Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[keycloak-operator] Enable keycloak-operator to watch multiple namespaces. #1288

Open
greucatalin opened this issue Jul 17, 2024 · 2 comments
Open

[keycloak-operator] Enable keycloak-operator to watch multiple namespaces. #1288

greucatalin opened this issue Jul 17, 2024 · 2 comments

Comments

@greucatalin
Copy link

greucatalin commented Jul 17, 2024
edited
Loading

Is your feature request related to a problem? Please describe.
The current kecyloak-operator chart, doesn't support watching multiple namespace. The keyckloak instance must be in the same namespace as the operator to work.

Describe the solution you'd like
Due to our current configuration, we would like to be able to have the operator installed in one namespace, and the Keycloak instance in a different one (or multiple). We already achieved this enabling/disabling operator functionality in this issue #1270
When we apply the kind: Keycloak in a different namespace, we would like the operator to be listening to that.

We considered modifying the Deployment to include the env variable QUARKUS_OPERATOR_SDK_NAMESPACES and a list of namespaces to watch:

env:
  {{ if .Values.operator.watchNamespace }}
   - name: QUARKUS_OPERATOR_SDK_NAMESPACES
     value: {{ join "," .Values.operator.watchNamespace }}
  {{- end }}

But also we need to modify the Roles/RoleBinding templates to be created in each namespace.
The solution we propose:
Using the function .Release.Namespace to add the namespace of the current context in the templates (allowing it to work the same as before), and adding the list of namespaces to watch like this:

{{- $namespace := .Release.Namespace | quote }}
{{- $namespaces := list $namespace }}
{{- if .Values.watchNamespaces }}
  {{- range .Values.watchNamespaces }}
    {{- $namespaces = append $namespaces (quote .) }}
  {{- end }}
{{- end }}
{{- range $namespaces }}

Affected chart
keycloak-operator
@greucatalin
Copy link
Author

Also, in order to make this work, we will need to enable the issue my colleague @gwydionmv opened here: #1273
To ensure each resource is created in the corresponding namespace.
We could include it in the same issue I'm opening.

@tongpu
Copy link
Member

tongpu commented Jul 23, 2024

We would be happy to accommodate your proposal. With regards to the changes your colleague proposed in #1274, my only concern is that I believe that the Keycloak operator deployment should be deployed in the Helm release namespace, as mentioned in this comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tongpu @greucatalin