Keycloak admin user

Signed-off-by: Andrew Block <[email protected]>

Author: sabre1041

charts/keycloak/templates/keycloak-admin-user-external-secret.yaml

@@ -0,0 +1,24 @@
+{{- if eq .Values.keycloak.adminUser.enabled true }}
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata:
+  name: keycloak-admin-user
+  namespace: {{ .Release.Namespace }}
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.global.secretStore.name }}
+    kind: {{ .Values.global.secretStore.kind }}
+  target:
+    name: {{ .Values.keycloak.adminUser.secretName }}
+    template:
+      type: Opaque
+      data:
+        username: "{{ .Values.keycloak.adminUser.username }}"
+        password: "{{ `{{ .admin_password }}` }}"
+  data:
+  - secretKey: admin_password
+    remoteRef:
+      key: {{ .Values.keycloak.adminUser.passwordVaultKey }}
+      property: admin-password
+{{- end }}

charts/keycloak/templates/keycloak.yaml

@@ -6,6 +6,11 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-wave: "5"
 spec:
+{{- if eq .Values.keycloak.adminUser.enabled true }}
+  bootstrapAdmin:
+    user:
+      secret: {{ .Values.keycloak.adminUser.secretName }}
+{{- end }}
   db:
     host: postgresql-db
     passwordSecret:

charts/keycloak/values.yaml

@@ -4,6 +4,11 @@ global:
     kind: ClusterSecretStore
     name: vault-backend
 keycloak:
+  adminUser:
+    enabled: true
+    username: admin
+    passwordVaultKey: secret/data/global/keycloak
+    secretName: keycloak-admin-user
   defaultConfig: true
   defaultRealm:
     clients:

values-secret.yaml.template

@@ -37,6 +37,9 @@ secrets:
     vaultPrefixes:
     - global
     fields:
+    - name: admin-password
+      onMissingValue: generate
+      vaultPolicy: validatedPatternDefaultPolicy
     - name: db-password
       onMissingValue: generate
       vaultPolicy: validatedPatternDefaultPolicy