Overview

This document outlines the steps for each APB task to help people to understand what is happening under the hood.

Provision

Create a new Postgres service, including:
- Secrets for database admin users
- Service for the Postgres DB
- PersistVolume Claim to for the Postgres DB
- Deployment for the Postgres DB
Create a new Keycloak service, including:
- Deployment for Keycloak
  - Link Keycloak and Postgres DB
  - Add default Keycloak admin user credential
- Service for Keycloak
- Routes (either HTTP or HTTPS depends on the option) for Keycloak
- Create a new realm in Keycloak using the current OpenShift project name
- Create a new secret in the current OpenShift namespace with admin user credentials
- Create a new secret (labelled with the Keycloak service instance ID) in the current namespace with the following info:
  - Name and type of the service
  - Realm name
  - URL of the Keycloak service
- Persist the admin user credential as _apb_provision_creds
Create a new Keycloak-metrics service, including:
- Deployment for Keycloak-metrics
- Persistent volume claim for Keycloak-metrics
- Service for Keycloak-metrics
- Copy keycloak-monitoring-prometheus.jar to Keycloak to collect metrics data about Keycloak

Get the Keycloak admin user token using the Keycloak admin user credential
Create a new bearer-only or public client with a generated ID and password in Keycloak. It is created in the realm that matches the current namespace
Create a new secret with config details about the newly created Keycloak client
Persist the newly created client name and password as _apb_bind_creds

Get the Keycloak admin user token using the Keycloak admin user credential
Delete the public or bearer-only client created in the bind step from Keycloak and the OpenShift client secret using the data persisted in _apb_bind_creds