Skip to content

feat: add keycloak token exchange #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Cali0707 wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: add keycloak token exchange #80

Cali0707 wants to merge 6 commits into from

Conversation

@Cali0707
Copy link

@Cali0707 Cali0707 commented Dec 10, 2025

This PR adds the code changes required to get the keycloak token exchange to work, as well as fixes the cluster keycloak config to work correctly

To use this you will need two openshift clusters, and then follow these steps:

  1. Run make acm-install with your current context set to the cluster that will be your hub cluster
  2. Run make keycloak-acm-setup-hub - this will take 20-30min as it needs to restart the api server
  3. Create a kubeconfig that will connect to what will be your managed cluster
  4. Run make keycloak-acm-register-managed-cluster CLUSTER_NAME=<your-choice-of-name> MANAGED_KUBECONFIG=<path-to-managed-kubeconfig>
  5. Run make keycloak-acm-generate-toml
  6. Run make build
  7. Run ./kubernetes-mcp-server --port 8080 --config _output/acm-kubeconfig.toml

@openshift-ci
Copy link

openshift-ci bot commented Dec 10, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Cali0707

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 10, 2025
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 11, 2025
@openshift-merge-robot
Copy link

openshift-merge-robot commented Dec 11, 2025

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci
Copy link

openshift-ci bot commented Dec 11, 2025

@Cali0707: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 21547fd link false /test security
ci/prow/images 21547fd link true /test images
ci/prow/test 21547fd link true /test test
ci/prow/fips-image-scan-openshift-mcp-server 21547fd link true /test fips-image-scan-openshift-mcp-server
ci/prow/lint 21547fd link true /test lint

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@Cali0707
Copy link
Author

Cali0707 commented Dec 11, 2025

/hold

Will upstream as much as possible first, resync, then revisit this

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kaustubh-pande Kaustubh-pande Awaiting requested review from Kaustubh-pande

@matzew matzew Awaiting requested review from matzew

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Cali0707 @openshift-merge-robot