Add Realm ressource

config/crd/kustomization.yaml

@@ -0,0 +1,21 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/keycloak.bitmask.me_keycloakrealms.yaml
+# +kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_keycloakrealms.yaml
+# +kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_keycloakrealms.yaml
+# +kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml

config/crd/kustomizeconfig.yaml

@@ -0,0 +1,19 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  version: v1
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhook/clientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations

config/crd/patches/cainjection_in_keycloakrealms.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: keycloakrealms.keycloak.bitmask.me

config/crd/patches/webhook_in_keycloakrealms.yaml

@@ -0,0 +1,14 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: keycloakrealms.keycloak.bitmask.me
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert

config/rbac/keycloakrealm_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit keycloakrealms.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: keycloakrealm-editor-role
+rules:
+- apiGroups:
+  - keycloak.bitmask.me
+  resources:
+  - keycloakrealms
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - keycloak.bitmask.me
+  resources:
+  - keycloakrealms/status
+  verbs:
+  - get

config/rbac/keycloakrealm_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view keycloakrealms.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: keycloakrealm-viewer-role
+rules:
+- apiGroups:
+  - keycloak.bitmask.me
+  resources:
+  - keycloakrealms
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - keycloak.bitmask.me
+  resources:
+  - keycloakrealms/status
+  verbs:
+  - get

config/samples/keycloak_v1alpha1_keycloakrealm.yaml

@@ -0,0 +1,7 @@
+apiVersion: keycloak.bitmask.me/v1alpha1
+kind: KeycloakRealm
+metadata:
+  name: keycloakrealm-sample
+spec:
+  # Add fields here
+  foo: bar

config/samples/kustomization.yaml

@@ -0,0 +1,4 @@
+## Append samples you want in your CSV to this file as resources ##
+resources:
+- keycloak_v1alpha1_keycloakrealm.yaml
+# +kubebuilder:scaffold:manifestskustomizesamples