Skip to content

Instantly share code, notes, and snippets.

@InfoSec812

InfoSec812/KeycloakOperatorSpec.yaml

Created August 18, 2021 18:30
Show Gist options
  • Save InfoSec812/775a897fcc80fc2b6e265990bd85b66a to your computer and use it in GitHub Desktop.
Save InfoSec812/775a897fcc80fc2b6e265990bd85b66a to your computer and use it in GitHub Desktop.
Download ZIP
OpenAPI Schema Definition for KeyCloak Operator CRD
Raw
KeycloakOperatorSpec.yaml
---
openapi: '3.0.3'
info:
description: Keycloak CRD
title: Keycloak CRD
version: 15.0.1
paths:
/:
description: test
components:
schemas:
Keycloak:
description: Keycloak is the Schema for the keycloaks API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KeycloakSpec defines the desired state of Keycloak.
properties:
extensions:
description: A list of extensions, where each one is a URL to a JAR
files that will be deployed in Keycloak.
items:
type: string
type: array
x-kubernetes-list-type: set
external:
description: Contains configuration for external Keycloak instances.
Unmanaged needs to be set to true to use this.
properties:
enabled:
description: If set to true, this Keycloak will be treated as
an external instance. The unmanaged field also needs to be set
to true if this field is true.
type: boolean
url:
description: The URL to use for the keycloak admin API. Needs
to be set if external is true.
type: string
type: object
externalAccess:
description: Controls external Ingress/Route settings.
properties:
enabled:
description: If set to true, the Operator will create an Ingress
or a Route pointing to Keycloak.
type: boolean
host:
description: If set, the Operator will use value of host for Ingress
host instead of default value keycloak.local. Using this setting
in OpenShift environment will result an error. Only users with
special permissions are allowed to modify the hostname.
type: string
tlsTermination:
description: TLS Termination type for the external access. Setting
this field to "reencrypt" will terminate TLS on the Ingress/Route
level. Setting this field to "passthrough" will send encrypted
traffic to the Pod. If unspecified, defaults to "reencrypt".
Note, that this setting has no effect on Ingress as Ingress
TLS settings are not reconciled by this operator. In other words,
Ingress TLS configuration is the same in both cases and it is
up to the user to configure TLS section of the Ingress.
type: string
type: object
externalDatabase:
description: "Controls external database settings. Using an external
database requires providing a secret containing credentials as well
as connection details. Here's an example of such secret: \n apiVersion:
v1 kind: Secret metadata: name: keycloak-db-secret
\ namespace: keycloak stringData: POSTGRES_DATABASE:
<Database Name> POSTGRES_EXTERNAL_ADDRESS: <External Database
IP or URL (resolvable by K8s)> POSTGRES_EXTERNAL_PORT: <External
Database Port> # Strongly recommended to use <'Keycloak
CR Name'-postgresql> POSTGRES_HOST: <Database Service Name>
\ POSTGRES_PASSWORD: <Database Password> # Required
for AWS Backup functionality POSTGRES_SUPERUSER: true POSTGRES_USERNAME:
<Database Username> type: Opaque \n Both POSTGRES_EXTERNAL_ADDRESS
and POSTGRES_EXTERNAL_PORT are specifically required for creating
connection to the external database. The secret name is created
using the following convention: <Custom Resource Name>-db-secret
\n For more information, please refer to the Operator documentation."
properties:
enabled:
description: If set to true, the Operator will use an external
database. pointing to Keycloak.
type: boolean
type: object
instances:
description: Number of Keycloak instances in HA mode. Default is 1.
type: integer
keycloakDeploymentSpec:
description: Resources (Requests and Limits) for KeycloakDeployment.
properties:
experimental:
description: 'Experimental section NOTE: This section might change
or get removed without any notice. It may also cause the deployment
to behave in an unpredictable fashion. Please use with care.'
properties:
affinity:
description: Affinity settings
properties:
nodeAffinity:
description: Describes node affinity scheduling rules
for the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule
pods to nodes that satisfy the affinity expressions
specified by this field, but it may choose a node
that violates one or more of the expressions. The
node that is most preferred is the one with the
greatest sum of weights, i.e. for each node that
meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements
of this field and adding "weight" to the sum if
the node matches the corresponding matchExpressions;
the node(s) with the highest sum are the most preferred.
items:
description: An empty preferred scheduling term
matches all objects with implicit weight 0 (i.e.
it's a no-op). A null preferred scheduling term
matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated
with the corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in the
range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified
by this field are not met at scheduling time, the
pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease
to be met at some point during pod execution (e.g.
due to an update), the system may or may not try
to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector
terms. The terms are ORed.
items:
description: A null or empty node selector term
matches no objects. The requirements of them
are ANDed. The TopologySelectorTerm type implements
a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
co-locate this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule
pods to nodes that satisfy the affinity expressions
specified by this field, but it may choose a node
that violates one or more of the expressions. The
node that is most preferred is the one with the
greatest sum of weights, i.e. for each node that
meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements
of this field and adding "weight" to the sum if
the node has pods which matches the corresponding
podAffinityTerm; the node(s) with the highest sum
are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term,
associated with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of
resources, in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array
of string values. If the operator
is In or NotIn, the values array
must be non-empty. If the operator
is Exists or DoesNotExist, the
values array must be empty.
This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs. A single {key,value}
in the matchLabels map is equivalent
to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are
ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which
namespaces the labelSelector applies to
(matches against); null or empty list
means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located
(affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector
in the specified namespaces, where co-located
is defined as running on a node whose
value of the label with key topologyKey
matches that of any node on which any
of the selected pods is running. Empty
topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching
the corresponding podAffinityTerm, in the
range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified
by this field are not met at scheduling time, the
pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease
to be met at some point during pod execution (e.g.
due to a pod label update), the system may or may
not try to eventually evict the pod from its node.
When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected,
i.e. all terms must be satisfied.
items:
description: Defines a set of pods (namely those
matching the labelSelector relative to the given
namespace(s)) that this pod should be co-located
(affinity) or not co-located (anti-affinity) with,
where co-located is defined as running on a node
whose value of the label with key <topologyKey>
matches that of any node on which a pod of the
set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching the labelSelector in the specified
namespaces, where co-located is defined as
running on a node whose value of the label
with key topologyKey matches that of any node
on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules
(e.g. avoid putting this pod in the same node, zone,
etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule
pods to nodes that satisfy the anti-affinity expressions
specified by this field, but it may choose a node
that violates one or more of the expressions. The
node that is most preferred is the one with the
greatest sum of weights, i.e. for each node that
meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity
expressions, etc.), compute a sum by iterating through
the elements of this field and adding "weight" to
the sum if the node has pods which matches the corresponding
podAffinityTerm; the node(s) with the highest sum
are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term,
associated with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of
resources, in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array
of string values. If the operator
is In or NotIn, the values array
must be non-empty. If the operator
is Exists or DoesNotExist, the
values array must be empty.
This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs. A single {key,value}
in the matchLabels map is equivalent
to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are
ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which
namespaces the labelSelector applies to
(matches against); null or empty list
means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located
(affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector
in the specified namespaces, where co-located
is defined as running on a node whose
value of the label with key topologyKey
matches that of any node on which any
of the selected pods is running. Empty
topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching
the corresponding podAffinityTerm, in the
range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified
by this field are not met at scheduling time, the
pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field
cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from
its node. When there are multiple elements, the
lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
items:
description: Defines a set of pods (namely those
matching the labelSelector relative to the given
namespace(s)) that this pod should be co-located
(affinity) or not co-located (anti-affinity) with,
where co-located is defined as running on a node
whose value of the label with key <topologyKey>
matches that of any node on which a pod of the
set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching the labelSelector in the specified
namespaces, where co-located is defined as
running on a node whose value of the label
with key topologyKey matches that of any node
on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
args:
description: Arguments to the entrypoint. Translates into
Container CMD.
items:
type: string
type: array
command:
description: Container command. Translates into Container
ENTRYPOINT.
items:
type: string
type: array
env:
description: List of environment variables to set in the container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must
be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in
the container and any service environment variables.
If a variable cannot be resolved, the reference in
the input string will be unchanged. The $(VAR_NAME)
syntax can be escaped with a double $$, ie: $$(VAR_NAME).
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to
"".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in
the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of
the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
serviceAccountName:
description: ServiceAccountName settings
type: string
volumes:
description: Additional volume mounts
properties:
defaultMode:
description: Permissions mode.
format: int32
type: integer
items:
items:
properties:
configMaps:
description: Allow multiple configmaps to mount
to the same directory
items:
type: string
type: array
items:
description: Mount details
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used to
set permissions on this file. Must be an
octal value between 0000 and 0777 or a decimal
value between 0 and 511. YAML accepts both
octal and decimal values, JSON requires
decimal values for mode bits. If not specified,
the volume defaultMode will be used. This
might be in conflict with other options
that affect the file mode, like fsGroup,
and the result can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element '..'.
May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
mountPath:
description: An absolute path where to mount it
type: string
name:
description: Volume name
type: string
secrets:
description: Secret mount
items:
type: string
type: array
required:
- mountPath
type: object
type: array
type: object
type: object
resources:
description: Resources (Requests and Limits) for the Pods.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
type: object
migration:
description: Specify Migration configuration
properties:
backups:
description: Set it to config backup policy for migration
properties:
enabled:
description: If set to true, the operator will do database
backup before doing migration
type: boolean
type: object
strategy:
description: Specify migration strategy
type: string
type: object
multiAvailablityZones:
description: Specify PodAntiAffinity settings for Keycloak deployment
in Multi AZ
properties:
enabled:
description: If set to true, the operator will create a podAntiAffinity
settings for the Keycloak deployment.
type: boolean
type: object
podDisruptionBudget:
description: Specify PodDisruptionBudget configuration.
properties:
enabled:
description: If set to true, the operator will create a PodDistruptionBudget
for the Keycloak deployment and set its `maxUnavailable` value
to 1.
type: boolean
type: object
postgresDeploymentSpec:
description: Resources (Requests and Limits) for PostgresDeployment.
properties:
resources:
description: Resources (Requests and Limits) for the Pods.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
type: object
profile:
description: Profile used for controlling Operator behavior. Default
is empty.
type: string
storageClassName:
description: Name of the StorageClass for Postgresql Persistent Volume
Claim
type: string
unmanaged:
description: When set to true, this Keycloak will be marked as unmanaged
and will not be managed by this operator. It can then be used for
targeting purposes.
type: boolean
type: object
status:
description: KeycloakStatus defines the observed state of Keycloak.
properties:
credentialSecret:
description: The secret where the admin credentials are to be found.
type: string
externalURL:
description: External URL for accessing Keycloak instance from outside
the cluster. Is identical to external.URL if it's specified, otherwise
is computed (e.g. from Ingress).
type: string
internalURL:
description: An internal URL (service name) to be used by the admin
client.
type: string
message:
description: Human-readable message indicating details about current
operator phase or error.
type: string
phase:
description: Current phase of the operator.
type: string
ready:
description: True if all resources are in a ready state and all work
is done.
type: boolean
secondaryResources:
additionalProperties:
items:
type: string
type: array
description: 'A map of all the secondary resources types and names
created for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2"
].'
type: object
version:
description: Version of Keycloak or RHSSO running on the cluster.
type: string
required:
- credentialSecret
- internalURL
- message
- phase
- ready
- version
type: object
type: object
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment