Skip to content

Keycloak should permit to create realms instead of importing one

Actually, the deployment only support importing an existing realm:

  • a realm-secret is created in deploy from the realm-export.json file
  • keycloak-values.yaml contains:
    • extraEnv variable KEYCLOAK_IMPORT with /realm/realm-export.json value
    • readinessProbe check the imported realm /auth/realms/mim
    • extraVolumeMounts mounts the realm-secret under /realm

I propose:

  • to add a vars.ini configuration option like: 
    [keycloak]
#Keycloak realm name
realm=mim
realmImport=true
realmImportFile=/machin/bidule/realm-export.json
  • remove the realm import stuffs from keycloak-values.yaml if realmImport is false
  • create the realm manually with the keycloak REST API (with checks to avoid multi-create?)
  • manage laboite client as any other client
  • make keycloak.realmImport=false the default since the import is specific to PCLL/APPS environments (this is a breaking change)

Notes for laboite

  • User registration should be enabled by default
  • Client for laboite must be of access type public
Edited by Daniel Dehennin