2022-01-12 03:06:10 -05:00
# Keycloak on Quarkus
The module holds the codebase to build the Keycloak Operator on top of [Quarkus ](https://quarkus.io/ ).
Using the [Quarkus Operator SDK ](https://github.com/quarkiverse/quarkus-operator-sdk ).
2022-11-03 02:20:43 -04:00
Also see [Operator guides ](https://www.keycloak.org/guides#operator )
2022-01-12 03:06:10 -05:00
## Activating the Module
2025-04-24 10:26:01 -04:00
When build from the project root directory, this module is only enabled if the installed JDK is 17 or newer.
2022-01-12 03:06:10 -05:00
## Building
2024-09-30 10:11:58 -04:00
Ensure you have JDK 17 (or newer) installed.
2022-01-12 03:06:10 -05:00
Build the Docker image with:
```bash
2023-07-24 02:25:23 -04:00
mvn clean package -Dquarkus.container-image.build=true
2022-01-12 03:06:10 -05:00
```
2023-07-24 02:25:23 -04:00
This will build a container image from `Dockerfile` , using `docker` by default. `podman` is also supported if you do these steps beforehand:
2023-04-21 02:32:29 -04:00
- Follow [this guide ](https://quarkus.io/guides/podman#setting-docker_host-on-linux ) to enable the podman user socket
- Set the `DOCKER_HOST` environment variable to point at this user socket. For example: `DOCKER_HOST=unix:///run/user/1000/podman/podman.sock` .
- You may also have to set `QUARKUS_DOCKER_EXECUTABLE_NAME=podman`
2022-02-11 06:55:57 -05:00
## Configuration
The Keycloak image can be configured, when starting the operator, using the Java property:
```
2024-02-08 09:03:20 -05:00
kc.operator.keycloak.image
2022-02-11 06:55:57 -05:00
```
And the imagePullPolicy with:
```
2024-02-08 09:03:20 -05:00
kc.operator.keycloak.image-pull-policy
2022-02-11 06:55:57 -05:00
```
2022-01-12 03:06:10 -05:00
## Contributing
### Quick start on Minikube
2024-12-04 03:50:28 -05:00
Start minikube with `ingress` addon and `cilium` Container Network Interface (CNI).
Vanilla minikube does not support Network Policies, and Cilium implements the CNI and supports Network Policies.
Another CNI implementation may work too.
```bash
2026-02-12 04:28:53 -05:00
minikube start --addons ingress --cni cilium --cpus=max
2024-12-04 03:50:28 -05:00
```
2022-01-12 03:06:10 -05:00
Enable the Minikube Docker daemon:
```bash
eval $(minikube -p minikube docker-env)
```
Compile the project and generate the Docker image with JIB:
```bash
2023-08-21 10:07:14 -04:00
mvn clean package -Dquarkus.kubernetes.image-pull-policy=IfNotPresent -Dquarkus.container-image.build=true
2022-01-12 03:06:10 -05:00
```
2022-01-13 05:34:35 -05:00
Install the CRD definition and the operator in the cluster in the `keycloak` namespace:
2022-01-12 03:06:10 -05:00
```bash
2023-08-21 10:07:14 -04:00
kubectl create namespace keycloak
2022-01-13 05:34:35 -05:00
kubectl apply -k target
```
to install in the `default` namespace:
```bash
kubectl apply -k overlays/default-namespace
```
Remove the created resources with:
```bash
kubectl delete -k < previously-used-folder >
2022-01-12 03:06:10 -05:00
```
2022-02-08 09:13:58 -05:00
### Testing
2025-04-24 10:26:01 -04:00
Testing allows 3 methods specified in the property `test.operator.deployment` : `local_apiserver` , `local` & `remote` .
`local_apiserver` : the default, where resources will be deployed to a jenvtest controlled api server (not a full kube environment) and the operator will run locally - not all tests can run in this mode. This is the fastest mode of testing as no externally managed kube environment is needed. As long as your test does not need a running Keycloak instance, this level of testing should be applicable.
2022-02-08 09:13:58 -05:00
`local` : resources will be deployed to the local cluster and the operator will run out of the cluster
`remote` : same as local test but an image for the operator will be generated and deployed run inside the cluster
```bash
mvn clean verify \
-Dquarkus.container-image.build=true \
-Dquarkus.container-image.tag=test \
2022-04-28 07:21:55 -04:00
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
2022-02-08 09:13:58 -05:00
-Dtest.operator.deployment=remote
2022-03-09 08:25:18 -05:00
```
To run tests on Mac with `minikube` and the `docker` driver you should run `minikube tunnel` in a separate shell and configure the Java properties as follows:
```bash
-Dtest.operator.kubernetes.ip=localhost
```
2023-06-20 16:04:41 -04:00
On Linux or on Mac using `minikube` on a VM, instead you should enable ingress:
2022-03-09 08:25:18 -05:00
```bash
2023-06-20 16:04:41 -04:00
minikube addons enable ingress
2022-03-09 08:25:18 -05:00
```
2022-03-21 13:52:00 -04:00
To avoid skipping tests that are depending on custom Keycloak images, you need to build those first:
```bash
2026-02-12 04:28:53 -05:00
./scripts/build-testing-docker-images.sh [SOURCE KEYCLOAK IMAGE TAG] [SOURCE KEYCLOAK IMAGE]
2022-03-21 13:52:00 -04:00
```
And run the tests passing an extra Java property:
```bash
2025-02-10 12:54:14 -05:00
-Dtest.operator.custom.image=custom-keycloak:latest
2022-03-21 13:52:00 -04:00
```
2022-04-28 07:21:55 -04:00
### Testing using a pre-built operator image from a remote registry
You can run the testsuite using an already built operator image from a remote image registry.
To do this, you need to set `quarkus.container-image.build=false` and specify the desired image
you want to use by setting `quarkus.container-image.image=<your-image>:<your-tag>`
#### Example:
```bash
mvn clean verify \
-Dquarkus.container-image.build=false \
-Dquarkus.container-image.image=quay.io/keycloak/keycloak-operator:nightly \
-Dtest.operator.deployment=remote
```
