This message was deleted.
# general
a
This message was deleted.
b
Can you give an example of a Rancher API CRUD operation that doesn't result in a Kubernetes custom resource being created/retrieved/modified?
w
I'm looking specifically at this API call:
/v3/keyCloakOIDCConfigs/keycloakoidc
note that I'm not sure that there is no CRD behind that, I just didn't find any obvious candidate
b
The fact that
/v3
is prepended there means, to me, there is a keycloakoidcconfig.management.cattle.io` CRD being CRUD-ed there. Here is the type in Rancher's code: https://github.com/rancher/rancher/blob/release/v2.7/pkg/apis/management.cattle.io/v3/authn_types.go#L438
I guess the bottom line is that Rancher uses Kubernetes to store its state. I think that is universally true.
w
@big-hydrogen-97240 hmm, I can't find no such CRD registered (
kubectl get crds | grep ...
) what component would define that CRD ?
b
Rancher would. I'm not sure what configuration would need to be enabled to start that controller.
w
hmm, ok, thanks for the information on what I should expect! I'll keep digging to find out what CRD is behind that ...
b
I'm pretty sure I have the correct CRD kind above. Do you get any GVK information from navigating to
https://<RANCHER_SERVER_URL>/v3/keyCloakOIDCConfigs
in your browser?
Maybe it should be plural:
<http://keycloakoidcconfigs.management.cattle.io|keycloakoidcconfigs.management.cattle.io>
w
at this URL, what I get is this:
Copy code
{
  "baseType": "error",
  "code": "MethodNotAllow",
  "message": "Method GET not supported",
  "status": 405,
  "type": "error"
}
b
So your current cluster is not able to CRUD to that URL at all. This means that there is some configuration not set. Like Keycloak is not turned on. Once this is turned on, then you should see something at that URL and see the CRD.
I should say that this is my understanding of how the Rancher API works.
w
well, this URL works with a call that does a PUT on
$RANCHER_URL/v3/keyCloakOIDCConfigs/keycloakoidc?action=testAndApply
but indeed, it's possible that I need to toggle something to get this to be possible
at
/dashboard/c/c-m-4d6zn929/auth/config/keycloakoidc
I see "The Keycloak authentication provider is currently disabled."