{"id":14384122,"url":"https://github.com/reddec/keycloak-ext-operator","last_synced_at":"2025-07-11T17:32:03.271Z","repository":{"id":65196112,"uuid":"549455030","full_name":"reddec/keycloak-ext-operator","owner":"reddec","description":"Creates OAuth clients in Keycloak and creates corresponding secrets in kubernetes","archived":false,"fork":false,"pushed_at":"2023-11-15T02:54:55.000Z","size":166,"stargazers_count":22,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-08-29T18:33:13.182Z","etag":null,"topics":["keycloak","oauth","oauth-operator","oauth2-proxy","oidc","operator","operator-sdk"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reddec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-10-11T08:02:08.000Z","updated_at":"2024-02-13T15:53:38.000Z","dependencies_parsed_at":"2024-01-14T19:16:32.657Z","dependency_job_id":"b43a672b-b93a-4e0b-b662-634d6f047f1b","html_url":"https://github.com/reddec/keycloak-ext-operator","commit_stats":{"total_commits":16,"total_committers":1,"mean_commits":16.0,"dds":0.0,"last_synced_commit":"cff875e9cd33258255a5f3a13ab8514eac38eb33"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Fkeycloak-ext-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Fkeycloak-ext-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Fkeycloak-ext-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Fkeycloak-ext-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reddec","download_url":"https://codeload.github.com/reddec/keycloak-ext-operator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225745201,"owners_count":17517610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["keycloak","oauth","oauth-operator","oauth2-proxy","oidc","operator","operator-sdk"],"created_at":"2024-08-28T18:01:08.403Z","updated_at":"2024-11-21T14:30:11.519Z","avatar_url":"https://github.com/reddec.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# keycloak-ext-operator\n\nCreates OAuth clients in Keycloak and creates corresponding secrets in kubernetes.\n\nRequired environment:\n\n| Environment variable  | Purpose                           |\n|-----------------------|-----------------------------------|\n| `KEYCLOAK_URL`        | URL to keycloak instance          |\n| `KEYCLOAK_USER`       | Admin user name (usually `admin`) |\n| `KEYCLOAK_PASSWORD`   | Admin password                    |\n\nBy default, those values will be obtained from secret `keycloak` in `keycloak` namespace.\n\n## Description\n\nThe operator:\n\n- watches `KeycloakClient` manifests\n- creates (or updates) OAuth private clients in Keycloak instance. If it's a new client, then secret will be randomly\n  generated\n- creates secret with OAuth credentials\n\nTested on Keycloak 19. May not work on versions bellow 18 due to different API URLs.\n\n**Example:**\n\nManifest (CRD)\n\n```yaml\napiVersion: keycloak.k8s.reddec.net/v1alpha1\nkind: KeycloakClient\nmetadata:\n  name: sample\n  namespace: default\nspec:\n  secretName: \"my-secret\"\n  domain: \"example.com\"\n  realm: reddec\n  annotations:\n    foo: bar\n  labels:\n    alice: bob\n```\n\n- `secretName` is optional. If it is not set, then the name of CRD (`sample` in this case) will be used.\n- `annotations` is optional. If set, all values will be copied to secret annotations.\n- `labels` is optional. If set, all values will be copied to secret labels.\n\nGenerated secret\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: my-secret\n  namespace: default\nimmutable: true\ntype: Opaque\ndata:\n  clientID: .....     # unless copied from existent, it's equal to domain name\n  clientSecret: ..... # automatically generated secret (32 crypto random bytes represented as 64-bytes hex) or copied from existent client definition from keycloak.\n  realm: .....        # copied from spec\n  realmURL: .....     # full URL to realm: \u003ckeycloak url\u003e/realms/\u003crealm\u003e\n  discoveryURL: ..... # OIDC URL to realm: \u003ckeycloak url\u003e/realms/\u003crealm\u003e/.well-known/openid-configuration\n```\n\n* unless `clientSecret` is copied from existent Keycloak client, it is automatically generated secret from 32 crypto\n  random bytes, and represented as 64-bytes hex\n\n## Getting Started\n\n* Install operator\n\n```bash\ncurl -L https://github.com/reddec/keycloak-ext-operator/releases/latest/download/keycloak-ext-operator.yaml | \\\nkubectl apply -f -\n```\n\n* Setup credentials\n\n```bash\nkubectl -n keycloak create secret generic keycloak\nkubectl -n keycloak edit secret keycloak\n```\n\n\u003e values in `data` should be base64 encoded - see [kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/)\n\nexample\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: keycloak\n  namespace: keycloak\ndata:\n  KEYCLOAK_URL: aHR0cHM6Ly9leGFtcGxlLmNvbQ==\n  KEYCLOAK_USER: YWRtaW4=\n  KEYCLOAK_PASSWORD: UEAkJHdvckQ=\n```\n\n* Create manifests\n\n## Use-cases\n\n- [oauth2-proxy protection](config/samples/usecase-oauth.yaml) for deployment\n\n## License\n\nCopyright 2022.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freddec%2Fkeycloak-ext-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freddec%2Fkeycloak-ext-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freddec%2Fkeycloak-ext-operator/lists"}