Skip to content

bitnamilegacy-to-official-keycloak #1193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
sandeepbh5 wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

bitnamilegacy-to-official-keycloak #1193

sandeepbh5 wants to merge 7 commits into from

Conversation

@sandeepbh5
Copy link
Contributor

@sandeepbh5 sandeepbh5 commented Dec 2, 2025

Description

  • Introduced a new Keycloak operator application with a sync wave for managing Keycloak instances via CRDs.
  • Updated Keycloak tenant controller to use the latest target revision.
  • Modified platform Keycloak application to point to the new chart repository and updated target revision.
  • Enhanced Traefik extra objects to use the latest target revision.
  • Added default admin username in the on-prem installer functions.
  • Enabled Keycloak operator in the platform profile configuration.
  • Updated Trivy configuration to suppress specific false positives related to Keycloak operator permissions and ExternalName services.

Any Newly Introduced Dependencies

  • quay.io/keycloak/keycloak:26.4.5
  • quay.io/keycloak/keycloak-operator:26.4.5

How Has This Been Tested?

Coder

Checklist:

  • I agree to use the APACHE-2.0 license for my code changes
  • I have not introduced any 3rd party dependency changes
  • I have performed a self-review of my code

@sandeepbh5 sandeepbh5 marked this pull request as draft December 2, 2025 16:19
@sandeepbh5
Upgrade Keycloak to 26.5.0 with native bootstrap password support and…
abf4d3c 
… admin-cli authentication

- Upgrade Keycloak operator to 26.5.0 which natively supports bootstrap password initialization
- Migrate from custom system-client to built-in admin-cli for KTC authentication
- Add required OAuth scopes (openid, profile, email, roles, groups) to admin-cli client
- Fix KTC tenant controller init container to authenticate with admin-cli

This consolidates all Keycloak 26.x upgrade work including bootstrap password fixes and authentication client migration.
@sandeepbh5 sandeepbh5 force-pushed the bitnamilegacy-to-official-keycloak-02dec branch from e7a5618 to abf4d3c Compare January 7, 2026 13:12
@sandeepbh5
Merge branch 'main' into bitnamilegacy-to-official-keycloak-02dec
6251f99
@sandeepbh5
Update Keycloak operator and related components to latest versions
056bd5b
@sandeepbh5
Fix: Revert system-client to public client to support password grant …
0383d10 
…flow

- Changed system-client.publicClient from false back to true
- Public clients support Resource Owner Password Credentials (ROPC) grant without needing client secrets
- This allows password grant requests to work without invalid_client_credentials errors
@sandeepbh5
Revert: Use admin-cli instead of system-client
d52d631 
- Changed back from system-client to admin-cli throughout codebase
- admin-cli is Keycloak's built-in client that works reliably
- Reverted: platform-keycloak.tpl, keycloak-tenant-controller.tpl
- Reverted: 8 test/tool scripts and mage config
- admin-cli with publicClient=true supports password grant natively
@sandeepbh5
Add keycloakAdmin configuration to multiple YAML files
4e3c33f
@sandeepbh5
Add seccompProfile to operator security context for pod security comp…
f553659 
…liance
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adimoft adimoft Awaiting requested review from adimoft adimoft is a code owner

@daveroge daveroge Awaiting requested review from daveroge daveroge is a code owner

@shanedonohue shanedonohue Awaiting requested review from shanedonohue shanedonohue is a code owner

@manilk1x manilk1x Awaiting requested review from manilk1x manilk1x is a code owner

@johnoloughlin johnoloughlin Awaiting requested review from johnoloughlin johnoloughlin is a code owner

@garyloug garyloug Awaiting requested review from garyloug garyloug is a code owner

@palade palade Awaiting requested review from palade palade is a code owner

@rranjan3 rranjan3 Awaiting requested review from rranjan3 rranjan3 is a code owner

@krishnajs krishnajs Awaiting requested review from krishnajs krishnajs is a code owner

@hyunsun hyunsun Awaiting requested review from hyunsun hyunsun is a code owner

@scottmbaker scottmbaker Awaiting requested review from scottmbaker scottmbaker is a code owner

@damiankopyto damiankopyto Awaiting requested review from damiankopyto damiankopyto is a code owner

@cjnolan cjnolan Awaiting requested review from cjnolan cjnolan is a code owner

@SushilLakra SushilLakra Awaiting requested review from SushilLakra SushilLakra is a code owner

@soniabha-intc soniabha-intc Awaiting requested review from soniabha-intc soniabha-intc is a code owner

@guptagunjan guptagunjan Awaiting requested review from guptagunjan guptagunjan is a code owner

@sys-orch-approve sys-orch-approve Awaiting requested review from sys-orch-approve sys-orch-approve is a code owner

@Ram-srini Ram-srini Awaiting requested review from Ram-srini Ram-srini is a code owner

@shankarsrinivas1 shankarsrinivas1 Awaiting requested review from shankarsrinivas1 shankarsrinivas1 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

DO NOT MERGE

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sandeepbh5