<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
<base href="https://issues.jboss.org">
<title>Message Title</title>
</head>
<body class="jira" style="color: #333333; font-family: Arial, sans-serif; font-size: 14px; line-height: 1.429">
<table id="background-table" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; background-color: #f5f5f5; border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt" bgcolor="#f5f5f5">
<!-- header here -->
<tbody>
<tr>
<td id="header-pattern-container" style="padding: 0px; border-collapse: collapse; padding: 10px 20px">
<table id="header-pattern" cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td id="header-avatar-image-container" valign="top" style="padding: 0px; border-collapse: collapse; vertical-align: top; width: 32px; padding-right: 8px" width="32"> <img id="header-avatar-image" class="image_fix" src="https://static.jboss.org/developer/gravatar/e66b4ac0b0bfecf02ae8ba68f4a7224f?d=mm&s=48" height="32" width="32" border="0" style="border-radius: 3px; vertical-align: top"> </td>
<td id="header-text-container" valign="middle" style="padding: 0px; border-collapse: collapse; vertical-align: middle; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 1px"> <a class="user-hover" rel="craig.brookes" id="email_craig.brookes" href="https://issues.jboss.org/secure/ViewProfile.jspa?name=craig.brookes" style="color:#3b73af;; color: #3b73af; text-decoration: none">Craig Brookes</a> <strong>updated</strong> an issue </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td id="email-content-container" style="padding: 0px; border-collapse: collapse; padding: 0 20px">
<table id="email-content-table" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; border-spacing: 0; border-collapse: separate">
<tbody>
<tr>
<!-- there needs to be content in the cell for it to render in some clients -->
<td class="email-content-rounded-top mobile-expand" style="padding: 0px; border-collapse: collapse; color: #ffffff; padding: 0 15px 0 16px; height: 15px; background-color: #ffffff; border-left: 1px solid #cccccc; border-top: 1px solid #cccccc; border-right: 1px solid #cccccc; border-bottom: 0; border-top-right-radius: 5px; border-top-left-radius: 5px; height: 10px; line-height: 10px; padding: 0 15px 0 16px; mso-line-height-rule: exactly" height="10" bgcolor="#ffffff"> </td>
</tr>
<tr>
<td class="email-content-main mobile-expand " style="padding: 0px; border-collapse: collapse; border-left: 1px solid #cccccc; border-right: 1px solid #cccccc; border-top: 0; border-bottom: 0; padding: 0 15px 0 16px; background-color: #ffffff" bgcolor="#ffffff">
<table class="page-title-pattern" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td class="page-title-pattern-first-line " style="padding: 0px; border-collapse: collapse; font-family: Arial, sans-serif; font-size: 14px; padding-top: 10px"> <a href="https://issues.jboss.org/browse/AEROGEAR" style="color: #3b73af; text-decoration: none">AeroGear</a> / <a href="https://issues.jboss.org/browse/AEROGEAR-3398" style="color: #3b73af; text-decoration: none"><img src="cid:jira-generated-image-avatar-f779c385-f7b0-4719-9c45-f4f80246a54e" height="16" width="16" border="0" align="absmiddle" alt="Task" style="vertical-align: text-bottom"></a> <a href="https://issues.jboss.org/browse/AEROGEAR-3398" style="color: #3b73af; text-decoration: none">AEROGEAR-3398</a> </td>
</tr>
<tr>
<td style="vertical-align: top;; padding: 0px; border-collapse: collapse; padding-right: 5px; font-size: 20px; line-height: 30px; mso-line-height-rule: exactly" class="page-title-pattern-header-container"> <span class="page-title-pattern-header" style="font-family: Arial, sans-serif; padding: 0; font-size: 20px; line-height: 30px; mso-text-raise: 2px; mso-line-height-rule: exactly; vertical-align: middle"> <a href="https://issues.jboss.org/browse/AEROGEAR-3398" style="color: #3b73af; text-decoration: none">Spike - Shared Service Operator</a> </span> </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td class="email-content-main mobile-expand wrapper-special-margin" style="padding: 0px; border-collapse: collapse; border-left: 1px solid #cccccc; border-right: 1px solid #cccccc; border-top: 0; border-bottom: 0; padding: 0 15px 0 16px; background-color: #ffffff; padding-top: 10px; padding-bottom: 5px" bgcolor="#ffffff">
<table class="keyvalue-table" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<th style="color: #707070; font: normal 14px/20px Arial, sans-serif; text-align: left; vertical-align: top; padding: 2px 0">Change By:</th>
<td style="padding: 0px; border-collapse: collapse; font: normal 14px/20px Arial, sans-serif; padding: 2px 0 2px 5px; vertical-align: top"> <a class="user-hover" rel="craig.brookes" id="email_craig.brookes" href="https://issues.jboss.org/secure/ViewProfile.jspa?name=craig.brookes" style="color:#3b73af;; color: #3b73af; text-decoration: none">Craig Brookes</a> </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td class="email-content-main mobile-expand issue-description-container" style="padding: 0px; border-collapse: collapse; border-left: 1px solid #cccccc; border-right: 1px solid #cccccc; border-top: 0; border-bottom: 0; padding: 0 15px 0 16px; background-color: #ffffff; padding-top: 5px; padding-bottom: 10px" bgcolor="#ffffff">
<table class="text-paragraph-pattern" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 2px">
<tbody>
<tr>
<td class="text-paragraph-pattern-container mobile-resize-text " style="padding: 0px; border-collapse: collapse; padding: 0 0 10px 0"> <span class="diffcontext">h4. What<br><br>We should investigate the use of an operator</span> <span class="diffaddedchars" style="background-color:#ddfade;"> / controller</span> <span class="diffcontext"> to create</span> <span class="diffaddedchars" style="background-color:#ddfade;"> shared</span> <span class="diffcontext"> keycloak instances and distribute credentials to end users without exposing root credentials or unneeded information about those instances.<br><br>h4. Why <br>In a shared service scenario, the end user should be abstracted from the keycloak setup and should not be exposed to anymore information about it that extends beyond using it as an end user<br><br>h4. How<br><br>Operator will exist within a privileged namespace and will watch across other namespaces</span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;"> fro</span> <span class="diffaddedchars" style="background-color:#ddfade;"> for</span> <span class="diffcontext"> creation of a named CRD. The operator will then create a secret with required information to use keycloak within that namespace. This includes creation of realm, username and password in keycloak (similar to what we do know with a provision via the catalog). This provides the user with a "slice" of keycloak service<br><br></span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;">The</span> <span class="diffaddedchars" style="background-color:#ddfade;">A different CRD will be created in the same namespace as the</span> <span class="diffcontext"> operator</span> <span class="diffaddedchars" style="background-color:#ddfade;"> called SharedService this</span> <span class="diffcontext"> will</span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;"> load its config which should</span> <span class="diffcontext"> have a min</span> <span class="diffaddedchars" style="background-color:#ddfade;"> number of instances</span> <span class="diffcontext"> and</span> <span class="diffaddedchars" style="background-color:#ddfade;"> a</span> <span class="diffcontext"> max</span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;"> value for keycloak instances<br>which</span> <span class="diffaddedchars" style="background-color:#ddfade;"> number of slices allowed,</span> <span class="diffcontext"> it will</span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;"> create at startup. Excess instances</span> <span class="diffaddedchars" style="background-color:#ddfade;"> also specify which image</span> <span class="diffcontext"> should be</span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;"> scaled down until needed. <br><br>An additional CRD can be created</span> <span class="diffaddedchars" style="background-color:#ddfade;"> executed</span> <span class="diffcontext"> to</span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;"> create a public client. This will create another secret. A slice must be requested before this is granted however. Possibly this operator also ensures</span> <span class="diffaddedchars" style="background-color:#ddfade;"> do</span> <span class="diffcontext"> the</span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;"> data in the secrets is in sync with the data in the keycloak</span> <span class="diffaddedchars" style="background-color:#ddfade;"> provision</span> <span class="diffcontext"><br><br></span> <span class="diffaddedchars" style="background-color:#ddfade;"><br></span> <span class="diffcontext">If a slice</span> <span class="diffremovedchars" style="background-color: #ffe7e7; text-decoration:line-through;"> or client</span> <span class="diffcontext"> is deleted clean up the resources in Keycloak, delete the secret from the users namespace and make the capacity available to another user. <br><br></span> <span class="diffaddedchars" style="background-color:#ddfade;">If there is no slices for a particular Keycloak SharedService then the instance should be scaled down until a slice is asked for<br><br></span> <span class="diffcontext">Possible things to leverage:<br>1. Package bundle-lib to see if we can execute our existing apbs - if not move it into the code<br>2. Share the mysql database across instances<br>3. provision this operator from the OLM https://github.com/operator-framework/operator-lifecycle-manager</span> </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td class="email-content-main mobile-expand " style="padding: 0px; border-collapse: collapse; border-left: 1px solid #cccccc; border-right: 1px solid #cccccc; border-top: 0; border-bottom: 0; padding: 0 15px 0 16px; background-color: #ffffff" bgcolor="#ffffff">
<table id="actions-pattern" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 1px">
<tbody>
<tr>
<td id="actions-pattern-container" valign="middle" style="padding: 0px; border-collapse: collapse; padding: 10px 0 10px 24px; vertical-align: middle; padding-left: 0">
<table align="left" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td class="actions-pattern-action-icon-container" style="padding: 0px; border-collapse: collapse; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 0; vertical-align: middle"> <a href="https://issues.jboss.org/browse/AEROGEAR-3398#add-comment" target="_blank" title="Add Comment" style="color: #3b73af; text-decoration: none"> <img class="actions-pattern-action-icon-image" src="cid:jira-generated-image-static-comment-icon-6aa35417-d23a-47b6-8461-ed90711d7e2e" alt="Add Comment" title="Add Comment" height="16" width="16" border="0" style="vertical-align: middle"> </a> </td>
<td class="actions-pattern-action-text-container" style="padding: 0px; border-collapse: collapse; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 4px; padding-left: 5px"> <a href="https://issues.jboss.org/browse/AEROGEAR-3398#add-comment" target="_blank" title="Add Comment" style="color: #3b73af; text-decoration: none">Add Comment</a> </td>
</tr>
</tbody>
</table> </td>
</tr>
</tbody>
</table> </td>
</tr>
<!-- there needs to be content in the cell for it to render in some clients -->
<tr>
<td class="email-content-rounded-bottom mobile-expand" style="padding: 0px; border-collapse: collapse; color: #ffffff; padding: 0 15px 0 16px; height: 5px; line-height: 5px; background-color: #ffffff; border-top: 0; border-left: 1px solid #cccccc; border-bottom: 1px solid #cccccc; border-right: 1px solid #cccccc; border-bottom-right-radius: 5px; border-bottom-left-radius: 5px; mso-line-height-rule: exactly" height="5" bgcolor="#ffffff"> </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td id="footer-pattern" style="padding: 0px; border-collapse: collapse; padding: 12px 20px">
<table id="footer-pattern-container" cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td id="footer-pattern-text" class="mobile-resize-text" width="100%" style="padding: 0px; border-collapse: collapse; color: #999999; font-size: 12px; line-height: 18px; font-family: Arial, sans-serif; mso-line-height-rule: exactly; mso-text-raise: 2px"> This message was sent by Atlassian JIRA <span id="footer-build-information">(v7.5.0#75005-<span title="fd8c849d4e278dd8bbaccc61e707a716ad697024" data-commit-id="fd8c849d4e278dd8bbaccc61e707a716ad697024}">sha1:fd8c849</span>)</span> </td>
<td id="footer-pattern-logo-desktop-container" valign="top" style="padding: 0px; border-collapse: collapse; padding-left: 20px; vertical-align: top">
<table style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td id="footer-pattern-logo-desktop-padding" style="padding: 0px; border-collapse: collapse; padding-top: 3px"> <img id="footer-pattern-logo-desktop" src="cid:jira-generated-image-static-footer-desktop-logo-3f7d509a-9eb5-448d-a9ae-142e511f68df" alt="Atlassian logo" title="Atlassian logo" width="169" height="36" class="image_fix"> </td>
</tr>
</tbody>
</table> </td>
</tr>
</tbody>
</table> </td>
</tr>
</tbody>
</table>
</body>
</html>