separated operator and added realm import

apps/keycloak/ingress.yaml

@@ -1,22 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: fcos-keycloak-ingress
-  namespace: keycloak
-  annotations:
-    kubernetes.io/ingress.class: nginx
-  labels:
-    app: keycloak
-    app.kubernetes.io/instance: fcos-keycloak
-spec:
-  rules:
-    - host: id.localhost
-      http:
-        paths:
-          - backend:
-              service:
-                name: fcos-keycloak-service
-                port:
-                  number: 8080
-            path: /
-            pathType: Prefix

apps/keycloak/subscription.yaml

@@ -1,24 +0,0 @@
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: keycloak
-  namespace: keycloak
-spec:
-  channel: candidate
-  name: keycloak-operator
-  source: operatorhubio-catalog
-  sourceNamespace: olm
-  installPlanApproval: Automatic
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: postgresql
-  namespace: keycloak
-spec:
-  channel: v5
-  name: postgresql
-  source: operatorhubio-catalog
-  sourceNamespace: olm
-  installPlanApproval: Automatic

base/apps/keycloak/database.yaml

@@ -2,7 +2,7 @@
 apiVersion: postgres-operator.crunchydata.com/v1beta1
 kind: PostgresCluster
 metadata:
-  name: fcos-keycloak
+  name: fcos-keycloak-postgresql-cluster
 spec:
   postgresVersion: 14
   instances:

base/apps/keycloak/instance.yaml

@@ -6,12 +6,11 @@ metadata:
 spec:
   instances: 1
   hostname: id.localhost
-  disableDefaultIngress: true
   serverConfiguration:
     - name: db
       value: postgres
     - name: db-url
       secret:
-        name: fcos-keycloak-pguser-fcos-keycloak
+        name: fcos-keycloak-postgresql-cluster-pguser-fcos-keycloak-postgresql-cluster
         key: jdbc-uri
-  tlsSecret: INSECURE-DISABLE
+  tlsSecret: tls-keycloak

base/apps/keycloak/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+namespace: keycloak
+resources:
+  - database.yaml
+  - instance.yaml
+  - realm.yaml

base/operators/keycloak/kustomization.yaml

@@ -2,9 +2,5 @@
 namespace: keycloak
 resources:
   - namespace.yaml
-  - operatorgroup.yaml
   - subscription.yaml
-  - database.yaml
-  - instance.yaml
-  - ingress.yaml
-  - realm.yaml
+  - operatorgroup.yaml

base/operators/keycloak/operatorgroup.yaml

@@ -2,8 +2,7 @@
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
-  name: fcos-keycloak
-  namespace: keycloak
+  name: keycloak
 spec:
   targetNamespaces:
     - keycloak

base/operators/keycloak/subscription.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: keycloak
+spec:
+  name: keycloak-operator
+  channel: candidate
+  source: operatorhubio-catalog
+  sourceNamespace: olm
+  installPlanApproval: Automatic

overlays/dev/keycloak/certificate.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: tls-keycloak
+  labels:
+    app: keycloak
+spec:
+  secretName: tls-keycloak
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+    rotationPolicy: Always
+  subject:
+    organizations:
+      - keycloak
+  duration: 2160h
+  renewBefore: 360h
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+  commonName: "id.localhost"
+  dnsNames:
+    - "id.localhost"

overlays/dev/keycloak/kustomization.yaml

@@ -0,0 +1,4 @@
+---
+namespace: keycloak
+resources:
+  - certificate.yaml

overlays/prod/keycloak/kustomization.yaml

@@ -1,4 +1,5 @@
 ---
+namespace: keycloak
 patches:
   - target:
       kind: PostgresCluster