* Why*
To prevent the user being able to directly access keycloak, it is provisioned into a restricted namespace and this operator is provisioned into the same namespace in order to orchestrate the creation / deletion of slices and bindings to the keycloak instance on behalf of the users who cannot access this namespace.
* What*
Create a Keycloak operator and deplopyment deployment mechanism that will handle the following:
- Creation and Deletion of a keycloak realm - Creation and Deletion of a keycloak user - Creation and Deletion of a public or bearer client
The operator will also be aware of the Shared Service Custom Resources and act on these if configured to do so
- SharedService This is the configuration template for a particular shared service - SharedServiceSlice This is used to inform the operator to setup what it considers a slice of the service. In this case it will be a realm - SharedServiceAction In a future iteration we may look to abstract this shared service concept out along with the types into a lib allowing for it be reused across other operators.
*Out of scope*
- Deciding what happens if a SharedService CR is deleted (IE should we remove all the shared service instance) - Configuration of a cluster (although it is something we would like to look into later) - Configuration of proxies (again will likely look at it later down the line) |
|