chore: initial commit of doc update (#60)

* initial commit of doc update * update realm envs * update docs for prefix envs * update env names * make docs a bit simpler * update docs
defenseunicorns · Apr 19, 2024 · 3698769 · 3698769
1 parent 53f2660
commit 3698769
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/docs/CUSTOMIZE.md b/docs/CUSTOMIZE.md
@@ -68,7 +68,7 @@ Once that cluster is up and healthy and after making theme changes:
    ```
 2. View the changes in the browser
 
-## Override Default Realm
+## Customizing Realm
 
 The `UDS Identity` realm is defined in the realm.json found in [src/realm.json](../src/realm.json). This can be modified and will require a new `uds-identity-config` image for `uds-core`. 
 
@@ -77,6 +77,27 @@ The `UDS Identity` realm is defined in the realm.json found in [src/realm.json](
 
 See the [Testing custom image in UDS Core](./CUSTOMIZE.md#testing-custom-image-in-uds-core) for building, publishing, and using the new image with `uds-core`.
 
+### Templated Realm Values
+> Keycloak supports using environment variables within the realm configuration, see [docs](https://www.keycloak.org/server/importExport).
+> 
+> In the uds-core keycloak [values.yaml](https://github.com/defenseunicorns/uds-core/blob/main/src/keycloak/chart/values.yaml), the `realmInitEnv` defines set of environment variables that can be used to configure the realm.
+> 
+> These environment variables will be created with a prefix `REALM_` to avoid collisions with keycloak environment variables. If necessary to add additional template variables within the realm.json must be prefixed with `REALM_`. 
+> 
+> For example, this bundle override would set the necessary configuration for a google idp to be enabled:
+>
+>      overrides:
+>        keycloak:
+>          keycloak:
+>            values:
+>              - path: realmInitEnv
+>                value:
+>                  GOOGLE_IDP_ENABLED: true
+>                  GOOGLE_IDP_CLIENTID: <fill in value here>
+>                  GOOGLE_IDP_CLIENT_SECRET: <fill in value here>
+>
+>   These environment variables can be found in the [realm.json](../src/realm.json) `identityProviders` section.
+
 ## Customize Truststore
 The default truststore is configured in a [script](../src/truststore/ca-to-jks.sh) and excuted in the [Dockerfile](../src/Dockerfile). There is a few different ways the script could be customized.