Description

Based on the design as specified in #9829.

Add a dedicated field to the Keycloak CR for bootstrapping the admin user account and admin service account. The Operator will set the following env vars on the pods: KEYCLOAK_BOOTSTRAP_ADMIN_USER, KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD, KEYCLOAK_BOOTSTRAP_ADMIN_CLIENT_ID, KEYCLOAK_BOOTSTRAP_ADMIN_CLIENT_SECRET, KEYCLOAK_BOOTSTRAP_ADMIN_EXPIRATION. That means it will support bootstrapping only at startup time.

Example spec:

kind: Keycloak
spec:
  bootstrap-admin:
    expiration: 260
    user:
      nameSecret: 
        name: keycloak-admin-secret
        key: username
      passwordSecret:
        name: keycloak-admin-secret
        key: password
    service:
      clientIdSecret: 
        name: keycloak-admin-secret
        key: client-id
      clientSecret:
        name: keycloak-admin-secret
        key: secret

• The content of Secrets referenced by nameSecret and passwordSecret can be provided by the user, or the Operator will populate them with defaults.
• If the Secret or the Key referenced by nameSecret don’t exist, the default temp-admin is used and is written back to the Secret.
• If the Secret or the Key referenced by passwordSecret don’t exist, a password is generated and is written back to the Secret.
• The content of Secrets referenced by clientIdSecret and clientSecret must be provided by the user. clientIdSecret defaults to temp-admin-service.