Create a Keycloak service

Apply the following object on your namespace, as specified by its YAML description.

Example to create a Keycloak instance
apiVersion: vshn.appcat.vshn.io/v1
kind: VSHNKeycloak
metadata:
  name: keycloak-app1-prod (1)
  namespace: prod-app (2)
spec:
  parameters:
    service:
      version: "25" (3)
      postgreSQLParameters: {} (4)
    size: (5)
      plan: standard-2
  writeConnectionSecretToRef:
    name: keycloak-creds (6)
1 Instance name
2 The namespace where the object will be created
3 Keycloak version
4 PostgreSQL database parameters. See PostgreSQL by VSHN
5 Size of the Keycloak instance. See Plans and Sizing for more information.
6 Secret where the connection details are provisioned. This secret shouldn’t exist before creation.
To get more information about all available configuration options, please see the API Reference

Inspect your new Keycloak service

$  oc get vshnkeycloak.vshn.appcat.vshn.io
NAME                SYNCED   READY   CONNECTION-SECRET   AGE
keycloak-app1-prod   True     True    keycloak-creds       3m32s

When you see True in the READY column, it means the instance is provisioned but the pods might still be starting. It may take some time for the instance to be available especially during the provisioning phase.

Find the connection details

The connection details are stored in a secret. You can retrieve them with the following command:

$ oc get secrets keycloak-creds -o yaml

The output of the command above is a secret specification with the following structure:

apiVersion: v1
kind: Secret
metadata:
  name: keycloak-creds
stringData:
  KEYCLOAK_HOST: "example.keycloak.com" (1)
  KEYCLOAK_PASSWORD: "my-password" (2)
  KEYCLOAK_USERNAME: "admin" (3)
1 Kubernetes internal hostname
2 Password of admin user
3 Username
Not all fields apply to all providers