Feat: Keycloak bootstrap — operand infra and realm import

charts/kagenti-operator/templates/rbac/role.yaml

@@ -21,10 +21,19 @@ rules:
   resources:
   - endpoints
   - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
   - services
   verbs:
+  - create
   - get
   - list
+  - update
   - watch
 - apiGroups:
   - ""
@@ -128,8 +137,18 @@ rules:
   - apps
   resources:
   - deployments
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
   - statefulsets
   verbs:
+  - create
   - get
   - list
   - patch
@@ -185,13 +204,26 @@ rules:
   verbs:
   - get
   - list
+- apiGroups:
+  - k8s.keycloak.org
+  resources:
+  - keycloakrealmimports
+  - keycloaks
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
 - apiGroups:
   - route.openshift.io
   resources:
   - routes
   verbs:
+  - create
   - get
   - list
+  - update
 - apiGroups:
   - operator.tekton.dev
   resources:

kagenti-operator/cmd/main.go

@@ -616,6 +616,19 @@ func main() {
 		setupLog.Info("OTel collector bootstrap enabled")
 	}
 
+	keycloakBootstrap := &bootstrap.KeycloakBootstrapRunnable{
+		Client:            mgr.GetClient(),
+		APIReader:         mgr.GetAPIReader(),
+		Namespace:         keycloakAdminSecretNamespace,
+		Realm:             keycloakRealm,
+		KeycloakPublicURL: keycloakPublicURL,
+		Log:               ctrl.Log.WithName("bootstrap"),
+	}
+	if err := mgr.Add(keycloakBootstrap); err != nil {
+		setupLog.Error(err, "unable to add Keycloak bootstrap runnable")
+		os.Exit(1)
+	}
+
 	if enableAuthbridgeConfig {
 		if err = (&controller.AuthbridgeConfigReconciler{
 			Client: mgr.GetClient(),

kagenti-operator/config/rbac/role.yaml

@@ -56,8 +56,10 @@ rules:
   resources:
   - services
   verbs:
+  - create
   - get
   - list
+  - update
   - watch
 - apiGroups:
   - agent.kagenti.dev
@@ -117,7 +119,6 @@ rules:
   resources:
   - daemonsets
   - deployments
-  - statefulsets
   verbs:
   - get
   - list
@@ -131,6 +132,17 @@ rules:
   - statefulsets/finalizers
   verbs:
   - update
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - cert-manager.io
   resources:
@@ -140,6 +152,17 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - k8s.keycloak.org
+  resources:
+  - keycloakrealmimports
+  - keycloaks
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
 - apiGroups:
   - mlflow.opendatahub.io
   resources:
@@ -208,5 +231,7 @@ rules:
   resources:
   - routes
   verbs:
+  - create
   - get
   - list
+  - update