How to use custom themes on Keycloak Operator (v13.0.0)?

Question

I was installing Keycloak using Operator (version 13.0.0). The updated code has theme related stuff github repository and supports custom theme integration quite well. All we need an URL where the custom theme is located. I tried it and worked flawlessly.

However, what if we have themes in some local directory, not on some public URL. How do we suppose to upload the theme in the Keycloak then?

I've tried using the File URL and file paths as well but didn't work for me.

The Keycloak.yaml

apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
  name: keycloak-test
  labels:
    app: keycloak-test
spec:
  instances: 1
  extensions:
    - https://SOME-PUBLIC-URL/keycloak-themes.jar                    
  externalAccess:
    enabled: False
  podDisruptionBudget:
    enabled: True

Answer 1

We can add custom keycloak themes in keycloak operator (v13.0.0) using the below steps:

1. Create a jar file for your custom theme using step shown here Deploying Keycloak Themes
2. Create a kubernetes configmap of the jar using the following command

kubectl create cm customtheme --from-file customtheme.jar

3. To use above configmap update Keycloak.yaml and add the following code block

  keycloakDeploymentSpec:
    experimental:
      volumes:
        defaultMode: 0777
        items:
          - name: customtheme
            mountPath: /opt/jboss/keycloak/standalone/deployments/custom-themes
            subPath: customtheme.jar
            configMaps:
              - customtheme

Note: Make sure the size of theme is less than 1MB.

Answer 2

You can create a .tar file (e.g., custom_theme.tar) with the custom themes to be used in Keycloak, and then mount a volume to the folder where the Keycloak themes are stored (i.e., /opt/jboss/keycloak/themes/my_custom_theme), and copy the .tar file with the custom themes from a local folder into the Keycloak container.

You can find complete example of this approach here.

Answer 3

I used a slightly different approach. Basic situation: my theme is in a separate git project. Creation of the k8s resources is done with github actions (GHA) and kustomize, and I didn't want to build the config map naming stuff by hand.

I did following:

• The theme gets a GHA/Dockerfile which just copies the theme in a static busybox image.
• This image is loaded as an InitContainer in keycloak. The InitContainer get's the command to copy the theme to the keycloak theme directory.

(1) Dockerfile

FROM busybox
COPY . /my-theme-directory

(2) keycloak-CRD:

spec:
  unsupported:
    podTemplate:
      spec:
        containers:
        - volumeMounts:
            - name: theme-volume
              mountPath: /opt/keycloak/themes/my-theme-name
        volumes:
        - name: theme-volume
          emptyDir: {}
        initContainers:
        - name: init-container-theme-copy
          image: my-generated-image-from-step-one
          command: 
          - sh 
          args:
          - -c
          - |
            echo "Copying theme..."
            cp -R /my-theme-directory/* /theme
          volumeMounts: 
            - name: theme-volume
              mountPath: /theme

1. Generate an empty volume and mount it in /theme in the init container
2. copy the content of the theme in the init container into the volume we just created
3. mount the volume in the main keycloak container in the theme directory