties: + level: + type: "string" + role: + type: "string" + type: + type: "string" + user: + type: "string" + type: "object" + seccompProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" + windowsOptions: + properties: + gmsaCredentialSpec: + type: "string" + gmsaCredentialSpecName: + type: "string" + hostProcess: + type: "boolean" + runAsUserName: + type: "string" + type: "object" + type: "object" + startupProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + stdin: + type: "boolean" + stdinOnce: + type: "boolean" + terminationMessagePath: + type: "string" + terminationMessagePolicy: + type: "string" + tty: + type: "boolean" + volumeDevices: + items: + properties: + devicePath: + type: "string" + name: + type: "string" + type: "object" + type: "array" + volumeMounts: + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" + workingDir: + type: "string" + type: "object" + type: "array" + dnsConfig: + properties: + nameservers: + items: + type: "string" + type: "array" + options: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + searches: + items: + type: "string" + type: "array" + type: "object" + dnsPolicy: + type: "string" + enableServiceLinks: + type: "boolean" + ephemeralContainers: + items: + properties: + args: + items: + type: "string" + type: "array" + command: + items: + type: "string" + type: "array" + env: + items: + properties: + name: + type: "string" + value: + type: "string" + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + fieldRef: + properties: + apiVersion: + type: "string" + fieldPath: + type: "string" + type: "object" + resourceFieldRef: + properties: + containerName: + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + resource: + type: "string" + type: "object" + secretKeyRef: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + type: "object" + type: "array" + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: "string" + optional: + type: "boolean" + type: "object" + prefix: + type: "string" + secretRef: + properties: + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + type: "array" + image: + type: "string" + imagePullPolicy: + type: "string" + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + sleep: + properties: + seconds: + type: "integer" + type: "object" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + preStop: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + sleep: + properties: + seconds: + type: "integer" + type: "object" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + type: "object" + livenessProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + name: + type: "string" + ports: + items: + properties: + containerPort: + type: "integer" + hostIP: + type: "string" + hostPort: + type: "integer" + name: + type: "string" + protocol: + type: "string" + type: "object" + type: "array" + readinessProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + type: "object" + type: "array" + resources: + properties: + claims: + items: + properties: + name: + type: "string" + request: + type: "string" + type: "object" + type: "array" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + restartPolicy: + type: "string" + securityContext: + properties: + allowPrivilegeEscalation: + type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" + capabilities: + properties: + add: + items: + type: "string" + type: "array" + drop: + items: + type: "string" + type: "array" + type: "object" + privileged: + type: "boolean" + procMount: + type: "string" + readOnlyRootFilesystem: + type: "boolean" + runAsGroup: + type: "integer" + runAsNonRoot: + type: "boolean" + runAsUser: + type: "integer" + seLinuxOptions: + properties: + level: + type: "string" + role: + type: "string" + type: + type: "string" + user: + type: "string" + type: "object" + seccompProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" + windowsOptions: + properties: + gmsaCredentialSpec: + type: "string" + gmsaCredentialSpecName: + type: "string" + hostProcess: + type: "boolean" + runAsUserName: + type: "string" + type: "object" + type: "object" + startupProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + stdin: + type: "boolean" + stdinOnce: + type: "boolean" + targetContainerName: + type: "string" + terminationMessagePath: + type: "string" + terminationMessagePolicy: + type: "string" + tty: + type: "boolean" + volumeDevices: + items: + properties: + devicePath: + type: "string" + name: + type: "string" + type: "object" + type: "array" + volumeMounts: + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" + workingDir: + type: "string" + type: "object" + type: "array" + hostAliases: + items: + properties: + hostnames: + items: + type: "string" + type: "array" + ip: + type: "string" + type: "object" + type: "array" + hostIPC: + type: "boolean" + hostNetwork: + type: "boolean" + hostPID: + type: "boolean" + hostUsers: + type: "boolean" + hostname: + type: "string" + imagePullSecrets: + items: + properties: + name: + type: "string" + type: "object" + type: "array" + initContainers: + items: + properties: + args: + items: + type: "string" + type: "array" + command: + items: + type: "string" + type: "array" + env: + items: + properties: + name: + type: "string" + value: + type: "string" + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + fieldRef: + properties: + apiVersion: + type: "string" + fieldPath: + type: "string" + type: "object" + resourceFieldRef: + properties: + containerName: + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + resource: + type: "string" + type: "object" + secretKeyRef: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + type: "object" + type: "array" + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: "string" + optional: + type: "boolean" + type: "object" + prefix: + type: "string" + secretRef: + properties: + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + type: "array" + image: + type: "string" + imagePullPolicy: + type: "string" + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + sleep: + properties: + seconds: + type: "integer" + type: "object" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + preStop: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + sleep: + properties: + seconds: + type: "integer" + type: "object" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + type: "object" + livenessProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + name: + type: "string" + ports: + items: + properties: + containerPort: + type: "integer" + hostIP: + type: "string" + hostPort: + type: "integer" + name: + type: "string" + protocol: + type: "string" + type: "object" + type: "array" + readinessProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + type: "object" + type: "array" + resources: + properties: + claims: + items: + properties: + name: + type: "string" + request: + type: "string" + type: "object" + type: "array" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + restartPolicy: + type: "string" + securityContext: + properties: + allowPrivilegeEscalation: + type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" + capabilities: + properties: + add: + items: + type: "string" + type: "array" + drop: + items: + type: "string" + type: "array" + type: "object" + privileged: + type: "boolean" + procMount: + type: "string" + readOnlyRootFilesystem: + type: "boolean" + runAsGroup: + type: "integer" + runAsNonRoot: + type: "boolean" + runAsUser: + type: "integer" + seLinuxOptions: + properties: + level: + type: "string" + role: + type: "string" + type: + type: "string" + user: + type: "string" + type: "object" + seccompProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" + windowsOptions: + properties: + gmsaCredentialSpec: + type: "string" + gmsaCredentialSpecName: + type: "string" + hostProcess: + type: "boolean" + runAsUserName: + type: "string" + type: "object" + type: "object" + startupProbe: + properties: + exec: + properties: + command: + items: + type: "string" + type: "array" + type: "object" + failureThreshold: + type: "integer" + grpc: + properties: + port: + type: "integer" + service: + type: "string" + type: "object" + httpGet: + properties: + host: + type: "string" + httpHeaders: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + path: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + scheme: + type: "string" + type: "object" + initialDelaySeconds: + type: "integer" + periodSeconds: + type: "integer" + successThreshold: + type: "integer" + tcpSocket: + properties: + host: + type: "string" + port: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + terminationGracePeriodSeconds: + type: "integer" + timeoutSeconds: + type: "integer" + type: "object" + stdin: + type: "boolean" + stdinOnce: + type: "boolean" + terminationMessagePath: + type: "string" + terminationMessagePolicy: + type: "string" + tty: + type: "boolean" + volumeDevices: + items: + properties: + devicePath: + type: "string" + name: + type: "string" + type: "object" + type: "array" + volumeMounts: + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" + workingDir: + type: "string" + type: "object" + type: "array" + nodeName: + type: "string" + nodeSelector: + additionalProperties: + type: "string" + type: "object" + os: + properties: + name: + type: "string" + type: "object" + overhead: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + preemptionPolicy: + type: "string" + priority: + type: "integer" + priorityClassName: + type: "string" + readinessGates: + items: + properties: + conditionType: + type: "string" + type: "object" + type: "array" + resourceClaims: + items: + properties: + name: + type: "string" + resourceClaimName: + type: "string" + resourceClaimTemplateName: + type: "string" + type: "object" + type: "array" + resources: + properties: + claims: + items: + properties: + name: + type: "string" + request: + type: "string" + type: "object" + type: "array" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + restartPolicy: + type: "string" + runtimeClassName: + type: "string" + schedulerName: + type: "string" + schedulingGates: + items: + properties: + name: + type: "string" + type: "object" + type: "array" + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" + fsGroup: + type: "integer" + fsGroupChangePolicy: + type: "string" + runAsGroup: + type: "integer" + runAsNonRoot: + type: "boolean" + runAsUser: + type: "integer" + seLinuxChangePolicy: + type: "string" + seLinuxOptions: + properties: + level: + type: "string" + role: + type: "string" + type: + type: "string" + user: + type: "string" + type: "object" + seccompProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" + supplementalGroups: + items: + type: "integer" + type: "array" + supplementalGroupsPolicy: + type: "string" + sysctls: + items: + properties: + name: + type: "string" + value: + type: "string" + type: "object" + type: "array" + windowsOptions: + properties: + gmsaCredentialSpec: + type: "string" + gmsaCredentialSpecName: + type: "string" + hostProcess: + type: "boolean" + runAsUserName: + type: "string" + type: "object" + type: "object" + serviceAccount: + type: "string" + serviceAccountName: + type: "string" + setHostnameAsFQDN: + type: "boolean" + shareProcessNamespace: + type: "boolean" + subdomain: + type: "string" + terminationGracePeriodSeconds: + type: "integer" + tolerations: + items: + properties: + effect: + type: "string" + key: + type: "string" + operator: + type: "string" + tolerationSeconds: + type: "integer" + value: + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + matchLabelKeys: + items: + type: "string" + type: "array" + maxSkew: + type: "integer" + minDomains: + type: "integer" + nodeAffinityPolicy: + type: "string" + nodeTaintsPolicy: + type: "string" + topologyKey: + type: "string" + whenUnsatisfiable: + type: "string" + type: "object" + type: "array" + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: "string" + partition: + type: "integer" + readOnly: + type: "boolean" + volumeID: + type: "string" + type: "object" + azureDisk: + properties: + cachingMode: + type: "string" + diskName: + type: "string" + diskURI: + type: "string" + fsType: + type: "string" + kind: + type: "string" + readOnly: + type: "boolean" + type: "object" + azureFile: + properties: + readOnly: + type: "boolean" + secretName: + type: "string" + shareName: + type: "string" + type: "object" + cephfs: + properties: + monitors: + items: + type: "string" + type: "array" + path: + type: "string" + readOnly: + type: "boolean" + secretFile: + type: "string" + secretRef: + properties: + name: + type: "string" + type: "object" + user: + type: "string" + type: "object" + cinder: + properties: + fsType: + type: "string" + readOnly: + type: "boolean" + secretRef: + properties: + name: + type: "string" + type: "object" + volumeID: + type: "string" + type: "object" + configMap: + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + csi: + properties: + driver: + type: "string" + fsType: + type: "string" + nodePublishSecretRef: + properties: + name: + type: "string" + type: "object" + readOnly: + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + type: "object" + type: "object" + downwardAPI: + properties: + defaultMode: + type: "integer" + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: "string" + fieldPath: + type: "string" + type: "object" + mode: + type: "integer" + path: + type: "string" + resourceFieldRef: + properties: + containerName: + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + resource: + type: "string" + type: "object" + type: "object" + type: "array" + type: "object" + emptyDir: + properties: + medium: + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + creationTimestamp: + type: "string" + deletionGracePeriodSeconds: + type: "integer" + deletionTimestamp: + type: "string" + finalizers: + items: + type: "string" + type: "array" + generateName: + type: "string" + generation: + type: "integer" + labels: + additionalProperties: + type: "string" + type: "object" + managedFields: + items: + properties: + apiVersion: + type: "string" + fieldsType: + type: "string" + fieldsV1: + type: "object" + manager: + type: "string" + operation: + type: "string" + subresource: + type: "string" + time: + type: "string" + type: "object" + type: "array" + name: + type: "string" + namespace: + type: "string" + ownerReferences: + items: + properties: + apiVersion: + type: "string" + blockOwnerDeletion: + type: "boolean" + controller: + type: "boolean" + kind: + type: "string" + name: + type: "string" + uid: + type: "string" + type: "object" + type: "array" + resourceVersion: + type: "string" + selfLink: + type: "string" + uid: + type: "string" + type: "object" + spec: + properties: + accessModes: + items: + type: "string" + type: "array" + dataSource: + properties: + apiGroup: + type: "string" + kind: + type: "string" + name: + type: "string" + type: "object" + dataSourceRef: + properties: + apiGroup: + type: "string" + kind: + type: "string" + name: + type: "string" + namespace: + type: "string" + type: "object" + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + selector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + storageClassName: + type: "string" + volumeAttributesClassName: + type: "string" + volumeMode: + type: "string" + volumeName: + type: "string" + type: "object" + type: "object" + type: "object" + fc: + properties: + fsType: + type: "string" + lun: + type: "integer" + readOnly: + type: "boolean" + targetWWNs: + items: + type: "string" + type: "array" + wwids: + items: + type: "string" + type: "array" + type: "object" + flexVolume: + properties: + driver: + type: "string" + fsType: + type: "string" + options: + additionalProperties: + type: "string" + type: "object" + readOnly: + type: "boolean" + secretRef: + properties: + name: + type: "string" + type: "object" + type: "object" + flocker: + properties: + datasetName: + type: "string" + datasetUUID: + type: "string" + type: "object" + gcePersistentDisk: + properties: + fsType: + type: "string" + partition: + type: "integer" + pdName: + type: "string" + readOnly: + type: "boolean" + type: "object" + gitRepo: + properties: + directory: + type: "string" + repository: + type: "string" + revision: + type: "string" + type: "object" + glusterfs: + properties: + endpoints: + type: "string" + path: + type: "string" + readOnly: + type: "boolean" + type: "object" + hostPath: + properties: + path: + type: "string" + type: + type: "string" + type: "object" + image: + properties: + pullPolicy: + type: "string" + reference: + type: "string" + type: "object" + iscsi: + properties: + chapAuthDiscovery: + type: "boolean" + chapAuthSession: + type: "boolean" + fsType: + type: "string" + initiatorName: + type: "string" + iqn: + type: "string" + iscsiInterface: + type: "string" + lun: + type: "integer" + portals: + items: + type: "string" + type: "array" + readOnly: + type: "boolean" + secretRef: + properties: + name: + type: "string" + type: "object" + targetPortal: + type: "string" + type: "object" + name: + type: "string" + nfs: + properties: + path: + type: "string" + readOnly: + type: "boolean" + server: + type: "string" + type: "object" + persistentVolumeClaim: + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + photonPersistentDisk: + properties: + fsType: + type: "string" + pdID: + type: "string" + type: "object" + portworxVolume: + properties: + fsType: + type: "string" + readOnly: + type: "boolean" + volumeID: + type: "string" + type: "object" + projected: + properties: + defaultMode: + type: "integer" + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + type: "object" + configMap: + properties: + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: "string" + fieldPath: + type: "string" + type: "object" + mode: + type: "integer" + path: + type: "string" + resourceFieldRef: + properties: + containerName: + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + resource: + type: "string" + type: "object" + type: "object" + type: "array" + type: "object" + secret: + properties: + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + serviceAccountToken: + properties: + audience: + type: "string" + expirationSeconds: + type: "integer" + path: + type: "string" + type: "object" + type: "object" + type: "array" + type: "object" + quobyte: + properties: + group: + type: "string" + readOnly: + type: "boolean" + registry: + type: "string" + tenant: + type: "string" + user: + type: "string" + volume: + type: "string" + type: "object" + rbd: + properties: + fsType: + type: "string" + image: + type: "string" + keyring: + type: "string" + monitors: + items: + type: "string" + type: "array" + pool: + type: "string" + readOnly: + type: "boolean" + secretRef: + properties: + name: + type: "string" + type: "object" + user: + type: "string" + type: "object" + scaleIO: + properties: + fsType: + type: "string" + gateway: + type: "string" + protectionDomain: + type: "string" + readOnly: + type: "boolean" + secretRef: + properties: + name: + type: "string" + type: "object" + sslEnabled: + type: "boolean" + storageMode: + type: "string" + storagePool: + type: "string" + system: + type: "string" + volumeName: + type: "string" + type: "object" + secret: + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + storageos: + properties: + fsType: + type: "string" + readOnly: + type: "boolean" + secretRef: + properties: + name: + type: "string" + type: "object" + volumeName: + type: "string" + volumeNamespace: + type: "string" + type: "object" + vsphereVolume: + properties: + fsType: + type: "string" + storagePolicyID: + type: "string" + storagePolicyName: + type: "string" + volumePath: + type: "string" + type: "object" + type: "object" + type: "array" + type: "object" + type: "object" + type: "object" + update: + description: "Configuration related to Keycloak deployment updates." + properties: + revision: + description: "When use the Explicit strategy, the revision signals\ + \ if a rolling update can be used or not." + type: "string" + strategy: + default: "RecreateOnImageChange" + description: "Sets the update strategy to use." + enum: + - "Auto" + - "Explicit" + - "RecreateOnImageChange" + type: "string" + type: "object" + x-kubernetes-validations: + - message: "The 'revision' field is required when 'Explicit' strategy\ + \ is used" + rule: "self.strategy != 'Explicit' || has(self.revision)" + type: "object" + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: "string" + message: + type: "string" + observedGeneration: + type: "integer" + status: + type: "string" + type: + type: "string" + type: "object" + type: "array" + instances: + type: "integer" + observedGeneration: + type: "integer" + selector: + type: "string" + type: "object" + type: "object" + served: true + storage: true + subresources: + scale: + labelSelectorPath: ".status.selector" + specReplicasPath: ".spec.instances" + statusReplicasPath: ".status.instances" + status: {} + diff --git a/charts/lightrun-keycloak-operator/crds/keycloak-realm-import-crd.yaml b/charts/lightrun-keycloak-operator/crds/keycloak-realm-import-crd.yaml new file mode 100644 index 0000000..f7cf124 --- /dev/null +++ b/charts/lightrun-keycloak-operator/crds/keycloak-realm-import-crd.yaml @@ -0,0 +1,3605 @@ +# Generated by Fabric8 CRDGenerator, manual edits might get overwritten! +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + name: "keycloakrealmimports.k8s.keycloak.org" +spec: + group: "k8s.keycloak.org" + names: + kind: "KeycloakRealmImport" + plural: "keycloakrealmimports" + singular: "keycloakrealmimport" + scope: "Namespaced" + versions: + - name: "v2alpha1" + schema: + openAPIV3Schema: + properties: + spec: + properties: + keycloakCRName: + description: "The name of the Keycloak CR to reference, in the same\ + \ namespace." + type: "string" + placeholders: + additionalProperties: + properties: + secret: + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + description: "Optionally set to replace ENV variable placeholders\ + \ in the realm import." + type: "object" + realm: + description: "The RealmRepresentation to import into Keycloak." + properties: + accessCodeLifespan: + type: "integer" + accessCodeLifespanLogin: + type: "integer" + accessCodeLifespanUserAction: + type: "integer" + accessTokenLifespan: + type: "integer" + accessTokenLifespanForImplicitFlow: + type: "integer" + accountTheme: + type: "string" + actionTokenGeneratedByAdminLifespan: + type: "integer" + actionTokenGeneratedByUserLifespan: + type: "integer" + adminEventsDetailsEnabled: + type: "boolean" + adminEventsEnabled: + type: "boolean" + adminPermissionsClient: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + adminUrl: + type: "string" + alwaysDisplayInConsole: + type: "boolean" + attributes: + additionalProperties: + type: "string" + type: "object" + authenticationFlowBindingOverrides: + additionalProperties: + type: "string" + type: "object" + authorizationServicesEnabled: + type: "boolean" + authorizationSettings: + properties: + allowRemoteResourceManagement: + type: "boolean" + authorizationSchema: + properties: + resourceTypes: + additionalProperties: + properties: + groupType: + type: "string" + scopeAliases: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + scopes: + items: + type: "string" + type: "array" + type: + type: "string" + type: "object" + type: "object" + type: "object" + clientId: + type: "string" + decisionStrategy: + enum: + - "AFFIRMATIVE" + - "CONSENSUS" + - "UNANIMOUS" + type: "string" + id: + type: "string" + name: + type: "string" + policies: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + decisionStrategy: + enum: + - "AFFIRMATIVE" + - "CONSENSUS" + - "UNANIMOUS" + type: "string" + description: + type: "string" + id: + type: "string" + logic: + enum: + - "NEGATIVE" + - "POSITIVE" + type: "string" + name: + type: "string" + owner: + type: "string" + policies: + items: + type: "string" + type: "array" + resourceType: + type: "string" + resources: + items: + type: "string" + type: "array" + resourcesData: + items: + properties: + _id: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + displayName: + type: "string" + icon_uri: + type: "string" + name: + type: "string" + owner: + properties: + id: + type: "string" + name: + type: "string" + type: "object" + ownerManagedAccess: + type: "boolean" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + uris: + items: + type: "string" + type: "array" + type: "object" + type: "array" + scopes: + items: + type: "string" + type: "array" + scopesData: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + type: "object" + type: "array" + policyEnforcementMode: + enum: + - "DISABLED" + - "ENFORCING" + - "PERMISSIVE" + type: "string" + resources: + items: + properties: + _id: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + displayName: + type: "string" + icon_uri: + type: "string" + name: + type: "string" + owner: + properties: + id: + type: "string" + name: + type: "string" + type: "object" + ownerManagedAccess: + type: "boolean" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + uris: + items: + type: "string" + type: "array" + type: "object" + type: "array" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: "object" + baseUrl: + type: "string" + bearerOnly: + type: "boolean" + clientAuthenticatorType: + type: "string" + clientId: + type: "string" + clientTemplate: + type: "string" + consentRequired: + type: "boolean" + defaultClientScopes: + items: + type: "string" + type: "array" + defaultRoles: + items: + type: "string" + type: "array" + description: + type: "string" + directAccessGrantsEnabled: + type: "boolean" + directGrantsOnly: + type: "boolean" + enabled: + type: "boolean" + frontchannelLogout: + type: "boolean" + fullScopeAllowed: + type: "boolean" + id: + type: "string" + implicitFlowEnabled: + type: "boolean" + name: + type: "string" + nodeReRegistrationTimeout: + type: "integer" + notBefore: + type: "integer" + optionalClientScopes: + items: + type: "string" + type: "array" + origin: + type: "string" + protocol: + type: "string" + protocolMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + consentRequired: + type: "boolean" + consentText: + type: "string" + id: + type: "string" + name: + type: "string" + protocol: + type: "string" + protocolMapper: + type: "string" + type: "object" + type: "array" + publicClient: + type: "boolean" + redirectUris: + items: + type: "string" + type: "array" + registeredNodes: + additionalProperties: + type: "integer" + type: "object" + registrationAccessToken: + type: "string" + rootUrl: + type: "string" + secret: + type: "string" + serviceAccountsEnabled: + type: "boolean" + standardFlowEnabled: + type: "boolean" + surrogateAuthRequired: + type: "boolean" + type: + type: "string" + useTemplateConfig: + type: "boolean" + useTemplateMappers: + type: "boolean" + useTemplateScope: + type: "boolean" + webOrigins: + items: + type: "string" + type: "array" + type: "object" + adminPermissionsEnabled: + type: "boolean" + adminTheme: + type: "string" + applicationScopeMappings: + additionalProperties: + items: + properties: + client: + type: "string" + clientScope: + type: "string" + clientTemplate: + type: "string" + roles: + items: + type: "string" + type: "array" + self: + type: "string" + type: "object" + type: "array" + type: "object" + applications: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + adminUrl: + type: "string" + alwaysDisplayInConsole: + type: "boolean" + attributes: + additionalProperties: + type: "string" + type: "object" + authenticationFlowBindingOverrides: + additionalProperties: + type: "string" + type: "object" + authorizationServicesEnabled: + type: "boolean" + authorizationSettings: + properties: + allowRemoteResourceManagement: + type: "boolean" + authorizationSchema: + properties: + resourceTypes: + additionalProperties: + properties: + groupType: + type: "string" + scopeAliases: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + scopes: + items: + type: "string" + type: "array" + type: + type: "string" + type: "object" + type: "object" + type: "object" + clientId: + type: "string" + decisionStrategy: + enum: + - "AFFIRMATIVE" + - "CONSENSUS" + - "UNANIMOUS" + type: "string" + id: + type: "string" + name: + type: "string" + policies: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + decisionStrategy: + enum: + - "AFFIRMATIVE" + - "CONSENSUS" + - "UNANIMOUS" + type: "string" + description: + type: "string" + id: + type: "string" + logic: + enum: + - "NEGATIVE" + - "POSITIVE" + type: "string" + name: + type: "string" + owner: + type: "string" + policies: + items: + type: "string" + type: "array" + resourceType: + type: "string" + resources: + items: + type: "string" + type: "array" + resourcesData: + items: + properties: + _id: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + displayName: + type: "string" + icon_uri: + type: "string" + name: + type: "string" + owner: + properties: + id: + type: "string" + name: + type: "string" + type: "object" + ownerManagedAccess: + type: "boolean" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + uris: + items: + type: "string" + type: "array" + type: "object" + type: "array" + scopes: + items: + type: "string" + type: "array" + scopesData: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + type: "object" + type: "array" + policyEnforcementMode: + enum: + - "DISABLED" + - "ENFORCING" + - "PERMISSIVE" + type: "string" + resources: + items: + properties: + _id: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + displayName: + type: "string" + icon_uri: + type: "string" + name: + type: "string" + owner: + properties: + id: + type: "string" + name: + type: "string" + type: "object" + ownerManagedAccess: + type: "boolean" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + uris: + items: + type: "string" + type: "array" + type: "object" + type: "array" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: "object" + baseUrl: + type: "string" + bearerOnly: + type: "boolean" + claims: + properties: + address: + type: "boolean" + email: + type: "boolean" + gender: + type: "boolean" + locale: + type: "boolean" + name: + type: "boolean" + phone: + type: "boolean" + picture: + type: "boolean" + profile: + type: "boolean" + username: + type: "boolean" + website: + type: "boolean" + type: "object" + clientAuthenticatorType: + type: "string" + clientId: + type: "string" + clientTemplate: + type: "string" + consentRequired: + type: "boolean" + defaultClientScopes: + items: + type: "string" + type: "array" + defaultRoles: + items: + type: "string" + type: "array" + description: + type: "string" + directAccessGrantsEnabled: + type: "boolean" + directGrantsOnly: + type: "boolean" + enabled: + type: "boolean" + frontchannelLogout: + type: "boolean" + fullScopeAllowed: + type: "boolean" + id: + type: "string" + implicitFlowEnabled: + type: "boolean" + name: + type: "string" + nodeReRegistrationTimeout: + type: "integer" + notBefore: + type: "integer" + optionalClientScopes: + items: + type: "string" + type: "array" + origin: + type: "string" + protocol: + type: "string" + protocolMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + consentRequired: + type: "boolean" + consentText: + type: "string" + id: + type: "string" + name: + type: "string" + protocol: + type: "string" + protocolMapper: + type: "string" + type: "object" + type: "array" + publicClient: + type: "boolean" + redirectUris: + items: + type: "string" + type: "array" + registeredNodes: + additionalProperties: + type: "integer" + type: "object" + registrationAccessToken: + type: "string" + rootUrl: + type: "string" + secret: + type: "string" + serviceAccountsEnabled: + type: "boolean" + standardFlowEnabled: + type: "boolean" + surrogateAuthRequired: + type: "boolean" + type: + type: "string" + useTemplateConfig: + type: "boolean" + useTemplateMappers: + type: "boolean" + useTemplateScope: + type: "boolean" + webOrigins: + items: + type: "string" + type: "array" + type: "object" + type: "array" + attributes: + additionalProperties: + type: "string" + type: "object" + authenticationFlows: + items: + properties: + alias: + type: "string" + authenticationExecutions: + items: + properties: + authenticator: + type: "string" + authenticatorConfig: + type: "string" + authenticatorFlow: + type: "boolean" + autheticatorFlow: + type: "boolean" + flowAlias: + type: "string" + priority: + type: "integer" + requirement: + type: "string" + userSetupAllowed: + type: "boolean" + type: "object" + type: "array" + builtIn: + type: "boolean" + description: + type: "string" + id: + type: "string" + providerId: + type: "string" + topLevel: + type: "boolean" + type: "object" + type: "array" + authenticatorConfig: + items: + properties: + alias: + type: "string" + config: + additionalProperties: + type: "string" + type: "object" + id: + type: "string" + type: "object" + type: "array" + browserFlow: + type: "string" + browserSecurityHeaders: + additionalProperties: + type: "string" + type: "object" + bruteForceProtected: + type: "boolean" + bruteForceStrategy: + enum: + - "LINEAR" + - "MULTIPLE" + type: "string" + certificate: + type: "string" + clientAuthenticationFlow: + type: "string" + clientOfflineSessionIdleTimeout: + type: "integer" + clientOfflineSessionMaxLifespan: + type: "integer" + clientPolicies: + x-kubernetes-preserve-unknown-fields: true + clientProfiles: + x-kubernetes-preserve-unknown-fields: true + clientScopeMappings: + additionalProperties: + items: + properties: + client: + type: "string" + clientScope: + type: "string" + clientTemplate: + type: "string" + roles: + items: + type: "string" + type: "array" + self: + type: "string" + type: "object" + type: "array" + type: "object" + clientScopes: + items: + properties: + attributes: + additionalProperties: + type: "string" + type: "object" + description: + type: "string" + id: + type: "string" + name: + type: "string" + protocol: + type: "string" + protocolMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + consentRequired: + type: "boolean" + consentText: + type: "string" + id: + type: "string" + name: + type: "string" + protocol: + type: "string" + protocolMapper: + type: "string" + type: "object" + type: "array" + type: "object" + type: "array" + clientSessionIdleTimeout: + type: "integer" + clientSessionMaxLifespan: + type: "integer" + clientTemplates: + items: + properties: + attributes: + additionalProperties: + type: "string" + type: "object" + bearerOnly: + type: "boolean" + consentRequired: + type: "boolean" + description: + type: "string" + directAccessGrantsEnabled: + type: "boolean" + frontchannelLogout: + type: "boolean" + fullScopeAllowed: + type: "boolean" + id: + type: "string" + implicitFlowEnabled: + type: "boolean" + name: + type: "string" + protocol: + type: "string" + protocolMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + consentRequired: + type: "boolean" + consentText: + type: "string" + id: + type: "string" + name: + type: "string" + protocol: + type: "string" + protocolMapper: + type: "string" + type: "object" + type: "array" + publicClient: + type: "boolean" + serviceAccountsEnabled: + type: "boolean" + standardFlowEnabled: + type: "boolean" + type: "object" + type: "array" + clients: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + adminUrl: + type: "string" + alwaysDisplayInConsole: + type: "boolean" + attributes: + additionalProperties: + type: "string" + type: "object" + authenticationFlowBindingOverrides: + additionalProperties: + type: "string" + type: "object" + authorizationServicesEnabled: + type: "boolean" + authorizationSettings: + properties: + allowRemoteResourceManagement: + type: "boolean" + authorizationSchema: + properties: + resourceTypes: + additionalProperties: + properties: + groupType: + type: "string" + scopeAliases: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + scopes: + items: + type: "string" + type: "array" + type: + type: "string" + type: "object" + type: "object" + type: "object" + clientId: + type: "string" + decisionStrategy: + enum: + - "AFFIRMATIVE" + - "CONSENSUS" + - "UNANIMOUS" + type: "string" + id: + type: "string" + name: + type: "string" + policies: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + decisionStrategy: + enum: + - "AFFIRMATIVE" + - "CONSENSUS" + - "UNANIMOUS" + type: "string" + description: + type: "string" + id: + type: "string" + logic: + enum: + - "NEGATIVE" + - "POSITIVE" + type: "string" + name: + type: "string" + owner: + type: "string" + policies: + items: + type: "string" + type: "array" + resourceType: + type: "string" + resources: + items: + type: "string" + type: "array" + resourcesData: + items: + properties: + _id: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + displayName: + type: "string" + icon_uri: + type: "string" + name: + type: "string" + owner: + properties: + id: + type: "string" + name: + type: "string" + type: "object" + ownerManagedAccess: + type: "boolean" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + uris: + items: + type: "string" + type: "array" + type: "object" + type: "array" + scopes: + items: + type: "string" + type: "array" + scopesData: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + type: "object" + type: "array" + policyEnforcementMode: + enum: + - "DISABLED" + - "ENFORCING" + - "PERMISSIVE" + type: "string" + resources: + items: + properties: + _id: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + displayName: + type: "string" + icon_uri: + type: "string" + name: + type: "string" + owner: + properties: + id: + type: "string" + name: + type: "string" + type: "object" + ownerManagedAccess: + type: "boolean" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + uris: + items: + type: "string" + type: "array" + type: "object" + type: "array" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: "object" + baseUrl: + type: "string" + bearerOnly: + type: "boolean" + clientAuthenticatorType: + type: "string" + clientId: + type: "string" + clientTemplate: + type: "string" + consentRequired: + type: "boolean" + defaultClientScopes: + items: + type: "string" + type: "array" + defaultRoles: + items: + type: "string" + type: "array" + description: + type: "string" + directAccessGrantsEnabled: + type: "boolean" + directGrantsOnly: + type: "boolean" + enabled: + type: "boolean" + frontchannelLogout: + type: "boolean" + fullScopeAllowed: + type: "boolean" + id: + type: "string" + implicitFlowEnabled: + type: "boolean" + name: + type: "string" + nodeReRegistrationTimeout: + type: "integer" + notBefore: + type: "integer" + optionalClientScopes: + items: + type: "string" + type: "array" + origin: + type: "string" + protocol: + type: "string" + protocolMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + consentRequired: + type: "boolean" + consentText: + type: "string" + id: + type: "string" + name: + type: "string" + protocol: + type: "string" + protocolMapper: + type: "string" + type: "object" + type: "array" + publicClient: + type: "boolean" + redirectUris: + items: + type: "string" + type: "array" + registeredNodes: + additionalProperties: + type: "integer" + type: "object" + registrationAccessToken: + type: "string" + rootUrl: + type: "string" + secret: + type: "string" + serviceAccountsEnabled: + type: "boolean" + standardFlowEnabled: + type: "boolean" + surrogateAuthRequired: + type: "boolean" + type: + type: "string" + useTemplateConfig: + type: "boolean" + useTemplateMappers: + type: "boolean" + useTemplateScope: + type: "boolean" + webOrigins: + items: + type: "string" + type: "array" + type: "object" + type: "array" + codeSecret: + type: "string" + components: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + providerId: + type: "string" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + subType: + type: "string" + type: "object" + type: "array" + type: "object" + defaultDefaultClientScopes: + items: + type: "string" + type: "array" + defaultGroups: + items: + type: "string" + type: "array" + defaultLocale: + type: "string" + defaultOptionalClientScopes: + items: + type: "string" + type: "array" + defaultRole: + properties: + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRole: + type: "boolean" + composite: + type: "boolean" + composites: + properties: + application: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + client: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + realm: + items: + type: "string" + type: "array" + type: "object" + containerId: + type: "string" + description: + type: "string" + id: + type: "string" + name: + type: "string" + scopeParamRequired: + type: "boolean" + type: "object" + defaultRoles: + items: + type: "string" + type: "array" + defaultSignatureAlgorithm: + type: "string" + directGrantFlow: + type: "string" + displayName: + type: "string" + displayNameHtml: + type: "string" + dockerAuthenticationFlow: + type: "string" + duplicateEmailsAllowed: + type: "boolean" + editUsernameAllowed: + type: "boolean" + emailTheme: + type: "string" + enabled: + type: "boolean" + enabledEventTypes: + items: + type: "string" + type: "array" + eventsEnabled: + type: "boolean" + eventsExpiration: + type: "integer" + eventsListeners: + items: + type: "string" + type: "array" + failureFactor: + type: "integer" + federatedUsers: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + applicationRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientConsents: + items: + properties: + clientId: + type: "string" + createdDate: + type: "integer" + grantedClientScopes: + items: + type: "string" + type: "array" + grantedRealmRoles: + items: + type: "string" + type: "array" + lastUpdatedDate: + type: "integer" + type: "object" + type: "array" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + createdTimestamp: + type: "integer" + credentials: + items: + properties: + algorithm: + type: "string" + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + counter: + type: "integer" + createdDate: + type: "integer" + credentialData: + type: "string" + device: + type: "string" + digits: + type: "integer" + federationLink: + type: "string" + hashIterations: + type: "integer" + hashedSaltedValue: + type: "string" + id: + type: "string" + period: + type: "integer" + priority: + type: "integer" + salt: + type: "string" + secretData: + type: "string" + temporary: + type: "boolean" + type: + type: "string" + userLabel: + type: "string" + value: + type: "string" + type: "object" + type: "array" + disableableCredentialTypes: + items: + type: "string" + type: "array" + email: + type: "string" + emailVerified: + type: "boolean" + enabled: + type: "boolean" + federatedIdentities: + items: + properties: + identityProvider: + type: "string" + userId: + type: "string" + userName: + type: "string" + type: "object" + type: "array" + federationLink: + type: "string" + firstName: + type: "string" + groups: + items: + type: "string" + type: "array" + id: + type: "string" + lastName: + type: "string" + notBefore: + type: "integer" + origin: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + requiredActions: + items: + type: "string" + type: "array" + self: + type: "string" + serviceAccountClientId: + type: "string" + socialLinks: + items: + properties: + socialProvider: + type: "string" + socialUserId: + type: "string" + socialUsername: + type: "string" + type: "object" + type: "array" + totp: + type: "boolean" + userProfileMetadata: + properties: + attributes: + items: + properties: + annotations: + additionalProperties: + type: "object" + type: "object" + displayName: + type: "string" + group: + type: "string" + multivalued: + type: "boolean" + name: + type: "string" + readOnly: + type: "boolean" + required: + type: "boolean" + validators: + additionalProperties: + additionalProperties: + type: "object" + type: "object" + type: "object" + type: "object" + type: "array" + groups: + items: + properties: + annotations: + additionalProperties: + type: "object" + type: "object" + displayDescription: + type: "string" + displayHeader: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: "object" + username: + type: "string" + type: "object" + type: "array" + firstBrokerLoginFlow: + type: "string" + groups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + subGroups: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + id: + type: "string" + name: + type: "string" + parentId: + type: "string" + path: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + subGroupCount: + type: "integer" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + type: "object" + type: "array" + id: + type: "string" + identityProviderMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + id: + type: "string" + identityProviderAlias: + type: "string" + identityProviderMapper: + type: "string" + name: + type: "string" + type: "object" + type: "array" + identityProviders: + items: + properties: + addReadTokenRoleOnCreate: + type: "boolean" + alias: + type: "string" + authenticateByDefault: + type: "boolean" + config: + additionalProperties: + type: "string" + type: "object" + displayName: + type: "string" + enabled: + type: "boolean" + firstBrokerLoginFlowAlias: + type: "string" + hideOnLogin: + type: "boolean" + internalId: + type: "string" + linkOnly: + type: "boolean" + organizationId: + type: "string" + postBrokerLoginFlowAlias: + type: "string" + providerId: + type: "string" + storeToken: + type: "boolean" + trustEmail: + type: "boolean" + updateProfileFirstLoginMode: + type: "string" + type: "object" + type: "array" + internationalizationEnabled: + type: "boolean" + keycloakVersion: + type: "string" + localizationTexts: + additionalProperties: + additionalProperties: + type: "string" + type: "object" + type: "object" + loginTheme: + type: "string" + loginWithEmailAllowed: + type: "boolean" + maxDeltaTimeSeconds: + type: "integer" + maxFailureWaitSeconds: + type: "integer" + maxTemporaryLockouts: + type: "integer" + minimumQuickLoginWaitSeconds: + type: "integer" + notBefore: + type: "integer" + oauth2DeviceCodeLifespan: + type: "integer" + oauth2DevicePollingInterval: + type: "integer" + oauthClients: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + adminUrl: + type: "string" + alwaysDisplayInConsole: + type: "boolean" + attributes: + additionalProperties: + type: "string" + type: "object" + authenticationFlowBindingOverrides: + additionalProperties: + type: "string" + type: "object" + authorizationServicesEnabled: + type: "boolean" + authorizationSettings: + properties: + allowRemoteResourceManagement: + type: "boolean" + authorizationSchema: + properties: + resourceTypes: + additionalProperties: + properties: + groupType: + type: "string" + scopeAliases: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + scopes: + items: + type: "string" + type: "array" + type: + type: "string" + type: "object" + type: "object" + type: "object" + clientId: + type: "string" + decisionStrategy: + enum: + - "AFFIRMATIVE" + - "CONSENSUS" + - "UNANIMOUS" + type: "string" + id: + type: "string" + name: + type: "string" + policies: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + decisionStrategy: + enum: + - "AFFIRMATIVE" + - "CONSENSUS" + - "UNANIMOUS" + type: "string" + description: + type: "string" + id: + type: "string" + logic: + enum: + - "NEGATIVE" + - "POSITIVE" + type: "string" + name: + type: "string" + owner: + type: "string" + policies: + items: + type: "string" + type: "array" + resourceType: + type: "string" + resources: + items: + type: "string" + type: "array" + resourcesData: + items: + properties: + _id: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + displayName: + type: "string" + icon_uri: + type: "string" + name: + type: "string" + owner: + properties: + id: + type: "string" + name: + type: "string" + type: "object" + ownerManagedAccess: + type: "boolean" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + uris: + items: + type: "string" + type: "array" + type: "object" + type: "array" + scopes: + items: + type: "string" + type: "array" + scopesData: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + type: "object" + type: "array" + policyEnforcementMode: + enum: + - "DISABLED" + - "ENFORCING" + - "PERMISSIVE" + type: "string" + resources: + items: + properties: + _id: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + displayName: + type: "string" + icon_uri: + type: "string" + name: + type: "string" + owner: + properties: + id: + type: "string" + name: + type: "string" + type: "object" + ownerManagedAccess: + type: "boolean" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: + type: "string" + uris: + items: + type: "string" + type: "array" + type: "object" + type: "array" + scopes: + items: + properties: + displayName: + type: "string" + iconUri: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: "object" + baseUrl: + type: "string" + bearerOnly: + type: "boolean" + claims: + properties: + address: + type: "boolean" + email: + type: "boolean" + gender: + type: "boolean" + locale: + type: "boolean" + name: + type: "boolean" + phone: + type: "boolean" + picture: + type: "boolean" + profile: + type: "boolean" + username: + type: "boolean" + website: + type: "boolean" + type: "object" + clientAuthenticatorType: + type: "string" + clientId: + type: "string" + clientTemplate: + type: "string" + consentRequired: + type: "boolean" + defaultClientScopes: + items: + type: "string" + type: "array" + defaultRoles: + items: + type: "string" + type: "array" + description: + type: "string" + directAccessGrantsEnabled: + type: "boolean" + directGrantsOnly: + type: "boolean" + enabled: + type: "boolean" + frontchannelLogout: + type: "boolean" + fullScopeAllowed: + type: "boolean" + id: + type: "string" + implicitFlowEnabled: + type: "boolean" + name: + type: "string" + nodeReRegistrationTimeout: + type: "integer" + notBefore: + type: "integer" + optionalClientScopes: + items: + type: "string" + type: "array" + origin: + type: "string" + protocol: + type: "string" + protocolMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + consentRequired: + type: "boolean" + consentText: + type: "string" + id: + type: "string" + name: + type: "string" + protocol: + type: "string" + protocolMapper: + type: "string" + type: "object" + type: "array" + publicClient: + type: "boolean" + redirectUris: + items: + type: "string" + type: "array" + registeredNodes: + additionalProperties: + type: "integer" + type: "object" + registrationAccessToken: + type: "string" + rootUrl: + type: "string" + secret: + type: "string" + serviceAccountsEnabled: + type: "boolean" + standardFlowEnabled: + type: "boolean" + surrogateAuthRequired: + type: "boolean" + type: + type: "string" + useTemplateConfig: + type: "boolean" + useTemplateMappers: + type: "boolean" + useTemplateScope: + type: "boolean" + webOrigins: + items: + type: "string" + type: "array" + type: "object" + type: "array" + offlineSessionIdleTimeout: + type: "integer" + offlineSessionMaxLifespan: + type: "integer" + offlineSessionMaxLifespanEnabled: + type: "boolean" + organizations: + items: + properties: + alias: + type: "string" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + description: + type: "string" + domains: + items: + properties: + name: + type: "string" + verified: + type: "boolean" + type: "object" + type: "array" + enabled: + type: "boolean" + id: + type: "string" + identityProviders: + items: + properties: + addReadTokenRoleOnCreate: + type: "boolean" + alias: + type: "string" + authenticateByDefault: + type: "boolean" + config: + additionalProperties: + type: "string" + type: "object" + displayName: + type: "string" + enabled: + type: "boolean" + firstBrokerLoginFlowAlias: + type: "string" + hideOnLogin: + type: "boolean" + internalId: + type: "string" + linkOnly: + type: "boolean" + organizationId: + type: "string" + postBrokerLoginFlowAlias: + type: "string" + providerId: + type: "string" + storeToken: + type: "boolean" + trustEmail: + type: "boolean" + updateProfileFirstLoginMode: + type: "string" + type: "object" + type: "array" + members: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + applicationRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientConsents: + items: + properties: + clientId: + type: "string" + createdDate: + type: "integer" + grantedClientScopes: + items: + type: "string" + type: "array" + grantedRealmRoles: + items: + type: "string" + type: "array" + lastUpdatedDate: + type: "integer" + type: "object" + type: "array" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + createdTimestamp: + type: "integer" + credentials: + items: + properties: + algorithm: + type: "string" + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + counter: + type: "integer" + createdDate: + type: "integer" + credentialData: + type: "string" + device: + type: "string" + digits: + type: "integer" + federationLink: + type: "string" + hashIterations: + type: "integer" + hashedSaltedValue: + type: "string" + id: + type: "string" + period: + type: "integer" + priority: + type: "integer" + salt: + type: "string" + secretData: + type: "string" + temporary: + type: "boolean" + type: + type: "string" + userLabel: + type: "string" + value: + type: "string" + type: "object" + type: "array" + disableableCredentialTypes: + items: + type: "string" + type: "array" + email: + type: "string" + emailVerified: + type: "boolean" + enabled: + type: "boolean" + federatedIdentities: + items: + properties: + identityProvider: + type: "string" + userId: + type: "string" + userName: + type: "string" + type: "object" + type: "array" + federationLink: + type: "string" + firstName: + type: "string" + groups: + items: + type: "string" + type: "array" + id: + type: "string" + lastName: + type: "string" + membershipType: + enum: + - "MANAGED" + - "UNMANAGED" + type: "string" + notBefore: + type: "integer" + origin: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + requiredActions: + items: + type: "string" + type: "array" + self: + type: "string" + serviceAccountClientId: + type: "string" + socialLinks: + items: + properties: + socialProvider: + type: "string" + socialUserId: + type: "string" + socialUsername: + type: "string" + type: "object" + type: "array" + totp: + type: "boolean" + userProfileMetadata: + properties: + attributes: + items: + properties: + annotations: + additionalProperties: + type: "object" + type: "object" + displayName: + type: "string" + group: + type: "string" + multivalued: + type: "boolean" + name: + type: "string" + readOnly: + type: "boolean" + required: + type: "boolean" + validators: + additionalProperties: + additionalProperties: + type: "object" + type: "object" + type: "object" + type: "object" + type: "array" + groups: + items: + properties: + annotations: + additionalProperties: + type: "object" + type: "object" + displayDescription: + type: "string" + displayHeader: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: "object" + username: + type: "string" + type: "object" + type: "array" + name: + type: "string" + redirectUrl: + type: "string" + type: "object" + type: "array" + organizationsEnabled: + type: "boolean" + otpPolicyAlgorithm: + type: "string" + otpPolicyCodeReusable: + type: "boolean" + otpPolicyDigits: + type: "integer" + otpPolicyInitialCounter: + type: "integer" + otpPolicyLookAheadWindow: + type: "integer" + otpPolicyPeriod: + type: "integer" + otpPolicyType: + type: "string" + otpSupportedApplications: + items: + type: "string" + type: "array" + passwordCredentialGrantAllowed: + type: "boolean" + passwordPolicy: + type: "string" + permanentLockout: + type: "boolean" + privateKey: + type: "string" + protocolMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + consentRequired: + type: "boolean" + consentText: + type: "string" + id: + type: "string" + name: + type: "string" + protocol: + type: "string" + protocolMapper: + type: "string" + type: "object" + type: "array" + publicKey: + type: "string" + quickLoginCheckMilliSeconds: + type: "integer" + realm: + type: "string" + refreshTokenMaxReuse: + type: "integer" + registrationAllowed: + type: "boolean" + registrationEmailAsUsername: + type: "boolean" + registrationFlow: + type: "string" + rememberMe: + type: "boolean" + requiredActions: + items: + properties: + alias: + type: "string" + config: + additionalProperties: + type: "string" + type: "object" + defaultAction: + type: "boolean" + enabled: + type: "boolean" + name: + type: "string" + priority: + type: "integer" + providerId: + type: "string" + type: "object" + type: "array" + requiredCredentials: + items: + type: "string" + type: "array" + resetCredentialsFlow: + type: "string" + resetPasswordAllowed: + type: "boolean" + revokeRefreshToken: + type: "boolean" + roles: + properties: + application: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRole: + type: "boolean" + composite: + type: "boolean" + composites: + properties: + application: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + client: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + realm: + items: + type: "string" + type: "array" + type: "object" + containerId: + type: "string" + description: + type: "string" + id: + type: "string" + name: + type: "string" + scopeParamRequired: + type: "boolean" + type: "object" + type: "array" + type: "object" + client: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRole: + type: "boolean" + composite: + type: "boolean" + composites: + properties: + application: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + client: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + realm: + items: + type: "string" + type: "array" + type: "object" + containerId: + type: "string" + description: + type: "string" + id: + type: "string" + name: + type: "string" + scopeParamRequired: + type: "boolean" + type: "object" + type: "array" + type: "object" + realm: + items: + properties: + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientRole: + type: "boolean" + composite: + type: "boolean" + composites: + properties: + application: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + client: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + realm: + items: + type: "string" + type: "array" + type: "object" + containerId: + type: "string" + description: + type: "string" + id: + type: "string" + name: + type: "string" + scopeParamRequired: + type: "boolean" + type: "object" + type: "array" + type: "object" + scopeMappings: + items: + properties: + client: + type: "string" + clientScope: + type: "string" + clientTemplate: + type: "string" + roles: + items: + type: "string" + type: "array" + self: + type: "string" + type: "object" + type: "array" + smtpServer: + additionalProperties: + type: "string" + type: "object" + social: + type: "boolean" + socialProviders: + additionalProperties: + type: "string" + type: "object" + sslRequired: + type: "string" + ssoSessionIdleTimeout: + type: "integer" + ssoSessionIdleTimeoutRememberMe: + type: "integer" + ssoSessionMaxLifespan: + type: "integer" + ssoSessionMaxLifespanRememberMe: + type: "integer" + supportedLocales: + items: + type: "string" + type: "array" + updateProfileOnInitialSocialLogin: + type: "boolean" + userFederationMappers: + items: + properties: + config: + additionalProperties: + type: "string" + type: "object" + federationMapperType: + type: "string" + federationProviderDisplayName: + type: "string" + id: + type: "string" + name: + type: "string" + type: "object" + type: "array" + userFederationProviders: + items: + properties: + changedSyncPeriod: + type: "integer" + config: + additionalProperties: + type: "string" + type: "object" + displayName: + type: "string" + fullSyncPeriod: + type: "integer" + id: + type: "string" + lastSync: + type: "integer" + priority: + type: "integer" + providerName: + type: "string" + type: "object" + type: "array" + userManagedAccessAllowed: + type: "boolean" + users: + items: + properties: + access: + additionalProperties: + type: "boolean" + type: "object" + applicationRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + attributes: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + clientConsents: + items: + properties: + clientId: + type: "string" + createdDate: + type: "integer" + grantedClientScopes: + items: + type: "string" + type: "array" + grantedRealmRoles: + items: + type: "string" + type: "array" + lastUpdatedDate: + type: "integer" + type: "object" + type: "array" + clientRoles: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + createdTimestamp: + type: "integer" + credentials: + items: + properties: + algorithm: + type: "string" + config: + additionalProperties: + items: + type: "string" + type: "array" + type: "object" + counter: + type: "integer" + createdDate: + type: "integer" + credentialData: + type: "string" + device: + type: "string" + digits: + type: "integer" + federationLink: + type: "string" + hashIterations: + type: "integer" + hashedSaltedValue: + type: "string" + id: + type: "string" + period: + type: "integer" + priority: + type: "integer" + salt: + type: "string" + secretData: + type: "string" + temporary: + type: "boolean" + type: + type: "string" + userLabel: + type: "string" + value: + type: "string" + type: "object" + type: "array" + disableableCredentialTypes: + items: + type: "string" + type: "array" + email: + type: "string" + emailVerified: + type: "boolean" + enabled: + type: "boolean" + federatedIdentities: + items: + properties: + identityProvider: + type: "string" + userId: + type: "string" + userName: + type: "string" + type: "object" + type: "array" + federationLink: + type: "string" + firstName: + type: "string" + groups: + items: + type: "string" + type: "array" + id: + type: "string" + lastName: + type: "string" + notBefore: + type: "integer" + origin: + type: "string" + realmRoles: + items: + type: "string" + type: "array" + requiredActions: + items: + type: "string" + type: "array" + self: + type: "string" + serviceAccountClientId: + type: "string" + socialLinks: + items: + properties: + socialProvider: + type: "string" + socialUserId: + type: "string" + socialUsername: + type: "string" + type: "object" + type: "array" + totp: + type: "boolean" + userProfileMetadata: + properties: + attributes: + items: + properties: + annotations: + additionalProperties: + type: "object" + type: "object" + displayName: + type: "string" + group: + type: "string" + multivalued: + type: "boolean" + name: + type: "string" + readOnly: + type: "boolean" + required: + type: "boolean" + validators: + additionalProperties: + additionalProperties: + type: "object" + type: "object" + type: "object" + type: "object" + type: "array" + groups: + items: + properties: + annotations: + additionalProperties: + type: "object" + type: "object" + displayDescription: + type: "string" + displayHeader: + type: "string" + name: + type: "string" + type: "object" + type: "array" + type: "object" + username: + type: "string" + type: "object" + type: "array" + verifiableCredentialsEnabled: + type: "boolean" + verifyEmail: + type: "boolean" + waitIncrementSeconds: + type: "integer" + webAuthnPolicyAcceptableAaguids: + items: + type: "string" + type: "array" + webAuthnPolicyAttestationConveyancePreference: + type: "string" + webAuthnPolicyAuthenticatorAttachment: + type: "string" + webAuthnPolicyAvoidSameAuthenticatorRegister: + type: "boolean" + webAuthnPolicyCreateTimeout: + type: "integer" + webAuthnPolicyExtraOrigins: + items: + type: "string" + type: "array" + webAuthnPolicyPasswordlessAcceptableAaguids: + items: + type: "string" + type: "array" + webAuthnPolicyPasswordlessAttestationConveyancePreference: + type: "string" + webAuthnPolicyPasswordlessAuthenticatorAttachment: + type: "string" + webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: + type: "boolean" + webAuthnPolicyPasswordlessCreateTimeout: + type: "integer" + webAuthnPolicyPasswordlessExtraOrigins: + items: + type: "string" + type: "array" + webAuthnPolicyPasswordlessRequireResidentKey: + type: "string" + webAuthnPolicyPasswordlessRpEntityName: + type: "string" + webAuthnPolicyPasswordlessRpId: + type: "string" + webAuthnPolicyPasswordlessSignatureAlgorithms: + items: + type: "string" + type: "array" + webAuthnPolicyPasswordlessUserVerificationRequirement: + type: "string" + webAuthnPolicyRequireResidentKey: + type: "string" + webAuthnPolicyRpEntityName: + type: "string" + webAuthnPolicyRpId: + type: "string" + webAuthnPolicySignatureAlgorithms: + items: + type: "string" + type: "array" + webAuthnPolicyUserVerificationRequirement: + type: "string" + type: "object" + resources: + description: "Compute Resources required by Keycloak container. If\ + \ not specified, the value is inherited from the Keycloak CR." + properties: + claims: + items: + properties: + name: + type: "string" + request: + type: "string" + type: "object" + type: "array" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + x-kubernetes-int-or-string: true + type: "object" + type: "object" + required: + - "keycloakCRName" + - "realm" + type: "object" + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: "string" + message: + type: "string" + observedGeneration: + type: "integer" + status: + type: "string" + type: + type: "string" + type: "object" + type: "array" + type: "object" + type: "object" + served: true + storage: true + subresources: + status: {} + diff --git a/charts/lightrun-keycloak-operator/templates/keycloak-operator-deployment.yaml b/charts/lightrun-keycloak-operator/templates/keycloak-operator-deployment.yaml new file mode 100644 index 0000000..8f9888d --- /dev/null +++ b/charts/lightrun-keycloak-operator/templates/keycloak-operator-deployment.yaml @@ -0,0 +1,406 @@ +{{- if .Values.operator.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + app.quarkus.io/quarkus-version: 3.20.1 + app.quarkus.io/vcs-uri: https://github.com/keycloak/keycloak.git + app.quarkus.io/build-timestamp: 2025-05-28 - 06:54:27 +0000 + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + app.kubernetes.io/managed-by: quarkus + name: keycloak-operator + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: keycloak-operator-clusterrole +rules: + - apiGroups: + - config.openshift.io + resources: + - ingresses + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + name: keycloakrealmimportcontroller-cluster-role +rules: + - apiGroups: + - k8s.keycloak.org + resources: + - keycloakrealmimports + - keycloakrealmimports/status + - keycloakrealmimports/finalizers + verbs: + - get + - list + - watch + - patch + - update + - create + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + name: keycloakcontroller-cluster-role +rules: + - apiGroups: + - k8s.keycloak.org + resources: + - keycloaks + - keycloaks/status + - keycloaks/finalizers + verbs: + - get + - list + - watch + - patch + - update + - create + - delete + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + name: keycloak-operator-clusterrole-binding +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: keycloak-operator-clusterrole +subjects: + - kind: ServiceAccount + name: keycloak-operator + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: keycloak-operator-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + - services + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + name: keycloak-operator-role-binding + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: keycloak-operator-role +subjects: + - kind: ServiceAccount + name: keycloak-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + name: keycloakrealmimportcontroller-role-binding + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: keycloakrealmimportcontroller-cluster-role +subjects: + - kind: ServiceAccount + name: keycloak-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + name: keycloakcontroller-role-binding + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: keycloakcontroller-cluster-role +subjects: + - kind: ServiceAccount + name: keycloak-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + name: keycloak-operator-view + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: view +subjects: + - kind: ServiceAccount + name: keycloak-operator +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + app.quarkus.io/quarkus-version: 3.20.1 + app.quarkus.io/vcs-uri: https://github.com/keycloak/keycloak.git + app.quarkus.io/build-timestamp: 2025-05-28 - 06:54:27 +0000 + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + app.kubernetes.io/managed-by: quarkus + name: keycloak-operator + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/name: keycloak-operator + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + app.quarkus.io/quarkus-version: 3.20.1 + app.quarkus.io/vcs-uri: https://github.com/keycloak/keycloak.git + app.quarkus.io/build-timestamp: 2025-05-28 - 06:54:27 +0000 + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + app.kubernetes.io/managed-by: quarkus + name: keycloak-operator + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: keycloak-operator + template: + metadata: + annotations: + app.quarkus.io/quarkus-version: 3.20.1 + app.quarkus.io/vcs-uri: https://github.com/keycloak/keycloak.git + app.quarkus.io/build-timestamp: 2025-05-28 - 06:54:27 +0000 + labels: + app.kubernetes.io/managed-by: quarkus + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: {{ .Values.operator.image.tag }} + spec: + containers: + - env: + - name: KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RELATED_IMAGE_KEYCLOAK + value: quay.io/keycloak/keycloak:{{ .Values.operator.image.tag }} + image: "{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" + imagePullPolicy: {{ .Values.operator.image.pullPolicy }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /q/health/live + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + name: keycloak-operator + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /q/health/ready + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + resources: + {{- toYaml .Values.operator.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.operator.securityContext | nindent 12 }} + startupProbe: + failureThreshold: 3 + httpGet: + path: /q/health/started + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + serviceAccountName: keycloak-operator +{{- end }} diff --git a/charts/lightrun-keycloak-operator/values.yaml b/charts/lightrun-keycloak-operator/values.yaml new file mode 100644 index 0000000..7028e7a --- /dev/null +++ b/charts/lightrun-keycloak-operator/values.yaml @@ -0,0 +1,32 @@ +# Default values for lightrun-keycloak-operator. +# This chart installs Keycloak CRDs and optionally the Keycloak Operator. +# CRDs are always installed (located in crds/ folder). + +# Keycloak Operator deployment +operator: + enabled: true + + # Operator image configuration + image: + repository: talyitzhak/lightrun-keycloak-operator + tag: "latest" + pullPolicy: IfNotPresent + + # Resource limits and requests + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + + # Security context + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault