Untitled :: OneCX Docs

onecx-iam-kc-client-operator

Configuration

Configuration property fixed at build time - All other configuration properties are overridable at runtime

Configuration property	Type	Default
`onecx.iam.kc.client.realm` Define realm where to insert/update/delete the clients Environment variable: `ONECX_IAM_KC_CLIENT_REALM`	string	`onecx`
`onecx.iam.kc.client.config."config".add-def-scopes` Add default scopes from realm to the client. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ADD_DEF_SCOPES`	boolean	`true`
`onecx.iam.kc.client.config."config".enabled` Enable the client Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ENABLED`	boolean	`true`
`onecx.iam.kc.client.config."config".auth-type` Authentication type. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__AUTH_TYPE`	string	`client-secret`
`onecx.iam.kc.client.config."config".redirect-uris` List of redirect uris. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__REDIRECT_URIS`	list of string
`onecx.iam.kc.client.config."config".web-origins` List of web origins Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__WEB_ORIGINS`	list of string
`onecx.iam.kc.client.config."config".bearer-only` Bearer token only. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__BEARER_ONLY`	boolean	`false`
`onecx.iam.kc.client.config."config".standard-flow` Standard flow enabled. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__STANDARD_FLOW`	boolean	`false`
`onecx.iam.kc.client.config."config".implicit-flow` Implicit flow enabled. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__IMPLICIT_FLOW`	boolean	`false`
`onecx.iam.kc.client.config."config".direct-access` Enable direct access grants. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__DIRECT_ACCESS`	boolean	`false`
`onecx.iam.kc.client.config."config".service-account` Enable service account. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__SERVICE_ACCOUNT`	boolean	`true`
`onecx.iam.kc.client.config."config".public` Public client flag. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__PUBLIC`	boolean	`false`
`onecx.iam.kc.client.config."config".protocol` Protocol used with the client. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__PROTOCOL`	string	`openid-connect`
`onecx.iam.kc.client.config."config".attributes."attributes"` Attributes map for the client. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ATTRIBUTES__ATTRIBUTES_`	Map<String,String>
`onecx.iam.kc.client.config."config".default-scopes` Default client scopes. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__DEFAULT_SCOPES`	list of string
`onecx.iam.kc.client.config."config".optional-scopes` Optional client scopes. Environment variable: `ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__OPTIONAL_SCOPES`	list of string
`onecx.iam.kc.client.leader-election.lease-name` Lease name Environment variable: `ONECX_IAM_KC_CLIENT_LEADER_ELECTION_LEASE_NAME`	string	`onecx-iam-kc-client-operator-lease`

Configuration property

Type

Default

onecx.iam.kc.client.realm

Define realm where to insert/update/delete the clients

Environment variable: ONECX_IAM_KC_CLIENT_REALM

string

onecx

onecx.iam.kc.client.config."config".add-def-scopes

Add default scopes from realm to the client.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ADD_DEF_SCOPES

boolean

true

onecx.iam.kc.client.config."config".enabled

Enable the client

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ENABLED

boolean

true

onecx.iam.kc.client.config."config".auth-type

Authentication type.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__AUTH_TYPE

string

client-secret

onecx.iam.kc.client.config."config".redirect-uris

List of redirect uris.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__REDIRECT_URIS

list of string

onecx.iam.kc.client.config."config".web-origins

List of web origins

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__WEB_ORIGINS

list of string

onecx.iam.kc.client.config."config".bearer-only

Bearer token only.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__BEARER_ONLY

boolean

false

onecx.iam.kc.client.config."config".standard-flow

Standard flow enabled.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__STANDARD_FLOW

boolean

false

onecx.iam.kc.client.config."config".implicit-flow

Implicit flow enabled.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__IMPLICIT_FLOW

boolean

false

onecx.iam.kc.client.config."config".direct-access

Enable direct access grants.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__DIRECT_ACCESS

boolean

false

onecx.iam.kc.client.config."config".service-account

Enable service account.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__SERVICE_ACCOUNT

boolean

true

onecx.iam.kc.client.config."config".public

Public client flag.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__PUBLIC

boolean

false

onecx.iam.kc.client.config."config".protocol

Protocol used with the client.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__PROTOCOL

string

openid-connect

onecx.iam.kc.client.config."config".attributes."attributes"

Attributes map for the client.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ATTRIBUTES__ATTRIBUTES_

Map<String,String>

onecx.iam.kc.client.config."config".default-scopes

Default client scopes.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__DEFAULT_SCOPES

list of string

onecx.iam.kc.client.config."config".optional-scopes

Optional client scopes.

Environment variable: ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__OPTIONAL_SCOPES

list of string

onecx.iam.kc.client.leader-election.lease-name

Lease name

Environment variable: ONECX_IAM_KC_CLIENT_LEADER_ELECTION_LEASE_NAME

string

onecx-iam-kc-client-operator-lease

Default properties

src/main/resources/application.properties

quarkus.kubernetes-client.devservices.override-kubeconfig=true
quarkus.keycloak.admin-client.server-url=http://keycloak:8080
quarkus.keycloak.admin-client.realm=master
quarkus.keycloak.admin-client.username=admin
quarkus.keycloak.admin-client.password=admin
quarkus.operator-sdk.controllers.kc.retry.max-attempts=10
quarkus.operator-sdk.controllers.kc.retry.interval.initial=5000
quarkus.operator-sdk.controllers.kc.retry.interval.multiplier=3
quarkus.operator-sdk.controllers.kc.retry.interval.max=300000
quarkus.operator-sdk.crd.validate=false
quarkus.operator-sdk.helm.enabled=true
onecx.iam.kc.client.realm=onecx
onecx.iam.kc.client.config.ui.enabled=true
onecx.iam.kc.client.config.ui.auth-type=client-secret
onecx.iam.kc.client.config.ui.redirect-uris=*
onecx.iam.kc.client.config.ui.web-origins=*
onecx.iam.kc.client.config.ui.bearer-only=false
onecx.iam.kc.client.config.ui.standard-flow=true
onecx.iam.kc.client.config.ui.implicit-flow=false
onecx.iam.kc.client.config.ui.direct-access=true
onecx.iam.kc.client.config.ui.service-account=false
onecx.iam.kc.client.config.ui.protocol=openid-connect
onecx.iam.kc.client.config.ui.default-scopes=web-origins,roles,profile,email
onecx.iam.kc.client.config.ui.public=true
onecx.iam.kc.client.config.ui.add-def-scopes=true
onecx.iam.kc.client.config.machine.enabled=true
onecx.iam.kc.client.config.machine.auth-type=client-secret
onecx.iam.kc.client.config.machine.bearer-only=false
onecx.iam.kc.client.config.machine.standard-flow=false
onecx.iam.kc.client.config.machine.implicit-flow=false
onecx.iam.kc.client.config.machine.direct-access=false
onecx.iam.kc.client.config.machine.service-account=true
onecx.iam.kc.client.config.machine.protocol=openid-connect
onecx.iam.kc.client.config.machine.default-scopes=web-origins,roles,profile,email
onecx.iam.kc.client.config.machine.public=false
onecx.iam.kc.client.config.machine.add-def-scopes=true

Extensions

Extensions	Documentation	Configuration	Version
tkit-quarkus-log-cdi	Link	Link	3.3.0
tkit-quarkus-log-rs	Link	Link	3.3.0
tkit-quarkus-log-json	Link	Link	3.3.0
quarkus-arc	Link	Link	3.20.1
quarkus-micrometer-registry-prometheus	Link	Link	3.20.1
quarkus-opentelemetry	Link	Link	3.20.1
quarkus-rest-client	Link	Link	3.20.1
quarkus-rest-client-jackson	Link		3.20.1
tkit-quarkus-security	Link	Link	3.3.0
onecx-core	Link		1.3.0
quarkus-smallrye-health	Link	Link	3.20.1
quarkus-container-image-docker	Link	Link	3.20.1
quarkus-operator-sdk-bundle-generator			7.1.2
quarkus-operator-sdk			7.1.2
onecx-operator			1.3.0
quarkus-keycloak-admin-rest-client			3.20.1

Documentation

Configuration

Version

tkit-quarkus-log-cdi

Link

3.3.0

tkit-quarkus-log-rs

Link

3.3.0

tkit-quarkus-log-json

Link

3.3.0

quarkus-arc

Link

3.20.1

quarkus-micrometer-registry-prometheus

Link

3.20.1

quarkus-opentelemetry

Link

3.20.1

quarkus-rest-client

Link

3.20.1

quarkus-rest-client-jackson

Link

3.20.1

tkit-quarkus-security

Link

3.3.0

onecx-core

Link

1.3.0

quarkus-smallrye-health

Link

3.20.1

quarkus-container-image-docker

Link

3.20.1

quarkus-operator-sdk-bundle-generator

7.1.2

quarkus-operator-sdk

7.1.2

onecx-operator

1.3.0

quarkus-keycloak-admin-rest-client

3.20.1

Container

Docker registry

Helm

Helm registry

Default values

src/main/helm/values.yaml

app:
  name: kc-client-operator
  image:
    repository: "onecx/onecx-iam-kc-client-operator"
  envCustom:
    - name: KUBERNETES_NAMESPACE
      valueFrom:
        fieldRef:
          fieldPath: metadata.namespace
  serviceAccount:
    enabled: true
  operator:
    microservice:
      spec:
        description: OneCX IAM Keycloak Client Operator
        name: OneCX IAM KC Client Operator