Keycloak Operator Installation

How to install the Keycloak Operator on Kubernetes and OpenShift

Installing the Keycloak Operator

This guide describes how to install the Keycloak Operator in a Kubernetes or OpenShift cluster.

Installing by using the Operator Lifecycle Manager

The recommended way to install the Keycloak Operator in Kubernetes environments is to use the Operator Lifecycle Manager (OLM).

Prerequisites

  • Make sure OLM is installed in your environment. For details, see Installing OLM.

  • Be sure that you have cluster-admin permission or an equivalent level of permissions granted by an administrator.

Using the OpenShift web console

The following procedure describes how to install the Keycloak Operator. However, for general instructions on installing Operators using OLM, see Install your operator with OLM. In the default Catalog, the Keycloak Operator is named keycloak-operator. Make sure to use the fast channel to find the operator.

Perform this procedure on an OpenShift cluster.

  1. Open the OpenShift Container Platform web console.

  2. In the left column, click Home, Operators, OperatorHub.

  3. Search for "keycloak" on the search input box.

    Select the Keycloak Operator in the UI
  4. Select the Keycloak Operator from the list of results.

  5. Follow the instructions on the screen.

    Make sure you are installing from the fast channel:

    Configure Keycloak Operator

You may select to either have the Operator watch the namespace where it is installed, or to watch a single namespace of your choosing.

Installing by using kubectl without Operator Lifecycle Manager

You can install the Operator on a vanilla Kubernetes cluster by using kubectl commands:

  1. Install the CRDs by entering the following commands:

    kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/26.0.7/kubernetes/keycloaks.k8s.keycloak.org-v1.yml
    kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/26.0.7/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml
  2. Install the Keycloak Operator deployment by entering the following command:

    kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/26.0.7/kubernetes/kubernetes.yml

The Operator will watch the namespace where it is installed. You may optionally select a namespace with the -n option.

Installing Multiple Operators

It is currently not fully supported for the operator to watch multiple or all namespaces. In circumstances where you want to watch multiple namespaces, you can install multiple operators.

If you do this please be aware:

  • all Operators share the CRDs (Custom Resource Definitions) as they are installed cluster wide.

  • CRD revisions from newer Operator versions won’t introduce breaking changes except for the eventual removal of fields that have been well deprecated. Thus newer CRDs are generally backward compatible.

  • the CRDs installed last will be the ones in use. This applies to OLM installations as well where the Operator version, that is installed as the last, also installs and overrides the CRDs if they exists in the cluster already.

  • older CRDs may not be forwards compatible with new fields used by newer operators. When using OLM it will check if your custom resources are compatible with the CRDs being installed, so the usage of new fields can prevent the simultaneous installation of older operator versions.

  • fields introduced by newer CRDs will not be supported by older Operators. Older Operator will fail to handle CRs that use such new fields with an error deserializing an unrecognized field.

It is therefore recommended in a multiple Operator install scenario that you keep versions aligned as closely as possible to minimize the potential problems with different versions.

On this page