Skip to content

Validitron/k8s-runtime-config-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

saas-runtime-config-operator

https://medium.com/developingnodes/mastering-kubernetes-operators-your-definitive-guide-to-starting-strong-70ff43579eb9

Install kubebuilder

https://book.kubebuilder.io/quick-start.html#installation

  • Ensure go is installed

  • Install the latest version of kubebuilder

# download kubebuilder and install locally.
curl -L -o kubebuilder "https://go.kubebuilder.io/dl/latest/$(go env GOOS)/$(go env GOARCH)"
chmod +x kubebuilder && sudo mv kubebuilder /usr/local/bin/
  • Create the project
cd src
kubebuilder init --domain aws.tron --repo github.com/Validitron/saas-runtime-config-operator
  • Create an endpoint
kubebuilder create api --group tron --version v1 --kind RuntimeConfig

This will generate the basic scaffolding for your operator, including a sample API and controller.

Edit the manifest config

api/v1/runtimeconfig_types.go

Modify the MyKindSpec and MyKindStatus structs to define the desired fields and status of your custom resource.

  • Create keycloak specific manifest
kubebuilder create api --group tron --version v1 --kind KeycloakRuntimeConfig
  • Generate manifests

See config/crd/bases

make manifests
  • Test on a local cluster
kubectl config use-context docker-desktop

verify

kubectl config current-context
  • Install CRDs to the cluster

Note: for remote clusters, we will need to deploy to a remote registry first

$ make docker-build docker-push IMG=example/my-operator:latest
$ make deploy IMG=example/my-operator:latest

For now, lets install locally

While in the src folder

make install
  • Run the controller from localhost
kill -9 $(lsof -t -i :8080)
make run

If there is a running instance, kill the process

kill -9 $(lsof -t -i :8080)
  • Install samples

See

kubectl apply -k config/samples/ -n proj1234

Keycloak API Doc

https://www.keycloak.org/docs-api/latest/rest-api/index.html#_realms_admin

Keycloak Role Assignment Logic

Realm Groups -> Groups that can then be linked to individual client roles via 'Role Mappings'

Groups control what access users get access to

E.g Groups > Telesim.Patients > Client Roles > mthealth-telesim Available roles will be shown (Roles assigned within the client settings) Click a role and move to assigned roles

  • Under user settings > Groups and assign group memberships The user will inherit all the client roles assigned to the group

  • Clients > Client Settings > Roles

Client Roles > Groups > Users

Client Scope

  • Control what clients can access
  • Create a client scope >

Separate out Resources

kubebuilder create api --group tron --version v1 --kind KeycloakRealmConfig
kubebuilder create api --group tron --version v1 --kind KeycloakClientsConfig
kubebuilder create api --group tron --version v1 --kind KeycloakClientRolesConfig
kubebuilder create api --group tron --version v1 --kind KeycloakUserGroupsConfig
kubebuilder create api --group tron --version v1 --kind KeycloakClientScopeMappingConfig
kubebuilder create api --group tron --version v1 --kind UsersConfig

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages