github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-28 02:18:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upd: Keycloak-operator to v1.25.0 (#794)

Browse Source 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Upgraded to a new release version, offering enhanced integration and
secure client configuration options.
- Expanded realm settings now support advanced user profile
customization and robust email configuration for streamlined operations.
- Improved administrative views deliver clearer insights for managing
your system.

- **Documentation**
- Installation and release details have been updated to accurately
reflect the latest version.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
Andrei Kvapil
2025-04-10 14:34:32 +02:00
committed by GitHub
parent fd9a5b0d7b a3e647c547
commit 655e8be382
8 changed files with 745 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml
View File

@@ -272,18 +272,18 @@ annotations:
secret: secret-name-in-operator-ns
url: https://keycloak.example.com
artifacthub.io/images: |
- name: keycloak-operator:1.23.0
image: epamedp/keycloak-operator:1.23.0
- name: keycloak-operator:1.25.0
image: epamedp/keycloak-operator:1.25.0
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: KubeRocketCI Documentation
url: https://docs.kuberocketci.io
url: https://docs.kuberocketci.io/
- name: EPAM SolutionHub
url: https://solutionshub.epam.com/solution/kuberocketci
artifacthub.io/operator: "true"
artifacthub.io/operatorCapabilities: Deep Insights
apiVersion: v2
appVersion: 1.23.0
appVersion: 1.25.0
description: A Helm chart for KubeRocketCI Keycloak Operator
home: https://docs.kuberocketci.io/
icon: https://docs.kuberocketci.io/img/logo.svg
@@ -308,4 +308,4 @@ name: keycloak-operator
sources:
- https://github.com/epam/edp-keycloak-operator
type: application
version: 1.23.0
version: 1.25.0

4
packages/system/keycloak-operator/charts/keycloak-operator/README.md
View File

@@ -1,6 +1,6 @@
# keycloak-operator
![Version: 1.23.0](https://img.shields.io/badge/Version-1.23.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.23.0](https://img.shields.io/badge/AppVersion-1.23.0-informational?style=flat-square)
![Version: 1.25.0](https://img.shields.io/badge/Version-1.25.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.0](https://img.shields.io/badge/AppVersion-1.25.0-informational?style=flat-square)
A Helm chart for KubeRocketCI Keycloak Operator
@@ -32,7 +32,7 @@ To install the Keycloak Operator, follow the steps below:
```bash
helm search repo epamedp/keycloak-operator -l
NAME CHART VERSION APP VERSION DESCRIPTION
epamedp/keycloak-operator 1.22.0 1.22.0 A Helm chart for KRCI Keycloak Operator
epamedp/keycloak-operator 1.24.0 1.24.0 A Helm chart for KRCI Keycloak Operator
```
_**NOTE:** It is highly recommended to use the latest stable version._

2
packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl
View File

@@ -33,7 +33,7 @@ To install the Keycloak Operator, follow the steps below:
```bash
helm search repo epamedp/keycloak-operator -l
NAME CHART VERSION APP VERSION DESCRIPTION
epamedp/keycloak-operator 1.22.0 1.22.0 A Helm chart for KRCI Keycloak Operator
epamedp/keycloak-operator 1.24.0 1.24.0 A Helm chart for KRCI Keycloak Operator
```
_**NOTE:** It is highly recommended to use the latest stable version._

21
packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml
View File

@@ -12,6 +12,8 @@ spec:
public: false
secret: $client-secret-name:client-secret-key
webUrl: https://argocd.example.com
adminUrl: https://admin.example.com
homeUrl: /home/
defaultClientScopes:
- groups
redirectUris:
@@ -23,19 +25,28 @@ spec:
apiVersion: v1.edp.epam.com/v1
kind: KeycloakClient
metadata:
name: keycloakclient-policy-sample
name: keycloakclient-authorization-sample
spec:
realmRef:
name: keycloakrealm-sample
kind: KeycloakRealm
clientId: policy-sample
secret: $client-secret-policy-sample:client-secret-key
webUrl: http://example.com
clientId: authorization-sample
secret: $client-secret-authorization-sample:client-secret-key
webUrl: https://example.com
directAccess: true
authorizationServicesEnabled: true
serviceAccount:
enabled: true
authorization:
scopes:
- scope1
resources:
- name: resource1
displayName: Resource 1
type: test
iconUri: https://example.com/icon.png
scopes:
- scope1
policies:
- name: role-policy
type: role
@@ -112,6 +123,6 @@ spec:
apiVersion: v1
kind: Secret
metadata:
name: client-secret-policy-sample
name: client-secret-authorization-sample
data:
client-secret-key: cGFzc3dvcmQ=

62
packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml
View File

@@ -32,3 +32,65 @@ spec:
refreshTokenMaxReuse: 300
revokeRefreshToken: true
defaultSignatureAlgorithm: RS256
userProfileConfig:
unmanagedAttributePolicy: "ENABLED"
attributes:
- name: "test-attribute"
displayName: "Test Attribute"
required:
roles:
- "admin"
scopes:
- "profile"
multivalued: true
group: "test-group"
permissions:
edit:
- "admin"
view:
- "admin"
- "user"
selector:
scopes:
- "profile"
annotations:
inputType: "text"
validations:
email:
max-local-length:
intVal: 64
local-date: {}
options:
options:
sliceVal:
- "option1"
- "option2"
multivalued:
min:
stringVal: "1"
max:
stringVal: "10"
groups:
- name: "test-group"
displayDescription: "Test Group"
displayHeader: "Test Group"
annotations:
groupAnnotation: "groupAnnotation"
smtp:
template:
from: "frm@mailcom"
fromDisplayName: "from display name"
replyTo: "to@mail.com"
replyToDisplayName: "reply to display name"
envelopeFrom: "envelopeFrom@mail.com"
connection:
host: "host"
enableSSL: true
enableStartTLS: true
authentication:
password:
secretKeyRef:
name: "secret-with-email-authentication"
key: "password"
username:
value: "username"

284
packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml
View File

@@ -19,6 +19,14 @@ spec:
jsonPath: .status.available
name: Available
type: boolean
- description: Keycloak realm name
jsonPath: .spec.realmName
name: Realm
type: boolean
- description: ClusterKeycloak instance name
jsonPath: .spec.clusterKeycloakRef
name: Cluster-Keycloak
type: boolean
name: v1alpha1
schema:
openAPIV3Schema:
@@ -119,6 +127,11 @@ spec:
description: AdminEventsEnabled indicates whether to enable admin
events.
type: boolean
adminEventsExpiration:
description: |-
AdminEventsExpiration sets the expiration for events in seconds.
Expired events are periodically deleted from the database.
type: integer
enabledEventTypes:
description: EnabledEventTypes is a list of event types to enable.
items:
@@ -140,6 +153,140 @@ spec:
realmName:
description: RealmName specifies the name of the realm.
type: string
smtp:
description: Smtp is the configuration for email in the realm.
nullable: true
properties:
connection:
description: Connection specifies the email connection configuration.
properties:
authentication:
description: Authentication specifies the email authentication
configuration.
properties:
password:
description: Password specifies login password.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret.
properties:
key:
description: The key of the secret to select from.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
username:
description: Username specifies login username.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret.
properties:
key:
description: The key of the secret to select from.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
value:
description: Directly specifies a value.
type: string
type: object
required:
- password
- username
type: object
enableSSL:
description: EnableSSL specifies if SSL is enabled.
type: boolean
enableStartTLS:
description: EnableStartTLS specifies if StartTLS is enabled.
type: boolean
host:
description: Host specifies the email server host.
type: string
port:
default: 25
description: Port specifies the email server port.
type: integer
required:
- host
type: object
template:
description: Template specifies the email template configuration.
properties:
envelopeFrom:
description: EnvelopeFrom is an email address used for bounces
.
type: string
from:
description: From specifies the sender email address.
type: string
fromDisplayName:
description: FromDisplayName specifies the sender display
for sender email address.
type: string
replyTo:
description: ReplyTo specifies the reply-to email address.
type: string
replyToDisplayName:
description: ReplyToDisplayName specifies display name for
reply-to email address.
type: string
required:
- from
type: object
required:
- connection
- template
type: object
themes:
description: Themes is a map of themes to apply to the realm.
nullable: true
@@ -235,6 +382,143 @@ spec:
Otherwise, refresh tokens are not revoked when used and can be used multiple times.
type: boolean
type: object
userProfileConfig:
description: UserProfileConfig is the configuration for user profiles
in the realm.
nullable: true
properties:
attributes:
description: Attributes specifies the list of user profile attributes.
items:
properties:
annotations:
additionalProperties:
type: string
description: Annotations specifies the annotations for the
attribute.
type: object
displayName:
description: Display name for the attribute.
type: string
group:
description: Group to which the attribute belongs.
type: string
multivalued:
description: |-
Multivalued specifies if this attribute supports multiple values.
This setting is an indicator and does not enable any validation
type: boolean
name:
description: Name of the user attribute, used to uniquely
identify an attribute.
type: string
permissions:
description: Permissions specifies the permissions for the
attribute.
properties:
edit:
description: Edit specifies who can edit the attribute.
items:
type: string
type: array
view:
description: View specifies who can view the attribute.
items:
type: string
type: array
type: object
required:
description: Required indicates that the attribute must
be set by users and administrators.
properties:
roles:
description: Roles specifies the roles for whom the
attribute is required.
items:
type: string
type: array
scopes:
description: Scopes specifies the scopes when the attribute
is required.
items:
type: string
type: array
type: object
selector:
description: Selector specifies the scopes for which the
attribute is available.
properties:
scopes:
description: Scopes specifies the scopes for which the
attribute is available.
items:
type: string
type: array
type: object
validations:
additionalProperties:
additionalProperties:
properties:
intVal:
type: integer
mapVal:
additionalProperties:
type: string
nullable: true
type: object
sliceVal:
items:
type: string
nullable: true
type: array
stringVal:
type: string
type: object
type: object
description: Validations specifies the validations for the
attribute.
type: object
required:
- name
type: object
type: array
groups:
description: Groups specifies the list of user profile groups.
items:
properties:
annotations:
additionalProperties:
type: string
description: |-
Annotations specifies the annotations for the group.
nullable
type: object
displayDescription:
description: DisplayDescription specifies a user-friendly
name for the group that should be used when rendering
a group of attributes in user-facing forms.
type: string
displayHeader:
description: DisplayHeader specifies a text that should
be used as a header when rendering user-facing forms.
type: string
name:
description: Name is unique name of the group.
type: string
required:
- name
type: object
type: array
unmanagedAttributePolicy:
description: |-
UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration.
Empty value means that unmanaged attributes are disabled.
Possible values:
ENABLED - unmanaged attributes are allowed.
ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API.
ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API.
type: string
type: object
required:
- clusterKeycloakRef
- realmName

91
packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml
View File

@@ -44,6 +44,15 @@ spec:
spec:
description: KeycloakClientSpec defines the desired state of KeycloakClient.
properties:
adminFineGrainedPermissionsEnabled:
description: AdminFineGrainedPermissionsEnabled enable/disable fine-grained
admin permissions for a client.
type: boolean
adminUrl:
description: |-
AdminUrl is client admin url.
If empty - WebUrl will be used.
type: string
advancedProtocolMappers:
description: AdvancedProtocolMappers is a flag to enable advanced
protocol mappers.
@@ -56,6 +65,14 @@ spec:
description: Attributes is a map of client attributes.
nullable: true
type: object
authenticationFlowBindingOverrides:
description: AuthenticationFlowBindingOverrides client auth flow overrides
properties:
browser:
type: string
directGrant:
type: string
type: object
authorization:
description: Authorization is a client authorization configuration.
nullable: true
@@ -334,14 +351,61 @@ spec:
- type
type: object
type: array
resources:
items:
properties:
attributes:
additionalProperties:
items:
type: string
type: array
description: Attributes is a map of resource attributes.
nullable: true
type: object
displayName:
description: DisplayName for Identity Providers.
type: string
iconUri:
description: IconURI pointing to an icon.
type: string
name:
description: Name is unique resource name.
type: string
ownerManagedAccess:
description: OwnerManagedAccess if enabled, the access to
this resource can be managed by the resource owner.
type: boolean
scopes:
description: |-
Scopes requested or assigned in advance to the client to determine whether the policy is applied to this client.
Condition is evaluated during OpenID Connect authorization request and/or token request.
items:
type: string
nullable: true
type: array
type:
description: Type of this resource. It can be used to group
different resource instances with the same type.
type: string
uris:
description: URIs which are protected by resource.
items:
type: string
nullable: true
type: array
required:
- displayName
- name
type: object
type: array
scopes:
items:
type: string
type: array
type: object
authorizationServicesEnabled:
description: ServiceAccountsEnabled enable/disable fine-grained authorization
support for a client.
description: AuthorizationServicesEnabled enable/disable fine-grained
authorization support for a client.
type: boolean
bearerOnly:
description: BearerOnly is a flag to enable bearer-only.
@@ -389,6 +453,9 @@ spec:
default: true
description: FullScopeAllowed is a flag to enable full scope.
type: boolean
homeUrl:
description: HomeUrl is a client home url.
type: string
implicitFlowEnabled:
description: ImplicitFlowEnabled is a flag to enable support for OpenID
Connect redirect based authentication without authorization code.
@@ -403,6 +470,26 @@ spec:
type: string
nullable: true
type: array
permission:
description: Permission is a client permissions configuration
nullable: true
properties:
scopePermissions:
description: ScopePermissions mapping of scope and the policies
attached
items:
properties:
name:
type: string
policies:
items:
type: string
type: array
required:
- name
type: object
type: array
type: object
protocol:
description: Protocol is a client protocol.
nullable: true

286
packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml
View File

@@ -23,6 +23,14 @@ spec:
jsonPath: .status.value
name: Status
type: string
- description: Keycloak realm name
jsonPath: .spec.realmName
name: Realm
type: boolean
- description: Keycloak instance name
jsonPath: .spec.keycloakRef
name: Keycloak
type: boolean
name: v1
schema:
openAPIV3Schema:
@@ -124,6 +132,11 @@ spec:
description: AdminEventsEnabled indicates whether to enable admin
events.
type: boolean
adminEventsExpiration:
description: |-
AdminEventsExpiration sets the expiration for events in seconds.
Expired events are periodically deleted from the database.
type: integer
enabledEventTypes:
description: EnabledEventTypes is a list of event types to enable.
items:
@@ -145,6 +158,140 @@ spec:
realmName:
description: RealmName specifies the name of the realm.
type: string
smtp:
description: Smtp is the configuration for email in the realm.
nullable: true
properties:
connection:
description: Connection specifies the email connection configuration.
properties:
authentication:
description: Authentication specifies the email authentication
configuration.
properties:
password:
description: Password specifies login password.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret.
properties:
key:
description: The key of the secret to select from.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
username:
description: Username specifies login username.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret.
properties:
key:
description: The key of the secret to select from.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
value:
description: Directly specifies a value.
type: string
type: object
required:
- password
- username
type: object
enableSSL:
description: EnableSSL specifies if SSL is enabled.
type: boolean
enableStartTLS:
description: EnableStartTLS specifies if StartTLS is enabled.
type: boolean
host:
description: Host specifies the email server host.
type: string
port:
default: 25
description: Port specifies the email server port.
type: integer
required:
- host
type: object
template:
description: Template specifies the email template configuration.
properties:
envelopeFrom:
description: EnvelopeFrom is an email address used for bounces
.
type: string
from:
description: From specifies the sender email address.
type: string
fromDisplayName:
description: FromDisplayName specifies the sender display
for sender email address.
type: string
replyTo:
description: ReplyTo specifies the reply-to email address.
type: string
replyToDisplayName:
description: ReplyToDisplayName specifies display name for
reply-to email address.
type: string
required:
- from
type: object
required:
- connection
- template
type: object
themes:
description: Themes is a map of themes to apply to the realm.
nullable: true
@@ -245,6 +392,145 @@ spec:
Otherwise, refresh tokens are not revoked when used and can be used multiple times.
type: boolean
type: object
userProfileConfig:
description: |-
UserProfileConfig is the configuration for user profiles in the realm.
Attributes and groups will be added to the current realm configuration.
Deletion of attributes and groups is not supported.
nullable: true
properties:
attributes:
description: Attributes specifies the list of user profile attributes.
items:
properties:
annotations:
additionalProperties:
type: string
description: Annotations specifies the annotations for the
attribute.
type: object
displayName:
description: Display name for the attribute.
type: string
group:
description: Group to which the attribute belongs.
type: string
multivalued:
description: |-
Multivalued specifies if this attribute supports multiple values.
This setting is an indicator and does not enable any validation
type: boolean
name:
description: Name of the user attribute, used to uniquely
identify an attribute.
type: string
permissions:
description: Permissions specifies the permissions for the
attribute.
properties:
edit:
description: Edit specifies who can edit the attribute.
items:
type: string
type: array
view:
description: View specifies who can view the attribute.
items:
type: string
type: array
type: object
required:
description: Required indicates that the attribute must
be set by users and administrators.
properties:
roles:
description: Roles specifies the roles for whom the
attribute is required.
items:
type: string
type: array
scopes:
description: Scopes specifies the scopes when the attribute
is required.
items:
type: string
type: array
type: object
selector:
description: Selector specifies the scopes for which the
attribute is available.
properties:
scopes:
description: Scopes specifies the scopes for which the
attribute is available.
items:
type: string
type: array
type: object
validations:
additionalProperties:
additionalProperties:
properties:
intVal:
type: integer
mapVal:
additionalProperties:
type: string
nullable: true
type: object
sliceVal:
items:
type: string
nullable: true
type: array
stringVal:
type: string
type: object
type: object
description: Validations specifies the validations for the
attribute.
type: object
required:
- name
type: object
type: array
groups:
description: Groups specifies the list of user profile groups.
items:
properties:
annotations:
additionalProperties:
type: string
description: |-
Annotations specifies the annotations for the group.
nullable
type: object
displayDescription:
description: DisplayDescription specifies a user-friendly
name for the group that should be used when rendering
a group of attributes in user-facing forms.
type: string
displayHeader:
description: DisplayHeader specifies a text that should
be used as a header when rendering user-facing forms.
type: string
name:
description: Name is unique name of the group.
type: string
required:
- name
type: object
type: array
unmanagedAttributePolicy:
description: |-
UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration.
Empty value means that unmanaged attributes are disabled.
Possible values:
ENABLED - unmanaged attributes are allowed.
ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API.
ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API.
type: string
type: object
users:
description: Users is a list of users to create in the realm.
items: