Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

KeycloakComponent

A KeycloakComponent manages Keycloak components such as LDAP user federation, custom storage providers, key providers, and other pluggable realm components.

Specification

apiVersion: keycloak.hostzero.com/v1beta1
kind: KeycloakComponent
metadata:
  name: my-component
spec:
  # One of realmRef or clusterRealmRef must be specified
  realmRef:
    name: my-realm
  
  # Required: Component definition
  definition:
    name: corporate-ldap
    providerId: ldap
    providerType: org.keycloak.storage.UserStorageProvider
    config:
      enabled:
        - "true"
      connectionUrl:
        - "ldap://ldap.example.com:389"

Status

status:
  ready: true
  componentID: "12345678-1234-1234-1234-123456789abc"
  message: "Component synchronized successfully"

Examples

LDAP User Federation

apiVersion: keycloak.hostzero.com/v1beta1
kind: KeycloakComponent
metadata:
  name: ldap-federation
  namespace: keycloak
spec:
  realmRef:
    name: my-realm
  definition:
    name: corporate-ldap
    providerId: ldap
    providerType: org.keycloak.storage.UserStorageProvider
    config:
      enabled:
        - "true"
      vendor:
        - "ad"
      connectionUrl:
        - "ldap://ldap.example.com:389"
      bindDn:
        - "cn=admin,dc=example,dc=com"
      bindCredential:
        - "secret"
      usersDn:
        - "ou=users,dc=example,dc=com"
      userObjectClasses:
        - "person, organizationalPerson, user"
      editMode:
        - "READ_ONLY"

RSA Key Provider

apiVersion: keycloak.hostzero.com/v1beta1
kind: KeycloakComponent
metadata:
  name: rsa-key
  namespace: keycloak
spec:
  realmRef:
    name: my-realm
  definition:
    name: rsa-generated
    providerId: rsa-generated
    providerType: org.keycloak.keys.KeyProvider
    config:
      priority:
        - "100"
      algorithm:
        - "RS256"

Definition Properties

The definition field accepts any valid Keycloak ComponentRepresentation:

FieldTypeDescription
namestringComponent name (required)
providerIdstringProvider ID (e.g., “ldap”, “rsa-generated”)
providerTypestringProvider type (e.g., “org.keycloak.storage.UserStorageProvider”)
parentIdstringParent component ID (defaults to realm ID)
configobjectProvider-specific configuration (array of strings per key)

Common Provider Types

Provider TypeUse Case
org.keycloak.storage.UserStorageProviderLDAP, custom user storage
org.keycloak.keys.KeyProviderCryptographic keys (RSA, AES, etc.)
org.keycloak.storage.ldap.mappers.LDAPStorageMapperLDAP attribute mappers

Short Names

AliasFull Name
kccokeycloakcomponents
 
kubectl get kcco

Notes

  • Component configuration uses arrays of strings for all values
  • LDAP credentials should be managed via Kubernetes Secrets (not directly in the CR)
  • Some components may require specific ordering via priority config