diff --git a/README.md b/README.md index 1fec37814..cb5c300bc 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Chart for HedgeDoc, a fork of CodiMD [hedgedoc](charts/hedgedoc) #### [keycloak-operator](charts/keycloak-operator) chart -![Version: 1.2.x](https://img.shields.io/badge/version-1.2.x-brightgreen) ![App version: 24..x](https://img.shields.io/badge/app%20version-24..x-brightgreen) +![Version: 1.3.x](https://img.shields.io/badge/version-1.3.x-brightgreen) ![App version: 25..x](https://img.shields.io/badge/app%20version-25..x-brightgreen) Deploy Keycloak Operator and Keycloak diff --git a/charts/keycloak-operator/Chart.yaml b/charts/keycloak-operator/Chart.yaml index 9a25878f2..437c31810 100644 --- a/charts/keycloak-operator/Chart.yaml +++ b/charts/keycloak-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: keycloak-operator description: Deploy Keycloak Operator and Keycloak type: application -version: 1.2.1 -appVersion: "24.0.4" +version: 1.3.0 +appVersion: "25.0.0" icon: https://www.keycloak.org/resources/images/logo-stacked.svg home: https://www.keycloak.org sources: @@ -16,4 +16,9 @@ maintainers: annotations: artifacthub.io/changes: | - kind: changed - description: "Fix: change from operator. to kc.operator. keys" + description: "feat: Update to Keycloak 25.0.0" + links: + - name: Keycloak 25.0.0 + url: https://www.keycloak.org/2024/06/keycloak-2500-released + - kind: changed + description: "fix: Update operator CRDs" diff --git a/charts/keycloak-operator/README.md b/charts/keycloak-operator/README.md index 52f2e98f5..085bb011c 100644 --- a/charts/keycloak-operator/README.md +++ b/charts/keycloak-operator/README.md @@ -1,6 +1,6 @@ # keycloak-operator -![Version: 1.2.1](https://img.shields.io/badge/Version-1.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 24.0.4](https://img.shields.io/badge/AppVersion-24.0.4-informational?style=flat-square) +![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.0](https://img.shields.io/badge/AppVersion-25.0.0-informational?style=flat-square) Deploy Keycloak Operator and Keycloak @@ -21,6 +21,7 @@ This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk | fullnameOverride | string | `""` | | | imagePullSecrets | list | `[]` | | | keycloak.additionalOptions | string | `nil` | Configuration of the Keycloak server expressed as a keys and values that can be either direct values or references to secrets. | +| keycloak.cache | object | `{}` | Configure keycloaks cache. | | keycloak.db.database | string | `nil` | Sets the database name of the default JDBC URL of the chosen vendor. If the `url` option is set, this option is ignored. | | keycloak.db.host | string | `nil` | Sets the hostname of the default JDBC URL of the chosen vendor. If the `url` option is set, this option is ignored. | | keycloak.db.passwordSecret | string | `nil` | The reference to a secret holding the password of the database user. | @@ -38,13 +39,14 @@ This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk | keycloak.features.enabled | list | `[]` | Enabled Keycloak features | | keycloak.hostname.admin | string | `nil` | The hostname for accessing the administration console. | | keycloak.hostname.adminUrl | string | `nil` | Set the base URL for accessing the administration console. | +| keycloak.hostname.backchannelDynamic | bool | Use the operator's default if not set. | Enables dynamic resolving of backchannel URLs, including hostname, scheme, port and context path. Set to true if your application accesses Keycloak via a private network. | | keycloak.hostname.hostname | string | Disabled if not set. | Hostname for the Keycloak server. | | keycloak.hostname.strict | bool | `false` | Disables dynamically resolving the hostname from request headers | -| keycloak.hostname.strictBackchannel | bool | `true` | By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. | | keycloak.http.httpEnabled | bool | `true` | Enable a HTTP listener | | keycloak.http.httpPort | string | `nil` | The used HTTP port | | keycloak.http.httpsPort | string | `nil` | The used HTTPS port | | keycloak.http.tlsSecret | string | `nil` | A secret containing the TLS configuration for HTTPS. | +| keycloak.httpManagement.port | string | `nil` | Port of management interface. | | keycloak.image.repository | string | `""` | Overrides the operator.keycloakImage.image value whose default is quay.io/keycloak/keycloak | | keycloak.image.tag | string | `""` | Overrides the operator.keycloakImage.tag value whose default is the chart appVersion. | | keycloak.imagePullSecrets | string | `nil` | Secret(s) that might be used when pulling an image from a private container image registry or repository. | @@ -52,10 +54,14 @@ This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk | keycloak.ingress.className | string | `""` | Ingress class name | | keycloak.ingress.enabled | bool | `true` | The deployment is, by default, exposed through a basic ingress. | | keycloak.instances | int | `1` | Number of Keycloak instances in HA mode. | +| keycloak.proxy.headers | string | `""` | The proxy headers that should be accepted by the server. Misconfiguration might leave the server exposed to security vulnerabilities. | | keycloak.realmimport.enabled | bool | `false` | Deploy realmimport resources | | keycloak.realmimport.realms | list | `[]` | A list of realms to configure using the realmimport CRD. | +| keycloak.resources | object | `{}` | Compute Resources required by Keycloak container | +| keycloak.startOptimized | string | `nil` | | | keycloak.transaction.xaEnabled | bool | `false` | Determine whether Keycloak should use a non-XA datasource. | -| keycloak.unsupported.podTemplate | string | `nil` | You can configure values that will be merged with the one configured by default by the operator. | +| keycloak.truststores.secret | object | `{}` | Configure Keycloak truststores via Secrets. | +| keycloak.unsupported | string | `nil` | Additional values that will be merged with the operator's defaults | | nameOverride | string | `""` | | | operator.affinity | object | `{}` | Affinity for Operator Deployment. | | operator.config.keycloakImage.repository | string | `"quay.io/keycloak/keycloak"` | Default keycloak image to use if non was specified in the Keycloak CRD. | diff --git a/charts/keycloak-operator/ci/operand-values.yaml b/charts/keycloak-operator/ci/operand-values.yaml index fccffdde1..d1b766191 100644 --- a/charts/keycloak-operator/ci/operand-values.yaml +++ b/charts/keycloak-operator/ci/operand-values.yaml @@ -3,7 +3,7 @@ keycloak: name: keycloak features: enabled: - - account2 + - account3 - admin2 - web-authn disabled: @@ -12,8 +12,9 @@ keycloak: http: httpEnabled: true hostname: - strict: false - strictBackchannel: false + hostname: keycloak.example.com + strict: true + backchannelDynamic: false realmimport: enabled: true realms: diff --git a/charts/keycloak-operator/crds/keycloakrealmimports.k8s.keycloak.org-v1.yml b/charts/keycloak-operator/crds/keycloakrealmimports.k8s.keycloak.org-v1.yml index 05f26d9ad..d698101d0 100644 --- a/charts/keycloak-operator/crds/keycloakrealmimports.k8s.keycloak.org-v1.yml +++ b/charts/keycloak-operator/crds/keycloakrealmimports.k8s.keycloak.org-v1.yml @@ -24,1564 +24,1921 @@ spec: realm: description: The RealmRepresentation to import into Keycloak. properties: - webAuthnPolicyAvoidSameAuthenticatorRegister: + accessCodeLifespan: + type: integer + accessCodeLifespanLogin: + type: integer + accessCodeLifespanUserAction: + type: integer + accessTokenLifespan: + type: integer + accessTokenLifespanForImplicitFlow: + type: integer + accountTheme: + type: string + actionTokenGeneratedByAdminLifespan: + type: integer + actionTokenGeneratedByUserLifespan: + type: integer + adminEventsDetailsEnabled: type: boolean - federatedUsers: - items: - properties: - id: - type: string - clientConsents: - items: - properties: - grantedClientScopes: - items: - type: string - type: array - grantedRealmRoles: - items: - type: string - type: array - lastUpdatedDate: - type: integer - createdDate: - type: integer - clientId: - type: string - type: object - type: array - clientRoles: - additionalProperties: + adminEventsEnabled: + type: boolean + adminTheme: + type: string + applicationScopeMappings: + additionalProperties: + items: + properties: + client: + type: string + clientScope: + type: string + clientTemplate: + type: string + roles: items: type: string type: array - type: object - requiredActions: - items: - type: string - type: array - enabled: - type: boolean - realmRoles: - items: - type: string - type: array - createdTimestamp: - type: integer - emailVerified: - type: boolean - disableableCredentialTypes: - items: + self: type: string - type: array - socialLinks: - items: - properties: - socialUserId: - type: string - socialProvider: - type: string - socialUsername: - type: string - type: object - type: array - username: - type: string - federationLink: - type: string + type: object + type: array + type: object + applications: + items: + properties: access: additionalProperties: type: boolean type: object - totp: - type: boolean - serviceAccountClientId: + adminUrl: type: string + alwaysDisplayInConsole: + type: boolean attributes: additionalProperties: - items: - type: string - type: array - type: object - federatedIdentities: - items: - properties: - userId: - type: string - identityProvider: - type: string - userName: - type: string - type: object - type: array - firstName: - type: string - self: - type: string - notBefore: - type: integer - groups: - items: type: string - type: array - credentials: - items: - properties: - id: - type: string - period: - type: integer - counter: - type: integer - value: - type: string - hashIterations: - type: integer - algorithm: - type: string - hashedSaltedValue: - type: string - type: - type: string - priority: - type: integer - device: - type: string - temporary: - type: boolean - userLabel: - type: string - createdDate: - type: integer - secretData: - type: string - config: - additionalProperties: - items: - type: string - type: array - type: object - credentialData: - type: string - salt: - type: string - digits: - type: integer - type: object - type: array - applicationRoles: - additionalProperties: - items: - type: string - type: array type: object - lastName: - type: string - email: - type: string - origin: - type: string - type: object - type: array - adminEventsEnabled: - type: boolean - registrationEmailAsUsername: - type: boolean - keycloakVersion: - type: string - oauth2DeviceCodeLifespan: - type: integer - sslRequired: - type: string - realm: - type: string - defaultGroups: - items: - type: string - type: array - enabled: - type: boolean - webAuthnPolicySignatureAlgorithms: - items: - type: string - type: array - ssoSessionMaxLifespanRememberMe: - type: integer - webAuthnPolicyRpId: - type: string - webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: - type: boolean - users: - items: - properties: - id: - type: string - clientConsents: - items: - properties: - grantedClientScopes: - items: - type: string - type: array - grantedRealmRoles: - items: - type: string - type: array - lastUpdatedDate: - type: integer - createdDate: - type: integer - clientId: - type: string - type: object - type: array - clientRoles: + authenticationFlowBindingOverrides: additionalProperties: - items: - type: string - type: array - type: object - requiredActions: - items: type: string - type: array - enabled: + type: object + authorizationServicesEnabled: type: boolean - realmRoles: - items: - type: string - type: array - createdTimestamp: - type: integer - emailVerified: + authorizationSettings: + properties: + allowRemoteResourceManagement: + type: boolean + clientId: + type: string + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + id: + type: string + name: + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + description: + type: string + id: + type: string + logic: + enum: + - NEGATIVE + - POSITIVE + type: string + name: + type: string + owner: + type: string + policies: + items: + type: string + type: array + resources: + items: + type: string + type: array + resourcesData: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + type: string + type: array + scopesData: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + type: object + type: array + policyEnforcementMode: + enum: + - DISABLED + - ENFORCING + - PERMISSIVE + type: string + resources: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: object + baseUrl: + type: string + bearerOnly: type: boolean - disableableCredentialTypes: + claims: + properties: + address: + type: boolean + email: + type: boolean + gender: + type: boolean + locale: + type: boolean + name: + type: boolean + phone: + type: boolean + picture: + type: boolean + profile: + type: boolean + username: + type: boolean + website: + type: boolean + type: object + clientAuthenticatorType: + type: string + clientId: + type: string + clientTemplate: + type: string + consentRequired: + type: boolean + defaultClientScopes: items: type: string type: array - socialLinks: + defaultRoles: items: - properties: - socialUserId: - type: string - socialProvider: - type: string - socialUsername: - type: string - type: object + type: string type: array - username: + description: type: string - federationLink: + directAccessGrantsEnabled: + type: boolean + directGrantsOnly: + type: boolean + enabled: + type: boolean + frontchannelLogout: + type: boolean + fullScopeAllowed: + type: boolean + id: type: string - access: - additionalProperties: - type: boolean - type: object - totp: + implicitFlowEnabled: type: boolean - serviceAccountClientId: - type: string - attributes: - additionalProperties: - items: - type: string - type: array - type: object - federatedIdentities: - items: - properties: - userId: - type: string - identityProvider: - type: string - userName: - type: string - type: object - type: array - firstName: - type: string - self: + name: type: string + nodeReRegistrationTimeout: + type: integer notBefore: type: integer - groups: + optionalClientScopes: items: type: string type: array - credentials: + origin: + type: string + protocol: + type: string + protocolMappers: items: properties: - id: - type: string - period: - type: integer - counter: - type: integer - value: - type: string - hashIterations: - type: integer - algorithm: - type: string - hashedSaltedValue: - type: string - type: - type: string - priority: - type: integer - device: - type: string - temporary: - type: boolean - userLabel: - type: string - createdDate: - type: integer - secretData: - type: string config: additionalProperties: - items: - type: string - type: array + type: string type: object - credentialData: + consentRequired: + type: boolean + consentText: type: string - salt: + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: type: string - digits: - type: integer type: object type: array - applicationRoles: + publicClient: + type: boolean + redirectUris: + items: + type: string + type: array + registeredNodes: additionalProperties: - items: - type: string - type: array + type: integer type: object - lastName: - type: string - email: - type: string - origin: + registrationAccessToken: type: string - type: object - type: array - clientTemplates: - items: - properties: - protocol: + rootUrl: type: string - id: + secret: type: string - fullScopeAllowed: - type: boolean - frontchannelLogout: - type: boolean serviceAccountsEnabled: type: boolean standardFlowEnabled: type: boolean - description: + surrogateAuthRequired: + type: boolean + type: type: string - publicClient: + useTemplateConfig: type: boolean - consentRequired: + useTemplateMappers: type: boolean - bearerOnly: + useTemplateScope: type: boolean - protocolMappers: + webOrigins: items: - properties: - protocol: - type: string - id: - type: string - name: - type: string - protocolMapper: - type: string - consentText: - type: string - consentRequired: - type: boolean - config: - additionalProperties: - type: string - type: object - type: object - type: array - name: - type: string - directAccessGrantsEnabled: - type: boolean - implicitFlowEnabled: - type: boolean - attributes: - additionalProperties: type: string - type: object + type: array type: object type: array - webAuthnPolicyPasswordlessUserVerificationRequirement: - type: string - registrationFlow: - type: string - publicKey: - type: string - webAuthnPolicyPasswordlessCreateTimeout: - type: integer + attributes: + additionalProperties: + type: string + type: object authenticationFlows: items: properties: - id: - type: string - providerId: + alias: type: string authenticationExecutions: items: properties: - userSetupAllowed: - type: boolean - flowAlias: + authenticator: type: string - autheticatorFlow: - type: boolean authenticatorConfig: type: string - authenticator: + authenticatorFlow: + type: boolean + autheticatorFlow: + type: boolean + flowAlias: type: string priority: type: integer requirement: type: string - authenticatorFlow: + userSetupAllowed: type: boolean type: object type: array + builtIn: + type: boolean + description: + type: string + id: + type: string + providerId: + type: string topLevel: type: boolean + type: object + type: array + authenticatorConfig: + items: + properties: alias: type: string - builtIn: - type: boolean - description: + config: + additionalProperties: + type: string + type: object + id: type: string type: object type: array - applicationScopeMappings: + browserFlow: + type: string + browserSecurityHeaders: + additionalProperties: + type: string + type: object + bruteForceProtected: + type: boolean + certificate: + type: string + clientAuthenticationFlow: + type: string + clientOfflineSessionIdleTimeout: + type: integer + clientOfflineSessionMaxLifespan: + type: integer + clientPolicies: + x-kubernetes-preserve-unknown-fields: true + clientProfiles: + x-kubernetes-preserve-unknown-fields: true + clientScopeMappings: additionalProperties: items: properties: - clientTemplate: - type: string - self: + client: type: string clientScope: type: string - client: + clientTemplate: type: string roles: items: type: string type: array + self: + type: string type: object type: array type: object - offlineSessionMaxLifespan: - type: integer - codeSecret: - type: string - offlineSessionIdleTimeout: - type: integer - quickLoginCheckMilliSeconds: - type: integer - privateKey: - type: string - webAuthnPolicyRpEntityName: - type: string - emailTheme: - type: string - accessCodeLifespanLogin: - type: integer - passwordPolicy: - type: string - ssoSessionIdleTimeoutRememberMe: - type: integer - resetPasswordAllowed: - type: boolean - failureFactor: - type: integer - otpPolicyAlgorithm: - type: string - requiredActions: + clientScopes: items: properties: - providerId: - type: string - alias: - type: string - defaultAction: - type: boolean - priority: - type: integer - name: - type: string - enabled: - type: boolean - config: + attributes: additionalProperties: type: string type: object - type: object - type: array - actionTokenGeneratedByUserLifespan: - type: integer - clientAuthenticationFlow: - type: string - webAuthnPolicyAuthenticatorAttachment: - type: string - actionTokenGeneratedByAdminLifespan: - type: integer - id: - type: string - clientPolicies: - x-kubernetes-preserve-unknown-fields: true - webAuthnPolicyUserVerificationRequirement: - type: string - loginTheme: - type: string - requiredCredentials: - items: - type: string - type: array - webAuthnPolicyPasswordlessAttestationConveyancePreference: - type: string - directGrantFlow: - type: string - identityProviderMappers: - items: - properties: + description: + type: string id: type: string name: type: string - identityProviderMapper: - type: string - identityProviderAlias: + protocol: type: string - config: - additionalProperties: - type: string - type: object + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array type: object type: array - dockerAuthenticationFlow: - type: string - browserFlow: - type: string - bruteForceProtected: - type: boolean - displayNameHtml: - type: string - ssoSessionIdleTimeout: + clientSessionIdleTimeout: type: integer - browserSecurityHeaders: - additionalProperties: - type: string - type: object - eventsListeners: - items: - type: string - type: array - accessTokenLifespan: + clientSessionMaxLifespan: type: integer - applications: + clientTemplates: items: properties: - name: - type: string - claims: - properties: - picture: - type: boolean - gender: - type: boolean - phone: - type: boolean - website: - type: boolean - email: - type: boolean - profile: - type: boolean - address: - type: boolean - name: - type: boolean - username: - type: boolean - locale: - type: boolean + attributes: + additionalProperties: + type: string type: object - id: + bearerOnly: + type: boolean + consentRequired: + type: boolean + description: type: string + directAccessGrantsEnabled: + type: boolean frontchannelLogout: type: boolean - useTemplateConfig: + fullScopeAllowed: type: boolean - registrationAccessToken: + id: type: string - baseUrl: + implicitFlowEnabled: + type: boolean + name: type: string + protocol: + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array + publicClient: + type: boolean serviceAccountsEnabled: type: boolean - registeredNodes: + standardFlowEnabled: + type: boolean + type: object + type: array + clients: + items: + properties: + access: additionalProperties: - type: integer + type: boolean type: object - useTemplateMappers: - type: boolean - description: + adminUrl: type: string - publicClient: + alwaysDisplayInConsole: type: boolean - useTemplateScope: + attributes: + additionalProperties: + type: string + type: object + authenticationFlowBindingOverrides: + additionalProperties: + type: string + type: object + authorizationServicesEnabled: type: boolean authorizationSettings: properties: + allowRemoteResourceManagement: + type: boolean + clientId: + type: string + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string id: type: string - resources: + name: + type: string + policies: items: properties: - _id: + config: + additionalProperties: + type: string + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS type: string - uris: + description: + type: string + id: + type: string + logic: + enum: + - NEGATIVE + - POSITIVE + type: string + name: + type: string + owner: + type: string + policies: items: type: string type: array - attributes: - additionalProperties: - items: - type: string - type: array - type: object - displayName: - type: string - scopes: + resources: + items: + type: string + type: array + resourcesData: items: properties: - id: + _id: type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object displayName: type: string + icon_uri: + type: string name: type: string - iconUri: + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + type: string + type: array + scopesData: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: type: string type: object type: array - owner: - properties: - id: - type: string - name: - type: string - type: object - name: - type: string type: type: string - icon_uri: - type: string - ownerManagedAccess: - type: boolean type: object type: array - decisionStrategy: - enum: - - CONSENSUS - - UNANIMOUS - - AFFIRMATIVE - type: string - name: - type: string policyEnforcementMode: enum: - - PERMISSIVE - - ENFORCING - DISABLED + - ENFORCING + - PERMISSIVE type: string - scopes: + resources: items: properties: - id: - type: string - displayName: - type: string - name: - type: string - iconUri: + _id: type: string - type: object - type: array - policies: - items: - properties: - config: + attributes: additionalProperties: - type: string + items: + type: string + type: array type: object - id: - type: string - owner: + displayName: type: string - resources: - items: - type: string - type: array - policies: - items: - type: string - type: array - decisionStrategy: - enum: - - CONSENSUS - - UNANIMOUS - - AFFIRMATIVE + icon_uri: type: string - logic: - enum: - - POSITIVE - - NEGATIVE + name: type: string - resourcesData: + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: items: properties: - _id: - type: string - uris: - items: - type: string - type: array - attributes: - additionalProperties: - items: - type: string - type: array - type: object displayName: type: string - scopes: - items: - properties: - id: - type: string - displayName: - type: string - name: - type: string - iconUri: - type: string - type: object - type: array - owner: - properties: - id: - type: string - name: - type: string - type: object - name: - type: string - type: - type: string - icon_uri: + iconUri: type: string - ownerManagedAccess: - type: boolean - type: object - type: array - name: - type: string - type: - type: string - scopesData: - items: - properties: id: type: string - displayName: - type: string name: type: string - iconUri: - type: string type: object type: array - description: + type: type: string - scopes: + uris: items: type: string type: array type: object type: array - clientId: - type: string - allowRemoteResourceManagement: - type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array type: object - clientId: + baseUrl: type: string - enabled: + bearerOnly: type: boolean clientAuthenticatorType: type: string - surrogateAuthRequired: + clientId: + type: string + clientTemplate: + type: string + consentRequired: type: boolean - webOrigins: + defaultClientScopes: items: type: string type: array - authorizationServicesEnabled: - type: boolean - secret: - type: string - protocol: + defaultRoles: + items: + type: string + type: array + description: type: string + directAccessGrantsEnabled: + type: boolean + directGrantsOnly: + type: boolean + enabled: + type: boolean + frontchannelLogout: + type: boolean fullScopeAllowed: type: boolean - nodeReRegistrationTimeout: - type: integer - clientTemplate: + id: type: string - access: - additionalProperties: - type: boolean - type: object - alwaysDisplayInConsole: + implicitFlowEnabled: type: boolean - rootUrl: + name: type: string - oauth2DeviceAuthorizationGrantEnabled: - type: boolean - standardFlowEnabled: - type: boolean + nodeReRegistrationTimeout: + type: integer + notBefore: + type: integer optionalClientScopes: items: type: string type: array - consentRequired: - type: boolean - authenticationFlowBindingOverrides: - additionalProperties: - type: string - type: object - bearerOnly: - type: boolean - defaultClientScopes: - items: - type: string - type: array - adminUrl: + origin: + type: string + protocol: type: string protocolMappers: items: properties: - protocol: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: type: string id: type: string name: type: string - protocolMapper: + protocol: type: string - consentText: + protocolMapper: type: string - consentRequired: - type: boolean - config: - additionalProperties: - type: string - type: object type: object type: array - notBefore: - type: integer - directGrantsOnly: + publicClient: type: boolean - defaultRoles: + redirectUris: items: type: string type: array - directAccessGrantsEnabled: - type: boolean - implicitFlowEnabled: - type: boolean - origin: - type: string - attributes: + registeredNodes: additionalProperties: - type: string + type: integer type: object - redirectUris: - items: - type: string - type: array - type: object - type: array - otpPolicyCodeReusable: - type: boolean - clientProfiles: - x-kubernetes-preserve-unknown-fields: true - userFederationMappers: - items: - properties: - id: + registrationAccessToken: type: string - federationProviderDisplayName: + rootUrl: type: string - federationMapperType: + secret: type: string - name: + serviceAccountsEnabled: + type: boolean + standardFlowEnabled: + type: boolean + surrogateAuthRequired: + type: boolean + type: type: string - config: - additionalProperties: + useTemplateConfig: + type: boolean + useTemplateMappers: + type: boolean + useTemplateScope: + type: boolean + webOrigins: + items: type: string - type: object + type: array type: object type: array - enabledEventTypes: - items: - type: string - type: array - otpPolicyLookAheadWindow: - type: integer - displayName: + codeSecret: type: string - eventsEnabled: - type: boolean - clientSessionMaxLifespan: - type: integer - roles: - properties: - application: - additionalProperties: - items: - properties: - attributes: - additionalProperties: - items: - type: string - type: array - type: object - id: - type: string - clientRole: - type: boolean - name: - type: string - description: + components: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: type: string - scopeParamRequired: - type: boolean - composites: + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: properties: - realm: - items: - type: string - type: array - application: + config: additionalProperties: items: type: string type: array type: object - client: + id: + type: string + name: + type: string + providerId: + type: string + subComponents: additionalProperties: items: - type: string + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object type: array type: object + subType: + type: string type: object - containerId: - type: string - composite: - type: boolean + type: array type: object - type: array + subType: + type: string type: object - client: + type: array + type: object + defaultDefaultClientScopes: + items: + type: string + type: array + defaultGroups: + items: + type: string + type: array + defaultLocale: + type: string + defaultOptionalClientScopes: + items: + type: string + type: array + defaultRole: + properties: + attributes: additionalProperties: items: - properties: - attributes: - additionalProperties: - items: - type: string - type: array - type: object - id: - type: string - clientRole: - type: boolean - name: - type: string - description: + type: string + type: array + type: object + clientRole: + type: boolean + composite: + type: boolean + composites: + properties: + application: + additionalProperties: + items: type: string - scopeParamRequired: - type: boolean - composites: - properties: - realm: - items: - type: string - type: array - application: - additionalProperties: - items: - type: string - type: array - type: object - client: - additionalProperties: - items: - type: string - type: array - type: object - type: object - containerId: + type: array + type: object + client: + additionalProperties: + items: type: string - composite: - type: boolean + type: array type: object - type: array - type: object - realm: - items: - properties: - attributes: - additionalProperties: - items: - type: string - type: array - type: object - id: - type: string - clientRole: - type: boolean - name: + realm: + items: type: string - description: - type: string - scopeParamRequired: - type: boolean - composites: - properties: - realm: - items: - type: string - type: array - application: - additionalProperties: - items: - type: string - type: array - type: object - client: - additionalProperties: - items: - type: string - type: array - type: object - type: object - containerId: - type: string - composite: - type: boolean - type: object - type: array + type: array + type: object + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + scopeParamRequired: + type: boolean type: object - groups: + defaultRoles: + items: + type: string + type: array + defaultSignatureAlgorithm: + type: string + directGrantFlow: + type: string + displayName: + type: string + displayNameHtml: + type: string + dockerAuthenticationFlow: + type: string + duplicateEmailsAllowed: + type: boolean + editUsernameAllowed: + type: boolean + emailTheme: + type: string + enabled: + type: boolean + enabledEventTypes: + items: + type: string + type: array + eventsEnabled: + type: boolean + eventsExpiration: + type: integer + eventsListeners: + items: + type: string + type: array + failureFactor: + type: integer + federatedUsers: items: properties: - attributes: + access: + additionalProperties: + type: boolean + type: object + applicationRoles: additionalProperties: items: type: string type: array type: object - id: - type: string - access: + attributes: additionalProperties: - type: boolean + items: + type: string + type: array type: object - realmRoles: + clientConsents: items: - type: string + properties: + clientId: + type: string + createdDate: + type: integer + grantedClientScopes: + items: + type: string + type: array + grantedRealmRoles: + items: + type: string + type: array + lastUpdatedDate: + type: integer + type: object type: array - path: - type: string clientRoles: additionalProperties: items: type: string type: array type: object - name: - type: string - subGroups: + createdTimestamp: + type: integer + credentials: items: properties: - attributes: + algorithm: + type: string + config: additionalProperties: items: type: string type: array type: object + counter: + type: integer + createdDate: + type: integer + credentialData: + type: string + device: + type: string + digits: + type: integer + hashIterations: + type: integer + hashedSaltedValue: + type: string id: type: string - access: - additionalProperties: - type: boolean - type: object - realmRoles: - items: - type: string - type: array - path: + period: + type: integer + priority: + type: integer + salt: type: string - clientRoles: - additionalProperties: - items: - type: string - type: array - type: object - name: + secretData: + type: string + temporary: + type: boolean + type: + type: string + userLabel: + type: string + value: type: string type: object type: array - type: object - type: array - webAuthnPolicyCreateTimeout: - type: integer - webAuthnPolicyAttestationConveyancePreference: - type: string - clientOfflineSessionIdleTimeout: - type: integer - notBefore: - type: integer - webAuthnPolicyPasswordlessRpEntityName: - type: string - verifyEmail: - type: boolean - clientScopeMappings: - additionalProperties: - items: - properties: - clientTemplate: - type: string - self: - type: string - clientScope: - type: string - client: + disableableCredentialTypes: + items: type: string - roles: - items: - type: string - type: array - type: object - type: array - type: object - identityProviders: - items: - properties: - storeToken: - type: boolean - trustEmail: - type: boolean - updateProfileFirstLoginMode: + type: array + email: type: string - authenticateByDefault: + emailVerified: type: boolean - displayName: - type: string - providerId: - type: string - linkOnly: + enabled: type: boolean - postBrokerLoginFlowAlias: + federatedIdentities: + items: + properties: + identityProvider: + type: string + userId: + type: string + userName: + type: string + type: object + type: array + federationLink: type: string - alias: + firstName: type: string - enabled: - type: boolean - firstBrokerLoginFlowAlias: + groups: + items: + type: string + type: array + id: type: string - internalId: + lastName: type: string - addReadTokenRoleOnCreate: - type: boolean - config: - additionalProperties: + notBefore: + type: integer + origin: + type: string + realmRoles: + items: type: string - type: object - type: object - type: array - resetCredentialsFlow: - type: string - duplicateEmailsAllowed: - type: boolean - maxDeltaTimeSeconds: - type: integer - offlineSessionMaxLifespanEnabled: - type: boolean - realmCacheEnabled: - type: boolean - attributes: - additionalProperties: - type: string - type: object - adminTheme: - type: string - loginWithEmailAllowed: - type: boolean - otpSupportedApplications: - items: - type: string - type: array - clientOfflineSessionMaxLifespan: - type: integer - userFederationProviders: - items: - properties: - id: - type: string - providerName: + type: array + requiredActions: + items: + type: string + type: array + self: type: string - displayName: + serviceAccountClientId: type: string - priority: - type: integer - fullSyncPeriod: - type: integer - lastSync: - type: integer - changedSyncPeriod: - type: integer - config: - additionalProperties: - type: string + socialLinks: + items: + properties: + socialProvider: + type: string + socialUserId: + type: string + socialUsername: + type: string + type: object + type: array + totp: + type: boolean + userProfileMetadata: + properties: + attributes: + items: + properties: + annotations: + additionalProperties: + type: object + type: object + displayName: + type: string + group: + type: string + multivalued: + type: boolean + name: + type: string + readOnly: + type: boolean + required: + type: boolean + validators: + additionalProperties: + additionalProperties: + type: object + type: object + type: object + type: object + type: array + groups: + items: + properties: + annotations: + additionalProperties: + type: object + type: object + displayDescription: + type: string + displayHeader: + type: string + name: + type: string + type: object + type: array type: object + username: + type: string type: object type: array - internationalizationEnabled: - type: boolean - permanentLockout: - type: boolean - userManagedAccessAllowed: - type: boolean - smtpServer: - additionalProperties: - type: string - type: object - otpPolicyDigits: - type: integer - webAuthnPolicyPasswordlessSignatureAlgorithms: - items: - type: string - type: array - socialProviders: - additionalProperties: - type: string - type: object - otpPolicyInitialCounter: - type: integer - defaultSignatureAlgorithm: - type: string - refreshTokenMaxReuse: - type: integer - revokeRefreshToken: - type: boolean - accountTheme: - type: string - webAuthnPolicyPasswordlessAcceptableAaguids: - items: - type: string - type: array - webAuthnPolicyPasswordlessAuthenticatorAttachment: + firstBrokerLoginFlow: type: string - supportedLocales: - items: - type: string - type: array - defaultDefaultClientScopes: - items: - type: string - type: array - authenticatorConfig: + groups: items: properties: - id: - type: string - alias: - type: string - config: + access: additionalProperties: - type: string + type: boolean type: object - type: object - type: array - webAuthnPolicyPasswordlessRpId: - type: string - scopeMappings: - items: - properties: - clientTemplate: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: type: string - self: + name: type: string - clientScope: + parentId: type: string - client: + path: type: string - roles: + realmRoles: items: type: string type: array - type: object - type: array - clientScopes: - items: - properties: - protocol: - type: string - id: - type: string - protocolMappers: + subGroupCount: + type: integer + subGroups: items: properties: - protocol: - type: string + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object id: type: string name: type: string - protocolMapper: + parentId: type: string - consentText: + path: type: string - consentRequired: - type: boolean - config: - additionalProperties: + realmRoles: + items: type: string - type: object + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array type: object type: array - name: - type: string - description: - type: string - attributes: - additionalProperties: - type: string - type: object type: object type: array - oauth2DevicePollingInterval: - type: integer - eventsExpiration: - type: integer - certificate: + id: type: string - defaultRole: - properties: - attributes: - additionalProperties: - items: - type: string - type: array - type: object - id: - type: string - clientRole: - type: boolean - name: - type: string - description: - type: string - scopeParamRequired: - type: boolean - composites: - properties: - realm: - items: - type: string - type: array - application: - additionalProperties: - items: - type: string - type: array - type: object - client: - additionalProperties: - items: - type: string - type: array - type: object - type: object - containerId: - type: string - composite: - type: boolean - type: object - defaultOptionalClientScopes: + identityProviderMappers: items: - type: string + properties: + config: + additionalProperties: + type: string + type: object + id: + type: string + identityProviderAlias: + type: string + identityProviderMapper: + type: string + name: + type: string + type: object type: array - editUsernameAllowed: - type: boolean - defaultLocale: - type: string - webAuthnPolicyRequireResidentKey: - type: string - oauthClients: + identityProviders: items: properties: - name: + addReadTokenRoleOnCreate: + type: boolean + alias: type: string - claims: - properties: - picture: - type: boolean - gender: - type: boolean - phone: - type: boolean - website: - type: boolean - email: - type: boolean - profile: - type: boolean - address: - type: boolean - name: - type: boolean - username: - type: boolean - locale: - type: boolean + authenticateByDefault: + type: boolean + config: + additionalProperties: + type: string type: object - id: + displayName: type: string - frontchannelLogout: + enabled: type: boolean - useTemplateConfig: + firstBrokerLoginFlowAlias: + type: string + internalId: + type: string + linkOnly: type: boolean - registrationAccessToken: + postBrokerLoginFlowAlias: type: string - baseUrl: + providerId: type: string - serviceAccountsEnabled: + storeToken: type: boolean - registeredNodes: + trustEmail: + type: boolean + updateProfileFirstLoginMode: + type: string + type: object + type: array + internationalizationEnabled: + type: boolean + keycloakVersion: + type: string + localizationTexts: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + loginTheme: + type: string + loginWithEmailAllowed: + type: boolean + maxDeltaTimeSeconds: + type: integer + maxFailureWaitSeconds: + type: integer + maxTemporaryLockouts: + type: integer + minimumQuickLoginWaitSeconds: + type: integer + notBefore: + type: integer + oauth2DeviceCodeLifespan: + type: integer + oauth2DevicePollingInterval: + type: integer + oauthClients: + items: + properties: + access: additionalProperties: - type: integer + type: boolean type: object - useTemplateMappers: - type: boolean - description: + adminUrl: type: string - publicClient: + alwaysDisplayInConsole: type: boolean - useTemplateScope: + attributes: + additionalProperties: + type: string + type: object + authenticationFlowBindingOverrides: + additionalProperties: + type: string + type: object + authorizationServicesEnabled: type: boolean authorizationSettings: properties: - id: + allowRemoteResourceManagement: + type: boolean + clientId: type: string - resources: - items: - properties: - _id: - type: string - uris: - items: - type: string - type: array - attributes: - additionalProperties: - items: - type: string - type: array - type: object - displayName: - type: string - scopes: - items: - properties: - id: - type: string - displayName: - type: string - name: - type: string - iconUri: - type: string - type: object - type: array - owner: - properties: - id: - type: string - name: - type: string - type: object - name: - type: string - type: - type: string - icon_uri: - type: string - ownerManagedAccess: - type: boolean - type: object - type: array decisionStrategy: enum: + - AFFIRMATIVE - CONSENSUS - UNANIMOUS - - AFFIRMATIVE type: string - name: + id: type: string - policyEnforcementMode: - enum: - - PERMISSIVE - - ENFORCING - - DISABLED + name: type: string - scopes: - items: - properties: - id: - type: string - displayName: - type: string - name: - type: string - iconUri: - type: string - type: object - type: array policies: items: properties: @@ -1589,38 +1946,38 @@ spec: additionalProperties: type: string type: object - id: - type: string - owner: - type: string - resources: - items: - type: string - type: array - policies: - items: - type: string - type: array decisionStrategy: enum: + - AFFIRMATIVE - CONSENSUS - UNANIMOUS - - AFFIRMATIVE + type: string + description: + type: string + id: type: string logic: enum: - - POSITIVE - NEGATIVE + - POSITIVE + type: string + name: + type: string + owner: type: string + policies: + items: + type: string + type: array + resources: + items: + type: string + type: array resourcesData: items: properties: _id: type: string - uris: - items: - type: string - type: array attributes: additionalProperties: items: @@ -1629,604 +1986,1160 @@ spec: type: object displayName: type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean scopes: items: properties: - id: - type: string displayName: type: string - name: - type: string iconUri: type: string + id: + type: string + name: + type: string type: object type: array - owner: - properties: - id: - type: string - name: - type: string - type: object - name: - type: string type: type: string - icon_uri: - type: string - ownerManagedAccess: - type: boolean + uris: + items: + type: string + type: array type: object type: array - name: - type: string - type: - type: string + scopes: + items: + type: string + type: array scopesData: items: properties: - id: - type: string displayName: type: string + iconUri: + type: string + id: + type: string name: type: string + type: object + type: array + type: + type: string + type: object + type: array + policyEnforcementMode: + enum: + - DISABLED + - ENFORCING + - PERMISSIVE + type: string + resources: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string iconUri: type: string + id: + type: string + name: + type: string type: object type: array - description: + type: type: string - scopes: + uris: items: type: string type: array type: object type: array - clientId: - type: string - allowRemoteResourceManagement: - type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array type: object - clientId: + baseUrl: type: string - enabled: + bearerOnly: type: boolean + claims: + properties: + address: + type: boolean + email: + type: boolean + gender: + type: boolean + locale: + type: boolean + name: + type: boolean + phone: + type: boolean + picture: + type: boolean + profile: + type: boolean + username: + type: boolean + website: + type: boolean + type: object clientAuthenticatorType: type: string - surrogateAuthRequired: + clientId: + type: string + clientTemplate: + type: string + consentRequired: type: boolean - webOrigins: + defaultClientScopes: items: type: string type: array - authorizationServicesEnabled: - type: boolean - secret: - type: string - protocol: + defaultRoles: + items: + type: string + type: array + description: type: string - fullScopeAllowed: + directAccessGrantsEnabled: type: boolean - nodeReRegistrationTimeout: - type: integer - clientTemplate: - type: string - access: - additionalProperties: - type: boolean - type: object - alwaysDisplayInConsole: + directGrantsOnly: type: boolean - rootUrl: - type: string - oauth2DeviceAuthorizationGrantEnabled: + enabled: type: boolean - standardFlowEnabled: + frontchannelLogout: type: boolean - optionalClientScopes: - items: - type: string - type: array - consentRequired: + fullScopeAllowed: type: boolean - authenticationFlowBindingOverrides: - additionalProperties: - type: string - type: object - bearerOnly: + id: + type: string + implicitFlowEnabled: type: boolean - defaultClientScopes: + name: + type: string + nodeReRegistrationTimeout: + type: integer + notBefore: + type: integer + optionalClientScopes: items: type: string type: array - adminUrl: + origin: + type: string + protocol: type: string protocolMappers: items: properties: - protocol: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: type: string id: type: string name: type: string - protocolMapper: + protocol: type: string - consentText: + protocolMapper: type: string - consentRequired: - type: boolean - config: - additionalProperties: - type: string - type: object type: object type: array - notBefore: - type: integer - directGrantsOnly: + publicClient: type: boolean - defaultRoles: + redirectUris: items: type: string type: array - directAccessGrantsEnabled: + registeredNodes: + additionalProperties: + type: integer + type: object + registrationAccessToken: + type: string + rootUrl: + type: string + secret: + type: string + serviceAccountsEnabled: type: boolean - implicitFlowEnabled: + standardFlowEnabled: type: boolean - origin: + surrogateAuthRequired: + type: boolean + type: type: string - attributes: - additionalProperties: - type: string - type: object - redirectUris: + useTemplateConfig: + type: boolean + useTemplateMappers: + type: boolean + useTemplateScope: + type: boolean + webOrigins: items: type: string type: array type: object type: array - adminEventsDetailsEnabled: - type: boolean - ssoSessionMaxLifespan: - type: integer - accessCodeLifespanUserAction: - type: integer - registrationAllowed: - type: boolean - social: - type: boolean - accessTokenLifespanForImplicitFlow: - type: integer - rememberMe: - type: boolean - maxFailureWaitSeconds: - type: integer - defaultRoles: - items: - type: string - type: array - otpPolicyType: - type: string - otpPolicyPeriod: - type: integer - accessCodeLifespan: + offlineSessionIdleTimeout: type: integer - minimumQuickLoginWaitSeconds: + offlineSessionMaxLifespan: type: integer - webAuthnPolicyAcceptableAaguids: - items: - type: string - type: array - updateProfileOnInitialSocialLogin: + offlineSessionMaxLifespanEnabled: type: boolean - clientSessionIdleTimeout: - type: integer - webAuthnPolicyPasswordlessRequireResidentKey: - type: string - waitIncrementSeconds: - type: integer - protocolMappers: - items: - properties: - protocol: - type: string - id: - type: string - name: - type: string - protocolMapper: - type: string - consentText: - type: string - consentRequired: - type: boolean - config: - additionalProperties: - type: string - type: object - type: object - type: array - clients: + organizations: items: properties: - id: - type: string - frontchannelLogout: - type: boolean - useTemplateConfig: - type: boolean - registrationAccessToken: - type: string - baseUrl: - type: string - serviceAccountsEnabled: - type: boolean - registeredNodes: + attributes: additionalProperties: - type: integer + items: + type: string + type: array type: object - useTemplateMappers: - type: boolean description: type: string - publicClient: - type: boolean - useTemplateScope: + domains: + items: + properties: + name: + type: string + verified: + type: boolean + type: object + type: array + enabled: type: boolean - authorizationSettings: - properties: - id: - type: string - resources: - items: - properties: - _id: + id: + type: string + identityProviders: + items: + properties: + addReadTokenRoleOnCreate: + type: boolean + alias: + type: string + authenticateByDefault: + type: boolean + config: + additionalProperties: + type: string + type: object + displayName: + type: string + enabled: + type: boolean + firstBrokerLoginFlowAlias: + type: string + internalId: + type: string + linkOnly: + type: boolean + postBrokerLoginFlowAlias: + type: string + providerId: + type: string + storeToken: + type: boolean + trustEmail: + type: boolean + updateProfileFirstLoginMode: + type: string + type: object + type: array + members: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + applicationRoles: + additionalProperties: + items: type: string - uris: - items: + type: array + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientConsents: + items: + properties: + clientId: type: string - type: array - attributes: - additionalProperties: + createdDate: + type: integer + grantedClientScopes: items: type: string type: array - type: object - displayName: + grantedRealmRoles: + items: + type: string + type: array + lastUpdatedDate: + type: integer + type: object + type: array + clientRoles: + additionalProperties: + items: type: string - scopes: + type: array + type: object + createdTimestamp: + type: integer + credentials: + items: + properties: + algorithm: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + counter: + type: integer + createdDate: + type: integer + credentialData: + type: string + device: + type: string + digits: + type: integer + hashIterations: + type: integer + hashedSaltedValue: + type: string + id: + type: string + period: + type: integer + priority: + type: integer + salt: + type: string + secretData: + type: string + temporary: + type: boolean + type: + type: string + userLabel: + type: string + value: + type: string + type: object + type: array + disableableCredentialTypes: + items: + type: string + type: array + email: + type: string + emailVerified: + type: boolean + enabled: + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + type: string + userId: + type: string + userName: + type: string + type: object + type: array + federationLink: + type: string + firstName: + type: string + groups: + items: + type: string + type: array + id: + type: string + lastName: + type: string + notBefore: + type: integer + origin: + type: string + realmRoles: + items: + type: string + type: array + requiredActions: + items: + type: string + type: array + self: + type: string + serviceAccountClientId: + type: string + socialLinks: + items: + properties: + socialProvider: + type: string + socialUserId: + type: string + socialUsername: + type: string + type: object + type: array + totp: + type: boolean + userProfileMetadata: + properties: + attributes: items: properties: - id: - type: string + annotations: + additionalProperties: + type: object + type: object displayName: type: string - name: - type: string - iconUri: + group: type: string - type: object - type: array - owner: - properties: - id: - type: string - name: - type: string - type: object - name: - type: string - type: - type: string - icon_uri: - type: string - ownerManagedAccess: - type: boolean - type: object - type: array - decisionStrategy: - enum: - - CONSENSUS - - UNANIMOUS - - AFFIRMATIVE - type: string - name: - type: string - policyEnforcementMode: - enum: - - PERMISSIVE - - ENFORCING - - DISABLED - type: string - scopes: - items: - properties: - id: - type: string - displayName: - type: string - name: - type: string - iconUri: - type: string - type: object - type: array - policies: - items: - properties: - config: - additionalProperties: - type: string - type: object - id: - type: string - owner: - type: string - resources: - items: - type: string - type: array - policies: - items: - type: string - type: array - decisionStrategy: - enum: - - CONSENSUS - - UNANIMOUS - - AFFIRMATIVE - type: string - logic: - enum: - - POSITIVE - - NEGATIVE - type: string - resourcesData: - items: - properties: - _id: + multivalued: + type: boolean + name: type: string - uris: - items: - type: string - type: array - attributes: + readOnly: + type: boolean + required: + type: boolean + validators: additionalProperties: - items: - type: string - type: array - type: object - displayName: - type: string - scopes: - items: - properties: - id: - type: string - displayName: - type: string - name: - type: string - iconUri: - type: string + additionalProperties: + type: object type: object - type: array - owner: - properties: - id: - type: string - name: - type: string type: object - name: - type: string - type: - type: string - icon_uri: - type: string - ownerManagedAccess: - type: boolean type: object type: array - name: - type: string - type: - type: string - scopesData: + groups: items: properties: - id: + annotations: + additionalProperties: + type: object + type: object + displayDescription: type: string - displayName: + displayHeader: type: string name: type: string - iconUri: - type: string type: object type: array - description: - type: string - scopes: - items: - type: string - type: array type: object - type: array - clientId: - type: string - allowRemoteResourceManagement: - type: boolean + username: + type: string + type: object + type: array + name: + type: string + type: object + type: array + organizationsEnabled: + type: boolean + otpPolicyAlgorithm: + type: string + otpPolicyCodeReusable: + type: boolean + otpPolicyDigits: + type: integer + otpPolicyInitialCounter: + type: integer + otpPolicyLookAheadWindow: + type: integer + otpPolicyPeriod: + type: integer + otpPolicyType: + type: string + otpSupportedApplications: + items: + type: string + type: array + passwordCredentialGrantAllowed: + type: boolean + passwordPolicy: + type: string + permanentLockout: + type: boolean + privateKey: + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string type: object - clientId: + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array + publicKey: + type: string + quickLoginCheckMilliSeconds: + type: integer + realm: + type: string + realmCacheEnabled: + type: boolean + refreshTokenMaxReuse: + type: integer + registrationAllowed: + type: boolean + registrationEmailAsUsername: + type: boolean + registrationFlow: + type: string + rememberMe: + type: boolean + requiredActions: + items: + properties: + alias: + type: string + config: + additionalProperties: + type: string + type: object + defaultAction: + type: boolean + enabled: + type: boolean + name: + type: string + priority: + type: integer + providerId: + type: string + type: object + type: array + requiredCredentials: + items: + type: string + type: array + resetCredentialsFlow: + type: string + resetPasswordAllowed: + type: boolean + revokeRefreshToken: + type: boolean + roles: + properties: + application: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRole: + type: boolean + composite: + type: boolean + composites: + properties: + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + realm: + items: + type: string + type: array + type: object + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + scopeParamRequired: + type: boolean + type: object + type: array + type: object + client: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRole: + type: boolean + composite: + type: boolean + composites: + properties: + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + realm: + items: + type: string + type: array + type: object + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + scopeParamRequired: + type: boolean + type: object + type: array + type: object + realm: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRole: + type: boolean + composite: + type: boolean + composites: + properties: + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + realm: + items: + type: string + type: array + type: object + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + scopeParamRequired: + type: boolean + type: object + type: array + type: object + scopeMappings: + items: + properties: + client: + type: string + clientScope: + type: string + clientTemplate: + type: string + roles: + items: + type: string + type: array + self: + type: string + type: object + type: array + smtpServer: + additionalProperties: + type: string + type: object + social: + type: boolean + socialProviders: + additionalProperties: + type: string + type: object + sslRequired: + type: string + ssoSessionIdleTimeout: + type: integer + ssoSessionIdleTimeoutRememberMe: + type: integer + ssoSessionMaxLifespan: + type: integer + ssoSessionMaxLifespanRememberMe: + type: integer + supportedLocales: + items: + type: string + type: array + updateProfileOnInitialSocialLogin: + type: boolean + userCacheEnabled: + type: boolean + userFederationMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + federationMapperType: + type: string + federationProviderDisplayName: + type: string + id: + type: string + name: + type: string + type: object + type: array + userFederationProviders: + items: + properties: + changedSyncPeriod: + type: integer + config: + additionalProperties: + type: string + type: object + displayName: + type: string + fullSyncPeriod: + type: integer + id: + type: string + lastSync: + type: integer + priority: + type: integer + providerName: + type: string + type: object + type: array + userManagedAccessAllowed: + type: boolean + users: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientConsents: + items: + properties: + clientId: + type: string + createdDate: + type: integer + grantedClientScopes: + items: + type: string + type: array + grantedRealmRoles: + items: + type: string + type: array + lastUpdatedDate: + type: integer + type: object + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + createdTimestamp: + type: integer + credentials: + items: + properties: + algorithm: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + counter: + type: integer + createdDate: + type: integer + credentialData: + type: string + device: + type: string + digits: + type: integer + hashIterations: + type: integer + hashedSaltedValue: + type: string + id: + type: string + period: + type: integer + priority: + type: integer + salt: + type: string + secretData: + type: string + temporary: + type: boolean + type: + type: string + userLabel: + type: string + value: + type: string + type: object + type: array + disableableCredentialTypes: + items: + type: string + type: array + email: type: string + emailVerified: + type: boolean enabled: type: boolean - clientAuthenticatorType: + federatedIdentities: + items: + properties: + identityProvider: + type: string + userId: + type: string + userName: + type: string + type: object + type: array + federationLink: type: string - name: + firstName: type: string - surrogateAuthRequired: - type: boolean - webOrigins: + groups: items: type: string type: array - authorizationServicesEnabled: - type: boolean - secret: + id: type: string - protocol: + lastName: type: string - fullScopeAllowed: - type: boolean - nodeReRegistrationTimeout: + notBefore: type: integer - clientTemplate: - type: string - access: - additionalProperties: - type: boolean - type: object - alwaysDisplayInConsole: - type: boolean - rootUrl: + origin: type: string - oauth2DeviceAuthorizationGrantEnabled: - type: boolean - standardFlowEnabled: - type: boolean - optionalClientScopes: + realmRoles: items: type: string type: array - consentRequired: - type: boolean - authenticationFlowBindingOverrides: - additionalProperties: - type: string - type: object - bearerOnly: - type: boolean - defaultClientScopes: + requiredActions: items: type: string type: array - adminUrl: + self: type: string - protocolMappers: + serviceAccountClientId: + type: string + socialLinks: items: properties: - protocol: - type: string - id: - type: string - name: + socialProvider: type: string - protocolMapper: + socialUserId: type: string - consentText: + socialUsername: type: string - consentRequired: - type: boolean - config: - additionalProperties: - type: string - type: object type: object type: array - notBefore: - type: integer - directGrantsOnly: - type: boolean - defaultRoles: - items: - type: string - type: array - directAccessGrantsEnabled: - type: boolean - implicitFlowEnabled: + totp: type: boolean - origin: - type: string - attributes: - additionalProperties: - type: string - type: object - redirectUris: - items: - type: string - type: array - type: object - type: array - components: - additionalProperties: - items: - properties: - id: - type: string - providerId: - type: string - subType: - type: string - subComponents: - additionalProperties: + userProfileMetadata: + properties: + attributes: items: properties: - id: - type: string - providerId: + annotations: + additionalProperties: + type: object + type: object + displayName: type: string - subType: + group: type: string + multivalued: + type: boolean name: type: string - config: + readOnly: + type: boolean + required: + type: boolean + validators: additionalProperties: - items: - type: string - type: array + additionalProperties: + type: object + type: object type: object type: object type: array - type: object - name: - type: string - config: - additionalProperties: + groups: items: - type: string + properties: + annotations: + additionalProperties: + type: object + type: object + displayDescription: + type: string + displayHeader: + type: string + name: + type: string + type: object type: array - type: object - type: object - type: array - type: object - passwordCredentialGrantAllowed: + type: object + username: + type: string + type: object + type: array + verifyEmail: type: boolean - userCacheEnabled: + waitIncrementSeconds: + type: integer + webAuthnPolicyAcceptableAaguids: + items: + type: string + type: array + webAuthnPolicyAttestationConveyancePreference: + type: string + webAuthnPolicyAuthenticatorAttachment: + type: string + webAuthnPolicyAvoidSameAuthenticatorRegister: + type: boolean + webAuthnPolicyCreateTimeout: + type: integer + webAuthnPolicyExtraOrigins: + items: + type: string + type: array + webAuthnPolicyPasswordlessAcceptableAaguids: + items: + type: string + type: array + webAuthnPolicyPasswordlessAttestationConveyancePreference: + type: string + webAuthnPolicyPasswordlessAuthenticatorAttachment: + type: string + webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: type: boolean + webAuthnPolicyPasswordlessCreateTimeout: + type: integer + webAuthnPolicyPasswordlessExtraOrigins: + items: + type: string + type: array + webAuthnPolicyPasswordlessRequireResidentKey: + type: string + webAuthnPolicyPasswordlessRpEntityName: + type: string + webAuthnPolicyPasswordlessRpId: + type: string + webAuthnPolicyPasswordlessSignatureAlgorithms: + items: + type: string + type: array + webAuthnPolicyPasswordlessUserVerificationRequirement: + type: string + webAuthnPolicyRequireResidentKey: + type: string + webAuthnPolicyRpEntityName: + type: string + webAuthnPolicyRpId: + type: string + webAuthnPolicySignatureAlgorithms: + items: + type: string + type: array + webAuthnPolicyUserVerificationRequirement: + type: string + type: object + resources: + description: "Compute Resources required by Keycloak container. If\ + \ not specified, the value is inherited from the Keycloak CR." + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object type: object + required: + - keycloakCRName + - realm type: object status: properties: conditions: items: properties: - status: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true lastTransitionTime: type: string + message: + type: string observedGeneration: type: integer - type: + status: type: string - message: + type: type: string type: object type: array diff --git a/charts/keycloak-operator/crds/keycloaks.k8s.keycloak.org-v1.yml b/charts/keycloak-operator/crds/keycloaks.k8s.keycloak.org-v1.yml index f64ce8846..8e6ae1e90 100644 --- a/charts/keycloak-operator/crds/keycloaks.k8s.keycloak.org-v1.yml +++ b/charts/keycloak-operator/crds/keycloaks.k8s.keycloak.org-v1.yml @@ -19,59 +19,275 @@ spec: properties: spec: properties: - instances: - description: Number of Keycloak instances in HA mode. Default is 1. - type: integer - transaction: + additionalOptions: + description: |- + Configuration of the Keycloak server. + expressed as a keys (reference: https://www.keycloak.org/server/all-config) and values that can be either direct values or references to secrets. + items: + properties: + name: + type: string + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + value: + type: string + type: object + type: array + cache: + description: In this section you can configure Keycloak's cache + properties: + configMapFile: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + type: object + db: description: In this section you can find all properties related to - the settings of transaction behavior. + connect to a database. properties: - xaEnabled: - description: Determine whether Keycloak should use a non-XA datasource - in case the database does not support XA transactions. + database: + description: "Sets the database name of the default JDBC URL of\ + \ the chosen vendor. If the `url` option is set, this option\ + \ is ignored." + type: string + host: + description: "Sets the hostname of the default JDBC URL of the\ + \ chosen vendor. If the `url` option is set, this option is\ + \ ignored." + type: string + passwordSecret: + description: The reference to a secret holding the password of + the database user. + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + poolInitialSize: + description: The initial size of the connection pool. + type: integer + poolMaxSize: + description: The maximum size of the connection pool. + type: integer + poolMinSize: + description: The minimal size of the connection pool. + type: integer + port: + description: "Sets the port of the default JDBC URL of the chosen\ + \ vendor. If the `url` option is set, this option is ignored." + type: integer + schema: + description: The database schema to be used. + type: string + url: + description: "The full database JDBC URL. If not provided, a default\ + \ URL is set based on the selected database vendor. For instance,\ + \ if using 'postgres', the default JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. " + type: string + usernameSecret: + description: The reference to a secret holding the username of + the database user. + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + vendor: + description: The database vendor. + type: string + type: object + features: + description: "In this section you can configure Keycloak features,\ + \ which should be enabled/disabled." + properties: + disabled: + description: Disabled Keycloak features + items: + type: string + type: array + enabled: + description: Enabled Keycloak features + items: + type: string + type: array + type: object + hostname: + description: In this section you can configure Keycloak hostname and + related properties. + properties: + admin: + description: The hostname for accessing the administration console. + Applicable for Hostname v1 and v2. + type: string + adminUrl: + description: "DEPRECATED. Sets the base URL for accessing the\ + \ administration console, including scheme, host, port and path.\ + \ Applicable for Hostname v1." + type: string + backchannelDynamic: + description: "Enables dynamic resolving of backchannel URLs, including\ + \ hostname, scheme, port and context path. Set to true if your\ + \ application accesses Keycloak via a private network. Applicable\ + \ for Hostname v2." + type: boolean + hostname: + description: Hostname for the Keycloak server. Applicable for + Hostname v1 and v2. + type: string + strict: + description: Disables dynamically resolving the hostname from + request headers. Applicable for Hostname v1 and v2. + type: boolean + strictBackchannel: + description: DEPRECATED. By default backchannel URLs are dynamically + resolved from request headers to allow internal and external + applications. Applicable for Hostname v1. type: boolean type: object http: description: In this section you can configure Keycloak features related to HTTP and HTTPS properties: + httpEnabled: + description: Enables the HTTP listener. + type: boolean httpPort: description: The used HTTP port. type: integer + httpsPort: + description: The used HTTPS port. + type: integer tlsSecret: description: "A secret containing the TLS configuration for HTTPS.\ \ Reference: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets." type: string - httpsPort: - description: The used HTTPS port. + type: object + httpManagement: + description: In this section you can configure Keycloak's management + interface setting. + properties: + port: + description: Port of the management interface. type: integer - httpEnabled: - description: Enables the HTTP listener. - type: boolean type: object - hostname: - description: In this section you can configure Keycloak hostname and - related properties. + image: + description: Custom Keycloak image to be used. + type: string + imagePullSecrets: + description: Secret(s) that might be used when pulling an image from + a private container image registry or repository. + items: + properties: + name: + type: string + type: object + type: array + ingress: + description: |- + The deployment is, by default, exposed through a basic ingress. + You can change this behaviour by setting the enabled property to false. properties: - hostname: - description: Hostname for the Keycloak server. + annotations: + additionalProperties: + type: string + description: Additional annotations to be appended to the Ingress + object + type: object + className: type: string - strict: - description: Disables dynamically resolving the hostname from - request headers. - type: boolean - strictBackchannel: - description: By default backchannel URLs are dynamically resolved - from request headers to allow internal and external applications. + enabled: type: boolean - admin: - description: The hostname for accessing the administration console. - type: string - adminUrl: - description: "Set the base URL for accessing the administration\ - \ console, including scheme, host, port and path" + type: object + instances: + description: Number of Keycloak instances in HA mode. Default is 1. + type: integer + proxy: + description: In this section you can configure Keycloak's reverse + proxy setting + properties: + headers: + description: The proxy headers that should be accepted by the + server. Misconfiguration might leave the server exposed to security + vulnerabilities. type: string type: object + resources: + description: Compute Resources required by Keycloak container + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + startOptimized: + description: Set to force the behavior of the --optimized flag for + the start command. If left unspecified the operator will assume + custom images have already been augmented. + type: boolean + transaction: + description: In this section you can find all properties related to + the settings of transaction behavior. + properties: + xaEnabled: + description: Determine whether Keycloak should use a non-XA datasource + in case the database does not support XA transactions. + type: boolean + type: object + truststores: + additionalProperties: + properties: + name: + description: Not used. To be removed in later versions. + type: string + secret: + properties: + name: + type: string + optional: + type: boolean + required: + - name + type: object + required: + - secret + type: object + description: In this section you can configure Keycloak truststores. + type: object unsupported: description: |- In this section you can configure podTemplate advanced features, not production-ready, and not supported settings. @@ -85,206 +301,174 @@ spec: properties: metadata: properties: - generateName: - type: string - deletionGracePeriodSeconds: - type: integer - deletionTimestamp: - type: string - resourceVersion: - type: string annotations: additionalProperties: type: string type: object - selfLink: - type: string creationTimestamp: type: string + deletionGracePeriodSeconds: + type: integer + deletionTimestamp: + type: string finalizers: items: type: string type: array + generateName: + type: string + generation: + type: integer labels: additionalProperties: type: string type: object - ownerReferences: + managedFields: items: properties: - blockOwnerDeletion: - type: boolean - uid: - type: string apiVersion: type: string - name: + fieldsType: type: string - kind: + fieldsV1: + type: object + manager: + type: string + operation: + type: string + subresource: + type: string + time: type: string - controller: - type: boolean type: object type: array - uid: - type: string - generation: - type: integer name: type: string - managedFields: + namespace: + type: string + ownerReferences: items: properties: - time: - type: string apiVersion: type: string - fieldsV1: - type: object - fieldsType: - type: string - manager: + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: type: string - operation: + name: type: string - subresource: + uid: type: string type: object type: array - namespace: + resourceVersion: + type: string + selfLink: + type: string + uid: type: string type: object spec: properties: - volumes: - items: - properties: - hostPath: - properties: - path: - type: string - type: - type: string - type: object - flexVolume: - properties: - readOnly: - type: boolean - options: - additionalProperties: - type: string - type: object - secretRef: - properties: - name: - type: string - type: object - fsType: - type: string - driver: - type: string - type: object - gcePersistentDisk: - properties: - readOnly: - type: boolean - pdName: - type: string - partition: - type: integer - fsType: - type: string - type: object - ephemeral: - properties: - volumeClaimTemplate: + activeDeadlineSeconds: + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - metadata: + preference: properties: - generateName: - type: string - deletionGracePeriodSeconds: - type: integer - deletionTimestamp: - type: string - resourceVersion: - type: string - annotations: - additionalProperties: - type: string - type: object - selfLink: - type: string - creationTimestamp: - type: string - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - ownerReferences: + matchExpressions: items: properties: - blockOwnerDeletion: - type: boolean - uid: - type: string - apiVersion: - type: string - name: + key: type: string - kind: + operator: type: string - controller: - type: boolean + values: + items: + type: string + type: array type: object type: array - uid: - type: string - generation: - type: integer - name: - type: string - managedFields: + matchFields: items: properties: - time: + key: type: string - apiVersion: + operator: type: string - fieldsV1: - type: object - fieldsType: + values: + items: + type: string + type: array + type: object + type: array + type: object + weight: + type: integer + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: type: string - manager: + operator: type: string - operation: + values: + items: + type: string + type: array + type: object + type: array + matchFields: + items: + properties: + key: type: string - subresource: + operator: type: string + values: + items: + type: string + type: array type: object type: array - namespace: - type: string type: object - spec: + type: array + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: properties: - selector: + labelSelector: properties: matchExpressions: items: properties: key: type: string + operator: + type: string values: items: type: string type: array - operator: - type: string type: object type: array matchLabels: @@ -292,632 +476,323 @@ spec: type: string type: object type: object - storageClassName: - type: string - dataSource: - properties: - name: - type: string - kind: - type: string - apiGroup: - type: string - type: object - dataSourceRef: - properties: - name: - type: string - kind: - type: string - namespace: - type: string - apiGroup: - type: string - type: object - resources: + matchLabelKeys: + items: + type: string + type: array + mismatchLabelKeys: + items: + type: string + type: array + namespaceSelector: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - claims: + matchExpressions: items: properties: - name: + key: + type: string + operator: type: string + values: + items: + type: string + type: array type: object type: array - requests: + matchLabels: additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + type: string type: object type: object - accessModes: + namespaces: items: type: string type: array - volumeMode: - type: string - volumeName: + topologyKey: type: string type: object + weight: + type: integer type: object - type: object - scaleIO: - properties: - readOnly: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - gateway: - type: string - secretRef: - properties: - name: - type: string - type: object - fsType: - type: string - sslEnabled: - type: boolean - volumeName: - type: string - protectionDomain: - type: string - type: object - csi: - properties: - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - fsType: - type: string - driver: - type: string - type: object - secret: - properties: - optional: - type: boolean - secretName: - type: string + type: array + requiredDuringSchedulingIgnoredDuringExecution: items: - items: - properties: - path: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + matchLabelKeys: + items: type: string - key: + type: array + mismatchLabelKeys: + items: type: string - mode: - type: integer - type: object - type: array - defaultMode: - type: integer - type: object - name: - type: string - vsphereVolume: - properties: - storagePolicyName: - type: string - storagePolicyID: - type: string - volumePath: - type: string - fsType: - type: string - type: object - gitRepo: - properties: - revision: - type: string - repository: - type: string - directory: - type: string - type: object - glusterfs: - properties: - path: - type: string - readOnly: - type: boolean - endpoints: - type: string - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - type: object - cinder: - properties: - readOnly: - type: boolean - secretRef: - properties: - name: + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string type: object - fsType: - type: string - volumeID: - type: string - type: object - flocker: - properties: - datasetUUID: - type: string - datasetName: - type: string - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - volume: - type: string - user: - type: string - registry: - type: string - tenant: - type: string - type: object - photonPersistentDisk: - properties: - pdID: - type: string - fsType: - type: string - type: object - persistentVolumeClaim: - properties: - readOnly: - type: boolean - claimName: - type: string - type: object - awsElasticBlockStore: - properties: - readOnly: - type: boolean - partition: - type: integer - fsType: - type: string - volumeID: - type: string - type: object - configMap: - properties: - optional: - type: boolean + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + matchLabelKeys: + items: + type: string + type: array + mismatchLabelKeys: + items: + type: string + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + type: object + weight: + type: integer + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: items: - items: - properties: - path: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + matchLabelKeys: + items: type: string - key: + type: array + mismatchLabelKeys: + items: type: string - mode: - type: integer - type: object - type: array - defaultMode: - type: integer - name: - type: string - type: object - storageos: - properties: - readOnly: - type: boolean - volumeNamespace: - type: string - secretRef: - properties: - name: + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string type: object - fsType: - type: string - volumeName: - type: string - type: object - portworxVolume: - properties: - readOnly: - type: boolean - fsType: - type: string - volumeID: - type: string - type: object - iscsi: - properties: - readOnly: - type: boolean - chapAuthSession: - type: boolean - lun: - type: integer - targetPortal: - type: string - iscsiInterface: - type: string - portals: - items: + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: type: string - type: array - initiatorName: - type: string - secretRef: - properties: - name: - type: string - type: object - fsType: - type: string - iqn: - type: string - chapAuthDiscovery: - type: boolean - type: object - rbd: - properties: - readOnly: - type: boolean - pool: - type: string - keyring: - type: string - image: - type: string - secretRef: - properties: - name: - type: string - type: object - monitors: - items: + value: type: string - type: array - fsType: - type: string - user: - type: string - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - type: object - downwardAPI: - properties: - items: - items: + valueFrom: properties: - path: - type: string - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - type: object - resourceFieldRef: + configMapKeyRef: properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: + key: type: string - type: object - mode: - type: integer - type: object - type: array - defaultMode: - type: integer - type: object - projected: - properties: - defaultMode: - type: integer - sources: - items: - properties: - secret: - properties: - optional: - type: boolean - items: - items: - properties: - path: - type: string - key: - type: string - mode: - type: integer - type: object - type: array name: type: string - type: object - configMap: - properties: optional: - type: boolean - items: - items: - properties: - path: - type: string - key: - type: string - mode: - type: integer - type: object - type: array - name: + type: boolean + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: type: string type: object - serviceAccountToken: + resourceFieldRef: properties: - path: + containerName: type: string - audience: + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: type: string - expirationSeconds: - type: integer type: object - downwardAPI: + secretKeyRef: properties: - items: - items: - properties: - path: - type: string - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - type: string - type: object - mode: - type: integer - type: object - type: array + key: + type: string + name: + type: string + optional: + type: boolean type: object type: object - type: array - type: object - azureDisk: - properties: - readOnly: - type: boolean - diskName: - type: string - cachingMode: - type: string - fsType: - type: string - kind: - type: string - diskURI: - type: string - type: object - cephfs: - properties: - path: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - monitors: - items: - type: string - type: array - secretFile: - type: string - user: - type: string - type: object - emptyDir: - properties: - sizeLimit: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - medium: - type: string - type: object - fc: - properties: - readOnly: - type: boolean - lun: - type: integer - wwids: - items: - type: string - type: array - targetWWNs: - items: + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: type: string - type: array - fsType: - type: string - type: object - type: object - type: array - restartPolicy: - type: string - terminationGracePeriodSeconds: - type: integer - setHostnameAsFQDN: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - searches: - items: + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: type: string - type: array - options: - items: - properties: - value: - type: string - name: - type: string - type: object - type: array - type: object - securityContext: - properties: - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - windowsOptions: - properties: - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - gmsaCredentialSpec: - type: string - runAsUserName: - type: string - type: object - sysctls: - items: - properties: - value: - type: string - name: - type: string - type: object - type: array - fsGroupChangePolicy: - type: string - seLinuxOptions: - properties: - role: - type: string - type: - type: string - user: - type: string - level: - type: string - type: object - fsGroup: - type: integer - supplementalGroups: - items: - type: integer - type: array - runAsUser: - type: integer - seccompProfile: - properties: - type: - type: string - localhostProfile: - type: string - type: object - type: object - imagePullSecrets: - items: - properties: - name: + imagePullPolicy: type: string - type: object - type: array - subdomain: - type: string - serviceAccount: - type: string - activeDeadlineSeconds: - type: integer - priority: - type: integer - ephemeralContainers: - items: - properties: - lifecycle: - properties: - postStart: - properties: - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object + lifecycle: + properties: + postStart: + properties: exec: properties: command: @@ -927,30 +802,32 @@ spec: type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer type: object - type: object - preStop: - properties: tcpSocket: properties: host: @@ -961,6 +838,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + type: object + preStop: + properties: exec: properties: command: @@ -970,21 +850,36 @@ spec: type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string port: anyOf: - type: integer @@ -993,18 +888,17 @@ spec: type: object type: object type: object - command: - items: - type: string - type: array livenessProbe: properties: - periodSeconds: - type: integer + exec: + properties: + command: + items: + type: string + type: array + type: object failureThreshold: type: integer - initialDelaySeconds: - type: integer grpc: properties: port: @@ -1012,79 +906,34 @@ spec: service: type: string type: object - successThreshold: - type: integer - terminationGracePeriodSeconds: - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - type: integer - exec: - properties: - command: - items: - type: string - type: array - type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true + scheme: + type: string type: object - type: object - stdin: - type: boolean - image: - type: string - targetContainerName: - type: string - terminationMessagePolicy: - type: string - readinessProbe: - properties: - periodSeconds: - type: integer - failureThreshold: - type: integer initialDelaySeconds: type: integer - grpc: - properties: - port: - type: integer - service: - type: string - type: object - successThreshold: + periodSeconds: type: integer - terminationGracePeriodSeconds: + successThreshold: type: integer tcpSocket: properties: @@ -1096,104 +945,39 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + type: integer timeoutSeconds: type: integer - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - path: - type: string - scheme: - type: string - host: - type: string - httpHeaders: - items: - properties: - value: - type: string - name: - type: string - type: object - type: array - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object type: object - terminationMessagePath: + name: type: string - env: + ports: items: properties: - value: + containerPort: + type: integer + hostIP: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - optional: - type: boolean - key: - type: string - name: - type: string - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - type: string - type: object - secretKeyRef: - properties: - optional: - type: boolean - key: - type: string - name: - type: string - type: object - type: object + hostPort: + type: integer name: type: string + protocol: + type: string type: object type: array - tty: - type: boolean - args: - items: - type: string - type: array - startupProbe: + readinessProbe: properties: - periodSeconds: - type: integer + exec: + properties: + command: + items: + type: string + type: array + type: object failureThreshold: type: integer - initialDelaySeconds: - type: integer grpc: properties: port: @@ -1201,127 +985,87 @@ spec: service: type: string type: object - successThreshold: - type: integer - terminationGracePeriodSeconds: - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - type: integer - exec: - properties: - command: - items: - type: string - type: array - type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer type: object - stdinOnce: - type: boolean - ports: + resizePolicy: items: properties: - containerPort: - type: integer - hostPort: - type: integer - name: + resourceName: type: string - protocol: - type: string - hostIP: + restartPolicy: type: string type: object type: array - workingDir: - type: string - envFrom: - items: - properties: - prefix: - type: string - configMapRef: - properties: - optional: - type: boolean - name: - type: string - type: object - secretRef: + resources: + properties: + claims: + items: properties: - optional: - type: boolean name: type: string type: object - type: object - type: array - volumeMounts: - items: - properties: - readOnly: - type: boolean - subPathExpr: - type: string - mountPath: - type: string - mountPropagation: - type: string - subPath: - type: string - name: - type: string - type: object - type: array + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string securityContext: properties: - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - windowsOptions: - properties: - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - gmsaCredentialSpec: - type: string - runAsUserName: - type: string - type: object allowPrivilegeEscalation: type: boolean capabilities: @@ -1335,61 +1079,120 @@ spec: type: string type: array type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer seLinuxOptions: properties: + level: + type: string role: type: string type: type: string user: type: string - level: - type: string type: object - readOnlyRootFilesystem: - type: boolean - privileged: - type: boolean - runAsUser: - type: integer - procMount: - type: string seccompProfile: properties: + localhostProfile: + type: string type: type: string - localhostProfile: + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: type: string type: object type: object - name: - type: string - resources: + startupProbe: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - claims: - items: - properties: - name: + exec: + properties: + command: + items: type: string - type: object - type: array - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer type: object - imagePullPolicy: + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: type: string + tty: + type: boolean volumeDevices: items: properties: @@ -1399,41 +1202,140 @@ spec: type: string type: object type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + type: object + type: array + workingDir: + type: string type: object type: array - resourceClaims: - items: - properties: - source: + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: properties: - resourceClaimTemplateName: + name: type: string - resourceClaimName: + value: type: string type: object - name: + type: array + searches: + items: type: string - type: object - type: array - automountServiceAccountToken: + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: type: boolean - containers: + ephemeralContainers: items: properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + type: string + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + type: object + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string lifecycle: properties: postStart: properties: - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object exec: properties: command: @@ -1443,30 +1345,32 @@ spec: type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer type: object - type: object - preStop: - properties: tcpSocket: properties: host: @@ -1477,6 +1381,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + type: object + preStop: + properties: exec: properties: command: @@ -1486,21 +1393,36 @@ spec: type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string port: anyOf: - type: integer @@ -1509,18 +1431,96 @@ spec: type: object type: object type: object - command: - items: - type: string - type: array livenessProbe: properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer periodSeconds: type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + type: string + hostPort: + type: integer + name: + type: string + protocol: + type: string + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object failureThreshold: type: integer - initialDelaySeconds: - type: integer grpc: properties: port: @@ -1528,77 +1528,34 @@ spec: service: type: string type: object - successThreshold: - type: integer - terminationGracePeriodSeconds: - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - type: integer - exec: - properties: - command: - items: - type: string - type: array - type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true + scheme: + type: string type: object - type: object - stdin: - type: boolean - image: - type: string - terminationMessagePolicy: - type: string - readinessProbe: - properties: - periodSeconds: - type: integer - failureThreshold: - type: integer initialDelaySeconds: type: integer - grpc: - properties: - port: - type: integer - service: - type: string - type: object - successThreshold: + periodSeconds: type: integer - terminationGracePeriodSeconds: + successThreshold: type: integer tcpSocket: properties: @@ -1610,8 +1567,105 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + type: integer timeoutSeconds: type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + type: object + type: array + resources: + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: exec: properties: command: @@ -1619,47 +1673,157 @@ spec: type: string type: array type: object - httpGet: + failureThreshold: + type: integer + grpc: properties: - path: - type: string - scheme: + port: + type: integer + service: type: string + type: object + httpGet: + properties: host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string terminationMessagePath: type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + type: object + type: array + workingDir: + type: string + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array env: items: properties: + name: + type: string value: type: string valueFrom: properties: configMapKeyRef: properties: - optional: - type: boolean key: type: string name: type: string + optional: + type: boolean type: object fieldRef: properties: @@ -1682,256 +1846,45 @@ spec: type: object secretKeyRef: properties: - optional: - type: boolean key: type: string name: type: string + optional: + type: boolean type: object type: object - name: - type: string - type: object - type: array - tty: - type: boolean - args: - items: - type: string - type: array - startupProbe: - properties: - periodSeconds: - type: integer - failureThreshold: - type: integer - initialDelaySeconds: - type: integer - grpc: - properties: - port: - type: integer - service: - type: string - type: object - successThreshold: - type: integer - terminationGracePeriodSeconds: - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - type: integer - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - path: - type: string - scheme: - type: string - host: - type: string - httpHeaders: - items: - properties: - value: - type: string - name: - type: string - type: object - type: array - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: object - stdinOnce: - type: boolean - ports: - items: - properties: - containerPort: - type: integer - hostPort: - type: integer - name: - type: string - protocol: - type: string - hostIP: - type: string type: object type: array - workingDir: - type: string envFrom: items: properties: - prefix: - type: string configMapRef: properties: - optional: - type: boolean name: type: string - type: object - secretRef: - properties: optional: type: boolean - name: - type: string type: object - type: object - type: array - volumeMounts: - items: - properties: - readOnly: - type: boolean - subPathExpr: - type: string - mountPath: - type: string - mountPropagation: - type: string - subPath: - type: string - name: + prefix: type: string - type: object - type: array - securityContext: - properties: - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - windowsOptions: - properties: - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - gmsaCredentialSpec: - type: string - runAsUserName: - type: string - type: object - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - seLinuxOptions: - properties: - role: - type: string - type: - type: string - user: - type: string - level: - type: string - type: object - readOnlyRootFilesystem: - type: boolean - privileged: - type: boolean - runAsUser: - type: integer - procMount: - type: string - seccompProfile: - properties: - type: - type: string - localhostProfile: - type: string - type: object - type: object - name: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - claims: - items: + secretRef: properties: name: type: string + optional: + type: boolean type: object - type: array - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: object - imagePullPolicy: - type: string - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string type: object type: array - type: object - type: array - initContainers: - items: - properties: - lifecycle: - properties: - postStart: - properties: - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: exec: properties: command: @@ -1941,30 +1894,32 @@ spec: type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer type: object - type: object - preStop: - properties: tcpSocket: properties: host: @@ -1975,6 +1930,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + type: object + preStop: + properties: exec: properties: command: @@ -1984,21 +1942,36 @@ spec: type: object httpGet: properties: - path: - type: string - scheme: - type: string host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string port: anyOf: - type: integer @@ -2007,18 +1980,17 @@ spec: type: object type: object type: object - command: - items: - type: string - type: array livenessProbe: properties: - periodSeconds: - type: integer + exec: + properties: + command: + items: + type: string + type: array + type: object failureThreshold: type: integer - initialDelaySeconds: - type: integer grpc: properties: port: @@ -2026,9 +1998,34 @@ spec: service: type: string type: object - successThreshold: + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: type: integer - terminationGracePeriodSeconds: + periodSeconds: + type: integer + successThreshold: type: integer tcpSocket: properties: @@ -2040,8 +2037,30 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + type: integer timeoutSeconds: type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + type: string + hostPort: + type: integer + name: + type: string + protocol: + type: string + type: object + type: array + readinessProbe: + properties: exec: properties: command: @@ -2049,67 +2068,153 @@ spec: type: string type: array type: object - httpGet: + failureThreshold: + type: integer + grpc: properties: - path: - type: string - scheme: + port: + type: integer + service: type: string + type: object + httpGet: + properties: host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true + scheme: + type: string type: object - type: object - stdin: - type: boolean - image: - type: string - terminationMessagePolicy: - type: string - readinessProbe: - properties: - periodSeconds: + initialDelaySeconds: type: integer - failureThreshold: + periodSeconds: type: integer - initialDelaySeconds: + successThreshold: type: integer - grpc: + tcpSocket: properties: - port: - type: integer - service: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true type: object - successThreshold: - type: integer terminationGracePeriodSeconds: type: integer - tcpSocket: + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + type: object + type: array + resources: + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: properties: - host: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true type: object - timeoutSeconds: - type: integer + type: object + startupProbe: + properties: exec: properties: command: @@ -2117,105 +2222,43 @@ spec: type: string type: array type: object - httpGet: + failureThreshold: + type: integer + grpc: properties: - path: - type: string - scheme: + port: + type: integer + service: type: string + type: object + httpGet: + properties: host: type: string httpHeaders: items: properties: - value: - type: string name: type: string + value: + type: string type: object type: array + path: + type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true + scheme: + type: string type: object - type: object - terminationMessagePath: - type: string - env: - items: - properties: - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - optional: - type: boolean - key: - type: string - name: - type: string - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - type: string - type: object - secretKeyRef: - properties: - optional: - type: boolean - key: - type: string - name: - type: string - type: object - type: object - name: - type: string - type: object - type: array - tty: - type: boolean - args: - items: - type: string - type: array - startupProbe: - properties: - periodSeconds: - type: integer - failureThreshold: - type: integer initialDelaySeconds: type: integer - grpc: - properties: - port: - type: integer - service: - type: string - type: object - successThreshold: + periodSeconds: type: integer - terminationGracePeriodSeconds: + successThreshold: type: integer tcpSocket: properties: @@ -2227,329 +2270,516 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + type: integer timeoutSeconds: type: integer - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - path: - type: string - scheme: - type: string - host: - type: string - httpHeaders: - items: - properties: - value: - type: string - name: - type: string - type: object - type: array - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object type: object - stdinOnce: - type: boolean - ports: - items: - properties: - containerPort: - type: integer - hostPort: - type: integer - name: - type: string - protocol: - type: string - hostIP: - type: string - type: object - type: array - workingDir: + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + type: object + type: array + workingDir: + type: string + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + os: + properties: + name: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + type: object + type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + type: object + type: array + securityContext: + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object + supplementalGroups: + items: + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + type: integer + tolerations: + items: + properties: + effect: type: string - envFrom: - items: - properties: - prefix: - type: string - configMapRef: + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: properties: - optional: - type: boolean - name: + key: type: string - type: object - secretRef: - properties: - optional: - type: boolean - name: + operator: type: string + values: + items: + type: string + type: array type: object - type: object - type: array - volumeMounts: - items: - properties: - readOnly: - type: boolean - subPathExpr: - type: string - mountPath: - type: string - mountPropagation: - type: string - subPath: - type: string - name: + type: array + matchLabels: + additionalProperties: type: string - type: object + type: object + type: object + matchLabelKeys: + items: + type: string type: array - securityContext: + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: properties: - runAsGroup: + fsType: + type: string + partition: type: integer - runAsNonRoot: + readOnly: type: boolean - windowsOptions: + volumeID: + type: string + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: properties: - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - gmsaCredentialSpec: - type: string - runAsUserName: + name: type: string type: object - allowPrivilegeEscalation: + user: + type: string + type: object + cinder: + properties: + fsType: + type: string + readOnly: type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - seLinuxOptions: + secretRef: properties: - role: - type: string - type: - type: string - user: - type: string - level: + name: type: string type: object - readOnlyRootFilesystem: - type: boolean - privileged: + volumeID: + type: string + type: object + configMap: + properties: + defaultMode: + type: integer + items: + items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + type: object + type: array + name: + type: string + optional: type: boolean - runAsUser: - type: integer - procMount: + type: object + csi: + properties: + driver: type: string - seccompProfile: + fsType: + type: string + nodePublishSecretRef: properties: - type: - type: string - localhostProfile: + name: type: string type: object - type: object - name: - type: string - resources: - properties: - limits: + readOnly: + type: boolean + volumeAttributes: additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + type: string type: object - claims: + type: object + downwardAPI: + properties: + defaultMode: + type: integer + items: items: properties: - name: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + type: object + mode: + type: integer + path: type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + type: string + type: object type: object type: array - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object type: object - imagePullPolicy: - type: string - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - type: object - type: array - type: object - type: array - priorityClassName: - type: string - tolerations: - items: - properties: - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - effect: - type: string - type: object - type: array - hostPID: - type: boolean - os: - properties: - name: - type: string - type: object - serviceAccountName: - type: string - shareProcessNamespace: - type: boolean - hostNetwork: - type: boolean - hostname: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - enableServiceLinks: - type: boolean - affinity: - properties: - podAntiAffinity: - properties: - requiredDuringSchedulingIgnoredDuringExecution: - items: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: properties: - namespaces: - items: - type: string - type: array - topologyKey: - type: string - labelSelector: + metadata: properties: - matchExpressions: + annotations: + additionalProperties: + type: string + type: object + creationTimestamp: + type: string + deletionGracePeriodSeconds: + type: integer + deletionTimestamp: + type: string + finalizers: + items: + type: string + type: array + generateName: + type: string + generation: + type: integer + labels: + additionalProperties: + type: string + type: object + managedFields: items: properties: - key: + apiVersion: type: string - values: - items: - type: string - type: array - operator: + fieldsType: + type: string + fieldsV1: + type: object + manager: + type: string + operation: + type: string + subresource: + type: string + time: type: string type: object type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: + name: + type: string + namespace: + type: string + ownerReferences: items: properties: - key: + apiVersion: type: string - values: - items: - type: string - type: array - operator: + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: type: string type: object type: array - matchLabels: - additionalProperties: - type: string - type: object + resourceVersion: + type: string + selfLink: + type: string + uid: + type: string type: object - type: object - type: array - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: + spec: properties: - namespaces: + accessModes: items: type: string type: array - topologyKey: - type: string - labelSelector: + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + type: object + resources: properties: - matchExpressions: - items: - properties: - key: - type: string - values: - items: - type: string - type: array - operator: - type: string - type: object - type: array - matchLabels: + limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true type: object type: object - namespaceSelector: + selector: properties: matchExpressions: items: properties: key: type: string + operator: + type: string values: items: type: string type: array - operator: - type: string type: object type: array matchLabels: @@ -2557,436 +2787,415 @@ spec: type: string type: object type: object + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string type: object - weight: - type: integer type: object - type: array - type: object - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + type: object + fc: + properties: + fsType: + type: string + lun: + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: properties: - weight: - type: integer - preference: - properties: - matchFields: - items: - properties: - key: - type: string - values: - items: - type: string - type: array - operator: - type: string - type: object - type: array - matchExpressions: - items: - properties: - key: - type: string - values: - items: - type: string - type: array - operator: - type: string - type: object - type: array - type: object + name: + type: string type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchFields: - items: - properties: - key: - type: string - values: - items: - type: string - type: array - operator: - type: string - type: object - type: array - matchExpressions: - items: + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + type: integer + pdName: + type: string + readOnly: + type: boolean + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + type: object + hostPath: + properties: + path: + type: string + type: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + type: object + projected: + properties: + defaultMode: + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: properties: - key: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object type: array - operator: - type: string - type: object - type: array - type: object - type: array - type: object - type: object - podAffinity: - properties: - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - namespaces: - items: - type: string - type: array - topologyKey: - type: string - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - values: - items: + matchLabels: + additionalProperties: type: string - type: array - operator: - type: string + type: object type: object - type: array - matchLabels: - additionalProperties: + name: type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: + optional: + type: boolean + path: + type: string + signerName: + type: string + type: object + configMap: + properties: items: - properties: - key: - type: string - values: - items: + items: + properties: + key: type: string - type: array - operator: - type: string - type: object - type: array - matchLabels: - additionalProperties: + mode: + type: integer + path: + type: string + type: object + type: array + name: type: string - type: object - type: object - type: object - type: array - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - namespaces: + optional: + type: boolean + type: object + downwardAPI: + properties: items: - type: string - type: array - topologyKey: - type: string - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - values: - items: + items: + properties: + fieldRef: + properties: + apiVersion: type: string - type: array - operator: - type: string - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - values: - items: + fieldPath: type: string - type: array - operator: - type: string - type: object - type: array - matchLabels: - additionalProperties: - type: string + type: object + mode: + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + type: string + type: object type: object - type: object - type: object - weight: - type: integer - type: object - type: array - type: object - type: object - readinessGates: - items: - properties: - conditionType: - type: string - type: object - type: array - dnsPolicy: - type: string - hostIPC: - type: boolean - topologySpreadConstraints: - items: - properties: - nodeTaintsPolicy: - type: string - topologyKey: - type: string - maxSkew: - type: integer - nodeAffinityPolicy: - type: string - whenUnsatisfiable: - type: string - matchLabelKeys: - items: - type: string - type: array - labelSelector: + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + type: integer + path: + type: string + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + type: object + scaleIO: properties: - matchExpressions: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + type: object + secret: + properties: + defaultMode: + type: integer + items: items: properties: key: type: string - values: - items: - type: string - type: array - operator: + mode: + type: integer + path: type: string type: object type: array - matchLabels: - additionalProperties: - type: string + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string type: object - minDomains: - type: integer - type: object - type: array - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - schedulerName: - type: string - nodeName: - type: string - preemptionPolicy: - type: string - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - schedulingGates: - items: - properties: - name: - type: string type: object type: array - runtimeClassName: - type: string - hostUsers: - type: boolean type: object type: object type: object - ingress: - description: |- - The deployment is, by default, exposed through a basic ingress. - You can change this behaviour by setting the enabled property to false. - properties: - annotations: - additionalProperties: - type: string - description: Additional annotations to be appended to the Ingress - object - type: object - enabled: - type: boolean - className: - type: string - type: object - image: - description: Custom Keycloak image to be used. - type: string - imagePullSecrets: - description: Secret(s) that might be used when pulling an image from - a private container image registry or repository. - items: - properties: - name: - type: string - type: object - type: array - additionalOptions: - description: |- - Configuration of the Keycloak server. - expressed as a keys (reference: https://www.keycloak.org/server/all-config) and values that can be either direct values or references to secrets. - items: - properties: - secret: - properties: - optional: - type: boolean - key: - type: string - name: - type: string - type: object - value: - type: string - name: - type: string - type: object - type: array - db: - description: In this section you can find all properties related to - connect to a database. - properties: - passwordSecret: - description: The reference to a secret holding the password of - the database user. - properties: - optional: - type: boolean - key: - type: string - name: - type: string - type: object - usernameSecret: - description: The reference to a secret holding the username of - the database user. - properties: - optional: - type: boolean - key: - type: string - name: - type: string - type: object - port: - description: "Sets the port of the default JDBC URL of the chosen\ - \ vendor. If the `url` option is set, this option is ignored." - type: integer - schema: - description: The database schema to be used. - type: string - host: - description: "Sets the hostname of the default JDBC URL of the\ - \ chosen vendor. If the `url` option is set, this option is\ - \ ignored." - type: string - url: - description: "The full database JDBC URL. If not provided, a default\ - \ URL is set based on the selected database vendor. For instance,\ - \ if using 'postgres', the default JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. " - type: string - poolInitialSize: - description: The initial size of the connection pool. - type: integer - poolMaxSize: - description: The maximum size of the connection pool. - type: integer - vendor: - description: The database vendor. - type: string - database: - description: "Sets the database name of the default JDBC URL of\ - \ the chosen vendor. If the `url` option is set, this option\ - \ is ignored." - type: string - poolMinSize: - description: The minimal size of the connection pool. - type: integer - type: object - features: - description: "In this section you can configure Keycloak features,\ - \ which should be enabled/disabled." - properties: - disabled: - description: Disabled Keycloak features - items: - type: string - type: array - enabled: - description: Enabled Keycloak features - items: - type: string - type: array - type: object type: object status: properties: conditions: items: properties: - status: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true lastTransitionTime: type: string + message: + type: string observedGeneration: type: integer - type: + status: type: string - message: + type: type: string type: object type: array - observedGeneration: - type: integer instances: type: integer + observedGeneration: + type: integer selector: type: string type: object diff --git a/charts/keycloak-operator/templates/keycloak/keycloak.yaml b/charts/keycloak-operator/templates/keycloak/keycloak.yaml index 20fb40c2b..77936a4fa 100644 --- a/charts/keycloak-operator/templates/keycloak/keycloak.yaml +++ b/charts/keycloak-operator/templates/keycloak/keycloak.yaml @@ -7,53 +7,97 @@ metadata: {{- include "keycloak-operator.labels" . | nindent 4 }} app.kubernetes.io/component: keycloak spec: - {{- with .Values.keycloak.instances }} - instances: {{ . }} + {{- with .Values.keycloak.additionalOptions }} + additionalOptions: {{ . | toYaml | nindent 4 }} {{- end }} - {{- if .Values.keycloak.transaction.xaEnabled }} - transaction: - xaEnabled: true - {{- else }} - transaction: - xaEnabled: false + {{- with .Values.keycloak.cache }} + cache: {{- . | toYaml | nindent 4 }} {{- end }} - http: - {{- with .Values.keycloak.http.httpPort }} - httpPort: {{ . }} + {{- if or .Values.keycloak.db.url (and .Values.keycloak.db.host .Values.keycloak.db.port .Values.keycloak.db.database ) }} + db: + {{- with .Values.keycloak.db.database }} + database: {{ . | quote }} {{- end }} - {{- with .Values.keycloak.http.tlsSecret }} - tlsSecret: {{ . | quote }} + {{- with .Values.keycloak.db.host }} + host: {{ . | quote }} {{- end }} - {{- with .Values.keycloak.http.httpsPort }} - httpsPort: {{ . }} + {{- with .Values.keycloak.db.passwordSecret }} + passwordSecret: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .Values.keycloak.http.httpEnabled }} - httpEnabled: {{ . }} + {{- with .Values.keycloak.db.poolInitialSize }} + poolInitialSize: {{ . }} {{- end }} - hostname: - {{- with .Values.keycloak.hostname.hostname }} - hostname: {{ . | quote }} + {{- with .Values.keycloak.db.poolMaxSize }} + poolMaxSize: {{ . }} {{- end }} - {{- if .Values.keycloak.hostname.strict }} - strict: true - {{- else }} - strict: false + {{- with .Values.keycloak.db.poolMinSize }} + poolMinSize: {{ . | quote }} {{- end }} - {{- if .Values.keycloak.hostname.strictBackchannel }} - strictBackchannel: true - {{- else }} - strictBackchannel: false + {{- with .Values.keycloak.db.port }} + port: {{ . }} {{- end }} - {{- with .Values.keycloak.hostname.admin }} + {{- with .Values.keycloak.db.schema }} + schema: {{ . | quote }} + {{- end }} + {{- with .Values.keycloak.db.url }} + url: {{ . | quote }} + {{- end }} + {{- with .Values.keycloak.db.usernameSecret }} + usernameSecret: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .Values.keycloak.db.vendor }} + vendor: {{ . | quote }} + {{- end }} + {{- end }} + {{- if or .Values.keycloak.features.disabled .Values.keycloak.features.enabled }} + features: + {{- with .Values.keycloak.features.disabled }} + disabled: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .Values.keycloak.features.enabled }} + enabled: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + {{- with .Values.keycloak.hostname }} + hostname: + {{- with .admin }} admin: {{ . }} {{- end }} - {{- with .Values.keycloak.hostname.adminUrl }} + {{- with .adminUrl }} adminUrl: {{ . }} {{- end }} - {{- with .Values.keycloak.unsupported.podTemplate }} - unsupported: - # You can configure pod settings that will be merged with the one configured by default by the operator. - podTemplate: {{ . | toYaml | nindent 6 }} + {{- if not (.backchannelDynamic | toString | empty) }} + backchannelDynamic: {{ ternary "true" "false" .backchannelDynamic }} + {{- end }} + {{- with .hostname }} + hostname: {{ . | quote }} + {{- end }} + {{- if not (.strict | toString | empty ) }} + strict: {{ ternary "true" "false" .strict }} + {{- end }} + {{- end }} + http: + {{- with .Values.keycloak.http.httpEnabled }} + httpEnabled: {{ ternary "true" "false" . }} + {{- end }} + {{- with .Values.keycloak.http.httpPort }} + httpPort: {{ . }} + {{- end }} + {{- with .Values.keycloak.http.httpsPort }} + httpsPort: {{ . }} + {{- end }} + {{- with .Values.keycloak.http.tlsSecret }} + tlsSecret: {{ . | quote }} + {{- end }} + {{- with .Values.keycloak.httpManagement.port }} + httpManagement: + port: { . } + {{- end }} + {{- if or .Values.keycloak.image.repository .Values.keycloak.image.tag }} + image: "{{ .Values.keycloak.image.repository | default .Values.operator.config.keycloakImage.repository }}:{{ .Values.keycloak.image.tag | default .Values.operator.config.keycloakImage.tag | default .Chart.AppVersion }}" + {{- end }} + {{- with .Values.keycloak.imagePullSecrets }} + imagePullSecrets: {{ . | toYaml | nindent 4 }} {{- end }} {{- if .Values.keycloak.ingress.enabled }} ingress: @@ -69,58 +113,27 @@ spec: ingress: enabled: false {{- end }} - {{- if or .Values.keycloak.image.repository .Values.keycloak.image.tag }} - image: "{{ .Values.keycloak.image.repository | default .Values.operator.config.keycloakImage.repository }}:{{ .Values.keycloak.image.tag | default .Values.operator.config.keycloakImage.tag | default .Chart.AppVersion }}" + {{- with .Values.keycloak.instances }} + instances: {{ . }} {{- end }} - {{- with .Values.keycloak.imagePullSecrets }} - imagePullSecrets: {{ . | toYaml | nindent 4 }} + {{- with .Values.keycloak.proxy.headers }} + proxy: + headers: {{ . }} {{- end }} - {{- with .Values.keycloak.additionalOptions }} - additionalOptions: {{ . | toYaml | nindent 4 }} + {{- with .Values.keycloak.resources }} + resources: {{ . | toYaml | nindent 4 }} {{- end }} - {{- if or .Values.keycloak.db.url (and .Values.keycloak.db.host .Values.keycloak.db.port .Values.keycloak.db.database ) }} - db: - {{- with .Values.keycloak.db.passwordSecret }} - passwordSecret: {{ . | toYaml | nindent 6 }} - {{- end }} - {{- with .Values.keycloak.db.usernameSecret }} - usernameSecret: {{ . | toYaml | nindent 6 }} - {{- end }} - {{- with .Values.keycloak.db.vendor }} - vendor: {{ . | quote }} - {{- end }} - {{- with .Values.keycloak.db.host }} - host: {{ . | quote }} - {{- end }} - {{- with .Values.keycloak.db.port }} - port: {{ . }} - {{- end }} - {{- with .Values.keycloak.db.database }} - database: {{ . | quote }} - {{- end }} - {{- with .Values.keycloak.db.schema }} - schema: {{ . | quote }} - {{- end }} - {{- with .Values.keycloak.db.url }} - url: {{ . | quote }} - {{- end }} - {{- with .Values.keycloak.db.poolInitialSize }} - poolInitialSize: {{ . }} - {{- end }} - {{- with .Values.keycloak.db.poolMaxSize }} - poolMaxSize: {{ . }} - {{- end }} - {{- with .Values.keycloak.db.poolMinSize }} - poolMinSize: {{ . | quote }} - {{- end }} + {{- with .Values.keycloak.startOptimized }} + startOptimized: {{ ternary "true" "false" . }} {{- end }} - {{- if or .Values.keycloak.features.disabled .Values.keycloak.features.enabled }} - features: - {{- with .Values.keycloak.features.disabled }} - disabled: {{ . | toYaml | nindent 6 }} - {{- end }} - {{- with .Values.keycloak.features.enabled }} - enabled: {{ . | toYaml | nindent 6 }} - {{- end }} + {{- with .Values.keycloak.transaction.xaEnabled }} + transaction: + xaEnabled: {{ ternary "true" "false" . }} + {{- end }} + {{- with .Values.keycloak.truststrores }} + truststores: {{ . | toYaml | nindent 4 }} + {{- end }} + {{- with .Values.keycloak.unsupported }} + unsupported: {{ . | toYaml | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/keycloak-operator/templates/keycloak/keycloakrealmimport.yaml b/charts/keycloak-operator/templates/keycloak/keycloakrealmimport.yaml index 9488a156c..ca9083393 100644 --- a/charts/keycloak-operator/templates/keycloak/keycloakrealmimport.yaml +++ b/charts/keycloak-operator/templates/keycloak/keycloakrealmimport.yaml @@ -12,263 +12,440 @@ metadata: spec: keycloakCRName: {{ default $fullname .keycloakCRName }} realm: - {{- with .webAuthnPolicyAvoidSameAuthenticatorRegister }} - webAuthnPolicyAvoidSameAuthenticatorRegister: {{ . }} + {{- with .accessCodeLifespan }} + accessCodeLifespan: {{ . }} {{- end }} - {{- with .federatedUsers }} - federatedUsers: {{ . | toYaml | nindent 6 }} + {{- with .accessCodeLifespanLogin }} + accessCodeLifespanLogin: {{ . }} + {{- end }} + {{- with .accessCodeLifespanUserAction }} + accessCodeLifespanUserAction: {{ . }} + {{- end }} + {{- with .accessTokenLifespan }} + accessTokenLifespan: {{ . }} + {{- end }} + {{- with .accessTokenLifespanForImplicitFlow }} + accessTokenLifespanForImplicitFlow: {{ . }} + {{- end }} + {{- with .accountTheme }} + accountTheme: {{ . }} + {{- end }} + {{- with .actionTokenGeneratedByAdminLifespan }} + actionTokenGeneratedByAdminLifespan: {{ . }} + {{- end }} + {{- with .actionTokenGeneratedByUserLifespan }} + actionTokenGeneratedByUserLifespan: {{ . }} + {{- end }} + {{- with .adminEventsDetailsEnabled }} + adminEventsDetailsEnabled: {{ . }} {{- end }} {{- with .adminEventsEnabled }} adminEventsEnabled: {{ . }} {{- end }} - {{- with .registrationEmailAsUsername }} - registrationEmailAsUsername: {{ . }} + {{- with .adminTheme }} + adminTheme: {{ . | quote }} {{- end }} - {{- with .keycloakVersion }} - keycloakVersion: {{ . | quote }} + {{- with .applicationScopeMappings }} + applicationScopeMappings: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .oauth2DeviceCodeLifespan }} - oauth2DeviceCodeLifespan: {{ . }} + {{- with .applications }} + applications: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .sslRequired }} - sslRequired: {{ . }} + {{- with .attributes }} + attributes: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .realm }} - realm: {{ . | quote }} + {{- with .authenticationFlows }} + authenticationFlows: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .defaultGroups }} - defaultGroups: {{ . | toYaml | nindent 6 }} + {{- with .authenticatorConfig }} + authenticatorConfig: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .enabled }} - enabled: {{ . }} + {{- with .browserFlow }} + browserFlow: {{ . | quote }} {{- end }} - {{- with .webAuthnPolicySignatureAlgorithms }} - webAuthnPolicySignatureAlgorithms: {{ . | toYaml | nindent 6 }} + {{- with .browserSecurityHeaders }} + browserSecurityHeaders: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .ssoSessionMaxLifespanRememberMe }} - ssoSessionMaxLifespanRememberMe: {{ . }} + {{- with .bruteForceProtected }} + bruteForceProtected: {{ . }} {{- end }} - {{- with .webAuthnPolicyRpID }} - webAuthnPolicyRpId: {{ . | quote }} + {{- with .certificate }} + certificate {{ . | quote }} {{- end }} - {{- with .webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister }} - webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: {{ . }} + {{- with .clientAuthenticationFlow }} + clientAuthenticationFlow: {{ . | quote }} {{- end }} - {{- with .users }} - users: {{ . | toYaml | nindent 6 }} + {{- with .clientOfflineSessionIdleTimeout }} + clientOfflineSessionIdleTimeout: {{ . }} {{- end }} - {{- with .clientTempaltes }} - clientTemplates: {{ . | toYaml | nindent 6 }} + {{- with .clientOfflineSessionMaxLifespan }} + clientOfflineSessionMaxLifespan: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .webAuthnPolicyPasswordlessUserVerificationRequirement }} - webAuthnPolicyPasswordlessUserVerificationRequirement: {{ . | quote }} + {{- with .clientPolicies }} + clientPolicies: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .registrationFlow }} - registrationFlow: {{ . | quote }} + {{- with .clientProfiles }} + clientProfiles: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .publicKey }} - publicKey: {{ . | quote }} + {{- with .clientScopeMappings }} + clientScopeMappings: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .webAuthnPolicyPasswordlessCreateTimeout }} - webAuthnPolicyPasswordlessCreateTimeout: {{ . }} + {{- with .clientScopes }} + clientScopes: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .authenticationFlows }} - authenticationFlows: {{ . | toYaml | nindent 6 }} + {{- with .clientSessionIdleTimeout }} + clientSessionIdleTimeout: {{ . }} {{- end }} - {{- with .applicationScopeMappings }} - applicationScopeMappings: {{ . | toYaml | nindent 6 }} + {{- with .clientSessionMaxLifespan }} + clientSessionMaxLifespan: {{ . }} + {{- end }} + {{- with .clientTemplates }} + clientTemplates: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .clients }} + clients: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .offlineSessionMaxLifespan }} - offlineSessionMaxLifespan: {{ . }} - {{ end }} {{- with .codeSecret }} codeSecret: {{ . }} {{- end }} - {{- with .offlineSessionIdleTimeout }} - offlineSessionIdleTimeout: {{ . }} + {{- with .components }} + components: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .quickLoginCheckMilliSeconds }} - quickLoginCheckMilliSeconds: + {{- with .defaultDefaultClientScopes }} + defaultDefaultClientScopes: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .privateKey }} - privateKey: {{ . | quote }} + {{- with .defaultGroups }} + defaultGroups: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .webAuthnPolicyRpEntityName }} - webAuthnPolicyRpEntityName: {{ . | quote }} + {{- with .defaultLocale }} + defaultLocale: {{ . | quote }} + {{- end }} + {{- with .defaultOptionalClientScopes }} + defaultOptionalClientScopes: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .defaultRole }} + defaultRole: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .defaultRoles }} + defaultRoles: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .defaultSignatureAlgorithm }} + defaultSignatureAlgorithm: {{ . | quote }} + {{- end }} + {{- with .directGrantFlow }} + directGrantFlow: {{ . | quote }} + {{- end }} + {{- with .displayName }} + displayName: {{ . | quote }} + {{- end }} + {{- with .displayNameHtml }} + displayNameHtml: {{ . | quote }} + {{- end }} + {{- with .dockerAuthenticationFlow }} + dockerAuthenticationFlow: {{ . | quote }} + {{- end }} + {{- with .duplicateEmailsAllowed }} + duplicateEmailsAllowed: {{ . }} + {{- end }} + {{- with .editUsernameAllowed }} + editUsernameAllowed: {{ . }} {{- end }} {{- with .emailTheme }} emailTheme: {{ . | quote }} {{- end }} - {{- with .accessCodeLifespanLogin }} - accessCodeLifespanLogin: {{ . }} + {{- with .enabled }} + enabled: {{ . }} {{- end }} - {{- with .passwordPolicy }} - passwordPolicy: {{ . | quote }} + {{- with .enabledEventTypes }} + enabledEventTypes: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .ssoSessionIdleTimeoutRememberMe }} - ssoSessionIdleTimeoutRememberMe: {{ . }} + {{- with .eventsEnabled }} + eventsEnabled: {{ . }} {{- end }} - {{- with .resetPasswordAllowed }} - resetPasswordAllowed: {{ . }} + {{- with .eventsExpiration }} + eventsExpiration: {{ . }} + {{- end }} + {{- with .eventsListeners }} + eventsListeners: {{ . | toYaml | nindent 6 }} {{- end }} {{- with .failureFactor }} failureFactor: {{ . }} {{- end }} - {{- with .otpPolicyAlgorithm }} - otpPolicyAlgorithm: {{ . | quote }} + {{- with .federatedUsers }} + federatedUsers: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .requiredActions }} - requiredActions: {{ . | toYaml | nindent 6 }} + {{- with .firstBrokerLoginFlow }} + firstBrokerLoginFlow: {{ . | quote }} {{- end }} - {{- with .actionTokenGeneratedByUserLifespan }} - actionTokenGeneratedByUserLifespan: {{ . }} + {{- with .groups }} + groups: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .clientAuthenticationFlow }} - clientAuthenticationFlow: {{ . | quote }} + {{- with .id }} + id: {{ . | quote }} {{- end }} - {{- with .webAuthnPolicyAuthenticatorAttachment }} - webAuthnPolicyAuthenticatorAttachment: {{ . | quote }} + {{- with .identityProviderMappers }} + identityProviderMappers: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .actionTokenGeneratedByAdminLifespan }} - actionTokenGeneratedByAdminLifespan: {{ . }} + {{- with .identityProviders }} + identityProviders: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .id }} - id: {{ . | quote }} + {{- with .internationalizationEnabled }} + internationalizationEnabled: {{ . }} {{- end }} - {{- with .clientPolicies }} - clientPolicies: {{ . | toYaml | nindent 6 }} + {{- with .keycloakVersion }} + keycloakVersion: {{ . | quote }} {{- end }} - {{- with .webAuthnPolicyUserVerificationRequirement }} - webAuthnPolicyUserVerificationRequirement: {{ . | quote }} + {{- with .localizationTexts }} + localizationTexts: {{ . | toYaml | nindent 6 }} {{- end }} {{- with .loginTheme }} loginTheme: {{ . | quote }} {{- end }} - {{- with .requiredCredentials }} - requiredCredentials: {{ . | toYaml | nindent 6 }} + {{- with .loginWithEmailAllowed }} + loginWithEmailAllowed: {{ . }} {{- end }} - {{- with .webAuthnPolicyPasswordlessAttestationConveyancePreference }} - webAuthnPolicyPasswordlessAttestationConveyancePreference: {{ . | quote }} + {{- with .maxDeltaTimeSeconds }} + maxDeltaTimeSeconds: {{ . }} {{- end }} - {{- with .directGrantFlow }} - directGrantFlow: {{ . | quote }} + {{- with .maxFailureWaitSeconds }} + maxFailureWaitSeconds: {{ . }} {{- end }} - {{- with .identityProviderMappers }} - identityProviderMappers: {{ . | toYaml | nindent 6 }} + {{- with .maxTemporaryLockouts }} + maxTemporaryLockouts: {{ . }} {{- end }} - {{- with .dockerAuthenticationFlow }} - dockerAuthenticationFlow: {{ . | quote }} + {{- with .minimumQuickLoginWaitSeconds }} + minimumQuickLoginWaitSeconds: {{ . }} {{- end }} - {{- with .browserFlow }} - browserFlow: {{ . | quote }} + {{- with .notBefore }} + notBefore: {{ . }} {{- end }} - {{- with .bruteForceProtected }} - bruteForceProtected: {{ . }} + {{- with .oauth2DeviceCodeLifespan }} + oauth2DeviceCodeLifespan: {{ . }} {{- end }} - {{- with .displayNameHtml }} - displayNameHtml: {{ . | quote }} + {{- with .oauth2DevicePollingInterval }} + oauth2DevicePollingInterval: {{ . }} {{- end }} - {{- with .ssoSessionIdleTimeout }} - ssoSessionIdleTimeout: {{ . }} + {{- with .oauthClients }} + oauthClients: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .browserSecurityHeaders }} - browserSecurityHeaders: {{ . | toYaml | nindent 6 }} + {{- with .offlineSessionIdleTimeout }} + offlineSessionIdleTimeout: {{ . }} {{- end }} - {{- with .eventsListeners }} - eventsListeners: {{ . | toYaml | nindent 6 }} + {{- with .offlineSessionMaxLifespan }} + offlineSessionMaxLifespan: {{ . }} {{- end }} - {{- with .accessTokenLifespan }} - accessTokenLifespan: {{ . }} + {{- with .offlineSessionMaxLifespanEnabled }} + offlineSessionMaxLifespanEnabled: {{ . }} {{- end }} - {{- with .applications }} - applications: {{ . | toYaml | nindent 6 }} + {{- with .organizations }} + organizations: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .organizationsEnabled }} + organizationsEnabled: {{ . }} + {{- end }} + {{- with .otpPolicyAlgorithm }} + otpPolicyAlgorithm: {{ . | quote }} {{- end }} {{- with .otpPolicyCodeReusable }} otpPolicyCodeReusable: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .clientProfiles }} - clientProfiles: {{ . | toYaml | nindent 6 }} - {{- end }} - {{- with .userFederationMappers }} - userFederationMappers: {{ . | toYaml | nindent 6 }} + {{- with .otpPolicyDigits }} + otpPolicyDigits: {{ . }} {{- end }} - {{- with .enabledEventTypes }} - enabledEventTypes: {{ . | toYaml | nindent 6 }} + {{- with .otpPolicyInitialCounter }} + otpPolicyInitialCounter: {{ . }} {{- end }} {{- with .otpPolicyLookAheadWindow }} otpPolicyLookAheadWindow: {{ . }} {{- end }} - {{- with .displayName }} - displayName: {{ . | quote }} + {{- with .otpPolicyPeriod }} + otpPolicyPeriod: {{ . }} {{- end }} - {{- with .eventsEnabled }} - eventsEnabled: {{ . }} + {{- with .otpPolicyType }} + otpPolicyType: {{ . | quote }} {{- end }} - {{- with .clientSessionMaxLifespan }} - clientSessionMaxLifespan: {{ . }} + {{- with .otpSupportedApplications }} + otpSupportedApplications: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .roles }} - roles: {{ . | toYaml | nindent 6 }} + {{- with .passwordCredentialGrantAllowed }} + passwordCredentialGrantAllowed: {{ . }} {{- end }} - {{- with .groups }} - groups: {{ . | toYaml | nindent 6 }} + {{- with .passwordPolicy }} + passwordPolicy: {{ . | quote }} {{- end }} - {{- with .webAuthnPolicyCreateTimeout }} - webAuthnPolicyCreateTimeout: {{ . }} + {{- with .permanentLockout }} + permanentLockout: {{ . }} {{- end }} - {{- with .webAuthnPolicyAttestationConveyancePreference }} - webAuthnPolicyAttestationConveyancePreference: {{ . | quote }} + {{- with .privateKey }} + privateKey: {{ . | quote }} {{- end }} - {{- with .clientOfflineSessionIdleTimeout }} - clientOfflineSessionIdleTimeout: {{ . }} + {{- with .protocolMappers }} + protocolMappers: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .notBefore }} - notBefore: {{ . }} + {{- with .publicKey }} + publicKey: {{ . | quote }} {{- end }} - {{- with .webAuthnPolicyPasswordlessRpEntityName }} - webAuthnPolicyPasswordlessRpEntityName: {{ . | quote }} + {{- with .quickLoginCheckMilliSeconds }} + quickLoginCheckMilliSeconds: {{- end }} - {{- with .verifyEmail }} - verifyEmail: {{ . }} + {{- with .realm }} + realm: {{ . | quote }} {{- end }} - {{- with .clientScopeMappings }} - clientScopeMappings: {{ . | toYaml | nindent 6 }} + {{- with .realmCacheEnabled }} + realmCacheEnabled: {{ . }} {{- end }} - {{- with .identityProviders }} - identityProviders: {{ . | toYaml | nindent 6 }} + {{- with .refreshTokenMaxReuse }} + refreshTokenMaxReuse: {{ . }} + {{- end }} + {{- with .registrationAllowed }} + registrationAllowed: {{ . }} + {{- end }} + {{- with .registrationEmailAsUsername }} + registrationEmailAsUsername: {{ . }} + {{- end }} + {{- with .registrationFlow }} + registrationFlow: {{ . | quote }} + {{- end }} + {{- with .rememberMe }} + rememberMe: {{ . }} + {{- end }} + {{- with .requiredActions }} + requiredActions: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .requiredCredentials }} + requiredCredentials: {{ . | toYaml | nindent 6 }} {{- end }} {{- with .resetCredentialsFlow }} resetCredentialsFlow: {{ . | quote }} {{- end }} - {{- with .duplicateEmailsAllowed }} - duplicateEmailsAllowed: {{ . }} + {{- with .resetPasswordAllowed }} + resetPasswordAllowed: {{ . }} {{- end }} - {{- with .maxDeltaTimeSeconds }} - maxDeltaTimeSeconds: {{ . }} + {{- with .revokeRefreshToken }} + revokeRefreshToken: {{ . }} {{- end }} - {{- with .offlineSessionMaxLifespanEnabled }} - offlineSessionMaxLifespanEnabled: {{ . }} + {{- with .roles }} + roles: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .realmCacheEnabled }} - realmCacheEnabled: {{ . }} + {{- with .scopeMappings }} + scopeMappings: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .attributes }} - attributes: {{ . | toYaml | nindent 6 }} + {{- with .smtpServer }} + smtpServer: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .adminTheme }} - adminTheme: {{ . | quote }} + {{- with .social }} + social: {{ . }} {{- end }} - {{- with .loginWithEmailAllowed }} - loginWithEmailAllowed: {{ . }} + {{- with .socialProviders }} + socialProviders: {{ . | toYaml | nindent 6 }} {{- end }} - {{- with .otpSupportedApplications }} - otpSupportedApplications: {{ . | toYaml | nindent 6 }} + {{- with .sslRequired }} + sslRequired: {{ . }} {{- end }} - {{- with .clientOfflineSessionMaxLifespan }} - clientOfflineSessionMaxLifespan: {{ . | toYaml | nindent 6 }} + {{- with .ssoSessionIdleTimeout }} + ssoSessionIdleTimeout: {{ . }} + {{- end }} + {{- with .ssoSessionIdleTimeoutRememberMe }} + ssoSessionIdleTimeoutRememberMe: {{ . }} + {{- end }} + {{- with .ssoSessionMaxLifespan }} + ssoSessionMaxLifespan: {{ . }} + {{- end }} + {{- with .ssoSessionMaxLifespanRememberMe }} + ssoSessionMaxLifespanRememberMe: {{ . }} + {{- end }} + {{- with .supportedLocales }} + supportedLocales: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .updateProfileOnInitialSocialLogin }} + updateProfileOnInitialSocialLogin: {{ . }} + {{- end }} + {{- with .userCacheEnabled }} + userCacheEnabled: {{ . }} + {{- end }} + {{- with .userFederationMappers }} + userFederationMappers: {{ . | toYaml | nindent 6 }} {{- end }} {{- with .userFederationProviders }} userFederationProviders: {{ . | toYaml | nindent 6 }} {{- end }} + {{- with .userManagedAccessAllowed }} + userManagedAccessAllowed: {{ . }} + {{- end }} + {{- with .users }} + users: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .verifyEmail }} + verifyEmail: {{ . }} + {{- end }} + {{- with .waitIncrementSeconds }} + waitIncrementSeconds: {{ . }} + {{- end }} + {{- with .webAuthnPolicyAcceptableAaguids }} + webAuthnPolicyAcceptableAaguids: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .webAuthnPolicyAttestationConveyancePreference }} + webAuthnPolicyAttestationConveyancePreference: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyAvoidSameAuthenticatorRegister }} + webAuthnPolicyAvoidSameAuthenticatorRegister: {{ . }} + {{- end }} + {{- with .webAuthnPolicyAuthenticatorAttachment }} + webAuthnPolicyAuthenticatorAttachment: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyCreateTimeout }} + webAuthnPolicyCreateTimeout: {{ . }} + {{- end }} + {{- with .webAuthnPolicyExtraOrigins }} + webAuthnPolicyExtraOrigins: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessAcceptableAaguids }} + webAuthnPolicyPasswordlessAcceptableAaguids: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessAttestationConveyancePreference }} + webAuthnPolicyPasswordlessAttestationConveyancePreference: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessAuthenticatorAttachement }} + webAuthnPolicyPasswordlessAuthenticatorAttachement: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister }} + webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: {{ . }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessCreateTimeout }} + webAuthnPolicyPasswordlessCreateTimeout: {{ . }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessExtraOrigins }} + webAuthnPolicyPasswordlessExtraOrigins: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessRequireResidentKey }} + webAuthnPolicyPasswordlessRequireResidentKey: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessRpEntityName }} + webAuthnPolicyPasswordlessRpEntityName: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessRpId }} + webAuthnPolicyPasswordlessRpId: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessSignatureAlgorithms }} + webAuthnPolicyPasswordlessSignatureAlgorithms: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .webAuthnPolicyPasswordlessUserVerificationRequirement }} + webAuthnPolicyPasswordlessUserVerificationRequirement: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyRequireResidentKey }} + webAuthnPolicyRequireResidentKey: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyRpEntityName }} + webAuthnPolicyRpEntityName: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicyRpID }} + webAuthnPolicyRpId: {{ . | quote }} + {{- end }} + {{- with .webAuthnPolicySignatureAlgorithms }} + webAuthnPolicySignatureAlgorithms: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .webAuthnPolicyUserVerificationRequirement }} + webAuthnPolicyUserVerificationRequirement: {{ . | quote }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/keycloak-operator/tests/__snapshot__/default_test.yaml.snap b/charts/keycloak-operator/tests/__snapshot__/default_test.yaml.snap index 39681869d..3994d76cb 100644 --- a/charts/keycloak-operator/tests/__snapshot__/default_test.yaml.snap +++ b/charts/keycloak-operator/tests/__snapshot__/default_test.yaml.snap @@ -8,8 +8,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: keycloakcontroller-cluster-role rules: - apiGroups: @@ -35,8 +35,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: keycloakrealmimportcontroller-cluster-role rules: - apiGroups: @@ -62,8 +62,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: RELEASE-NAME-keycloak-operator-operator spec: replicas: 1 @@ -86,8 +86,8 @@ should match snapshot: fieldRef: fieldPath: metadata.namespace - name: KC_OPERATOR_KEYCLOAK_IMAGE - value: quay.io/keycloak/keycloak:24.0.4 - image: quay.io/keycloak/keycloak-operator:24.0.4 + value: quay.io/keycloak/keycloak:25.0.0 + image: quay.io/keycloak/keycloak-operator:25.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -127,8 +127,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: keycloak-operator-role-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -146,8 +146,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: keycloak-operator-view roleRef: apiGroup: rbac.authorization.k8s.io @@ -165,8 +165,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: keycloakcontroller-role-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -184,8 +184,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: keycloakrealmimportcontroller-role-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -203,8 +203,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: keycloak-operator-role rules: - apiGroups: @@ -266,8 +266,8 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: RELEASE-NAME-keycloak-operator-operator spec: ports: @@ -289,6 +289,6 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: RELEASE-NAME-keycloak-operator diff --git a/charts/keycloak-operator/tests/__snapshot__/operand_test.yaml.snap b/charts/keycloak-operator/tests/__snapshot__/operand_test.yaml.snap index 8b8e5b422..78ca33da6 100644 --- a/charts/keycloak-operator/tests/__snapshot__/operand_test.yaml.snap +++ b/charts/keycloak-operator/tests/__snapshot__/operand_test.yaml.snap @@ -6,8 +6,8 @@ should match snapshot: labels: app.kubernetes.io/component: keycloak app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: keycloak spec: features: @@ -15,27 +15,26 @@ should match snapshot: - js-adapter - kerberos enabled: - - account2 + - account3 - admin2 - web-authn hostname: - strict: false - strictBackchannel: false + backchannelDynamic: false + hostname: keycloak.example.com + strict: true http: httpEnabled: true ingress: enabled: true instances: 1 - transaction: - xaEnabled: false 2: | apiVersion: k8s.keycloak.org/v2alpha1 kind: KeycloakRealmImport metadata: labels: app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: 24.0.4 - helm.sh/chart: keycloak-operator-1.2.1 + app.kubernetes.io/version: 25.0.0 + helm.sh/chart: keycloak-operator-1.3.0 name: RELEASE-NAME-keycloak-operator-test spec: keycloakCRName: keycloak diff --git a/charts/keycloak-operator/values.yaml b/charts/keycloak-operator/values.yaml index 3b6ec5ebb..ba2eaecda 100644 --- a/charts/keycloak-operator/values.yaml +++ b/charts/keycloak-operator/values.yaml @@ -87,206 +87,315 @@ keycloak: # -- Enable deploying a bundled keycloak with the operator enabled: false - # -- Number of Keycloak instances in HA mode. - instances: 1 - - transaction: - # -- Determine whether Keycloak should use a non-XA datasource. - xaEnabled: false - - http: - # -- The used HTTP port - httpPort: ~ - # -- A secret containing the TLS configuration for HTTPS. - tlsSecret: ~ - # -- The used HTTPS port - httpsPort: ~ - # -- Enable a HTTP listener - httpEnabled: true - - hostname: - # -- Hostname for the Keycloak server. - # @default -- Disabled if not set. - hostname: ~ - # -- Disables dynamically resolving the hostname from request headers - strict: false - # -- By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. - strictBackchannel: true - # -- The hostname for accessing the administration console. - admin: ~ - # -- Set the base URL for accessing the administration console. - adminUrl: ~ - - unsupported: - # -- You can configure values that will be merged with the one configured by default by the operator. - podTemplate: ~ - # metadata: - # labels: - # foo: "bar" - # spec: - # containers: - # - volumeMounts: - # - name: test-volume - # mountPath: /mnt/test - # command: [ "/bin/bash", "-c", "cat /mnt/test/test.txt && /opt/keycloak/bin/kc.sh start-dev" ] - # volumes: - # - name: test-volume - # secret: - # secretName: keycloak-podtemplate-secret - - ingress: - # -- The deployment is, by default, exposed through a basic ingress. - enabled: true - # -- Annotations for the Ingress - annotations: [] - # -- Ingress class name - className: "" - - image: - # -- Overrides the operator.keycloakImage.image value whose default is quay.io/keycloak/keycloak - repository: "" - # -- Overrides the operator.keycloakImage.tag value whose default is the chart appVersion. - tag: "" - - # -- Secret(s) that might be used when pulling an image from a private container image registry or repository. - imagePullSecrets: ~ - # - name: secret-name - # -- Configuration of the Keycloak server expressed as a keys and values that can be either direct values or references to secrets. additionalOptions: ~ # - name: string # value: string # secret: - # optional: bol + # optional: bool # key: string # name: string + # -- Configure keycloaks cache. + cache: {} + # configMapFile: + # key: string + # name: string + # optional: bool + db: + # -- Sets the database name of the default JDBC URL of the chosen vendor. If the `url` option is set, this option is ignored. + database: ~ + + # -- Sets the hostname of the default JDBC URL of the chosen vendor. If the `url` option is set, this option is ignored. + host: ~ + # -- The reference to a secret holding the password of the database user. passwordSecret: ~ # optional: bool # key: string # name: string - # -- The reference to a secret holding the username of the database user. - usernameSecret: ~ - # optional: bool - # key: string - # name: string + + # -- The initial size of the connection pool. + poolInitialSize: ~ + + # -- The maximum size of the connection pool. + poolMaxSize: ~ + + # -- The minimal size of the connection pool. + poolMinSize: ~ + # -- Sets the port of the default JDBC URL of the chosen vendor. If the `url` option is set, this option is ignored. port: ~ + # -- The database schema to be used. schema: ~ - # -- Sets the hostname of the default JDBC URL of the chosen vendor. If the `url` option is set, this option is ignored. - host: + # -- The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor. url: - # -- The initial size of the connection pool. - poolInitialSize: ~ - # -- The maximum size of the connection pool. - poolMaxSize: ~ + + # -- The reference to a secret holding the username of the database user. + usernameSecret: ~ + # optional: bool + # key: string + # name: string + # -- The database vendor. vendor: ~ - # -- Sets the database name of the default JDBC URL of the chosen vendor. If the `url` option is set, this option is ignored. - database: ~ - # -- The minimal size of the connection pool. - poolMinSize: ~ + # -- Configure Keycloak features # @default -- see [Keycloak docs](https://www.keycloak.org/server/features) features: + # -- Disabled Keycloak features disabled: [] + # -- Enabled Keycloak features enabled: [] + hostname: + # -- The hostname for accessing the administration console. + admin: ~ + + # -- Set the base URL for accessing the administration console. + adminUrl: ~ + + # -- (bool) Enables dynamic resolving of backchannel URLs, including hostname, scheme, port and context path. Set to true if your application accesses Keycloak via a private network. + # @default -- Use the operator's default if not set. + backchannelDynamic: ~ + + # -- Hostname for the Keycloak server. + # @default -- Disabled if not set. + hostname: ~ + + # -- Disables dynamically resolving the hostname from request headers + strict: false + + http: + # -- Enable a HTTP listener + httpEnabled: true + + # -- The used HTTP port + httpPort: ~ + + # -- The used HTTPS port + httpsPort: ~ + + # -- A secret containing the TLS configuration for HTTPS. + tlsSecret: ~ + + httpManagement: + # -- Port of management interface. + port: ~ + + image: + # -- Overrides the operator.keycloakImage.image value whose default is quay.io/keycloak/keycloak + repository: "" + + # -- Overrides the operator.keycloakImage.tag value whose default is the chart appVersion. + tag: "" + + # -- Secret(s) that might be used when pulling an image from a private container image registry or repository. + imagePullSecrets: ~ + # - name: secret-name + + ingress: + # -- The deployment is, by default, exposed through a basic ingress. + enabled: true + + # -- Annotations for the Ingress + annotations: [] + + # -- Ingress class name + className: "" + + # -- Number of Keycloak instances in HA mode. + instances: 1 + + proxy: + # -- The proxy headers that should be accepted by the server. Misconfiguration might leave the server exposed to security vulnerabilities. + headers: "" + + # -- Compute Resources required by Keycloak container + resources: {} + # claims: + # - name: string + # limits: {} + # requests: {} + + # -- Set to force the behavior of the --optimized flag for the start command. If left unspecified the operator will assume custom images have already been augmented. + startOptimized: ~ + + transaction: + # -- Determine whether Keycloak should use a non-XA datasource. + xaEnabled: false + + truststores: + # -- Configure Keycloak truststores via Secrets. + secret: {} + + # -- Additional values that will be merged with the operator's defaults + unsupported: + # podTemplate: ~ + # metadata: + # labels: + # foo: "bar" + # spec: + # containers: + # - volumeMounts: + # - name: test-volume + # mountPath: /mnt/test + # command: [ "/bin/bash", "-c", "cat /mnt/test/test.txt && /opt/keycloak/bin/kc.sh start-dev" ] + # volumes: + # - name: test-volume + # secret: + # secretName: keycloak-podtemplate-secret + realmimport: # -- Deploy realmimport resources enabled: false # -- A list of realms to configure using the realmimport CRD. realms: [] # - keycloakCRName: string - # webAuthnPolicyAvoidSameAuthenticatorRegister: boolean - # federatedUsers: [] - # adminEventsEnabled: boolean - # registrationEmailAsUsername: boolean - # keycloakVersion: string - # oauth2DeviceCodeLifespan: integer - # sslRequired: boolean - # realm: string - # defaultGroups: {} - # enabled: boolean - # webAuthnPolicySignatureAlgorithms: [] - # ssoSessionMaxLifespanRememberMe: integer - # webAuthnPolicyRpId: string - # webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: boolean - # users: [] - # clientTemplates: [] - # webAuthnPolicyPasswordlessUserVerificationRequirement: string - # registrationFlow: string - # publicKey: string - # webAuthnPolicyPasswordlessCreateTimeout: integer - # authenticationFlows: [] - # applicationScopeMappings: [] - # offlineSessionMaxLifespan: integer - # codeSecret: string - # offlineSessionIdleTimeout: integer - # quickLoginCheckMilliSeconds: integer - # privateKey: string - # webAuthnPolicyRpEntityName: string - # emailTheme: string + # accessCodeLifespan: integer # accessCodeLifespanLogin: integer - # passwordPolicy: string - # ssoSessionIdleTimeoutRememberMe: integer - # resetPasswordAllowed: boolean - # failureFactor: integer - # otpPolicyAlgorithm: string - # requiredActions: [] + # accessCodeLifespanUserAction: integer + # accessTokenLifespan: integer + # accessTokenLifespanForImplicitFlow: integer + # accountTheme: string + # actionTokenGeneratedByAdminLifespan: integer # actionTokenGeneratedByUserLifespan: integer + # adminEventsDetailsEnabled: boolean + # adminEventsEnabled: boolean + # adminTheme: string + # applicationScopeMappings: [] + # applications: [] + # attributes: {} + # authenticationFlows: [] + # authenticatorConfig: {} + # browserFlow: string + # browserSecurityHeaders: {} + # bruteForceProtected: boolean # clientAuthenticationFlow: string - # webAuthnPolicyAuthenticatorAttachment: string - # actionTokenGeneratedByAdminLifespan: integer - # id: string + # clientOfflineSessionIdleTimeout: integer + # clientOfflineSessionMaxLifespan: integer # clientPolicies: {} - # webAuthnPolicyUserVerificationRequirement: string - # loginTheme: string - # requiredCredentials: [] - # webAuthnPolicyPasswordlessAttestationConveyancePreference: string + # clientProfiles: {} + # clientScopeMappings: [] + # clientScopes: [] + # clientSessionIdleTimeout: integer + # clientSessionMaxLifespan: integer + # clientTemplates: [] + # clients: [] + # codeSecret: string + # defaultDefaultClientScopes: [] + # defaultGroups: {} + # defaultLocale: string + # defaultOptionalClientScopes: [] + # defaultRole: {} + # defaultRoles: [] + # defaultSignatureAlgorithm: string # directGrantFlow: string - # identityProviderMappers: [] - # dockerAuthenticationFlow: string - # browserFlow: string - # bruteForceProtected: boolean + # displayName: string # displayNameHtml: string - # ssoSessionIdleTimeout: integer - # browserSecurityHeaders: {} - # eventsListeners: [] - # accessTokenLifespan: integer - # applications: [] - # otpPolicyCodeReusable: boolean - # clientProfiles: {} - # userFederationMappers: [] + # dockerAuthenticationFlow: string + # duplicateEmailsAllowed: boolean + # editUsernameAllowed: boolean + # emailTheme: string + # enabled: boolean # enabledEventTypes: [] - # otpPolicyLookAheadWindow: integer - # displayName: string # eventsEnabled: boolean - # clientSessionMaxLifespan: integer - # roles: [] + # eventsListeners: [] + # failureFactor: integer + # federatedUsers: [] + # firstBrokerLoginFlow: string # groups: [] - # webAuthnPolicyCreateTimeout: integer - # webAuthnPolicyAttestationConveyancePreference: string - # clientOfflineSessionIdleTimeout: integer - # notBefore: integer - # webAuthnPolicyPasswordlessRpEntityName: string - # verifyEmail: boolean - # clientScopeMappings: [] + # id: string + # identityProviderMappers: [] # identityProviders: [] - # resetCredentialsFlow: string - # duplicateEmailsAllowed: boolean + # internationalizationEnabled: bool + # keycloakVersion: string + # localizationTexts: [] + # loginTheme: string + # loginWithEmailAllowed: boolean # maxDeltaTimeSeconds: integer + # maxFailureWaitSeconds: integer + # maxTEmporaryLockouts: integer + # minimumQuickLoginWaitSeconds: integer + # notBefore: integer + # oauth2DeviceCodeLifespan: integer + # oauth2DevicePollingInterval: integer + # oauthClients: [] + # offlineSessionIdleTimeout: integer + # offlineSessionMaxLifespan: integer # offlineSessionMaxLifespanEnabled: boolean - # realmCacheEnabled: boolean - # attributes: {} - # adminTheme: string - # loginWithEmailAllowed: boolean + # organizations: [] + # organizationsEnabled: boolean + # otpPolicyAlgorithm: string + # otpPolicyCodeReusable: boolean + # otpPolicyDigits: integer + # otpPolicyInitialCounter: integer + # otpPolicyLookAheadWindow: integer + # otpPolicyPeriod: integer + # otpPolicyType: string # otpSupportedApplications: [] - # clientOfflineSessionMaxLifespan: integer + # passwordCredentialGrantAllowed: boolean + # passwordPolicy: string + # permanentLockout: boolean + # privateKey: string + # protocolMappers: [] + # publicKey: string + # quickLoginCheckMilliSeconds: integer + # realmCacheEnabled: boolean + # realm: string + # refreshTokenMaxReuse: integer + # registrationAllowed: boolean + # registrationEmailAsUsername: boolean + # registrationFlow: string + # rememberMe: boolean + # requiredActions: [] + # requiredCredentials: [] + # resetCredentialsFlow: string + # resetPasswordAllowed: boolean + # revokeRefreshToken: boolean + # roles: [] + # scopeMappings: [] + # smtpServer: {} + # social: boolean + # socialProviders: {} + # sslRequired: boolean + # ssoSessionIdleTimeout: integer + # ssoSessionIdleTimeoutRememberMe: integer + # ssoSessionMaxLifespan: integer + # ssoSessionMaxLifespanRememberMe: integer + # supportedLocales: [] + # updateProfileOnInitialSocialLogin: boolean + # userCacheEnabled: boolean + # userFederationMappers: [] # userFederationProviders: [] + # userManagedAccessAllowed: boolean + # users: [] + # verifyEmail: boolean + # waitIncrementSeconds: boolean + # webAuthnPolicyAcceptableAaguids: [] + # webAuthnPolicyAttestationConveyancePreference: string + # webAuthnPolicyAvoidSameAuthenticatorRegister: boolean + # webAuthnPolicyAuthenticatorAttachment: string + # webAuthnPolicyCreateTimeout: integer + # webAuthnPolicyExtraOrigins: [] + # webAuthnPolicyPasswordlessAcceptableAaguids: [] + # webAuthnPolicyPasswordlessAttestationConveyancePreference: string + # webAuthnPolicyPasswordlessAuthenticatorAttachement: string + # webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: boolean + # webAuthnPolicyPasswordlessCreateTimeout: integer + # webAuthnPolicyPasswordlessExtraOrigins: [] + # webAuthnPolicyPasswordlessRequireResidentKey: boolean + # webAuthnPolicyPasswordlessRpEntityName: string + # webAuthnPolicyPasswordlessRpId: string + # webAuthnPolicyPasswordlessSignatureAlgorithms: [] + # webAuthnPolicyPasswordlessUserVerificationRequirement: string + # webAuthnPolicyRequireResidentKey: boolean + # webAuthnPolicyRpEntityName: string + # webAuthnPolicyRpId: string + # webAuthnPolicySignatureAlgorithms: [] + # webAuthnPolicyUserVerificationRequirement: string