Skip to content
This repository has been archived by the owner on Nov 16, 2022. It is now read-only.

KEYCLOAK-12307 TLS Termination configuration #186

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions deploy/crds/keycloak.org_keycloaks_crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,16 @@ spec:
description: If set to true, the Operator will create an Ingress
or a Route pointing to Keycloak.
type: boolean
tlsTermination:
stianst marked this conversation as resolved.
Show resolved Hide resolved
description: TLS Termination type for the external access. Setting
this field to "reencrypt" will terminate TLS on the Ingress/Route
level. Setting this field to "passthrough" will send encrypted
traffic to the Pod. If unspecified, defaults to "reencrypt". Note,
that this setting has no effect on Ingress as Ingress TLS settings
are not reconciled by this operator. In other words, Ingress TLS
configuration is the same in both cases and it is up to the user
to configure TLS section of the Ingress.
type: string
type: object
externalDatabase:
description: "Controls external database settings. Using an external
Expand Down
16 changes: 16 additions & 0 deletions pkg/apis/keycloak/v1alpha1/keycloak_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,26 @@ type KeycloakSpec struct {
PodDisruptionBudget PodDisruptionBudgetConfig `json:"podDisruptionBudget,omitempty"`
}

type TLSTerminationType string

var (
DefaultTLSTermintation TLSTerminationType
ReencryptTLSTerminationType TLSTerminationType = "reencrypt"
PassthroughTLSTerminationType TLSTerminationType = "passthrough"
)

type KeycloakExternalAccess struct {
// If set to true, the Operator will create an Ingress or a Route
// pointing to Keycloak.
Enabled bool `json:"enabled,omitempty"`
// TLS Termination type for the external access. Setting this field to "reencrypt" will
// terminate TLS on the Ingress/Route level. Setting this field to "passthrough" will
// send encrypted traffic to the Pod. If unspecified, defaults to "reencrypt".
// Note, that this setting has no effect on Ingress
// as Ingress TLS settings are not reconciled by this operator. In other words,
// Ingress TLS configuration is the same in both cases and it is up to the user
// to configure TLS section of the Ingress.
TLSTermination TLSTerminationType `json:"tlsTermination,omitempty"`
}

type KeycloakExternalDatabase struct {
Expand Down
88 changes: 44 additions & 44 deletions pkg/apis/keycloak/v1alpha1/zz_generated.openapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,22 @@ import (

func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
return map[string]common.OpenAPIDefinition{
"./pkg/apis/keycloak/v1alpha1.Keycloak": schema_pkg_apis_keycloak_v1alpha1_Keycloak(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakAWSSpec(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakBackup": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackup(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupSpec(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupStatus(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakClient": schema_pkg_apis_keycloak_v1alpha1_KeycloakClient(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakClientSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakClientSpec(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakClientStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakClientStatus(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakRealm": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealm(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmStatus(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakSpec(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakStatus(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakUser": schema_pkg_apis_keycloak_v1alpha1_KeycloakUser(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakUserSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakUserSpec(ref),
"./pkg/apis/keycloak/v1alpha1.KeycloakUserStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakUserStatus(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.Keycloak": schema_pkg_apis_keycloak_v1alpha1_Keycloak(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakAWSSpec(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackup": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackup(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupSpec(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupStatus(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClient": schema_pkg_apis_keycloak_v1alpha1_KeycloakClient(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakClientSpec(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakClientStatus(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealm": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealm(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmStatus(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakSpec(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakStatus(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUser": schema_pkg_apis_keycloak_v1alpha1_KeycloakUser(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserSpec": schema_pkg_apis_keycloak_v1alpha1_KeycloakUserSpec(ref),
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserStatus": schema_pkg_apis_keycloak_v1alpha1_KeycloakUserStatus(ref),
}
}

Expand Down Expand Up @@ -58,19 +58,19 @@ func schema_pkg_apis_keycloak_v1alpha1_Keycloak(ref common.ReferenceCallback) co
},
"spec": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakSpec"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakSpec"),
},
},
"status": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakStatus"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakStatus"),
},
},
},
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
}
}

Expand Down Expand Up @@ -136,19 +136,19 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakBackup(ref common.ReferenceCallba
},
"spec": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec"),
},
},
"status": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus"),
},
},
},
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakBackupStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
}
}

Expand All @@ -169,7 +169,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupSpec(ref common.ReferenceCa
"aws": {
SchemaProps: spec.SchemaProps{
Description: "If provided, an automatic database backup will be created on AWS S3 instead of a local Persistent Volume. If this property is not provided - a local Persistent Volume backup will be chosen.",
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec"),
},
},
"instanceSelector": {
Expand All @@ -182,7 +182,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakBackupSpec(ref common.ReferenceCa
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAWSSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"},
}
}

Expand Down Expand Up @@ -271,19 +271,19 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakClient(ref common.ReferenceCallba
},
"spec": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakClientSpec"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientSpec"),
},
},
"status": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakClientStatus"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientStatus"),
},
},
},
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakClientSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakClientStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakClientStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
}
}

Expand All @@ -303,15 +303,15 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakClientSpec(ref common.ReferenceCa
"client": {
SchemaProps: spec.SchemaProps{
Description: "Keycloak Client REST object.",
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakAPIClient"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIClient"),
},
},
},
Required: []string{"realmSelector", "client"},
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakAPIClient", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIClient", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"},
}
}

Expand Down Expand Up @@ -400,19 +400,19 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakRealm(ref common.ReferenceCallbac
},
"spec": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec"),
},
},
"status": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus"),
},
},
},
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakRealmStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
}
}

Expand All @@ -432,7 +432,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref common.ReferenceCal
"realm": {
SchemaProps: spec.SchemaProps{
Description: "Keycloak Realm REST object.",
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakAPIRealm"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIRealm"),
},
},
"realmOverrides": {
Expand All @@ -447,7 +447,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref common.ReferenceCal
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.RedirectorIdentityProviderOverride"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.RedirectorIdentityProviderOverride"),
},
},
},
Expand All @@ -458,7 +458,7 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakRealmSpec(ref common.ReferenceCal
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakAPIRealm", "./pkg/apis/keycloak/v1alpha1.RedirectorIdentityProviderOverride", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIRealm", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.RedirectorIdentityProviderOverride", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"},
}
}

Expand Down Expand Up @@ -561,13 +561,13 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakSpec(ref common.ReferenceCallback
"externalAccess": {
SchemaProps: spec.SchemaProps{
Description: "Controls external Ingress/Route settings.",
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakExternalAccess"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakExternalAccess"),
},
},
"externalDatabase": {
SchemaProps: spec.SchemaProps{
Description: "Controls external database settings. Using an external database requires providing a secret containing credentials as well as connection details. Here's an example of such secret:\n\n apiVersion: v1\n kind: Secret\n metadata:\n name: keycloak-db-secret\n namespace: keycloak\n stringData:\n POSTGRES_DATABASE: <Database Name>\n POSTGRES_EXTERNAL_ADDRESS: <External Database IP or URL (resolvable by K8s)>\n POSTGRES_EXTERNAL_PORT: <External Database Port>\n # Strongly recommended to use <'Keycloak CR Name'-postgresql>\n POSTGRES_HOST: <Database Service Name>\n POSTGRES_PASSWORD: <Database Password>\n # Required for AWS Backup functionality\n POSTGRES_SUPERUSER: true\n POSTGRES_USERNAME: <Database Username>\n type: Opaque\n\nBoth POSTGRES_EXTERNAL_ADDRESS and POSTGRES_EXTERNAL_PORT are specifically required for creating connection to the external database. The secret name is created using the following convention:\n <Custom Resource Name>-db-secret\n\nFor more information, please refer to the Operator documentation.",
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakExternalDatabase"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakExternalDatabase"),
},
},
"profile": {
Expand All @@ -580,14 +580,14 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakSpec(ref common.ReferenceCallback
"podDisruptionBudget": {
SchemaProps: spec.SchemaProps{
Description: "Specify PodDisruptionBudget configuration",
Ref: ref("./pkg/apis/keycloak/v1alpha1.PodDisruptionBudgetConfig"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.PodDisruptionBudgetConfig"),
},
},
},
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakExternalAccess", "./pkg/apis/keycloak/v1alpha1.KeycloakExternalDatabase", "./pkg/apis/keycloak/v1alpha1.PodDisruptionBudgetConfig"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakExternalAccess", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakExternalDatabase", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.PodDisruptionBudgetConfig"},
}
}

Expand Down Expand Up @@ -697,19 +697,19 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakUser(ref common.ReferenceCallback
},
"spec": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakUserSpec"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserSpec"),
},
},
"status": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakUserStatus"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserStatus"),
},
},
},
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakUserSpec", "./pkg/apis/keycloak/v1alpha1.KeycloakUserStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserSpec", "github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakUserStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
}
}

Expand All @@ -729,15 +729,15 @@ func schema_pkg_apis_keycloak_v1alpha1_KeycloakUserSpec(ref common.ReferenceCall
"user": {
SchemaProps: spec.SchemaProps{
Description: "Keycloak User REST object.",
Ref: ref("./pkg/apis/keycloak/v1alpha1.KeycloakAPIUser"),
Ref: ref("github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIUser"),
},
},
},
Required: []string{"user"},
},
},
Dependencies: []string{
"./pkg/apis/keycloak/v1alpha1.KeycloakAPIUser", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"},
"github.com/keycloak/keycloak-operator/pkg/apis/keycloak/v1alpha1.KeycloakAPIUser", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"},
}
}

Expand Down
11 changes: 9 additions & 2 deletions pkg/model/keycloak_route.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func KeycloakRoute(cr *kc.Keycloak) *v1.Route {
TargetPort: intstr.FromString(ApplicationName),
},
TLS: &v1.TLSConfig{
Termination: "passthrough",
Termination: getTLSTerminationType(cr),
},
To: v1.RouteTargetReference{
Kind: "Service",
Expand All @@ -42,7 +42,7 @@ func KeycloakRouteReconciled(cr *kc.Keycloak, currentState *v1.Route) *v1.Route
TargetPort: intstr.FromString(ApplicationName),
},
TLS: &v1.TLSConfig{
Termination: "passthrough",
Termination: getTLSTerminationType(cr),
},
To: v1.RouteTargetReference{
Kind: "Service",
Expand All @@ -53,6 +53,13 @@ func KeycloakRouteReconciled(cr *kc.Keycloak, currentState *v1.Route) *v1.Route
return reconciled
}

func getTLSTerminationType(cr *kc.Keycloak) v1.TLSTerminationType {
if cr.Spec.ExternalAccess.TLSTermination == kc.PassthroughTLSTerminationType {
return "passthrough"
}
return "reencrypt"
}

func KeycloakRouteSelector(cr *kc.Keycloak) client.ObjectKey {
return client.ObjectKey{
Name: ApplicationName,
Expand Down