Skip to content

Commit

Permalink
Update Operator product documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
vmuzikar committed Oct 11, 2023
1 parent aa165e5 commit 262c84e
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 8 deletions.
16 changes: 12 additions & 4 deletions docs/guides/operator/advanced-configuration.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
<#import "/templates/kc.adoc" as kc>
<#import "/templates/options.adoc" as opts>
<#import "/templates/links.adoc" as links>
<#import "/templates/profile.adoc" as profile>

<@tmpl.guide
title="Advanced configuration"
Expand Down Expand Up @@ -65,14 +66,21 @@ For a list of options, see the Keycloak CRD. For details on configuring options,
Some expert server options are unavailable as dedicated fields in the Keycloak CR. The following are examples of omitted fields:

* Fields that require deep understanding of the underlying Keycloak implementation
* Fields that are not relevant to a Kubernetes environment
* Fields that are not relevant to
<@profile.ifCommunity>
a Kubernetes
</@profile.ifCommunity>
<@profile.ifProduct>
an OpenShift
</@profile.ifProduct>
environment
* Fields for provider configuration because they are dynamic based on the used provider implementation

The `additionalOptions` field of the Keycloak CR enables Keycloak to accept any available configuration in the form of key-value pairs.
You can use this field to include any option that is omitted in the Keycloak CR.
For details on configuring options, see <@links.server id="all-config"/>.

The values can be expressed as plain text strings or Kubernetes Secret references as shown in this example:
The values can be expressed as plain text strings or Secret object references as shown in this example:

[source,yaml]
----
Expand Down Expand Up @@ -102,11 +110,11 @@ When a referenced Secret is modified, the Operator performs a rolling restart of

=== Unsupported features

The `unsupported` field of the CR contains highly experimental configuration options that are not completely tested and supported.
The `unsupported` field of the CR contains highly experimental configuration options that are not completely tested and are Tech Preview.

==== Pod Template

The Pod Template is a raw API representation that is used for the Kubernetes Deployment Template.
The Pod Template is a raw API representation that is used for the Deployment Template.
This field is a temporary workaround in case no supported field exists at the top level of the CR for your use case.

The Operator merges the fields of the provided template with the values generated by the Operator for the specific Deployment.
Expand Down
13 changes: 9 additions & 4 deletions docs/guides/operator/basic-deployment.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,19 @@
<#import "/templates/kc.adoc" as kc>
<#import "/templates/options.adoc" as opts>
<#import "/templates/links.adoc" as links>
<#import "/templates/profile.adoc" as profile>

<@tmpl.guide
title="Basic Keycloak deployment"
priority=20
summary="How to install Keycloak using the Operator on Kubernetes or OpenShift">
summary="How to install Keycloak using the Operator">

== Performing a basic Keycloak deployment
This {section} describes how to perform a basic Keycloak Deployment on Kubernetes or OpenShift using the Operator.
This {section} describes how to perform a basic Keycloak Deployment on
<@profile.ifCommunity>
Kubernetes or
</@profile.ifCommunity>
OpenShift using the Operator.

=== Preparing for deployment

Expand Down Expand Up @@ -230,14 +235,14 @@ kubectl port-forward service/example-kc-service 8443:8443

=== Accessing the Admin Console

When deploying Keycloak, the operator generates an arbitrary initial admin `username` and `password` and stores those credentials as a Kubernetes basic-auth Secret in the same namespace as the CR.
When deploying Keycloak, the operator generates an arbitrary initial admin `username` and `password` and stores those credentials as a basic-auth Secret object in the same namespace as the CR.

[WARNING]
====
Change the default admin credentials and enable MFA in Keycloak before going to production.
====

To fetch the initial admin credentials, you have to read and decode a Kubernetes Secret.
To fetch the initial admin credentials, you have to read and decode the Secret.
The Secret name is derived from the Keycloak CR name plus the fixed suffix `-initial-admin`.
To get the username and password for the `example-kc` CR, enter the following commands:

Expand Down

0 comments on commit 262c84e

Please sign in to comment.