Comments (8)
apeschel
commented on July 24, 2024
7
Keycloak Operator uses a one-way sync for Realms, Clients and Users. The one way sync has been implemented on purpose. Without this approach, any change made manually in the Admin UI would be overridden.
I see having declarative configuration overriding manual changes made through the UI as an absolute win.
from keycloak-operator.
vmuzikar
commented on July 24, 2024
5
This is actually not a bug. Realm's are just created, not updated based on the changes in the CR. It is by design as it's very error prone to do the updates correctly.
Obviously, the bug here is the docs stating that Realms can be updated. This needs to be fixed.
from keycloak-operator.
rtrive
commented on July 24, 2024
2
@vmuzikar I think the operator needs to allow updates. For example: if I want to update the access token's duration do I need to delete and recreate the realm?
@christianviana I will also add accessTokenLifespanas a parameter that is not updated by the operator
from keycloak-operator.
vmuzikar
commented on July 24, 2024
2
@rtrive It is really by design. Realms can't be updated using the operator. We plan to take a little bit different approach with the new operator with the static configuration.
The docs will be updated as part of keycloak/keycloak-documentation#1402. After it is merged, we can close this issue.
from keycloak-operator.
neuromantik33
commented on July 24, 2024
I know this has been discussed over and over, but not being able to reconcile realm info makes the operator almost unusable when assigning realm roles and groups. I'm not sure how this operator is better than an helm chart, even clients can't be reconciled. I think the way grafana handles datasources and the such can be an inspiration, ie. certain resources (data sources, dashboards) are either injected as config maps and are immutable from the UI, or anything can be created with the UI but isn't managed by the operator.
from keycloak-operator.
apapia
commented on July 24, 2024
I concur with @neuromantik33. However, I have been able to reconcile clients, just not realms.
from keycloak-operator.
neuromantik33
commented on July 24, 2024
I'll just add that if ansible is able to reconcile realm state I don't see why the operator can't do the same. As is ansible philosophy, if it isn't managed by ansible the latter does to any unmanaged resources.
from keycloak-operator.
vmuzikar
commented on July 24, 2024
Closing this as it is by design and proper documentation was added in keycloak/keycloak-documentation#1402.
from keycloak-operator.
Related Issues (20)
- Proper way of updating existing keycloak instance via related resource handled by operator HOT 4
- OLM release 18.0.2
- Operator cannot reconcile StatefulSet if Selector is misconfigured
- keycloak integration error: failed to discover OIDC configuration HOT 1
- RH-SSO Deployment doesn't reflect `serviceAccountName`
- Include ARM64 in release HOT 3
- Context root for external Keycloak instances HOT 2
- OLM release 19.0.0
- OLM release 19.0.1
- Prometheus pulling metric https keycloak HOT 1
- Theme downloaded but not deployed as expected HOT 1
- Support priorityClassName HOT 1
- customized ingress resource is deleted as soon as a Keycloak pod is killed.
- OLM release 19.0.2
- Cannot reach Keycloak using the internalURL HOT 6
- scopemapping issue HOT 1
- User update conflicts with Password Policy HOT 1
- Reconciliation deletes default mappers HOT 1
- keycloakClient - serviceAccountClientRoles is not a recognized property? HOT 1
- Keycloak Operator creates ServiceMonitor to scrape port/endpoint that doesn't exist HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keycloak-operator.