diff --git a/deploy/crds/keycloak.org_keycloaks_crd.yaml b/deploy/crds/keycloak.org_keycloaks_crd.yaml index 05dfd0ae4..3e3f1c07c 100644 --- a/deploy/crds/keycloak.org_keycloaks_crd.yaml +++ b/deploy/crds/keycloak.org_keycloaks_crd.yaml @@ -44,6 +44,15 @@ spec: description: If set to true, the Operator will create an Ingress or a Route pointing to Keycloak. type: boolean + tlsTermination: + description: TLS Termination type for the external access. Setting + this field to "router" will terminate TLS on Router level. Setting + this field to "passthrough" will send encrypted traffic to the + Pod. Note, that this setting has no effect on Ingress as Ingress + TLS settings are not reconciled by this operator. In other words, + Ingress TLS configuration is the same in both cases and it is + up to the user to configure TLS section of the Ingress. + type: string type: object externalDatabase: description: "Controls external database settings. Using an external diff --git a/pkg/apis/keycloak/v1alpha1/keycloak_types.go b/pkg/apis/keycloak/v1alpha1/keycloak_types.go index ceabf42ef..1cc9b210f 100644 --- a/pkg/apis/keycloak/v1alpha1/keycloak_types.go +++ b/pkg/apis/keycloak/v1alpha1/keycloak_types.go @@ -53,10 +53,25 @@ type KeycloakSpec struct { PodDisruptionBudget PodDisruptionBudgetConfig `json:"podDisruptionBudget,omitempty"` } +type TlsTerminationType string + +var ( + DefaultTlsTermintation TlsTerminationType + RouterTlsTerminationType TlsTerminationType = "router" + PassthroughTlsTerminationType TlsTerminationType = "passthrough" +) + type KeycloakExternalAccess struct { // If set to true, the Operator will create an Ingress or a Route // pointing to Keycloak. Enabled bool `json:"enabled,omitempty"` + // TLS Termination type for the external access. Setting this field to "router" will + // terminate TLS on Router level. Setting this field to "passthrough" will + // send encrypted traffic to the Pod. Note, that this setting has no effect on Ingress + // as Ingress TLS settings are not reconciled by this operator. In other words, + // Ingress TLS configuration is the same in both cases and it is up to the user + // to configure TLS section of the Ingress. + TlsTermination TlsTerminationType `json:"tlsTermination,omitempty"` } type KeycloakExternalDatabase struct { diff --git a/pkg/apis/keycloak/v1alpha1/zz_generated.openapi.go b/pkg/apis/keycloak/v1alpha1/zz_generated.openapi.go index 0c081e45c..6f259d528 100644 --- a/pkg/apis/keycloak/v1alpha1/zz_generated.openapi.go +++ b/pkg/apis/keycloak/v1alpha1/zz_generated.openapi.go @@ -11,22 +11,22 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "./pkg/apis/keycloak/v1alpha1.Keycloak": schema_pkg_apis_keycloak_v1alpha1_Keycloak(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakAWSSpec(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakBackup": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackup(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupSpec(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupStatus(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakClient": schema_pkg_apis_keycloak_v1alpha1_KeycloakClient(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakClientSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakClientSpec(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakClientStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakClientStatus(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakRealm": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealm(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmStatus(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakSpec(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakStatus(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakUser": schema_pkg_apis_keycloak_v1alpha1_KeycloakUser(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakUserSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakUserSpec(ref), - "./pkg/apis/keycloak/v1alpha1.KeycloakUserStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakUserStatus(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.Keycloak": schema_pkg_apis_keycloak_v1alpha1_Keycloak(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakAWSSpec(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackup": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackup(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupSpec(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupStatus(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClient": schema_pkg_apis_keycloak_v1alpha1_KeycloakClient(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakClientSpec(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakClientStatus(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealm": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealm(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmStatus(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakSpec(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakStatus(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUser": schema_pkg_apis_keycloak_v1alpha1_KeycloakUser(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakUserSpec(ref), + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakUserStatus(ref), } } @@ -58,19 +58,19 @@ func schema_pkg_apis_keycloak_v1alpha1_Keycloak(ref common.ReferenceCallback) co }, "spec": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakSpec"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakStatus"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakStatus"), }, }, }, }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -136,19 +136,19 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakBackup(ref common.ReferenceCallba }, "spec": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus"), }, }, }, }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -169,7 +169,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupSpec(ref common.ReferenceCa "aws": { SchemaProps: spec.SchemaProps{ Description: "If provided, an automatic database backup will be created on AWS S3 instead of a local Persistent Volume. If this property is not provided - a local Persistent Volume backup will be chosen.", - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec"), }, }, "instanceSelector": { @@ -182,7 +182,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupSpec(ref common.ReferenceCa }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -271,19 +271,19 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakClient(ref common.ReferenceCallba }, "spec": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakClientSpec"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakClientStatus"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientStatus"), }, }, }, }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakClientSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakClientStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -303,7 +303,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakClientSpec(ref common.ReferenceCa "client": { SchemaProps: spec.SchemaProps{ Description: "Keycloak Client REST object.", - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakAPIClient"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIClient"), }, }, }, @@ -311,7 +311,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakClientSpec(ref common.ReferenceCa }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakAPIClient", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIClient", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -400,19 +400,19 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakRealm(ref common.ReferenceCallbac }, "spec": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus"), }, }, }, }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -432,7 +432,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref common.ReferenceCal "realm": { SchemaProps: spec.SchemaProps{ Description: "Keycloak Realm REST object.", - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakAPIRealm"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIRealm"), }, }, "realmOverrides": { @@ -447,7 +447,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref common.ReferenceCal Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.RedirectorIdentityProviderOverride"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.RedirectorIdentityProviderOverride"), }, }, }, @@ -458,7 +458,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref common.ReferenceCal }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakAPIRealm", "./pkg/apis/keycloak/v1alpha1.RedirectorIdentityProviderOverride", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIRealm", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.RedirectorIdentityProviderOverride", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -561,13 +561,13 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakSpec(ref common.ReferenceCallback "externalAccess": { SchemaProps: spec.SchemaProps{ Description: "Controls external Ingress/Route settings.", - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakExternalAccess"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakExternalAccess"), }, }, "externalDatabase": { SchemaProps: spec.SchemaProps{ Description: "Controls external database settings. Using an external database requires providing a secret containing credentials as well as connection details. Here's an example of such secret:\n\n apiVersion: v1\n kind: Secret\n metadata:\n name: keycloak-db-secret\n namespace: keycloak\n stringData:\n POSTGRES_DATABASE: \n POSTGRES_EXTERNAL_ADDRESS: \n POSTGRES_EXTERNAL_PORT: \n # Strongly recommended to use <'Keycloak CR Name'-postgresql>\n POSTGRES_HOST: \n POSTGRES_PASSWORD: \n # Required for AWS Backup functionality\n POSTGRES_SUPERUSER: true\n POSTGRES_USERNAME: \n type: Opaque\n\nBoth POSTGRES_EXTERNAL_ADDRESS and POSTGRES_EXTERNAL_PORT are specifically required for creating connection to the external database. The secret name is created using the following convention:\n -db-secret\n\nFor more information, please refer to the Operator documentation.", - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakExternalDatabase"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakExternalDatabase"), }, }, "profile": { @@ -580,14 +580,14 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakSpec(ref common.ReferenceCallback "podDisruptionBudget": { SchemaProps: spec.SchemaProps{ Description: "Specify PodDisruptionBudget configuration", - Ref: ref("./pkg/apis/keycloak/v1alpha1.PodDisruptionBudgetConfig"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.PodDisruptionBudgetConfig"), }, }, }, }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakExternalAccess", "./pkg/apis/keycloak/v1alpha1.KeycloakExternalDatabase", "./pkg/apis/keycloak/v1alpha1.PodDisruptionBudgetConfig"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakExternalAccess", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakExternalDatabase", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.PodDisruptionBudgetConfig"}, } } @@ -697,19 +697,19 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakUser(ref common.ReferenceCallback }, "spec": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakUserSpec"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakUserStatus"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserStatus"), }, }, }, }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakUserSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakUserStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -729,7 +729,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakUserSpec(ref common.ReferenceCall "user": { SchemaProps: spec.SchemaProps{ Description: "Keycloak User REST object.", - Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakAPIUser"), + Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIUser"), }, }, }, @@ -737,7 +737,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakUserSpec(ref common.ReferenceCall }, }, Dependencies: []string{ - "./pkg/apis/keycloak/v1alpha1.KeycloakAPIUser", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIUser", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } diff --git a/pkg/model/keycloak_route.go b/pkg/model/keycloak_route.go index 77b16f869..2bd238605 100644 --- a/pkg/model/keycloak_route.go +++ b/pkg/model/keycloak_route.go @@ -25,7 +25,7 @@ func KeycloakRoute(cr *kc.Keycloak) *v1.Route { TargetPort: intstr.FromString(ApplicationName), }, TLS: &v1.TLSConfig{ - Termination: "passthrough", + Termination: getTLSTerminationType(cr), }, To: v1.RouteTargetReference{ Kind: "Service", @@ -42,7 +42,7 @@ func KeycloakRouteReconciled(cr *kc.Keycloak, currentState *v1.Route) *v1.Route TargetPort: intstr.FromString(ApplicationName), }, TLS: &v1.TLSConfig{ - Termination: "passthrough", + Termination: getTLSTerminationType(cr), }, To: v1.RouteTargetReference{ Kind: "Service", @@ -53,6 +53,13 @@ func KeycloakRouteReconciled(cr *kc.Keycloak, currentState *v1.Route) *v1.Route return reconciled } +func getTLSTerminationType(cr *kc.Keycloak) v1.TLSTerminationType { + if cr.Spec.ExternalAccess.TlsTermination == kc.RouterTlsTerminationType { + return "passthrough" + } + return "reencrypt" +} + func KeycloakRouteSelector(cr *kc.Keycloak) client.ObjectKey { return client.ObjectKey{ Name: ApplicationName,