diff --git a/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakClient.yaml b/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakClient.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..52393bef17ac4668f7433d7ba64b2b75f4b5490e
--- /dev/null
+++ b/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakClient.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ozgkeycloakclients.operator.ozgcloud.de
+spec:
+ group: operator.ozgcloud.de
+ names:
+ kind: OzgKeycloakClient
+ listKind: OzgKeycloakClientList
+ plural: ozgkeycloakclients
+ singular: ozgkeycloakclient
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: OzgKeycloakClient is the Schema for the keycloaks API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of Keycloak
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ description: Status defines the observed state of Keycloak
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakGroup.yaml b/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakGroup.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ee88ea0051af823a7b7e9913f6c6d8615bb84500
--- /dev/null
+++ b/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakGroup.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ozgkeycloakgroups.operator.ozgcloud.de
+spec:
+ group: operator.ozgcloud.de
+ names:
+ kind: OzgKeycloakGroup
+ listKind: OzgKeycloakGroupList
+ plural: ozgkeycloakgroups
+ singular: ozgkeycloakgroup
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: OzgKeycloakGroup is the Schema for the keycloaks API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of Keycloak
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ description: Status defines the observed state of Keycloak
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakRealms.yaml b/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakRealms.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ed46ad75073c92b888ef3668317dcf92726bb41c
--- /dev/null
+++ b/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakRealms.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ozgkeycloakrealms.operator.ozgcloud.de
+spec:
+ group: operator.ozgcloud.de
+ names:
+ kind: OzgKeycloakRealm
+ listKind: OzgKeycloakRealmList
+ plural: ozgkeycloakrealms
+ singular: ozgkeycloakrealm
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: OzgKeycloakRealm is the Schema for the keycloak API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of Keycloak
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ description: Status defines the observed state of Keycloak
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakUser.yaml b/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakUser.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6100f5451c7194d7827c668aa355ec43423200e9
--- /dev/null
+++ b/src/main/helm/templates/crds/operator.ozgcloud.de_OzgKeycloakUser.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ozgkeycloakusers.operator.ozgcloud.de
+spec:
+ group: operator.ozgcloud.de
+ names:
+ kind: OzgKeycloakUser
+ listKind: OzgKeycloakUserList
+ plural: ozgkeycloakusers
+ singular: ozgkeycloakuser
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: OzgKeycloakUser is the Schema for the keycloaks API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of Keycloak
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ description: Status defines the observed state of Keycloak
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/src/main/helm/templates/rbacs/keycloak_admin_secret_read.yaml b/src/main/helm/templates/rbacs/keycloak_admin_secret_read.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b38ae12bd95b52c9a1ea412197e7f101443844c5
--- /dev/null
+++ b/src/main/helm/templates/rbacs/keycloak_admin_secret_read.yaml
@@ -0,0 +1,52 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozg-operator-keycloak-admin-secret-viewer-role-binding
+ namespace: keycloak
+subjects:
+ - kind: ServiceAccount
+ name: ozg-operator-serviceaccount
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: ozg-operator-keycloak-admin-secret-viewer-role
+ apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozg-operator-keycloak-admin-secret-viewer-role
+ namespace: keycloak
+rules:
+ - apiGroups:
+ - ""
+ resourceNames:
+ - keycloak-admin-secret
+ resources:
+ - secrets
+ verbs:
+ - get
diff --git a/src/main/helm/templates/rbacs/keycloak_read.yaml b/src/main/helm/templates/rbacs/keycloak_read.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0951f3cb825c2d15e554b3e3ba2661c552a020a0
--- /dev/null
+++ b/src/main/helm/templates/rbacs/keycloak_read.yaml
@@ -0,0 +1,62 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozg-operator-keycloak-viewer-role-binding
+subjects:
+ - kind: ServiceAccount
+ name: ozg-operator-serviceaccount
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: ozg-operator-keycloak-viewer-role
+ apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozg-operator-keycloak-viewer-role
+rules:
+ - apiGroups:
+ - operator.ozgcloud.de
+ resources:
+ - ozgkeycloakusers
+ - ozgkeycloakusers/status
+ - ozgkeycloakusers/finalizers
+ - ozgkeycloakgroups
+ - ozgkeycloakgroups/status
+ - ozgkeycloakgroups/finalizers
+ - ozgkeycloakrealms
+ - ozgkeycloakrealms/status
+ - ozgkeycloakrealms/finalizers
+ - ozgkeycloakclients
+ - ozgkeycloakclients/status
+ - ozgkeycloakclients/finalizers
+ verbs:
+ - get
+ - list
+ - watch
\ No newline at end of file
diff --git a/src/main/helm/templates/rbacs/keycloak_write.yaml b/src/main/helm/templates/rbacs/keycloak_write.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1cee24d8ec3921bafda009acd8f3a30bfc15fa5f
--- /dev/null
+++ b/src/main/helm/templates/rbacs/keycloak_write.yaml
@@ -0,0 +1,61 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozg-operator-keycloak-write-role-binding
+subjects:
+ - kind: ServiceAccount
+ name: ozg-operator-serviceaccount
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: ozg-operator-keycloak-write-role
+ apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozg-operator-keycloak-write-role
+rules:
+ - apiGroups:
+ - operator.ozgcloud.de
+ resources:
+ - ozgkeycloakusers
+ - ozgkeycloakusers/status
+ - ozgkeycloakusers/finalizers
+ - ozgkeycloakgroups
+ - ozgkeycloakgroups/status
+ - ozgkeycloakgroups/finalizers
+ - ozgkeycloakrealms
+ - ozgkeycloakrealms/status
+ - ozgkeycloakrealms/finalizers
+ - ozgkeycloakclients
+ - ozgkeycloakclients/status
+ - ozgkeycloakclients/finalizers
+ verbs:
+ - patch
+ - update
\ No newline at end of file
diff --git a/src/main/helm/templates/serviceaccount.yaml b/src/main/helm/templates/rbacs/serviceaccount.yaml
similarity index 59%
rename from src/main/helm/templates/serviceaccount.yaml
rename to src/main/helm/templates/rbacs/serviceaccount.yaml
index 6d116f1b0eb6d52d1d939ecbc94cc37d41ca6b3f..ff35db37800d21c01ba1742395fb57b0fde96553 100644
--- a/src/main/helm/templates/serviceaccount.yaml
+++ b/src/main/helm/templates/rbacs/serviceaccount.yaml
@@ -25,34 +25,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: ozg-operator-serviceaccount
- namespace: {{ .Release.Namespace }}
-#---
-#kind: ClusterRoleBinding
-#apiVersion: rbac.authorization.k8s.io/v1
-#metadata:
-# name: ozg-operator-keycloakuser-viewer-role-binding
-#subjects:
-# - kind: ServiceAccount
-# name: ozg-operator-serviceaccount
-#roleRef:
-# kind: ClusterRole
-# name: ozg-operator-keycloakuser-viewer-role
-# apiGroup: rbac.authorization.k8s.io
-#---
-#kind: ClusterRole
-#apiVersion: rbac.authorization.k8s.io/v1
-#metadata:
-# name: ozg-operator-keycloakuser-viewer-role
-#rules:
-# - apiGroups:
-# - "*"
-# resources:
-# - keycloakusers
-# verbs:
-# - get
-# - list
-# - create
-# - delete
-# - patch
-# - update
-# - watch
+ namespace: {{ .Release.Namespace }}
\ No newline at end of file