diff --git a/testsuite/src/main/java/org/jboss/intersmash/testsuite/junit5/categories/NotForCommunityExecutionProfile.java b/testsuite/src/main/java/org/jboss/intersmash/testsuite/junit5/categories/NotForCommunityExecutionProfile.java
index 04bbb57d2..08ff9cce9 100644
--- a/testsuite/src/main/java/org/jboss/intersmash/testsuite/junit5/categories/NotForCommunityExecutionProfile.java
+++ b/testsuite/src/main/java/org/jboss/intersmash/testsuite/junit5/categories/NotForCommunityExecutionProfile.java
@@ -1,11 +1,11 @@
 package org.jboss.intersmash.testsuite.junit5.categories;
 
-import org.junit.jupiter.api.Tag;
-
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
+import org.junit.jupiter.api.Tag;
+
 /**
  * Mark a test that does not support community deliverables.
  * Used per class.
diff --git a/testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/OpenShiftProvisionerTestBase.java b/testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/OpenShiftProvisionerTestBase.java
index ad4570b22..04523f991 100644
--- a/testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/OpenShiftProvisionerTestBase.java
+++ b/testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/OpenShiftProvisionerTestBase.java
@@ -32,11 +32,11 @@
 import org.jboss.intersmash.testsuite.IntersmashTestsuiteProperties;
 import org.jboss.intersmash.tools.IntersmashConfig;
 import org.jboss.intersmash.tools.application.openshift.BootableJarOpenShiftApplication;
+import org.jboss.intersmash.tools.application.openshift.Eap7ImageOpenShiftApplication;
 import org.jboss.intersmash.tools.application.openshift.KafkaOperatorApplication;
 import org.jboss.intersmash.tools.application.openshift.MysqlImageOpenShiftApplication;
 import org.jboss.intersmash.tools.application.openshift.PostgreSQLImageOpenShiftApplication;
 import org.jboss.intersmash.tools.application.openshift.WildflyImageOpenShiftApplication;
-import org.jboss.intersmash.tools.application.openshift.Eap7ImageOpenShiftApplication;
 import org.jboss.intersmash.tools.application.openshift.input.BinarySource;
 import org.jboss.intersmash.tools.application.openshift.input.BuildInput;
 import org.jboss.intersmash.tools.application.openshift.input.BuildInputBuilder;
diff --git a/testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/RhSsoOperatorProvisionerTest.java b/testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/RhSsoOperatorProvisionerTest.java
index cf1b78df7..f7c7cf1d4 100644
--- a/testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/RhSsoOperatorProvisionerTest.java
+++ b/testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/RhSsoOperatorProvisionerTest.java
@@ -16,31 +16,27 @@
 package org.jboss.intersmash.testsuite.provision.openshift;
 
 import java.io.IOException;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import org.jboss.intersmash.testsuite.junit5.categories.NotForCommunityExecutionProfile;
 import org.jboss.intersmash.tools.application.openshift.RhSsoOperatorApplication;
 import org.jboss.intersmash.tools.junit5.IntersmashExtension;
 import org.jboss.intersmash.tools.provision.openshift.RhSsoOperatorProvisioner;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.KeycloakBackup;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.KeycloakBackupBuilder;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.spec.KeycloakAWSSpecBuilder;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.KeycloakClient;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.KeycloakClientBuilder;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec.KeycloakAPIClientBuilder;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.Keycloak;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.KeycloakBuilder;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec.KeycloakExternalAccessBuilder;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.KeycloakRealm;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.KeycloakRealmBuilder;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec.KeycloakAPIRealmBuilder;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec.RedirectorIdentityProviderOverrideBuilder;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.KeycloakUser;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.KeycloakUserBuilder;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec.KeycloakAPIUserBuilder;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec.KeycloakCredential;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec.KeycloakCredentialBuilder;
 import org.jboss.intersmash.tools.provision.openshift.operator.resources.OperatorGroup;
 import org.junit.jupiter.api.AfterAll;
@@ -49,6 +45,16 @@
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
+import org.keycloak.v1alpha1.Keycloak;
+import org.keycloak.v1alpha1.KeycloakBackup;
+import org.keycloak.v1alpha1.KeycloakClient;
+import org.keycloak.v1alpha1.KeycloakRealm;
+import org.keycloak.v1alpha1.KeycloakUser;
+import org.keycloak.v1alpha1.keycloakclientspec.Client;
+import org.keycloak.v1alpha1.keycloakclientspec.RealmSelector;
+import org.keycloak.v1alpha1.keycloakrealmspec.InstanceSelector;
+import org.keycloak.v1alpha1.keycloakuserspec.User;
+import org.keycloak.v1alpha1.keycloakuserspec.user.Credentials;
 import org.slf4j.event.Level;
 
 import cz.xtf.core.openshift.OpenShiftWaiters;
@@ -58,7 +64,6 @@
 import io.fabric8.kubernetes.api.model.ConfigMap;
 import io.fabric8.kubernetes.api.model.ConfigMapBuilder;
 import io.fabric8.kubernetes.api.model.DeletionPropagation;
-import io.fabric8.kubernetes.api.model.LabelSelectorBuilder;
 import lombok.extern.slf4j.Slf4j;
 
 /**
@@ -72,7 +77,7 @@
  */
 @Slf4j
 @CleanBeforeAll
-@Disabled("WIP - Disabled until global-test.properties is configured with the required property")
+@NotForCommunityExecutionProfile
 public class RhSsoOperatorProvisionerTest {
 	// Be aware that since we're using the static mock application, not all provisioner methods will work as expected!
 	private static final RhSsoOperatorProvisioner KEYCLOAK_OPERATOR_PROVISIONER = initializeOperatorProvisioner();
@@ -234,14 +239,17 @@ public void clientSecret() {
 		KEYCLOAK_OPERATOR_PROVISIONER.subscribe();
 		try {
 			name = "client-secret";
+			RealmSelector realmSelector = new RealmSelector();
+			realmSelector.setMatchLabels(matchLabels);
+			Client client = new Client();
+			client.setClientId("client-secret");
+			client.setSecret("client-secret");
+			client.setClientAuthenticatorType("client-secret");
+			client.setProtocol("openid-connect");
+
 			KeycloakClient keycloakClient = new KeycloakClientBuilder(name, matchLabels)
-					.realmSelector(new LabelSelectorBuilder().withMatchLabels(matchLabels).build())
-					.client(new KeycloakAPIClientBuilder()
-							.clientId("client-secret")
-							.secret("client-secret")
-							.clientAuthenticatorType("client-secret")
-							.protocol("openid-connect")
-							.build())
+					.realmSelector(realmSelector)
+					.client(client)
 					.build();
 			verifyClient(keycloakClient);
 		} finally {
@@ -334,6 +342,8 @@ public void realmWithUsers() {
 		KEYCLOAK_OPERATOR_PROVISIONER.subscribe();
 		try {
 			name = "example-keycloakrealm";
+			InstanceSelector instanceSelector = new InstanceSelector();
+			instanceSelector.setMatchLabels(matchLabels);
 			KeycloakRealm keycloakRealm = new KeycloakRealmBuilder(name, matchLabels)
 					.realm(new KeycloakAPIRealmBuilder()
 							.id("basic")
@@ -361,7 +371,7 @@ public void realmWithUsers() {
 							.forFlow("browser")
 							.identityProvider("openshift-v4")
 							.build())
-					.instanceSelector(new LabelSelectorBuilder().withMatchLabels(matchLabels).build())
+					.instanceSelector(instanceSelector)
 					.build();
 
 			verifyRealm(keycloakRealm);
@@ -411,6 +421,8 @@ public void samlRealm() {
 		KEYCLOAK_OPERATOR_PROVISIONER.subscribe();
 		try {
 			name = "example-keycloakrealm";
+			InstanceSelector instanceSelector = new InstanceSelector();
+			instanceSelector.setMatchLabels(matchLabels);
 			KeycloakRealm keycloakRealm = new KeycloakRealmBuilder(name, matchLabels)
 					.realm(new KeycloakAPIRealmBuilder()
 							.id("saml-demo")
@@ -453,7 +465,7 @@ public void samlRealm() {
 									.protocol("saml")
 									.build())
 							.build())
-					.instanceSelector(new LabelSelectorBuilder().withMatchLabels(matchLabels).build())
+					.instanceSelector(instanceSelector)
 					.build();
 
 			verifyRealm(keycloakRealm);
@@ -476,6 +488,8 @@ public void openIdRealm() {
 		KEYCLOAK_OPERATOR_PROVISIONER.subscribe();
 		try {
 			name = "example-keycloakrealm";
+			InstanceSelector instanceSelector = new InstanceSelector();
+			instanceSelector.setMatchLabels(matchLabels);
 			KeycloakRealm keycloakRealm = new KeycloakRealmBuilder(name, matchLabels)
 					.realm(new KeycloakAPIRealmBuilder()
 							.id("openid-demo")
@@ -503,7 +517,7 @@ public void openIdRealm() {
 									.protocol("openid-connect")
 									.build())
 							.build())
-					.instanceSelector(new LabelSelectorBuilder().withMatchLabels(matchLabels).build())
+					.instanceSelector(instanceSelector)
 					.build();
 
 			verifyRealm(keycloakRealm);
@@ -528,16 +542,18 @@ public void basicUser() {
 		KEYCLOAK_OPERATOR_PROVISIONER.subscribe();
 		try {
 			name = "example-realm-user";
+			org.keycloak.v1alpha1.keycloakuserspec.RealmSelector realmSelector = new org.keycloak.v1alpha1.keycloakuserspec.RealmSelector();
+			realmSelector.setMatchLabels(matchLabels);
+			User user = new User();
+			user.setUsername("realm_user");
+			user.setFirstName("John");
+			user.setLastName("Doe");
+			user.setEmail("user@example.com");
+			user.setEnabled(true);
+			user.setEmailVerified(false);
 			KeycloakUser keycloakUser = new KeycloakUserBuilder(name, matchLabels)
-					.user(new KeycloakAPIUserBuilder()
-							.username("realm_user")
-							.firstName("John")
-							.lastName("Doe")
-							.email("user@example.com")
-							.enabled(true)
-							.emailVerified(false)
-							.build())
-					.realmSelector(new LabelSelectorBuilder().withMatchLabels(matchLabels).build())
+					.user(user)
+					.realmSelector(realmSelector)
 					.build();
 
 			verifyUser(keycloakUser);
@@ -547,9 +563,7 @@ public void basicUser() {
 	}
 
 	/**
-	 * This test case creates and validates a {@link KeycloakUser} CR with a related
-	 * {@link KeycloakCredential}
-	 * instance
+	 * This test case creates and validates a {@link KeycloakUser} CR with related credentials
 	 *
 	 * This is not an integration test, the goal here is to assess that the created CRs are configured as per the
 	 * model specification.
@@ -563,20 +577,24 @@ public void userWithCredentials() {
 		KEYCLOAK_OPERATOR_PROVISIONER.subscribe();
 		try {
 			name = "example-realm-user-with-creds";
+			org.keycloak.v1alpha1.keycloakuserspec.RealmSelector realmSelector = new org.keycloak.v1alpha1.keycloakuserspec.RealmSelector();
+			Credentials credentials = new Credentials();
+			credentials.setType("password");
+			credentials.setValue("12345");
+			User user = new User();
+			user.setUsername("creds_user");
+			user.setFirstName("Creds");
+			user.setLastName("User");
+			user.setEmail("creds_user@redhat.com");
+			user.setEnabled(true);
+			user.setEmailVerified(false);
+			user.setCredentials(Collections.singletonList(credentials));
+			user.setRealmRoles(Collections.singletonList("offline_access"));
+			user.getClientRoles().put("account", Stream.of("manage-account").collect(Collectors.toList()));
+			user.getClientRoles().put("realm-management", Stream.of("manage-users").collect(Collectors.toList()));
 			KeycloakUser keycloakUser = new KeycloakUserBuilder(name, matchLabels)
-					.user(new KeycloakAPIUserBuilder()
-							.username("creds_user")
-							.firstName("Creds")
-							.lastName("User")
-							.email("creds_user@redhat.com")
-							.enabled(true)
-							.emailVerified(false)
-							.credentials(new KeycloakCredentialBuilder().type("password").value("12345").build())
-							.realmRoles("offline_access")
-							.clientRole("account", Stream.of("manage-account").collect(Collectors.toList()))
-							.clientRole("realm-management", Stream.of("manage-users").collect(Collectors.toList()))
-							.build())
-					.realmSelector(new LabelSelectorBuilder().withMatchLabels(matchLabels).build())
+					.user(user)
+					.realmSelector(realmSelector)
 					.build();
 
 			verifyUser(keycloakUser);
@@ -602,7 +620,8 @@ public void basicProvisioningTest() {
 					"Unexpected number of cluster operator pods for '" + KEYCLOAK_OPERATOR_PROVISIONER.getOperatorId()
 							+ "' after deploy");
 
-			int scaledNum = KEYCLOAK_OPERATOR_PROVISIONER.getApplication().getKeycloak().getSpec().getInstances() + 1;
+			int scaledNum = KEYCLOAK_OPERATOR_PROVISIONER.getApplication().getKeycloak().getSpec().getInstances().intValue()
+					+ 1;
 			KEYCLOAK_OPERATOR_PROVISIONER.scale(scaledNum, true);
 			Assertions.assertEquals(scaledNum, KEYCLOAK_OPERATOR_PROVISIONER.getPods().size(),
 					"Unexpected number of cluster operator pods for '" + KEYCLOAK_OPERATOR_PROVISIONER.getOperatorId()
diff --git a/tools/intersmash-tools-core/src/main/java/org/jboss/intersmash/tools/IntersmashConfig.java b/tools/intersmash-tools-core/src/main/java/org/jboss/intersmash/tools/IntersmashConfig.java
index 15d21d586..aec7da869 100644
--- a/tools/intersmash-tools-core/src/main/java/org/jboss/intersmash/tools/IntersmashConfig.java
+++ b/tools/intersmash-tools-core/src/main/java/org/jboss/intersmash/tools/IntersmashConfig.java
@@ -42,14 +42,14 @@ public class IntersmashConfig {
 	private static final String COMMUNITY_INFINISPAN_OPERATOR_PACKAGE_MANIFEST = "infinispan";
 	private static final String PRODUCT_INFINISPAN_OPERATOR_PACKAGE_MANIFEST = "datagrid";
 	private static final String DEFAULT_INFINISPAN_OPERATOR_PACKAGE_MANIFEST = COMMUNITY_INFINISPAN_OPERATOR_PACKAGE_MANIFEST;
-	private static final String RHSSO_OPERATOR_CATALOG_SOURCE_NAME = "intersmash.keycloak.operators.catalog_source";
+	private static final String RHSSO_OPERATOR_CATALOG_SOURCE_NAME = "intersmash.rhsso.operators.catalog_source";
 	private static final String KEYCLOAK_REALM_IMPORT_OPERATOR_CATALOG_SOURCE_NAME = "intersmash.keycloak.realm_import.operators.catalog_source";
 
-	private static final String RHSSO_OPERATOR_INDEX_IMAGE = "intersmash.keycloak.operators.index_image";
+	private static final String RHSSO_OPERATOR_INDEX_IMAGE = "intersmash.rhsso.operators.index_image";
 	private static final String KEYCLOAK_REALM_IMPORT_OPERATOR_INDEX_IMAGE = "intersmash.keycloak.realm_import.operators.index_image";
-	private static final String RHSSO_OPERATOR_CHANNEL = "intersmash.keycloak.operators.channel";
+	private static final String RHSSO_OPERATOR_CHANNEL = "intersmash.rhsso.operators.channel";
 	private static final String KEYCLOAK_REALM_IMPORT_OPERATOR_CHANNEL = "intersmash.keycloak.realm_import.operators.channel";
-	private static final String KEYCLOAK_OPERATOR_PACKAGE_MANIFEST = "intersmash.keycloak.operators.package_manifest";
+	private static final String RHSSO_OPERATOR_PACKAGE_MANIFEST = "intersmash.rhsso.operators.package_manifest";
 	private static final String KEYCLOAK_REALM_IMPORT_OPERATOR_PACKAGE_MANIFEST = "intersmash.keycloak.realm_import.operators.package_manifest";
 	private static final String COMMUNITY_KEYCLOAK_OPERATOR_PACKAGE_MANIFEST = "keycloak-operator";
 	private static final String PRODUCT_KEYCLOAK_OPERATOR_PACKAGE_MANIFEST = "rhsso-operator";
@@ -171,7 +171,7 @@ public static String rhSsoOperatorChannel() {
 	}
 
 	public static String rhSsoOperatorPackageManifest() {
-		return XTFConfig.get(KEYCLOAK_OPERATOR_PACKAGE_MANIFEST, DEFAULT_KEYCLOAK_OPERATOR_PACKAGE_MANIFEST);
+		return XTFConfig.get(RHSSO_OPERATOR_PACKAGE_MANIFEST, PRODUCT_KEYCLOAK_OPERATOR_PACKAGE_MANIFEST);
 	}
 
 	public static String wildflyOperatorCatalogSource() {
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/Eap7ImageOpenShiftApplication.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/Eap7ImageOpenShiftApplication.java
index c92416f7e..b8d8fc168 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/Eap7ImageOpenShiftApplication.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/Eap7ImageOpenShiftApplication.java
@@ -4,9 +4,9 @@
 import java.util.List;
 
 import org.jboss.intersmash.tools.application.openshift.input.BuildInput;
+import org.jboss.intersmash.tools.provision.openshift.Eap7ImageOpenShiftProvisioner;
 
 import io.fabric8.kubernetes.api.model.EnvVar;
-import org.jboss.intersmash.tools.provision.openshift.Eap7ImageOpenShiftProvisioner;
 
 /**
  * End user Application descriptor interface which presents a AP 7.z (i.e. Jakarta EE 8 based WildFly) application on
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/RhSsoOperatorApplication.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/RhSsoOperatorApplication.java
index f372e7c5d..22614bb91 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/RhSsoOperatorApplication.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/RhSsoOperatorApplication.java
@@ -19,11 +19,11 @@
 import java.util.List;
 
 import org.jboss.intersmash.tools.provision.openshift.RhSsoOperatorProvisioner;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.KeycloakBackup;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.KeycloakClient;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.Keycloak;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.KeycloakRealm;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.KeycloakUser;
+import org.keycloak.v1alpha1.Keycloak;
+import org.keycloak.v1alpha1.KeycloakBackup;
+import org.keycloak.v1alpha1.KeycloakClient;
+import org.keycloak.v1alpha1.KeycloakRealm;
+import org.keycloak.v1alpha1.KeycloakUser;
 
 /**
  * End user Application interface which presents Keycloak operator application on OpenShift Container Platform.
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/RhSsoOperatorProvisioner.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/RhSsoOperatorProvisioner.java
index e15a1fdb2..de238f4d6 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/RhSsoOperatorProvisioner.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/RhSsoOperatorProvisioner.java
@@ -27,16 +27,16 @@
 import org.jboss.intersmash.tools.IntersmashConfig;
 import org.jboss.intersmash.tools.application.openshift.RhSsoOperatorApplication;
 import org.jboss.intersmash.tools.provision.openshift.operator.OperatorProvisioner;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.KeycloakBackup;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.KeycloakBackupList;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.KeycloakClient;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.KeycloakClientList;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.Keycloak;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.KeycloakList;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.KeycloakRealm;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.KeycloakRealmList;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.KeycloakUser;
 import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.KeycloakUserList;
+import org.keycloak.v1alpha1.Keycloak;
+import org.keycloak.v1alpha1.KeycloakBackup;
+import org.keycloak.v1alpha1.KeycloakClient;
+import org.keycloak.v1alpha1.KeycloakRealm;
+import org.keycloak.v1alpha1.KeycloakUser;
 import org.slf4j.event.Level;
 
 import cz.xtf.core.config.OpenShiftConfig;
@@ -157,10 +157,10 @@ public void deploy() {
 	 * @param keycloak Concrete {@link Keycloak} instance which the method should be wait for
 	 */
 	public void waitFor(Keycloak keycloak) {
-		int replicas = keycloak.getSpec().getInstances();
+		int replicas = keycloak.getSpec().getInstances().intValue();
 		if (replicas > 0) {
 			// 1. check externalDatabase
-			if (keycloak.getSpec().getExternalDatabase() == null || !keycloak.getSpec().getExternalDatabase().isEnabled()) {
+			if (keycloak.getSpec().getExternalDatabase() == null || !keycloak.getSpec().getExternalDatabase().getEnabled()) {
 				// 2. wait for PostgreSQL to be ready (Service "keycloak-postgresql" is guaranteed to exist by documentation)
 				new SimpleWaiter(() -> OpenShiftProvisioner.openShift.getPods()
 						.stream()
@@ -182,21 +182,21 @@ public void waitFor(Keycloak keycloak) {
 	}
 
 	private void waitForKeycloakResourceReadiness() {
-		new SimpleWaiter(() -> keycloak().get().getStatus().isReady())
+		new SimpleWaiter(() -> keycloak().get().getStatus().getReady())
 				.reason("Wait for keycloak resource to be ready").level(Level.DEBUG).waitFor();
 		if (getApplication().getKeycloakRealms().size() > 0)
-			new SimpleWaiter(() -> keycloakRealms().stream().map(realm -> realm.get().getStatus().isReady())
+			new SimpleWaiter(() -> keycloakRealms().stream().map(realm -> realm.get().getStatus().getReady())
 					.reduce(Boolean::logicalAnd).get())
 					.reason("Wait for keycloakrealms to be ready.").level(Level.DEBUG).waitFor();
 		if (getApplication().getKeycloakClients().size() > 0)
-			new SimpleWaiter(() -> keycloakClients().stream().map(realm -> realm.get().getStatus().isReady())
+			new SimpleWaiter(() -> keycloakClients().stream().map(realm -> realm.get().getStatus().getReady())
 					.reduce(Boolean::logicalAnd).get())
 					.reason("Wait for keycloakclients to be ready.").level(Level.DEBUG).waitFor();
 		if (getApplication().getKeycloakUsers().size() > 0)
 			new SimpleWaiter(() -> keycloakUsersClient().list().getItems().size() == getApplication().getKeycloakUsers().size())
 					.reason("Wait for keycloakusers to be ready.").level(Level.DEBUG).waitFor(); // no isReady() for users
 		if (getApplication().getKeycloakBackups().size() > 0)
-			new SimpleWaiter(() -> keycloakBackups().stream().map(realm -> realm.get().getStatus().isReady())
+			new SimpleWaiter(() -> keycloakBackups().stream().map(realm -> realm.get().getStatus().getReady())
 					.reduce(Boolean::logicalAnd).get())
 					.reason("Wait for keycloakbackups to be ready.").level(Level.DEBUG).waitFor();
 	}
@@ -234,8 +234,8 @@ public void undeploy() {
 	public void scale(int replicas, boolean wait) {
 		String controllerRevisionHash = getStatefulSet().getStatus().getUpdateRevision();
 		Keycloak tmpKeycloak = keycloak().get();
-		int originalReplicas = tmpKeycloak.getSpec().getInstances();
-		tmpKeycloak.getSpec().setInstances(replicas);
+		int originalReplicas = tmpKeycloak.getSpec().getInstances().intValue();
+		tmpKeycloak.getSpec().setInstances(Long.valueOf(replicas));
 		keycloak().replace(tmpKeycloak);
 		if (wait) {
 			OpenShiftWaiters.get(OpenShiftProvisioner.openShift, ffCheck)
@@ -243,7 +243,7 @@ public void scale(int replicas, boolean wait) {
 					.level(Level.DEBUG)
 					.waitFor();
 		}
-		new SimpleWaiter(() -> keycloak().get().getStatus().isReady())
+		new SimpleWaiter(() -> keycloak().get().getStatus().getReady())
 				.reason("Wait for keycloak resource to be ready").level(Level.DEBUG).waitFor();
 		// check that route is up
 		if (originalReplicas == 0 && replicas > 0) {
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackup.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackup.java
deleted file mode 100644
index 595edafcc..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackup.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup;
-
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.spec.KeycloakBackupSpec;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.status.KeycloakBackupStatus;
-import org.jboss.intersmash.tools.provision.openshift.operator.resources.OpenShiftResource;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.ObjectMeta;
-import io.fabric8.kubernetes.client.CustomResource;
-import io.fabric8.kubernetes.model.annotation.Group;
-import io.fabric8.kubernetes.model.annotation.Version;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/server_installation_and_configuration_guide/operator#backup-cr
- *
- * https://github.com/keycloak/keycloak-operator/blob/master/pkg/apis/keycloak/v1alpha1/keycloakbackup_types.go
- * https://github.com/keycloak/keycloak-operator/blob/master/deploy/crds/keycloak.org_keycloakbackups_crd.yaml
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-@Group("keycloak.org")
-@Version("v1alpha1")
-public class KeycloakBackup extends CustomResource implements OpenShiftResource<KeycloakBackup> {
-	/**
-	 * Standard object’s metadata.
-	 */
-	private ObjectMeta metadata;
-
-	/**
-	 * KeycloakBackupSpec defines the desired state of KeycloakBackup.
-	 */
-	private KeycloakBackupSpec spec;
-
-	/**
-	 * KeycloakBackupStatus defines the observed state of KeycloakBackup.
-	 */
-	private KeycloakBackupStatus status;
-
-	@Override
-	public KeycloakBackup load(KeycloakBackup loaded) {
-		this.setMetadata(loaded.getMetadata());
-		this.setSpec(loaded.getSpec());
-		return this;
-	}
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackupBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackupBuilder.java
index 4b6ef1ef2..d03082065 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackupBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackupBuilder.java
@@ -17,8 +17,9 @@
 
 import java.util.Map;
 
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.spec.KeycloakAWSSpec;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.spec.KeycloakBackupSpec;
+import org.keycloak.v1alpha1.KeycloakBackup;
+import org.keycloak.v1alpha1.KeycloakBackupSpec;
+import org.keycloak.v1alpha1.keycloakbackupspec.Aws;
 
 import io.fabric8.kubernetes.api.model.ObjectMeta;
 
@@ -26,7 +27,7 @@ public final class KeycloakBackupBuilder {
 	private String name;
 	private Map<String, String> labels;
 	private boolean restore;
-	private KeycloakAWSSpec aws;
+	private Aws aws;
 	//	private LabelSelector instanceSelector;
 	//	private String storageClassName;
 
@@ -73,10 +74,10 @@ public KeycloakBackupBuilder restore(boolean restore) {
 	 * a local Persistent Volume. If this property is not provided - a local
 	 * Persistent Volume backup will be chosen.
 	 *
-	 * @param aws A {@link KeycloakAWSSpec} instance storing configuration for creating a backup on AWS
+	 * @param aws A {@link Aws} instance storing configuration for creating a backup on AWS
 	 * @return this
 	 */
-	public KeycloakBackupBuilder aws(KeycloakAWSSpec aws) {
+	public KeycloakBackupBuilder aws(Aws aws) {
 		this.aws = aws;
 		return this;
 	}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackupList.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackupList.java
index 9b5797973..8500c4943 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackupList.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/KeycloakBackupList.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup;
 
+import org.keycloak.v1alpha1.KeycloakBackup;
+
 import io.fabric8.kubernetes.client.CustomResourceList;
 
 public class KeycloakBackupList extends CustomResourceList<KeycloakBackup> {
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakAWSSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakAWSSpec.java
deleted file mode 100644
index 7185079ab..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakAWSSpec.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * If provided, an automatic database backup will be created on AWS S3 instead of
- * a local Persistent Volume. If this property is not provided - a local
- * Persistent Volume backup will be chosen.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAWSSpec {
-	/**
-	 * If provided, the database backup will be encrypted.
-	 * Provides a secret name used for encrypting database data.
-	 * The secret needs to be in the following form:
-	 *
-	 *     apiVersion: v1
-	 *     kind: Secret
-	 *     metadata:
-	 *       name: <Secret name>
-	 *     type: Opaque
-	 *     stringData:
-	 *       GPG_PUBLIC_KEY: <GPG Public Key>
-	 *       GPG_TRUST_MODEL: <GPG Trust Model>
-	 *       GPG_RECIPIENT: <GPG Recipient>
-	 *
-	 * For more information, please refer to the Operator documentation.
-	 */
-	private String encryptionKeySecretName;
-
-	/**
-	 * Provides a secret name used for connecting to AWS S3 Service.
-	 * The secret needs to be in the following form:
-	 *
-	 *     apiVersion: v1
-	 *     kind: Secret
-	 *     metadata:
-	 *       name: <Secret name>
-	 *     type: Opaque
-	 *     stringData:
-	 *       AWS_S3_BUCKET_NAME: <S3 Bucket Name>
-	 *       AWS_ACCESS_KEY_ID: <AWS Access Key ID>
-	 *       AWS_SECRET_ACCESS_KEY: <AWS Secret Key>
-	 *
-	 * For more information, please refer to the Operator documentation.
-	 */
-	private String credentialsSecretName;
-
-	/**
-	 * If specified, it will be used as a schedule for creating a CronJob.
-	 */
-	private String schedule;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakAWSSpecBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakAWSSpecBuilder.java
index 22543dbcc..fdf036442 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakAWSSpecBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakAWSSpecBuilder.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.spec;
 
+import org.keycloak.v1alpha1.keycloakbackupspec.Aws;
+
 /**
  * If provided, an automatic database backup will be created on AWS S3 instead of
  * a local Persistent Volume. If this property is not provided - a local
@@ -85,8 +87,8 @@ public KeycloakAWSSpecBuilder schedule(String schedule) {
 		return this;
 	}
 
-	public KeycloakAWSSpec build() {
-		KeycloakAWSSpec keycloakAWSSpec = new KeycloakAWSSpec();
+	public Aws build() {
+		Aws keycloakAWSSpec = new Aws();
 		keycloakAWSSpec.setEncryptionKeySecretName(encryptionKeySecretName);
 		keycloakAWSSpec.setCredentialsSecretName(credentialsSecretName);
 		keycloakAWSSpec.setSchedule(schedule);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakBackupSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakBackupSpec.java
deleted file mode 100644
index d002e429e..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/spec/KeycloakBackupSpec.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakBackupSpec {
-	/**
-	 * Controls automatic restore behavior.
-	 * Currently not implemented.
-	 *
-	 * In the future this will be used to trigger automatic restore for a given KeycloakBackup.
-	 * Each backup will correspond to a single snapshot of the database (stored either in a
-	 * Persistent Volume or AWS). If a user wants to restore it, all he/she needs to do is to
-	 * change this flag to true.
-	 * Potentially, it will be possible to restore a single backup multiple times.
-	 */
-	private boolean restore;
-
-	/**
-	 * If provided, an automatic database backup will be created on AWS S3 instead of
-	 * a local Persistent Volume. If this property is not provided - a local
-	 * Persistent Volume backup will be chosen.
-	 */
-	private KeycloakAWSSpec aws;
-
-	//	/**
-	//	 * Selector for looking up Keycloak Custom Resources.
-	//	 */
-	//	private LabelSelector instanceSelector;
-
-	//	/**
-	//	 * Name of the StorageClass for Postgresql Backup Persistent Volume Claim.
-	//	 */
-	//	private String storageClassName;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/status/KeycloakBackupStatus.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/status/KeycloakBackupStatus.java
deleted file mode 100644
index 6d5204786..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/backup/status/KeycloakBackupStatus.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.backup.status;
-
-import java.util.List;
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakBackupStatus {
-
-	/**
-	 * Current phase of the operator.
-	 */
-	private String phase;
-
-	/**
-	 * Human-readable message indicating details about current operator phase or error.
-	 */
-	private String message;
-
-	/**
-	 * True if all resources are in a ready state and all work is done.
-	 */
-	private boolean ready;
-
-	/**
-	 * A map of all the secondary resources types and names created for this CR.
-	 * e.g "Deployment": [ "DeploymentName1", "DeploymentName2" ].
-	 */
-	private Map<String, List<String>> secondaryResources;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClient.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClient.java
deleted file mode 100644
index be5883f4f..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClient.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client;
-
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec.KeycloakClientSpec;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.status.KeycloakClientStatus;
-import org.jboss.intersmash.tools.provision.openshift.operator.resources.OpenShiftResource;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.ObjectMeta;
-import io.fabric8.kubernetes.client.CustomResource;
-import io.fabric8.kubernetes.model.annotation.Group;
-import io.fabric8.kubernetes.model.annotation.Version;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/server_installation_and_configuration_guide/operator#client-cr
- *
- * https://github.com/keycloak/keycloak-operator/blob/master/pkg/apis/keycloak/v1alpha1/keycloakbackup_types.go
- * https://github.com/keycloak/keycloak-operator/blob/master/deploy/crds/keycloak.org_keycloakbackups_crd.yaml
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-@Group("keycloak.org")
-@Version("v1alpha1")
-public class KeycloakClient extends CustomResource implements OpenShiftResource<KeycloakClient> {
-	/**
-	 * Standard object’s metadata.
-	 */
-	private ObjectMeta metadata;
-
-	/**
-	 * KeycloakClientSpec defines the desired state of KeycloakClient.
-	 */
-	private KeycloakClientSpec spec;
-
-	/**
-	 * KeycloakClientStatus defines the observed state of KeycloakClient
-	 */
-	private KeycloakClientStatus status;
-
-	@Override
-	public KeycloakClient load(KeycloakClient loaded) {
-		this.setMetadata(loaded.getMetadata());
-		this.setSpec(loaded.getSpec());
-		return this;
-	}
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClientBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClientBuilder.java
index aea14c3ee..a51924c69 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClientBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClientBuilder.java
@@ -17,17 +17,18 @@
 
 import java.util.Map;
 
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec.KeycloakAPIClient;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec.KeycloakClientSpec;
+import org.keycloak.v1alpha1.KeycloakClient;
+import org.keycloak.v1alpha1.KeycloakClientSpec;
+import org.keycloak.v1alpha1.keycloakclientspec.Client;
+import org.keycloak.v1alpha1.keycloakclientspec.RealmSelector;
 
-import io.fabric8.kubernetes.api.model.LabelSelector;
 import io.fabric8.kubernetes.api.model.ObjectMeta;
 
 public final class KeycloakClientBuilder {
 	private String name;
 	private Map<String, String> labels;
-	private LabelSelector realmSelector;
-	private KeycloakAPIClient client;
+	private RealmSelector realmSelector;
+	private Client client;
 
 	/**
 	 * Initialize the {@link KeycloakClientBuilder} with given resource name.
@@ -55,7 +56,7 @@ public KeycloakClientBuilder(String name, Map<String, String> labels) {
 	 * @param realmSelector Label selector for looking up KeycloakRealm Custom Resources.
 	 * @return this
 	 */
-	public KeycloakClientBuilder realmSelector(LabelSelector realmSelector) {
+	public KeycloakClientBuilder realmSelector(RealmSelector realmSelector) {
 		this.realmSelector = realmSelector;
 		return this;
 	}
@@ -66,7 +67,7 @@ public KeycloakClientBuilder realmSelector(LabelSelector realmSelector) {
 	 * @param client Keycloak REST API client.
 	 * @return this
 	 */
-	public KeycloakClientBuilder client(KeycloakAPIClient client) {
+	public KeycloakClientBuilder client(Client client) {
 		this.client = client;
 		return this;
 	}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClientList.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClientList.java
index 247b4cf2a..7b69f18a6 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClientList.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/KeycloakClientList.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client;
 
+import org.keycloak.v1alpha1.KeycloakClient;
+
 import io.fabric8.kubernetes.client.CustomResourceList;
 
 public class KeycloakClientList extends CustomResourceList<KeycloakClient> {
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakAPIClient.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakAPIClient.java
deleted file mode 100644
index c5da7d84d..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakAPIClient.java
+++ /dev/null
@@ -1,213 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec;
-
-import java.util.List;
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Keycloak Client REST object.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAPIClient {
-	/**
-	 * Client ID. If not specified, automatically generated.
-	 */
-	private String id;
-
-	/**
-	 * Client ID.
-	 */
-	private String clientId;
-
-	/**
-	 * Client name.
-	 */
-	private String name;
-
-	/**
-	 * Surrogate Authentication Required option.
-	 */
-	private boolean surrogateAuthRequired;
-
-	/**
-	 * Client enabled flag.
-	 */
-	private boolean enabled;
-
-	/**
-	 * What Client authentication type to use.
-	 */
-	private String clientAuthenticatorType;
-
-	/**
-	 * Client Secret. The Operator will automatically create a Secret based on this value.
-	 */
-	private String secret;
-
-	/**
-	 * Application base URL.
-	 */
-	private String baseUrl;
-
-	/**
-	 * Application Admin URL.
-	 */
-	private String adminUrl;
-
-	/**
-	 * Application root URL.
-	 */
-	private String rootUrl;
-
-	/**
-	 * Client description.
-	 */
-	private String description;
-
-	/**
-	 * Default Client roles.
-	 */
-	private List<String> defaultRoles;
-
-	/**
-	 * A list of valid Redirection URLs.
-	 */
-	private List<String> redirectUris;
-
-	/**
-	 * A list of valid Web Origins.
-	 */
-	private List<String> webOrigins;
-
-	/**
-	 * Not Before setting.
-	 */
-	private int notBefore;
-
-	/**
-	 * True if a client supports only Bearer Tokens.
-	 */
-	private boolean bearerOnly;
-
-	/**
-	 * True if Consent Screen is required.
-	 */
-	private boolean consentRequired;
-
-	/**
-	 * True if Standard flow is enabled.
-	 */
-	private boolean standardFlowEnabled;
-
-	/**
-	 * True if Implicit flow is enabled.
-	 */
-	private boolean implicitFlowEnabled;
-
-	/**
-	 * True if Direct Grant is enabled.
-	 */
-	private boolean directAccessGrantsEnabled;
-
-	/**
-	 * True if Service Accounts are enabled.
-	 */
-	private boolean serviceAccountsEnabled;
-
-	/**
-	 * True if this is a public Client.
-	 */
-	private boolean publicClient;
-
-	/**
-	 * True if this client supports Front Channel logout.
-	 */
-	private boolean frontchannelLogout;
-
-	/**
-	 * Protocol used for this Client.
-	 */
-	private String protocol;
-
-	/**
-	 * Client Attributes.
-	 */
-	private Map<String, String> attributes;
-
-	/**
-	 * True if Full Scope is allowed.
-	 */
-	private boolean fullScopeAllowed;
-
-	/**
-	 * Node registration timeout.
-	 */
-	private int nodeReRegistrationTimeout;
-
-	/**
-	 * Protocol Mappers.
-	 */
-	private List<KeycloakProtocolMapper> protocolMappers;
-
-	/**
-	 * True to use a Template Config.
-	 */
-	private boolean useTemplateConfig;
-
-	/**
-	 * True to use Template Scope.
-	 */
-	private boolean useTemplateScope;
-
-	/**
-	 * True to use Template Mappers.
-	 */
-	private boolean useTemplateMappers;
-
-	/**
-	 * Access options.
-	 */
-	private Map<String, Boolean> access;
-
-	//	/**
-	//	 * A list of optional client scopes. Optional client scopes are
-	//	 * applied when issuing tokens for this client, but only when they
-	//	 * are requested by the scope parameter in the OpenID Connect
-	//	 * authorization request.
-	//	 */
-	//	private List<String> optionalClientScopes;
-	//
-	//	/**
-	//	 * A list of default client scopes. Default client scopes are
-	//	 * always applied when issuing OpenID Connect tokens or SAML
-	//	 * assertions for this client.
-	//	 */
-	//	private List<String> defaultClientScopes;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakAPIClientBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakAPIClientBuilder.java
index 0b2beceab..b1f1a266e 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakAPIClientBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakAPIClientBuilder.java
@@ -20,6 +20,9 @@
 import java.util.List;
 import java.util.Map;
 
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.Clients;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.clients.ProtocolMappers;
+
 /**
  * Keycloak Client REST object.
  */
@@ -38,7 +41,7 @@ public final class KeycloakAPIClientBuilder {
 	private List<String> defaultRoles;
 	private List<String> redirectUris;
 	private List<String> webOrigins;
-	private int notBefore;
+	private long notBefore;
 	private boolean bearerOnly;
 	private boolean consentRequired;
 	private boolean standardFlowEnabled;
@@ -50,8 +53,8 @@ public final class KeycloakAPIClientBuilder {
 	private String protocol;
 	private Map<String, String> attributes;
 	private boolean fullScopeAllowed;
-	private int nodeReRegistrationTimeout;
-	private List<KeycloakProtocolMapper> protocolMappers;
+	private long nodeReRegistrationTimeout;
+	private List<ProtocolMappers> protocolMappers;
 	private boolean useTemplateConfig;
 	private boolean useTemplateScope;
 	private boolean useTemplateMappers;
@@ -416,10 +419,10 @@ public KeycloakAPIClientBuilder nodeReRegistrationTimeout(int nodeReRegistration
 	/**
 	 * Set the Protocol Mappers.
 	 *
-	 * @param protocolMappers List of {@link KeycloakProtocolMapper} instances that should be used
+	 * @param protocolMappers List of {@link ProtocolMappers} instances that should be used
 	 * @return this
 	 */
-	public KeycloakAPIClientBuilder protocolMappers(List<KeycloakProtocolMapper> protocolMappers) {
+	public KeycloakAPIClientBuilder protocolMappers(List<ProtocolMappers> protocolMappers) {
 		this.protocolMappers = protocolMappers;
 		return this;
 	}
@@ -427,10 +430,10 @@ public KeycloakAPIClientBuilder protocolMappers(List<KeycloakProtocolMapper> pro
 	/**
 	 * Add a Protocol Mapper.
 	 *
-	 * @param protocolMapper {@link KeycloakProtocolMapper} instance that should be added
+	 * @param protocolMapper {@link ProtocolMappers} instance that should be added
 	 * @return this
 	 */
-	public KeycloakAPIClientBuilder protocolMappers(KeycloakProtocolMapper protocolMapper) {
+	public KeycloakAPIClientBuilder protocolMappers(ProtocolMappers protocolMapper) {
 		if (protocolMappers == null) {
 			protocolMappers = new ArrayList<>();
 		}
@@ -545,8 +548,8 @@ public KeycloakAPIClientBuilder access(String key, boolean value) {
 	//		return this;
 	//	}
 
-	public KeycloakAPIClient build() {
-		KeycloakAPIClient keycloakAPIClient = new KeycloakAPIClient();
+	public Clients build() {
+		Clients keycloakAPIClient = new Clients();
 		keycloakAPIClient.setId(id);
 		keycloakAPIClient.setClientId(clientId);
 		keycloakAPIClient.setName(name);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakClientSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakClientSpec.java
deleted file mode 100644
index 152ba491b..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakClientSpec.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.LabelSelector;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * KeycloakClientSpec defines the desired state of KeycloakClient.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakClientSpec {
-
-	/**
-	 * Selector for looking up KeycloakRealm Custom Resources.
-	 */
-	private LabelSelector realmSelector;
-
-	/**
-	 * Keycloak Client REST object.
-	 */
-	private KeycloakAPIClient client;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakProtocolMapper.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakProtocolMapper.java
deleted file mode 100644
index 99b0f0958..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakProtocolMapper.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec;
-
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakProtocolMapper {
-
-	/**
-	 * Protocol Mapper ID.
-	 */
-	private String id;
-
-	/**
-	 * Protocol Mapper Name.
-	 */
-	private String name;
-
-	/**
-	 * Protocol to use.
-	 */
-	private String protocol;
-
-	/**
-	 * Protocol Mapper to use.
-	 */
-	private String protocolMapper;
-
-	/**
-	 * True if Consent Screen is required.
-	 */
-	private boolean consentRequired;
-
-	/**
-	 * Text to use for displaying Consent Screen.
-	 */
-	private String consentText;
-
-	/**
-	 * Config options.
-	 */
-	private Map<String, String> config;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakProtocolMapperBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakProtocolMapperBuilder.java
index abf8cdb1d..63d6ea63d 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakProtocolMapperBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/spec/KeycloakProtocolMapperBuilder.java
@@ -18,6 +18,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import org.keycloak.v1alpha1.keycloakclientspec.client.ProtocolMappers;
+
 public final class KeycloakProtocolMapperBuilder {
 	private String id;
 	private String name;
@@ -119,8 +121,8 @@ public KeycloakProtocolMapperBuilder config(String key, String value) {
 		return this;
 	}
 
-	public KeycloakProtocolMapper build() {
-		KeycloakProtocolMapper keycloakProtocolMapper = new KeycloakProtocolMapper();
+	public ProtocolMappers build() {
+		ProtocolMappers keycloakProtocolMapper = new ProtocolMappers();
 		keycloakProtocolMapper.setId(id);
 		keycloakProtocolMapper.setName(name);
 		keycloakProtocolMapper.setProtocol(protocol);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/status/KeycloakClientStatus.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/status/KeycloakClientStatus.java
deleted file mode 100644
index 81e8275a0..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/client/status/KeycloakClientStatus.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.status;
-
-import java.util.List;
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * KeycloakClientStatus defines the observed state of KeycloakClient.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakClientStatus {
-
-	/**
-	 * Current phase of the operator.
-	 */
-	private String phase;
-
-	/**
-	 * Human-readable message indicating details about current operator phase or error.
-	 */
-	private String message;
-
-	/**
-	 * True if all resources are in a ready state and all work is done.
-	 */
-	private boolean ready;
-
-	/**
-	 * A map of all the secondary resources types and names created for this CR.
-	 * e.g "Deployment": [ "DeploymentName1", "DeploymentName2" ].
-	 */
-	private Map<String, List<String>> secondaryResources;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/Keycloak.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/Keycloak.java
deleted file mode 100644
index f73c19b1b..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/Keycloak.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak;
-
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec.KeycloakSpec;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.status.KeycloakStatus;
-import org.jboss.intersmash.tools.provision.openshift.operator.resources.OpenShiftResource;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.ObjectMeta;
-import io.fabric8.kubernetes.client.CustomResource;
-import io.fabric8.kubernetes.model.annotation.Group;
-import io.fabric8.kubernetes.model.annotation.Version;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * https://github.com/keycloak/keycloak-operator/blob/master/pkg/apis/keycloak/v1alpha1/keycloak_types.go
- * https://github.com/keycloak/keycloak-operator/blob/master/deploy/crds/keycloak.org_keycloaks_crd.yaml
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-@Group("keycloak.org")
-@Version("v1alpha1")
-public class Keycloak extends CustomResource implements OpenShiftResource<Keycloak> {
-
-	/**
-	 * Standard object’s metadata.
-	 */
-	private ObjectMeta metadata;
-
-	/**
-	 * KeycloakSpec defines the desired state of Keycloak.
-	 */
-	private KeycloakSpec spec;
-
-	/**
-	 * KeycloakStatus defines the observed state of Keycloak.
-	 */
-	private KeycloakStatus status;
-
-	@Override
-	public Keycloak load(Keycloak loaded) {
-		this.setMetadata(loaded.getMetadata());
-		this.setSpec(loaded.getSpec());
-		return this;
-	}
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/KeycloakBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/KeycloakBuilder.java
index 765adcbba..ecb1ace99 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/KeycloakBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/KeycloakBuilder.java
@@ -19,10 +19,11 @@
 import java.util.List;
 import java.util.Map;
 
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec.KeycloakExternalAccess;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec.KeycloakExternalDatabase;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec.KeycloakSpec;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec.PodDisruptionBudgetConfig;
+import org.keycloak.v1alpha1.Keycloak;
+import org.keycloak.v1alpha1.KeycloakSpec;
+import org.keycloak.v1alpha1.keycloakspec.ExternalAccess;
+import org.keycloak.v1alpha1.keycloakspec.ExternalDatabase;
+import org.keycloak.v1alpha1.keycloakspec.PodDisruptionBudget;
 
 import io.fabric8.kubernetes.api.model.ObjectMeta;
 
@@ -32,11 +33,11 @@ public final class KeycloakBuilder {
 	//	private boolean unmanaged;
 	//	private KeycloakExternal external;
 	private List<String> extensions;
-	private int instances;
-	private KeycloakExternalAccess externalAccess;
-	private KeycloakExternalDatabase externalDatabase;
+	private long instances;
+	private ExternalAccess externalAccess;
+	private ExternalDatabase externalDatabase;
 	private String profile;
-	private PodDisruptionBudgetConfig podDisruptionBudget;
+	private PodDisruptionBudget podDisruptionBudget;
 	//	private KeycloakDeploymentSpec keycloakDeploymentSpec;
 	//	private PostgresqlDeploymentSpec postgresDeploymentSpec;
 	//	private MigrateConfig migration;
@@ -122,7 +123,7 @@ public KeycloakBuilder instances(int instances) {
 	 * @param externalAccess Stores external access configuration for Keycloak
 	 * @return this
 	 */
-	public KeycloakBuilder externalAccess(KeycloakExternalAccess externalAccess) {
+	public KeycloakBuilder externalAccess(ExternalAccess externalAccess) {
 		this.externalAccess = externalAccess;
 		return this;
 	}
@@ -158,7 +159,7 @@ public KeycloakBuilder externalAccess(KeycloakExternalAccess externalAccess) {
 	 * @param externalDatabase Stores external database configuration for Keycloak
 	 * @return this
 	 */
-	public KeycloakBuilder externalDatabase(KeycloakExternalDatabase externalDatabase) {
+	public KeycloakBuilder externalDatabase(ExternalDatabase externalDatabase) {
 		this.externalDatabase = externalDatabase;
 		return this;
 	}
@@ -180,7 +181,7 @@ public KeycloakBuilder profile(String profile) {
 	 * @param podDisruptionBudget Stores pod disruption budget configuration
 	 * @return this
 	 */
-	public KeycloakBuilder podDisruptionBudget(PodDisruptionBudgetConfig podDisruptionBudget) {
+	public KeycloakBuilder podDisruptionBudget(PodDisruptionBudget podDisruptionBudget) {
 		this.podDisruptionBudget = podDisruptionBudget;
 		return this;
 	}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/KeycloakList.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/KeycloakList.java
index 4c56d8018..715ef7015 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/KeycloakList.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/KeycloakList.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak;
 
+import org.keycloak.v1alpha1.Keycloak;
+
 import io.fabric8.kubernetes.client.CustomResourceList;
 
 public class KeycloakList extends CustomResourceList<Keycloak> {
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/BackupConfig.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/BackupConfig.java
deleted file mode 100644
index fe1bea769..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/BackupConfig.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Specify Migration configuration.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class BackupConfig {
-
-	/**
-	 * If set to true, the operator will do database backup before doing migration.
-	 */
-	private boolean enabled;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/BackupConfigBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/BackupConfigBuilder.java
deleted file mode 100644
index 697a266a3..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/BackupConfigBuilder.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-/**
- * Specify Migration configuration.
- */
-public final class BackupConfigBuilder {
-	private boolean enabled;
-
-	/**
-	 * If set to true, the operator will do database backup before doing migration.
-	 *
-	 * @param enabled Whether the operator will do database backup before doing migration
-	 * @return this
-	 */
-	public BackupConfigBuilder enabled(boolean enabled) {
-		this.enabled = enabled;
-		return this;
-	}
-
-	public BackupConfig build() {
-		BackupConfig backupConfig = new BackupConfig();
-		backupConfig.setEnabled(enabled);
-		return backupConfig;
-	}
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ConfigMapVolumeSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ConfigMapVolumeSpec.java
deleted file mode 100644
index 5f1a190af..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ConfigMapVolumeSpec.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import java.util.List;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.KeyToPath;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class ConfigMapVolumeSpec {
-
-	/**
-	 * ConfigMap name.
-	 */
-	private String name;
-
-	/**
-	 * An absolute path where to mount it.
-	 */
-	private String mountPath;
-
-	/**
-	 * ConfigMap mount details.
-	 */
-	private List<KeyToPath> items;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ConfigMapVolumeSpecBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ConfigMapVolumeSpecBuilder.java
index 66cc401a9..79446a052 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ConfigMapVolumeSpecBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ConfigMapVolumeSpecBuilder.java
@@ -18,12 +18,12 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import io.fabric8.kubernetes.api.model.KeyToPath;
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.volumes.items.Items;
 
 public final class ConfigMapVolumeSpecBuilder {
 	private String name;
 	private String mountPath;
-	private List<KeyToPath> items;
+	private List<Items> items;
 
 	/**
 	 * Set the ConfigMap name.
@@ -50,10 +50,10 @@ public ConfigMapVolumeSpecBuilder mountPath(String mountPath) {
 	/**
 	 * ConfigMap mount details.
 	 *
-	 * @param items List of {@link KeyToPath} instances representing the ConfigMap mount details
+	 * @param items List of {@link Items} instances representing the ConfigMap mount details
 	 * @return this
 	 */
-	public ConfigMapVolumeSpecBuilder items(List<KeyToPath> items) {
+	public ConfigMapVolumeSpecBuilder items(List<Items> items) {
 		this.items = items;
 		return this;
 	}
@@ -61,10 +61,10 @@ public ConfigMapVolumeSpecBuilder items(List<KeyToPath> items) {
 	/**
 	 * Add one ConfigMap mount detail item.
 	 *
-	 * @param item {@link KeyToPath} instances representing the ConfigMap mount details that should be added
+	 * @param item {@link Items} instances representing the ConfigMap mount details that should be added
 	 * @return this
 	 */
-	public ConfigMapVolumeSpecBuilder items(KeyToPath item) {
+	public ConfigMapVolumeSpecBuilder items(Items item) {
 		if (items == null) {
 			items = new ArrayList<>();
 		}
@@ -72,8 +72,8 @@ public ConfigMapVolumeSpecBuilder items(KeyToPath item) {
 		return this;
 	}
 
-	public ConfigMapVolumeSpec build() {
-		ConfigMapVolumeSpec configMapVolumeSpec = new ConfigMapVolumeSpec();
+	public org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.volumes.Items build() {
+		org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.volumes.Items configMapVolumeSpec = new org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.volumes.Items();
 		configMapVolumeSpec.setName(name);
 		configMapVolumeSpec.setMountPath(mountPath);
 		configMapVolumeSpec.setItems(items);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ExperimentalSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ExperimentalSpec.java
deleted file mode 100644
index 7c831e548..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ExperimentalSpec.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import java.util.List;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.EnvVar;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Experimental section
- * NOTE: This section might change or get removed without any notice. It may also cause the deployment to behave
- * in an unpredictable fashion. Please use with care.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class ExperimentalSpec {
-
-	/**
-	 *  Arguments to the entrypoint. Translates into Container CMD.
-	 */
-	private List<String> args;
-
-	/**
-	 * Container command. Translates into Container ENTRYPOINT.
-	 */
-	private List<String> command;
-
-	/**
-	 * List of environment variables to set in the container.
-	 */
-	private List<EnvVar> env;
-
-	/**
-	 * Additional volume mounts
-	 */
-	private VolumesSpec volumes;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ExperimentalSpecBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ExperimentalSpecBuilder.java
index b1802463f..1260f6cbd 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ExperimentalSpecBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/ExperimentalSpecBuilder.java
@@ -18,7 +18,10 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import io.fabric8.kubernetes.api.model.EnvVar;
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.Experimental;
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.Env;
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.Volumes;
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.volumes.Items;
 
 /**
  * Experimental section
@@ -28,8 +31,8 @@
 public final class ExperimentalSpecBuilder {
 	private List<String> args;
 	private List<String> command;
-	private List<EnvVar> env;
-	private VolumesSpec volumes;
+	private List<Env> env;
+	private Volumes volumes;
 
 	/**
 	 * Set the arguments to the entrypoint. Translates into Container CMD.
@@ -87,7 +90,7 @@ public ExperimentalSpecBuilder command(String command) {
 	 * @param env List of environment variables
 	 * @return this
 	 */
-	public ExperimentalSpecBuilder env(List<EnvVar> env) {
+	public ExperimentalSpecBuilder env(List<Env> env) {
 		this.env = env;
 		return this;
 	}
@@ -98,7 +101,7 @@ public ExperimentalSpecBuilder env(List<EnvVar> env) {
 	 * @param env Environment variable that should be added
 	 * @return this
 	 */
-	public ExperimentalSpecBuilder env(EnvVar env) {
+	public ExperimentalSpecBuilder env(Env env) {
 		if (this.env == null) {
 			this.env = new ArrayList<>();
 		}
@@ -109,16 +112,16 @@ public ExperimentalSpecBuilder env(EnvVar env) {
 	/**
 	 * Additional volume mounts.
 	 *
-	 * @param volumes {@link VolumesSpec} instance storing volume mount definitions
+	 * @param volumes {@link Items} instance storing volume mount definitions
 	 * @return this
 	 */
-	public ExperimentalSpecBuilder volumes(VolumesSpec volumes) {
+	public ExperimentalSpecBuilder volumes(Volumes volumes) {
 		this.volumes = volumes;
 		return this;
 	}
 
-	public ExperimentalSpec build() {
-		ExperimentalSpec experimentalSpec = new ExperimentalSpec();
+	public Experimental build() {
+		Experimental experimentalSpec = new Experimental();
 		experimentalSpec.setArgs(args);
 		experimentalSpec.setCommand(command);
 		experimentalSpec.setEnv(env);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakDeploymentSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakDeploymentSpec.java
deleted file mode 100644
index 2d2a345de..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakDeploymentSpec.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.ResourceRequirements;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Resources (Requests and Limits) for KeycloakDeployment.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakDeploymentSpec {
-
-	/**
-	 * Resources (Requests and Limits) for the Pods.
-	 */
-	private ResourceRequirements resources;
-
-	/**
-	 * Experimental section
-	 * NOTE: This section might change or get removed without any notice. It may also cause the deployment to behave
-	 * in an unpredictable fashion. Please use with care.
-	 */
-	private ExperimentalSpec experimental;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakDeploymentSpecBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakDeploymentSpecBuilder.java
index 7b019a0a6..2fd4dd85d 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakDeploymentSpecBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakDeploymentSpecBuilder.java
@@ -15,14 +15,16 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
 
-import io.fabric8.kubernetes.api.model.ResourceRequirements;
+import org.keycloak.v1alpha1.keycloakspec.KeycloakDeploymentSpec;
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.Experimental;
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.Resources;
 
 /**
  * Resources (Requests and Limits) for KeycloakDeployment.
  */
 public final class KeycloakDeploymentSpecBuilder {
-	private ResourceRequirements resources;
-	private ExperimentalSpec experimental;
+	private Resources resources;
+	private Experimental experimental;
 
 	/**
 	 * Set the Resources (Requests and Limits) for the Pods.
@@ -30,7 +32,7 @@ public final class KeycloakDeploymentSpecBuilder {
 	 * @param resources The Resources (Requests and Limits) for the Pods
 	 * @return this
 	 */
-	public KeycloakDeploymentSpecBuilder resources(ResourceRequirements resources) {
+	public KeycloakDeploymentSpecBuilder resources(Resources resources) {
 		this.resources = resources;
 		return this;
 	}
@@ -43,7 +45,7 @@ public KeycloakDeploymentSpecBuilder resources(ResourceRequirements resources) {
 	 * @param experimental The experimental section definition
 	 * @return this
 	 */
-	public KeycloakDeploymentSpecBuilder experimental(ExperimentalSpec experimental) {
+	public KeycloakDeploymentSpecBuilder experimental(Experimental experimental) {
 		this.experimental = experimental;
 		return this;
 	}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternal.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternal.java
deleted file mode 100644
index a8abe549b..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternal.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Contains configuration for external Keycloak instances. Unmanaged needs to be set to true to use this.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakExternal {
-	/**
-	 * If set to true, this Keycloak will be treated as an external instance.
-	 * The unmanaged field also needs to be set to true if this field is true.
-	 */
-	private boolean enabled;
-
-	/**
-	 * The URL to use for the keycloak admin API. Needs to be set if external is true.
-	 */
-	private String url;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalAccess.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalAccess.java
deleted file mode 100644
index 4eedc0019..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalAccess.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Controls external Ingress/Route settings.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakExternalAccess {
-
-	/**
-	* If set to true, the Operator will create an Ingress or a Route pointing to Keycloak.
-	*/
-	private boolean enabled;
-	//
-	//	/**
-	//	 * TLS Termination type for the external access. Setting this field to "reencrypt" will
-	//	 * terminate TLS on the Ingress/Route level. Setting this field to "passthrough" will
-	//	 * send encrypted traffic to the Pod. If unspecified, defaults to "reencrypt".
-	//	 * Note, that this setting has no effect on Ingress
-	//	 * as Ingress TLS settings are not reconciled by this operator. In other words,
-	//	 * Ingress TLS configuration is the same in both cases and it is up to the user
-	//	 * to configure TLS section of the Ingress.
-	//	 */
-	//	private String tlsTermination;
-	//
-	//	/**
-	//	 * If set, the Operator will use value of host for Ingress/Route host instead of default value keycloak.local for
-	//	 * ingress and automatically chosen name for Route.
-	//	 */
-	//	private String host;
-
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalAccessBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalAccessBuilder.java
index 23dbcf75e..f65d475e9 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalAccessBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalAccessBuilder.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
 
+import org.keycloak.v1alpha1.keycloakspec.ExternalAccess;
+
 /**
  * Controls external Ingress/Route settings.
  */
@@ -59,8 +61,8 @@ public KeycloakExternalAccessBuilder enabled(boolean enabled) {
 	//		return this;
 	//	}
 
-	public KeycloakExternalAccess build() {
-		KeycloakExternalAccess keycloakExternalAccess = new KeycloakExternalAccess();
+	public ExternalAccess build() {
+		ExternalAccess keycloakExternalAccess = new ExternalAccess();
 		keycloakExternalAccess.setEnabled(enabled);
 		//		keycloakExternalAccess.setTlsTermination(tlsTermination);
 		//		keycloakExternalAccess.setHost(host);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalBuilder.java
index fb660d289..beebbe243 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalBuilder.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
 
+import org.keycloak.v1alpha1.keycloakspec.External;
+
 /**
  * Contains configuration for external Keycloak instances. Unmanaged needs to be set to true to use this.
  */
@@ -45,8 +47,8 @@ public KeycloakExternalBuilder url(String url) {
 		return this;
 	}
 
-	public KeycloakExternal build() {
-		KeycloakExternal keycloakExternal = new KeycloakExternal();
+	public External build() {
+		External keycloakExternal = new External();
 		keycloakExternal.setEnabled(enabled);
 		keycloakExternal.setUrl(url);
 		return keycloakExternal;
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalDatabase.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalDatabase.java
deleted file mode 100644
index 11db35b8c..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalDatabase.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * 	Controls external database settings.
- * 	Using an external database requires providing a secret containing credentials
- * 	as well as connection details. Here's an example of such secret:
- *
- * 	    apiVersion: v1
- * 	    kind: Secret
- * 	    metadata:
- * 	        name: keycloak-db-secret
- * 	        namespace: keycloak
- * 	    stringData:
- * 	        POSTGRES_DATABASE: &lt;Database Name&gt;
- * 	        POSTGRES_EXTERNAL_ADDRESS: &lt;External Database IP or URL (resolvable by K8s)&gt;
- * 	        POSTGRES_EXTERNAL_PORT: &lt;External Database Port&gt;
- * 	        # Strongly recommended to use &lt;'Keycloak CR Name'-postgresql&gt;
- * 	        POSTGRES_HOST: &lt;Database Service Name&gt;
- * 	        POSTGRES_PASSWORD: &lt;Database Password&gt;
- * 	        # Required for AWS Backup functionality
- * 	        POSTGRES_SUPERUSER: true
- * 	        POSTGRES_USERNAME: &lt;Database Username&gt;
- * 	     type: Opaque
- *
- * 	Both POSTGRES_EXTERNAL_ADDRESS and POSTGRES_EXTERNAL_PORT are specifically required for creating
- * 	connection to the external database. The secret name is created using the following convention:
- * 	      &lt;Custom Resource Name&gt;-db-secret
- *
- * 	For more information, please refer to the Operator documentation.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakExternalDatabase {
-	/**
-	 * If set to true, the Operator will use an external database.
-	 */
-	private boolean enabled;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalDatabaseBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalDatabaseBuilder.java
index cf86523ef..6645ed137 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalDatabaseBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakExternalDatabaseBuilder.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
 
+import org.keycloak.v1alpha1.keycloakspec.ExternalDatabase;
+
 /**
  * 	Controls external database settings.
  * 	Using an external database requires providing a secret containing credentials
@@ -57,8 +59,8 @@ public KeycloakExternalDatabaseBuilder enabled(boolean enabled) {
 		return this;
 	}
 
-	public KeycloakExternalDatabase build() {
-		KeycloakExternalDatabase keycloakExternalDatabase = new KeycloakExternalDatabase();
+	public ExternalDatabase build() {
+		ExternalDatabase keycloakExternalDatabase = new ExternalDatabase();
 		keycloakExternalDatabase.setEnabled(enabled);
 		return keycloakExternalDatabase;
 	}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakSpec.java
deleted file mode 100644
index 7db8f902e..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/KeycloakSpec.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import java.util.List;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * KeycloakSpec defines the desired state of Keycloak.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakSpec {
-
-	//	/**
-	//	 * When set to true, this Keycloak will be marked as unmanaged and will not be managed by this operator.
-	//	 *
-	//	 * It can then be used for targeting purposes.
-	//	 */
-	//	private boolean unmanaged;
-	//
-	//	/**
-	//	 * Contains configuration for external Keycloak instances. Unmanaged needs to be set to true to use this.
-	//	 */
-	//	private KeycloakExternal external;
-
-	/**
-	 * A list of extensions, where each one is a URL to a JAR files that will be deployed in Keycloak.
-	 */
-	private List<String> extensions;
-
-	/**
-	 * Number of Keycloak instances in HA mode. Default is 1.
-	 */
-	private int instances;
-
-	/**
-	 * Controls external Ingress/Route settings.
-	 */
-	private KeycloakExternalAccess externalAccess;
-
-	/**
-	 * 	Controls external database settings.
-	 * 	Using an external database requires providing a secret containing credentials
-	 * 	as well as connection details. Here's an example of such secret:
-	 *
-	 * 	    apiVersion: v1
-	 * 	    kind: Secret
-	 * 	    metadata:
-	 * 	        name: keycloak-db-secret
-	 * 	        namespace: keycloak
-	 * 	    stringData:
-	 * 	        POSTGRES_DATABASE: <Database Name>
-	 * 	        POSTGRES_EXTERNAL_ADDRESS: <External Database IP or URL (resolvable by K8s)>
-	 * 	        POSTGRES_EXTERNAL_PORT: <External Database Port>
-	 * 	        # Strongly recommended to use <'Keycloak CR Name'-postgresql>
-	 * 	        POSTGRES_HOST: <Database Service Name>
-	 * 	        POSTGRES_PASSWORD: <Database Password>
-	 * 	        # Required for AWS Backup functionality
-	 * 	        POSTGRES_SUPERUSER: true
-	 * 	        POSTGRES_USERNAME: <Database Username>
-	 * 	     type: Opaque
-	 *
-	 * 	Both POSTGRES_EXTERNAL_ADDRESS and POSTGRES_EXTERNAL_PORT are specifically required for creating
-	 * 	connection to the external database. The secret name is created using the following convention:
-	 * 	      <Custom Resource Name>-db-secret
-	 *
-	 * 	For more information, please refer to the Operator documentation.
-	 */
-	private KeycloakExternalDatabase externalDatabase;
-
-	/**
-	 * Profile used for controlling Operator behavior. Default is empty.
-	 */
-	private String profile;
-
-	/**
-	 * Specify PodDisruptionBudget configuration.
-	 */
-	private PodDisruptionBudgetConfig podDisruptionBudget;
-
-	//	/**
-	//	 * Resources (Requests and Limits) for KeycloakDeployment.
-	//	 */
-	//	private KeycloakDeploymentSpec keycloakDeploymentSpec;
-	//
-	//	/**
-	//	 * Resources (Requests and Limits) for PostgresDeployment.
-	//	 */
-	//	private PostgresqlDeploymentSpec postgresDeploymentSpec;
-	//
-	//	/**
-	//	 * Specify Migration configuration.
-	//	 */
-	//	private MigrateConfig migration;
-	//
-	//	/**
-	//	 * Name of the StorageClass for Postgresql Persistent Volume Claim.
-	//	 */
-	//	private String storageClassName;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/MigrateConfig.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/MigrateConfig.java
deleted file mode 100644
index 9fb678570..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/MigrateConfig.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Specify Migration configuration.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class MigrateConfig {
-	/**
-	 * Specify migration strategy.
-	 */
-	private String strategy;
-
-	/**
-	 * Set it to config backup policy for migration.
-	 */
-	private BackupConfig backups;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/MigrateConfigBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/MigrateConfigBuilder.java
deleted file mode 100644
index 911aec19b..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/MigrateConfigBuilder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-/**
- * Specify Migration configuration.
- */
-public final class MigrateConfigBuilder {
-	private String strategy;
-	private BackupConfig backups;
-
-	/**
-	 * Specify migration strategy.
-	 *
-	 * @param strategy The migration strategy that should  be used
-	 * @return this
-	 */
-	public MigrateConfigBuilder strategy(MigrationStrategy strategy) {
-		if (strategy != MigrationStrategy.NO_STRATEGY) {
-			this.strategy = strategy.getValue();
-		}
-		return this;
-	}
-
-	/**
-	 * Set it to config backup policy for migration.
-	 *
-	 * @param backups The backup configuration that should be used
-	 * @return this
-	 */
-	public MigrateConfigBuilder backups(BackupConfig backups) {
-		this.backups = backups;
-		return this;
-	}
-
-	public MigrateConfig build() {
-		MigrateConfig migrateConfig = new MigrateConfig();
-		migrateConfig.setStrategy(strategy);
-		migrateConfig.setBackups(backups);
-		return migrateConfig;
-	}
-
-	public enum MigrationStrategy {
-		NO_STRATEGY(""),
-		STRATEGY_RECREATE("recreate"),
-		STRATEGY_ROLLING("rolling");
-
-		private String value;
-
-		MigrationStrategy(String value) {
-			this.value = value;
-		}
-
-		public String getValue() {
-			return value;
-		}
-	}
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PodDisruptionBudgetConfig.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PodDisruptionBudgetConfig.java
deleted file mode 100644
index 6ed860490..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PodDisruptionBudgetConfig.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Specify PodDisruptionBudget configuration.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class PodDisruptionBudgetConfig {
-
-	/**
-	 * If set to true, the operator will create a PodDistruptionBudget for the Keycloak deployment and set its
-	 * `maxUnavailable` value to 1.
-	 */
-	private boolean enabled;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PodDisruptionBudgetConfigBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PodDisruptionBudgetConfigBuilder.java
index b4531f112..534d04db9 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PodDisruptionBudgetConfigBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PodDisruptionBudgetConfigBuilder.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
 
+import org.keycloak.v1alpha1.keycloakspec.PodDisruptionBudget;
+
 /**
  * Specify PodDisruptionBudget configuration.
  */
@@ -33,8 +35,8 @@ public PodDisruptionBudgetConfigBuilder enabled(boolean enabled) {
 		return this;
 	}
 
-	public PodDisruptionBudgetConfig build() {
-		PodDisruptionBudgetConfig podDisruptionBudgetConfig = new PodDisruptionBudgetConfig();
+	public PodDisruptionBudget build() {
+		PodDisruptionBudget podDisruptionBudgetConfig = new PodDisruptionBudget();
 		podDisruptionBudgetConfig.setEnabled(enabled);
 		return podDisruptionBudgetConfig;
 	}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PostgresqlDeploymentSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PostgresqlDeploymentSpec.java
deleted file mode 100644
index 53cf54e74..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PostgresqlDeploymentSpec.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.ResourceRequirements;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * Resources (Requests and Limits) for PostgresDeployment.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class PostgresqlDeploymentSpec {
-
-	/**
-	 * Resources (Requests and Limits) for the Pods.
-	 */
-	private ResourceRequirements resources;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PostgresqlDeploymentSpecBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PostgresqlDeploymentSpecBuilder.java
index 1af3d6d6d..e068a32c3 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PostgresqlDeploymentSpecBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/PostgresqlDeploymentSpecBuilder.java
@@ -15,13 +15,14 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
 
-import io.fabric8.kubernetes.api.model.ResourceRequirements;
+import org.keycloak.v1alpha1.keycloakspec.PostgresDeploymentSpec;
+import org.keycloak.v1alpha1.keycloakspec.postgresdeploymentspec.Resources;
 
 /**
  * Resources (Requests and Limits) for PostgresDeployment.
  */
 public final class PostgresqlDeploymentSpecBuilder {
-	private ResourceRequirements resources;
+	private Resources resources;
 
 	/**
 	 * Set the Resources (Requests and Limits) for the Pods.
@@ -29,13 +30,13 @@ public final class PostgresqlDeploymentSpecBuilder {
 	 * @param resources The Resources (Requests and Limits) for the Pods
 	 * @return this
 	 */
-	public PostgresqlDeploymentSpecBuilder resources(ResourceRequirements resources) {
+	public PostgresqlDeploymentSpecBuilder resources(Resources resources) {
 		this.resources = resources;
 		return this;
 	}
 
-	public PostgresqlDeploymentSpec build() {
-		PostgresqlDeploymentSpec postgresqlDeploymentSpec = new PostgresqlDeploymentSpec();
+	public PostgresDeploymentSpec build() {
+		PostgresDeploymentSpec postgresqlDeploymentSpec = new PostgresDeploymentSpec();
 		postgresqlDeploymentSpec.setResources(resources);
 		return postgresqlDeploymentSpec;
 	}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumeSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumeSpec.java
deleted file mode 100644
index dd342be91..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumeSpec.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class VolumeSpec {
-
-	/**
-	 * ConfigMap mount.
-	 */
-	private ConfigMapVolumeSpec configMap;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumeSpecBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumeSpecBuilder.java
index f785808db..7ec460288 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumeSpecBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumeSpecBuilder.java
@@ -15,8 +15,12 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
 
+import java.util.List;
+
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.volumes.Items;
+
 public final class VolumeSpecBuilder {
-	private ConfigMapVolumeSpec configMap;
+	private List<String> configMap;
 
 	/**
 	 * Set the ConfigMap mount.
@@ -24,14 +28,14 @@ public final class VolumeSpecBuilder {
 	 * @param configMap The ConfigMap mount configuration
 	 * @return this
 	 */
-	public VolumeSpecBuilder configMap(ConfigMapVolumeSpec configMap) {
+	public VolumeSpecBuilder configMap(List<String> configMap) {
 		this.configMap = configMap;
 		return this;
 	}
 
-	public VolumeSpec build() {
-		VolumeSpec volumeSpec = new VolumeSpec();
-		volumeSpec.setConfigMap(configMap);
+	public Items build() {
+		Items volumeSpec = new Items();
+		volumeSpec.setConfigMaps(configMap);
 		return volumeSpec;
 	}
 }
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumesSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumesSpec.java
deleted file mode 100644
index 7dbdbe9c3..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumesSpec.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.spec;
-
-import java.util.List;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class VolumesSpec {
-
-	private List<VolumeSpec> items;
-
-	private int defaultMode;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumesSpecBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumesSpecBuilder.java
index e38e73d96..507b4e355 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumesSpecBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/spec/VolumesSpecBuilder.java
@@ -18,16 +18,19 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.Volumes;
+import org.keycloak.v1alpha1.keycloakspec.keycloakdeploymentspec.experimental.volumes.Items;
+
 public final class VolumesSpecBuilder {
-	private List<VolumeSpec> items;
+	private List<Items> items;
 	private int defaultMode;
 
-	public VolumesSpecBuilder items(List<VolumeSpec> items) {
+	public VolumesSpecBuilder items(List<Items> items) {
 		this.items = items;
 		return this;
 	}
 
-	public VolumesSpecBuilder items(VolumeSpec item) {
+	public VolumesSpecBuilder items(Items item) {
 		if (items == null) {
 			items = new ArrayList<>();
 		}
@@ -40,8 +43,8 @@ public VolumesSpecBuilder defaultMode(int defaultMode) {
 		return this;
 	}
 
-	public VolumesSpec build() {
-		VolumesSpec volumesSpec = new VolumesSpec();
+	public Volumes build() {
+		Volumes volumesSpec = new Volumes();
 		volumesSpec.setItems(items);
 		volumesSpec.setDefaultMode(defaultMode);
 		return volumesSpec;
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/status/KeycloakStatus.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/status/KeycloakStatus.java
deleted file mode 100644
index a49b2a476..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/keycloak/status/KeycloakStatus.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.keycloak.status;
-
-import java.util.List;
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * KeycloakStatus defines the observed state of Keycloak.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakStatus {
-
-	/**
-	 * Current phase of the operator.
-	 */
-	private String phase;
-
-	/**
-	 * Human-readable message indicating details about current operator phase or error.
-	 */
-	private String message;
-
-	/**
-	 * True if all resources are in a ready state and all work is done.
-	 */
-	private boolean ready;
-
-	/**
-	 * A map of all the secondary resources types and names created for this CR.
-	 * e.g "Deployment": [ "DeploymentName1", "DeploymentName2" ].
-	 */
-	private Map<String, List<String>> secondaryResources;
-
-	/**
-	 * Version of Keycloak or RHSSO running on the cluster.
-	 */
-	private String version;
-
-	/**
-	 * Service IP and Port for in-cluster access to the keycloak instance.
-	 */
-	private String internalURL;
-
-	/**
-	 * Service IP and Port for external access to the keycloak instance.
-	 */
-	private String externalURL;
-
-	/**
-	 * The secret where the admin credentials are to be found.
-	 */
-	private String credentialSecret;
-
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealm.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealm.java
deleted file mode 100644
index af978c955..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealm.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm;
-
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec.KeycloakRealmSpec;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.status.KeycloakRealmStatus;
-import org.jboss.intersmash.tools.provision.openshift.operator.resources.OpenShiftResource;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.ObjectMeta;
-import io.fabric8.kubernetes.client.CustomResource;
-import io.fabric8.kubernetes.model.annotation.Group;
-import io.fabric8.kubernetes.model.annotation.Version;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * https://github.com/keycloak/keycloak-operator/blob/master/pkg/apis/keycloak/v1alpha1/keycloakrealm_types.go
- * https://github.com/keycloak/keycloak-operator/blob/master/deploy/crds/keycloak.org_keycloakrealms_crd.yaml
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-@Group("keycloak.org")
-@Version("v1alpha1")
-public class KeycloakRealm extends CustomResource implements OpenShiftResource<KeycloakRealm> {
-	/**
-	 * Standard object’s metadata.
-	 */
-	private ObjectMeta metadata;
-
-	/**
-	 * KeycloakRealmSpec defines the desired state of KeycloakRealm.
-	 */
-	private KeycloakRealmSpec spec;
-
-	/**
-	 * KeycloakRealmStatus defines the observed state of KeycloakRealm.
-	 */
-	private KeycloakRealmStatus status;
-
-	@Override
-	public KeycloakRealm load(KeycloakRealm loaded) {
-		this.setMetadata(loaded.getMetadata());
-		this.setSpec(loaded.getSpec());
-		return this;
-	}
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealmBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealmBuilder.java
index 2adf5c928..4fc043631 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealmBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealmBuilder.java
@@ -19,20 +19,21 @@
 import java.util.List;
 import java.util.Map;
 
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec.KeycloakAPIRealm;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec.KeycloakRealmSpec;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec.RedirectorIdentityProviderOverride;
+import org.keycloak.v1alpha1.KeycloakRealm;
+import org.keycloak.v1alpha1.KeycloakRealmSpec;
+import org.keycloak.v1alpha1.keycloakrealmspec.InstanceSelector;
+import org.keycloak.v1alpha1.keycloakrealmspec.Realm;
+import org.keycloak.v1alpha1.keycloakrealmspec.RealmOverrides;
 
-import io.fabric8.kubernetes.api.model.LabelSelector;
 import io.fabric8.kubernetes.api.model.ObjectMeta;
 
 public final class KeycloakRealmBuilder {
 	private String name;
 	private Map<String, String> labels;
 	//	private boolean unmanaged;
-	private LabelSelector instanceSelector;
-	private KeycloakAPIRealm realm;
-	private List<RedirectorIdentityProviderOverride> realmOverrides;
+	private InstanceSelector instanceSelector;
+	private Realm realm;
+	private List<RealmOverrides> realmOverrides;
 
 	/**
 	 * Initialize the {@link KeycloakRealmBuilder} with given resource name.
@@ -66,10 +67,10 @@ public KeycloakRealmBuilder(String name, Map<String, String> labels) {
 	/**
 	 * Set a selector for looking up Keycloak Custom Resources.
 	 *
-	 * @param instanceSelector {@link LabelSelector} instance that should be used for looking up Keycloak Custom Resources.
+	 * @param instanceSelector {@link InstanceSelector} instance that should be used for looking up Keycloak Custom Resources.
 	 * @return this
 	 */
-	public KeycloakRealmBuilder instanceSelector(LabelSelector instanceSelector) {
+	public KeycloakRealmBuilder instanceSelector(InstanceSelector instanceSelector) {
 		this.instanceSelector = instanceSelector;
 		return this;
 	}
@@ -77,10 +78,10 @@ public KeycloakRealmBuilder instanceSelector(LabelSelector instanceSelector) {
 	/**
 	 * Keycloak Realm REST object.
 	 *
-	 * @param realm {@link KeycloakAPIRealm} instance that should be used as the realm REST client
+	 * @param realm {@link Realm} instance that should be used as the realm REST client
 	 * @return this
 	 */
-	public KeycloakRealmBuilder realm(KeycloakAPIRealm realm) {
+	public KeycloakRealmBuilder realm(Realm realm) {
 		this.realm = realm;
 		return this;
 	}
@@ -88,11 +89,11 @@ public KeycloakRealmBuilder realm(KeycloakAPIRealm realm) {
 	/**
 	 * A list of overrides to the default Realm behavior.
 	 *
-	 * @param realmOverrides A list of {@link RedirectorIdentityProviderOverride} instances that should be used to
+	 * @param realmOverrides A list of {@link RealmOverrides} instances that should be used to
 	 *                       override the default realm behavior
 	 * @return this
 	 */
-	public KeycloakRealmBuilder realmOverrides(List<RedirectorIdentityProviderOverride> realmOverrides) {
+	public KeycloakRealmBuilder realmOverrides(List<RealmOverrides> realmOverrides) {
 		this.realmOverrides = realmOverrides;
 		return this;
 	}
@@ -100,11 +101,11 @@ public KeycloakRealmBuilder realmOverrides(List<RedirectorIdentityProviderOverri
 	/**
 	 * Add an override to the default Realm behavior.
 	 *
-	 * @param realmOverride A {@link RedirectorIdentityProviderOverride} instance that should be added to
+	 * @param realmOverride A {@link RealmOverrides} instance that should be added to
 	 *                       override the default realm behavior
 	 * @return this
 	 */
-	public KeycloakRealmBuilder realmOverrides(RedirectorIdentityProviderOverride realmOverride) {
+	public KeycloakRealmBuilder realmOverrides(RealmOverrides realmOverride) {
 		if (realmOverrides == null) {
 			realmOverrides = new ArrayList<>();
 		}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealmList.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealmList.java
index 3ff561f3e..a83df7a51 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealmList.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/KeycloakRealmList.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm;
 
+import org.keycloak.v1alpha1.KeycloakRealm;
+
 import io.fabric8.kubernetes.client.CustomResourceList;
 
 public class KeycloakRealmList extends CustomResourceList<KeycloakRealm> {
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationExecution.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationExecution.java
deleted file mode 100644
index 83ebc2eec..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationExecution.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAPIAuthenticationExecution {
-
-	/**
-	 * Authenticator.
-	 */
-	private String authenticator;
-
-	/**
-	 * Authenticator Config.
-	 */
-	private String authenticatorConfig;
-
-	/**
-	 * Authenticator flow.
-	 */
-	private String authenticatorFlow;
-
-	/**
-	 * Flow Alias.
-	 */
-	private String flowAlias;
-
-	/**
-	 * Priority.
-	 */
-	private int priority;
-
-	/**
-	 * Requirement [REQUIRED, OPTIONAL, ALTERNATIVE, DISABLED].
-	 */
-	private String requirement;
-
-	/**
-	 * User setup allowed.
-	 */
-	private boolean userSetupAllowed;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationExecutionBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationExecutionBuilder.java
index 9577fc381..1000b2fe7 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationExecutionBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationExecutionBuilder.java
@@ -15,10 +15,12 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
 
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.authenticationflows.AuthenticationExecutions;
+
 public final class KeycloakAPIAuthenticationExecutionBuilder {
 	private String authenticator;
 	private String authenticatorConfig;
-	private String authenticatorFlow;
+	private boolean authenticatorFlow;
 	private String flowAlias;
 	private int priority;
 	private String requirement;
@@ -52,7 +54,7 @@ public KeycloakAPIAuthenticationExecutionBuilder authenticatorConfig(String auth
 	 * @param authenticatorFlow String representing a valid authenticator flow
 	 * @return this
 	 */
-	public KeycloakAPIAuthenticationExecutionBuilder authenticatorFlow(String authenticatorFlow) {
+	public KeycloakAPIAuthenticationExecutionBuilder authenticatorFlow(boolean authenticatorFlow) {
 		this.authenticatorFlow = authenticatorFlow;
 		return this;
 	}
@@ -101,8 +103,8 @@ public KeycloakAPIAuthenticationExecutionBuilder userSetupAllowed(boolean userSe
 		return this;
 	}
 
-	public KeycloakAPIAuthenticationExecution build() {
-		KeycloakAPIAuthenticationExecution keycloakAPIAuthenticationExecution = new KeycloakAPIAuthenticationExecution();
+	public AuthenticationExecutions build() {
+		AuthenticationExecutions keycloakAPIAuthenticationExecution = new AuthenticationExecutions();
 		keycloakAPIAuthenticationExecution.setAuthenticator(authenticator);
 		keycloakAPIAuthenticationExecution.setAuthenticatorConfig(authenticatorConfig);
 		keycloakAPIAuthenticationExecution.setAuthenticatorFlow(authenticatorFlow);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationFlow.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationFlow.java
deleted file mode 100644
index deaa25601..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationFlow.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import java.util.List;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAPIAuthenticationFlow {
-
-	/**
-	 * Alias.
-	 */
-	private String alias;
-
-	/**
-	 * Authentication executions.
-	 */
-	private List<KeycloakAPIAuthenticationExecution> authenticationExecutions;
-
-	/**
-	 * Built in.
-	 */
-	private boolean builtIn;
-
-	/**
-	 * Description.
-	 */
-	private String description;
-
-	/**
-	 * ID.
-	 */
-	private String id;
-
-	/**
-	 * Provider ID.
-	 */
-	private String providerId;
-
-	/**
-	 * Top level.
-	 */
-	private boolean topLevel;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationFlowBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationFlowBuilder.java
index 1dbc67bcd..b4f766786 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationFlowBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticationFlowBuilder.java
@@ -18,9 +18,12 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.AuthenticationFlows;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.authenticationflows.AuthenticationExecutions;
+
 public final class KeycloakAPIAuthenticationFlowBuilder {
 	private String alias;
-	private List<KeycloakAPIAuthenticationExecution> authenticationExecutions;
+	private List<AuthenticationExecutions> authenticationExecutions;
 	private boolean builtIn;
 	private String description;
 	private String id;
@@ -45,7 +48,7 @@ public KeycloakAPIAuthenticationFlowBuilder alias(String alias) {
 	 * @return this
 	 */
 	public KeycloakAPIAuthenticationFlowBuilder authenticationExecutions(
-			List<KeycloakAPIAuthenticationExecution> authenticationExecutions) {
+			List<AuthenticationExecutions> authenticationExecutions) {
 		this.authenticationExecutions = authenticationExecutions;
 		return this;
 	}
@@ -57,7 +60,7 @@ public KeycloakAPIAuthenticationFlowBuilder authenticationExecutions(
 	 * @return this
 	 */
 	public KeycloakAPIAuthenticationFlowBuilder authenticationExecutions(
-			KeycloakAPIAuthenticationExecution authenticationExecution) {
+			AuthenticationExecutions authenticationExecution) {
 		if (authenticationExecutions == null) {
 			authenticationExecutions = new ArrayList<>();
 		}
@@ -120,8 +123,8 @@ public KeycloakAPIAuthenticationFlowBuilder topLevel(boolean topLevel) {
 		return this;
 	}
 
-	public KeycloakAPIAuthenticationFlow build() {
-		KeycloakAPIAuthenticationFlow keycloakAPIAuthenticationFlow = new KeycloakAPIAuthenticationFlow();
+	public AuthenticationFlows build() {
+		AuthenticationFlows keycloakAPIAuthenticationFlow = new AuthenticationFlows();
 		keycloakAPIAuthenticationFlow.setAlias(alias);
 		keycloakAPIAuthenticationFlow.setAuthenticationExecutions(authenticationExecutions);
 		keycloakAPIAuthenticationFlow.setBuiltIn(builtIn);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticatorConfig.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticatorConfig.java
deleted file mode 100644
index d6fb8ff43..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticatorConfig.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAPIAuthenticatorConfig {
-
-	/**
-	 * Alias.
-	 */
-	private String alias;
-
-	/**
-	 * Config.
-	 */
-	private String config;
-
-	/**
-	 * ID.
-	 */
-	private String id;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticatorConfigBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticatorConfigBuilder.java
index 96471f29e..63ad4f9c3 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticatorConfigBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIAuthenticatorConfigBuilder.java
@@ -15,9 +15,13 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
 
+import java.util.Map;
+
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.AuthenticatorConfig;
+
 public final class KeycloakAPIAuthenticatorConfigBuilder {
 	private String alias;
-	private String config;
+	private Map<String, String> config;
 	private String id;
 
 	/**
@@ -37,7 +41,7 @@ public KeycloakAPIAuthenticatorConfigBuilder alias(String alias) {
 	 * @param config The Config that should be used
 	 * @return this
 	 */
-	public KeycloakAPIAuthenticatorConfigBuilder config(String config) {
+	public KeycloakAPIAuthenticatorConfigBuilder config(Map<String, String> config) {
 		this.config = config;
 		return this;
 	}
@@ -53,8 +57,8 @@ public KeycloakAPIAuthenticatorConfigBuilder id(String id) {
 		return this;
 	}
 
-	public KeycloakAPIAuthenticatorConfig build() {
-		KeycloakAPIAuthenticatorConfig keycloakAPIAuthenticatorConfig = new KeycloakAPIAuthenticatorConfig();
+	public AuthenticatorConfig build() {
+		AuthenticatorConfig keycloakAPIAuthenticatorConfig = new AuthenticatorConfig();
 		keycloakAPIAuthenticatorConfig.setAlias(alias);
 		keycloakAPIAuthenticatorConfig.setConfig(config);
 		keycloakAPIAuthenticatorConfig.setId(id);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIRealm.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIRealm.java
deleted file mode 100644
index bb0fadc4b..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIRealm.java
+++ /dev/null
@@ -1,161 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import java.util.Set;
-
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec.KeycloakAPIClient;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec.KeycloakAPIUser;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAPIRealm {
-
-	private String id;
-
-	/**
-	 * Realm name.
-	 */
-	private String realm;
-
-	/**
-	 * Realm enabled flag.
-	 */
-	private boolean enabled;
-
-	/**
-	 * Realm display name.
-	 */
-	private String displayName;
-
-	/**
-	 * A set of Keycloak Users.
-	 */
-	private Set<KeycloakAPIUser> users;
-
-	/**
-	 *  A set of Keycloak Clients.
-	 */
-	private Set<KeycloakAPIClient> clients;
-
-	/**
-	 * A set of Identity Providers.
-	 */
-	private Set<KeycloakIdentityProvider> identityProviders;
-
-	/**
-	 * A set of Event Listeners.
-	 */
-	private Set<String> eventsListeners;
-
-	/**
-	 * Enable events recording.
-	 */
-	private boolean eventsEnabled;
-
-	/**
-	 * Enable events recording.
-	 */
-	private boolean adminEventsEnabled;
-
-	/**
-	 * Enable admin events details.
-	 */
-	private boolean adminEventsDetailsEnabled;
-	//
-	//	/**
-	//	 * Client scopes.
-	//	 */
-	//	private List<KeycloakClientScope> clientScopes;
-	//
-	//	/**
-	//	 * Authentication flows.
-	//	 */
-	//	private List<KeycloakAPIAuthenticationFlow> authenticationFlows;
-	//
-	//	/**
-	//	 * Authenticator config.
-	//	 */
-	//	private List<KeycloakAPIAuthenticatorConfig> authenticatorConfig;
-	//
-	//	/**
-	//	 * Point keycloak to an external user provider to validate credentials or pull in identity information.
-	//	 */
-	//	private List<KeycloakAPIUserFederationProvider> userFederationProviders;
-	//
-	//	/**
-	//	 * User federation mappers are extension points triggered by the user federation at various points.
-	//	 */
-	//	private List<KeycloakAPIUserFederationMapper> userFederationMappers;
-	//
-	//	/**
-	//	 * User registration.
-	//	 */
-	//	private boolean registrationAllowed;
-	//
-	//	/**
-	//	 * Email as username.
-	//	 */
-	//	private boolean registrationEmailAsUsername;
-	//
-	//	/**
-	//	 * Edit username.
-	//	 */
-	//	private boolean editUsernameAllowed;
-	//
-	//	/**
-	//	 * Forgot password.
-	//	 */
-	//	private boolean resetPasswordAllowed;
-	//
-	//	/**
-	//	 * Remember me.
-	//	 */
-	//	private boolean rememberMe;
-	//
-	//	/**
-	//	 * Verify email.
-	//	 */
-	//	private boolean verifyEmail;
-	//
-	//	/**
-	//	 * Login with email.
-	//	 */
-	//	private boolean loginWithEmailAllowed;
-	//
-	//	/**
-	//	 * Duplicate emails.
-	//	 */
-	//	private boolean duplicateEmailsAllowed;
-	//
-	//	/**
-	//	 * Require SSL.
-	//	 */
-	//	private String sslRequired;
-	//
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIRealmBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIRealmBuilder.java
index e9b2584ee..aeec56a82 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIRealmBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIRealmBuilder.java
@@ -15,29 +15,32 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
 
-import java.util.HashSet;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Set;
 
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec.KeycloakAPIClient;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec.KeycloakAPIUser;
+import org.keycloak.v1alpha1.keycloakrealmspec.Realm;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.Clients;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.IdentityProviders;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.Users;
 
 public final class KeycloakAPIRealmBuilder {
 	private String id;
 	private String realm;
 	private boolean enabled;
 	private String displayName;
-	private Set<KeycloakAPIUser> users;
-	private Set<KeycloakAPIClient> clients;
-	private Set<KeycloakIdentityProvider> identityProviders;
-	private Set<String> eventsListeners;
+	private List<Users> users;
+	private List<Clients> clients;
+	private List<IdentityProviders> identityProviders;
+	private List<String> eventsListeners;
 	private boolean eventsEnabled;
 	private boolean adminEventsEnabled;
 	private boolean adminEventsDetailsEnabled;
 	//	private List<KeycloakClientScope> clientScopes;
 	//	private List<KeycloakAPIAuthenticationFlow> authenticationFlows;
 	//	private List<KeycloakAPIAuthenticatorConfig> authenticatorConfig;
-	//	private List<KeycloakAPIUserFederationProvider> userFederationProviders;
-	//	private List<KeycloakAPIUserFederationMapper> userFederationMappers;
+	//	private List<UsersFederationProvider> userFederationProviders;
+	//	private List<UsersFederationMapper> userFederationMappers;
 	//	private boolean registrationAllowed;
 	//	private boolean registrationEmailAsUsername;
 	//	private boolean editUsernameAllowed;
@@ -89,10 +92,10 @@ public KeycloakAPIRealmBuilder displayName(String displayName) {
 	/**
 	 * Set Keycloak users
 	 *
-	 * @param users A {@link Set} of {@link KeycloakAPIUser} instances
+	 * @param users A {@link Set} of {@link Users} instances
 	 * @return this
 	 */
-	public KeycloakAPIRealmBuilder users(Set<KeycloakAPIUser> users) {
+	public KeycloakAPIRealmBuilder users(List<Users> users) {
 		this.users = users;
 		return this;
 	}
@@ -100,12 +103,12 @@ public KeycloakAPIRealmBuilder users(Set<KeycloakAPIUser> users) {
 	/**
 	 * Add one Keycloak User
 	 *
-	 * @param user The {@link KeycloakAPIUser} instance representing the user that should be added
+	 * @param user The {@link Users} instance representing the user that should be added
 	 * @return this
 	 */
-	public KeycloakAPIRealmBuilder users(KeycloakAPIUser user) {
+	public KeycloakAPIRealmBuilder users(Users user) {
 		if (users == null) {
-			users = new HashSet<>();
+			users = new ArrayList<>();
 		}
 		users.add(user);
 		return this;
@@ -114,10 +117,10 @@ public KeycloakAPIRealmBuilder users(KeycloakAPIUser user) {
 	/**
 	 *  Set Keycloak Clients.
 	 *
-	 * @param clients A {@link Set} of {@link KeycloakAPIClient} instances
+	 * @param clients A {@link Set} of {@link Clients} instances
 	 * @return this
 	 */
-	public KeycloakAPIRealmBuilder clients(Set<KeycloakAPIClient> clients) {
+	public KeycloakAPIRealmBuilder clients(List<Clients> clients) {
 		this.clients = clients;
 		return this;
 	}
@@ -125,12 +128,12 @@ public KeycloakAPIRealmBuilder clients(Set<KeycloakAPIClient> clients) {
 	/**
 	 *  Add one Keycloak Client.
 	 *
-	 * @param client The {@link KeycloakAPIClient} instance representing the client that should be added
+	 * @param client The {@link Clients} instance representing the client that should be added
 	 * @return this
 	 */
-	public KeycloakAPIRealmBuilder clients(KeycloakAPIClient client) {
+	public KeycloakAPIRealmBuilder clients(Clients client) {
 		if (clients == null) {
-			clients = new HashSet<>();
+			clients = new ArrayList<>();
 		}
 		clients.add(client);
 		return this;
@@ -139,10 +142,10 @@ public KeycloakAPIRealmBuilder clients(KeycloakAPIClient client) {
 	/**
 	 * Set Identity Providers.
 	 *
-	 * @param identityProviders A {@link Set} of {@link KeycloakIdentityProvider} instances
+	 * @param identityProviders A {@link Set} of {@link IdentityProviders} instances
 	 * @return this
 	 */
-	public KeycloakAPIRealmBuilder identityProviders(Set<KeycloakIdentityProvider> identityProviders) {
+	public KeycloakAPIRealmBuilder identityProviders(List<IdentityProviders> identityProviders) {
 		this.identityProviders = identityProviders;
 		return this;
 	}
@@ -150,13 +153,13 @@ public KeycloakAPIRealmBuilder identityProviders(Set<KeycloakIdentityProvider> i
 	/**
 	 * Add one Identity Provider.
 	 *
-	 * @param identityProvider The {@link KeycloakIdentityProvider} instance representing the identity provider that
+	 * @param identityProvider The {@link IdentityProviders} instance representing the identity provider that
 	 *                         should be added
 	 * @return this
 	 */
-	public KeycloakAPIRealmBuilder identityProviders(KeycloakIdentityProvider identityProvider) {
+	public KeycloakAPIRealmBuilder identityProviders(IdentityProviders identityProvider) {
 		if (identityProviders == null) {
-			identityProviders = new HashSet<>();
+			identityProviders = new ArrayList<>();
 		}
 		identityProviders.add(identityProvider);
 		return this;
@@ -168,7 +171,7 @@ public KeycloakAPIRealmBuilder identityProviders(KeycloakIdentityProvider identi
 	 * @param eventsListeners A {@link Set} of events listeners
 	 * @return this
 	 */
-	public KeycloakAPIRealmBuilder eventsListeners(Set<String> eventsListeners) {
+	public KeycloakAPIRealmBuilder eventsListeners(List<String> eventsListeners) {
 		this.eventsListeners = eventsListeners;
 		return this;
 	}
@@ -182,7 +185,7 @@ public KeycloakAPIRealmBuilder eventsListeners(Set<String> eventsListeners) {
 	 */
 	public KeycloakAPIRealmBuilder eventsListeners(String eventsListener) {
 		if (eventsListeners == null) {
-			eventsListeners = new HashSet<>();
+			eventsListeners = new ArrayList<>();
 		}
 		eventsListeners.add(eventsListener);
 		return this;
@@ -281,7 +284,7 @@ public KeycloakAPIRealmBuilder adminEventsDetailsEnabled(boolean adminEventsDeta
 	//	/**
 	//	 * Point keycloak to an external user provider to validate credentials or pull in identity information.
 	//	 */
-	//	public KeycloakAPIRealmBuilder userFederationProviders(List<KeycloakAPIUserFederationProvider> userFederationProviders) {
+	//	public KeycloakAPIRealmBuilder userFederationProviders(List<UsersFederationProvider> userFederationProviders) {
 	//		this.userFederationProviders = userFederationProviders;
 	//		return this;
 	//	}
@@ -289,7 +292,7 @@ public KeycloakAPIRealmBuilder adminEventsDetailsEnabled(boolean adminEventsDeta
 	//	/**
 	//	 * Add external user provider to validate credentials or pull in identity information.
 	//	 */
-	//	public KeycloakAPIRealmBuilder userFederationProviders(KeycloakAPIUserFederationProvider userFederationProvider) {
+	//	public KeycloakAPIRealmBuilder userFederationProviders(UsersFederationProvider userFederationProvider) {
 	//		if (userFederationProviders == null) {
 	//			userFederationProviders = new ArrayList<>();
 	//		}
@@ -300,7 +303,7 @@ public KeycloakAPIRealmBuilder adminEventsDetailsEnabled(boolean adminEventsDeta
 	//	/**
 	//	 * User federation mappers are extension points triggered by the user federation at various points.
 	//	 */
-	//	public KeycloakAPIRealmBuilder userFederationMappers(List<KeycloakAPIUserFederationMapper> userFederationMappers) {
+	//	public KeycloakAPIRealmBuilder userFederationMappers(List<UsersFederationMapper> userFederationMappers) {
 	//		this.userFederationMappers = userFederationMappers;
 	//		return this;
 	//	}
@@ -309,7 +312,7 @@ public KeycloakAPIRealmBuilder adminEventsDetailsEnabled(boolean adminEventsDeta
 	//	 * Add user federation mapper. User federation mappers are extension points triggered by the user federation at
 	//	 * various points.
 	//	 */
-	//	public KeycloakAPIRealmBuilder userFederationMappers(KeycloakAPIUserFederationMapper userFederationMapper) {
+	//	public KeycloakAPIRealmBuilder userFederationMappers(UsersFederationMapper userFederationMapper) {
 	//		if (userFederationMappers == null) {
 	//			userFederationMappers = new ArrayList<>();
 	//		}
@@ -389,8 +392,8 @@ public KeycloakAPIRealmBuilder adminEventsDetailsEnabled(boolean adminEventsDeta
 	//		return this;
 	//	}
 
-	public KeycloakAPIRealm build() {
-		KeycloakAPIRealm keycloakAPIRealm = new KeycloakAPIRealm();
+	public Realm build() {
+		Realm keycloakAPIRealm = new Realm();
 		keycloakAPIRealm.setId(id);
 		keycloakAPIRealm.setRealm(realm);
 		keycloakAPIRealm.setEnabled(enabled);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationMapper.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationMapper.java
deleted file mode 100644
index f56e42666..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationMapper.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAPIUserFederationMapper {
-
-	/**
-	 * User federation mapper config.
-	 */
-	private Map<String, String> config;
-
-	private String name;
-
-	private String id;
-
-	private String federationMapperType;
-
-	/**
-	 * The displayName for the user federation provider this mapper applies to.
-	 */
-	private String federationProviderDisplayName;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationMapperBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationMapperBuilder.java
index 16a1bb57a..2c6d932e5 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationMapperBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationMapperBuilder.java
@@ -18,6 +18,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.UserFederationMappers;
+
 public final class KeycloakAPIUserFederationMapperBuilder {
 	private Map<String, String> config;
 	private String name;
@@ -95,8 +97,8 @@ public KeycloakAPIUserFederationMapperBuilder federationProviderDisplayName(Stri
 		return this;
 	}
 
-	public KeycloakAPIUserFederationMapper build() {
-		KeycloakAPIUserFederationMapper keycloakAPIUserFederationMapper = new KeycloakAPIUserFederationMapper();
+	public UserFederationMappers build() {
+		UserFederationMappers keycloakAPIUserFederationMapper = new UserFederationMappers();
 		keycloakAPIUserFederationMapper.setConfig(config);
 		keycloakAPIUserFederationMapper.setName(name);
 		keycloakAPIUserFederationMapper.setId(id);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationProvider.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationProvider.java
deleted file mode 100644
index ac9d4af46..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationProvider.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAPIUserFederationProvider {
-
-	/**
-	 * User federation provider config.
-	 */
-	private Map<String, String> config;
-
-	/**
-	 * The display name of this provider instance.
-	 */
-	private String displayName;
-
-	private int fullSyncPeriod;
-
-	/**
-	 * The ID of this provider.
-	 */
-	private String id;
-
-	/**
-	 * The priority of this provider when looking up users or adding a user.
-	 */
-	private int priority;
-
-	/**
-	 * The name of the user provider, such as "ldap", "kerberos" or a custom SPI.
-	 */
-	private String providerName;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationProviderBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationProviderBuilder.java
index 7e60d4b48..bbd6bac0c 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationProviderBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakAPIUserFederationProviderBuilder.java
@@ -18,6 +18,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.UserFederationProviders;
+
 public final class KeycloakAPIUserFederationProviderBuilder {
 	private Map<String, String> config;
 	private String displayName;
@@ -101,8 +103,8 @@ public KeycloakAPIUserFederationProviderBuilder providerName(String providerName
 		return this;
 	}
 
-	public KeycloakAPIUserFederationProvider build() {
-		KeycloakAPIUserFederationProvider keycloakAPIUserFederationProvider = new KeycloakAPIUserFederationProvider();
+	public UserFederationProviders build() {
+		UserFederationProviders keycloakAPIUserFederationProvider = new UserFederationProviders();
 		keycloakAPIUserFederationProvider.setConfig(config);
 		keycloakAPIUserFederationProvider.setDisplayName(displayName);
 		keycloakAPIUserFederationProvider.setFullSyncPeriod(fullSyncPeriod);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakClientScope.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakClientScope.java
deleted file mode 100644
index e7a4fa120..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakClientScope.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import java.util.List;
-import java.util.Map;
-
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec.KeycloakProtocolMapper;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakClientScope {
-
-	private Map<String, String> attributes;
-
-	private String description;
-
-	private String id;
-
-	private String name;
-
-	private String protocol;
-
-	/**
-	 * Protocol Mappers.
-	 */
-	private List<KeycloakProtocolMapper> protocolMappers;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakClientScopeBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakClientScopeBuilder.java
index d0dceef96..451fb0a98 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakClientScopeBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakClientScopeBuilder.java
@@ -19,7 +19,8 @@
 import java.util.List;
 import java.util.Map;
 
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.client.spec.KeycloakProtocolMapper;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.ClientScopes;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.clientscopes.ProtocolMappers;
 
 public final class KeycloakClientScopeBuilder {
 	private Map<String, String> attributes;
@@ -27,7 +28,7 @@ public final class KeycloakClientScopeBuilder {
 	private String id;
 	private String name;
 	private String protocol;
-	private List<KeycloakProtocolMapper> protocolMappers;
+	private List<ProtocolMappers> protocolMappers;
 
 	/**
 	 * Add a list of attributes.
@@ -105,13 +106,13 @@ public KeycloakClientScopeBuilder protocol(String protocol) {
 	 * @param protocolMappers A list of protocol mappers that should be used
 	 * @return this
 	 */
-	public KeycloakClientScopeBuilder protocolMappers(List<KeycloakProtocolMapper> protocolMappers) {
+	public KeycloakClientScopeBuilder protocolMappers(List<ProtocolMappers> protocolMappers) {
 		this.protocolMappers = protocolMappers;
 		return this;
 	}
 
-	public KeycloakClientScope build() {
-		KeycloakClientScope keycloakClientScope = new KeycloakClientScope();
+	public ClientScopes build() {
+		ClientScopes keycloakClientScope = new ClientScopes();
 		keycloakClientScope.setAttributes(attributes);
 		keycloakClientScope.setDescription(description);
 		keycloakClientScope.setId(id);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakIdentityProvider.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakIdentityProvider.java
deleted file mode 100644
index af3085312..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakIdentityProvider.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakIdentityProvider {
-
-	/**
-	 * Identity Provider Alias.
-	 */
-	private String alias;
-
-	/**
-	 * Identity Provider Display Name.
-	 */
-	private String displayName;
-
-	/**
-	 * Identity Provider Internal ID.
-	 */
-	private String internalId;
-
-	/**
-	 * Identity Provider ID.
-	 */
-	private String providerId;
-
-	/**
-	 * Identity Provider enabled flag.
-	 */
-	private boolean enabled;
-
-	/**
-	 * Identity Provider Trust Email.
-	 */
-	private boolean trustEmail;
-
-	/**
-	 * Identity Provider Store to Token.
-	 */
-	private boolean storeToken;
-
-	/**
-	 * Adds Read Token role when creating this Identity Provider.
-	 */
-	private boolean addReadTokenRoleOnCreate;
-
-	/**
-	 * Identity Provider First Broker Login Flow Alias.
-	 */
-	private String firstBrokerLoginFlowAlias;
-
-	/**
-	 * Identity Provider Post Broker Login Flow Alias.
-	 */
-	private String postBrokerLoginFlowAlias;
-
-	/**
-	 * Identity Provider Link Only setting.
-	 */
-	private boolean linkOnly;
-
-	/**
-	 * Identity Provider config.
-	 */
-	private Map<String, String> omitempty;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakIdentityProviderBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakIdentityProviderBuilder.java
index 8e56f934a..f9fc52edd 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakIdentityProviderBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakIdentityProviderBuilder.java
@@ -18,6 +18,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.IdentityProviders;
+
 public final class KeycloakIdentityProviderBuilder {
 	private String alias;
 	private String displayName;
@@ -179,8 +181,8 @@ public KeycloakIdentityProviderBuilder omitempty(String key, String value) {
 		return this;
 	}
 
-	public KeycloakIdentityProvider build() {
-		KeycloakIdentityProvider keycloakIdentityProvider = new KeycloakIdentityProvider();
+	public IdentityProviders build() {
+		IdentityProviders keycloakIdentityProvider = new IdentityProviders();
 		keycloakIdentityProvider.setAlias(alias);
 		keycloakIdentityProvider.setDisplayName(displayName);
 		keycloakIdentityProvider.setInternalId(internalId);
@@ -192,7 +194,7 @@ public KeycloakIdentityProvider build() {
 		keycloakIdentityProvider.setFirstBrokerLoginFlowAlias(firstBrokerLoginFlowAlias);
 		keycloakIdentityProvider.setPostBrokerLoginFlowAlias(postBrokerLoginFlowAlias);
 		keycloakIdentityProvider.setLinkOnly(linkOnly);
-		keycloakIdentityProvider.setOmitempty(omitempty);
+		///keycloakIdentityProvider.setOmitempty(omitempty);
 		return keycloakIdentityProvider;
 	}
 }
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakRealmSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakRealmSpec.java
deleted file mode 100644
index ea7c27e34..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/KeycloakRealmSpec.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import java.util.List;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.LabelSelector;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * KeycloakRealmSpec defines the desired state of KeycloakRealm.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakRealmSpec {
-
-	//	/**
-	//	 * When set to true, this KeycloakRealm will be marked as unmanaged and not be managed by this operator.
-	//	 * It can then be used for targeting purposes.
-	//	 */
-	//	private boolean unmanaged;
-
-	/**
-	 * Selector for looking up Keycloak Custom Resources.
-	 */
-	private LabelSelector instanceSelector;
-
-	/**
-	 * Keycloak Realm REST object.
-	 */
-	private KeycloakAPIRealm realm;
-
-	/**
-	 * A list of overrides to the default Realm behavior.
-	 */
-	private List<RedirectorIdentityProviderOverride> realmOverrides;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/RedirectorIdentityProviderOverride.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/RedirectorIdentityProviderOverride.java
deleted file mode 100644
index 99a305a88..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/RedirectorIdentityProviderOverride.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class RedirectorIdentityProviderOverride {
-
-	/**
-	 * Identity Provider to be overridden.
-	 */
-	private String identityProvider;
-
-	/**
-	 * Flow to be overridden.
-	 */
-	private String forFlow;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/RedirectorIdentityProviderOverrideBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/RedirectorIdentityProviderOverrideBuilder.java
index 91d3716bf..655e3b866 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/RedirectorIdentityProviderOverrideBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/spec/RedirectorIdentityProviderOverrideBuilder.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.spec;
 
+import org.keycloak.v1alpha1.keycloakrealmspec.RealmOverrides;
+
 public final class RedirectorIdentityProviderOverrideBuilder {
 	private String identityProvider;
 	private String forFlow;
@@ -41,8 +43,8 @@ public RedirectorIdentityProviderOverrideBuilder forFlow(String forFlow) {
 		return this;
 	}
 
-	public RedirectorIdentityProviderOverride build() {
-		RedirectorIdentityProviderOverride redirectorIdentityProviderOverride = new RedirectorIdentityProviderOverride();
+	public RealmOverrides build() {
+		RealmOverrides redirectorIdentityProviderOverride = new RealmOverrides();
 		redirectorIdentityProviderOverride.setIdentityProvider(identityProvider);
 		redirectorIdentityProviderOverride.setForFlow(forFlow);
 		return redirectorIdentityProviderOverride;
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/status/KeycloakRealmStatus.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/status/KeycloakRealmStatus.java
deleted file mode 100644
index 59ad13fd7..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/realm/status/KeycloakRealmStatus.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.realm.status;
-
-import java.util.List;
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * KeycloakRealmStatus defines the observed state of KeycloakRealm.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakRealmStatus {
-	/**
-	 * Current phase of the operator.
-	 */
-	private String phase;
-
-	/**
-	 * Human-readable message indicating details about current operator phase or error.
-	 */
-	private String message;
-
-	/**
-	 * True if all resources are in a ready state and all work is done.
-	 */
-	private boolean ready;
-
-	/**
-	 * A map of all the secondary resources types and names created for this CR.
-	 * e.g "Deployment": [ "DeploymentName1", "DeploymentName2" ].
-	 */
-	private Map<String, List<String>> secondaryResources;
-
-	private String loginURL;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUser.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUser.java
deleted file mode 100644
index 2da07a9fe..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUser.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user;
-
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec.KeycloakUserSpec;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.status.KeycloakUserStatus;
-import org.jboss.intersmash.tools.provision.openshift.operator.resources.OpenShiftResource;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.ObjectMeta;
-import io.fabric8.kubernetes.client.CustomResource;
-import io.fabric8.kubernetes.model.annotation.Group;
-import io.fabric8.kubernetes.model.annotation.Version;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * https://github.com/keycloak/keycloak-operator/blob/master/pkg/apis/keycloak/v1alpha1/keycloakuser_types.go
- * https://github.com/keycloak/keycloak-operator/blob/master/deploy/crds/keycloak.org_keycloakusers_crd.yaml
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-@Group("keycloak.org")
-@Version("v1alpha1")
-public class KeycloakUser extends CustomResource implements OpenShiftResource<KeycloakUser> {
-	/**
-	 * Standard object’s metadata.
-	 */
-	private ObjectMeta metadata;
-
-	/**
-	 * KeycloakUserSpec defines the desired state of KeycloakUser.
-	 */
-	private KeycloakUserSpec spec;
-
-	/**
-	 * KeycloakUserStatus defines the observed state of KeycloakUser.
-	 */
-	private KeycloakUserStatus status;
-
-	@Override
-	public KeycloakUser load(KeycloakUser loaded) {
-		this.setMetadata(loaded.getMetadata());
-		this.setSpec(loaded.getSpec());
-		return this;
-	}
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUserBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUserBuilder.java
index f65cabbeb..2b2bc199e 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUserBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUserBuilder.java
@@ -17,17 +17,18 @@
 
 import java.util.Map;
 
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec.KeycloakAPIUser;
-import org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec.KeycloakUserSpec;
+import org.keycloak.v1alpha1.KeycloakUser;
+import org.keycloak.v1alpha1.KeycloakUserSpec;
+import org.keycloak.v1alpha1.keycloakuserspec.RealmSelector;
+import org.keycloak.v1alpha1.keycloakuserspec.User;
 
-import io.fabric8.kubernetes.api.model.LabelSelector;
 import io.fabric8.kubernetes.api.model.ObjectMeta;
 
 public final class KeycloakUserBuilder {
 	private String name;
 	private Map<String, String> labels;
-	private LabelSelector realmSelector;
-	private KeycloakAPIUser user;
+	private RealmSelector realmSelector;
+	private User user;
 
 	/**
 	 * Initialize the {@link KeycloakUserBuilder} with given resource name.
@@ -55,7 +56,7 @@ public KeycloakUserBuilder(String name, Map<String, String> labels) {
 	 * @param realmSelector The selector for looking up KeycloakRealm Custom Resources
 	 * @return this
 	 */
-	public KeycloakUserBuilder realmSelector(LabelSelector realmSelector) {
+	public KeycloakUserBuilder realmSelector(RealmSelector realmSelector) {
 		this.realmSelector = realmSelector;
 		return this;
 	}
@@ -66,7 +67,7 @@ public KeycloakUserBuilder realmSelector(LabelSelector realmSelector) {
 	 * @param user The Keycloak User REST object.
 	 * @return this
 	 */
-	public KeycloakUserBuilder user(KeycloakAPIUser user) {
+	public KeycloakUserBuilder user(User user) {
 		this.user = user;
 		return this;
 	}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUserList.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUserList.java
index 7a4b1fa2a..b723a1f4d 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUserList.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/KeycloakUserList.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user;
 
+import org.keycloak.v1alpha1.KeycloakUser;
+
 import io.fabric8.kubernetes.client.CustomResourceList;
 
 public class KeycloakUserList extends CustomResourceList<KeycloakUser> {
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/FederatedIdentity.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/FederatedIdentity.java
deleted file mode 100644
index fb2887d2a..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/FederatedIdentity.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class FederatedIdentity {
-
-	/**
-	 * Federated Identity Provider.
-	 */
-	private String identityProvider;
-
-	/**
-	 * Federated Identity User ID.
-	 */
-	private String userId;
-
-	/**
-	 * Federated Identity User Name.
-	 */
-	private String userName;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/FederatedIdentityBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/FederatedIdentityBuilder.java
index 93ff69535..e6239ee2f 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/FederatedIdentityBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/FederatedIdentityBuilder.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec;
 
+import org.keycloak.v1alpha1.keycloakuserspec.user.FederatedIdentities;
+
 public final class FederatedIdentityBuilder {
 	private String identityProvider;
 	private String userId;
@@ -53,8 +55,8 @@ public FederatedIdentityBuilder userName(String userName) {
 		return this;
 	}
 
-	public FederatedIdentity build() {
-		FederatedIdentity federatedIdentity = new FederatedIdentity();
+	public FederatedIdentities build() {
+		FederatedIdentities federatedIdentity = new FederatedIdentities();
 		federatedIdentity.setIdentityProvider(identityProvider);
 		federatedIdentity.setUserId(userId);
 		federatedIdentity.setUserName(userName);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakAPIUser.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakAPIUser.java
deleted file mode 100644
index eb889b6ad..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakAPIUser.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakAPIUser {
-
-	/**
-	 * User ID.
-	 */
-	private String id;
-
-	/**
-	 * User Name.
-	 */
-	private String username;
-
-	/**
-	 * First Name.
-	 */
-	private String firstName;
-
-	/**
-	 * Last Name.
-	 */
-	private String lastName;
-
-	/**
-	 * Email.
-	 */
-	private String email;
-
-	/**
-	 * True if email has already been verified.
-	 */
-	private boolean emailVerified;
-
-	/**
-	 * User enabled flag.
-	 */
-	private boolean enabled;
-
-	/**
-	 * A set of Realm Roles.
-	 */
-	private Set<String> realmRoles;
-
-	/**
-	 * A set of Client Roles.
-	 */
-	private Map<String, List<String>> clientRoles;
-
-	/**
-	 * A set of Required Actions
-	 */
-	private Set<String> requiredActions;
-
-	/**
-	 * A set of Groups.
-	 */
-	private Set<String> groups;
-
-	/**
-	 * A set of Federated Identities.
-	 */
-	private Set<FederatedIdentity> federatedIdentities;
-
-	/**
-	 * A set of Credentials.
-	 */
-	private Set<KeycloakCredential> credentials;
-
-	//	/**
-	//	 * A set of Attributes.
-	//	 */
-	//	private Map<String, List<String>> attributes;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakAPIUserBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakAPIUserBuilder.java
index 10aa32dc8..2ea7f43e8 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakAPIUserBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakAPIUserBuilder.java
@@ -15,11 +15,14 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec;
 
+import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
+
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.Users;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.users.Credentials;
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.users.FederatedIdentities;
 
 public final class KeycloakAPIUserBuilder {
 	private String id;
@@ -29,12 +32,12 @@ public final class KeycloakAPIUserBuilder {
 	private String email;
 	private boolean emailVerified;
 	private boolean enabled;
-	private Set<String> realmRoles;
+	private List<String> realmRoles;
 	private Map<String, List<String>> clientRoles;
-	private Set<String> requiredActions;
-	private Set<String> groups;
-	private Set<FederatedIdentity> federatedIdentities;
-	private Set<KeycloakCredential> credentials;
+	private List<String> requiredActions;
+	private List<String> groups;
+	private List<FederatedIdentities> federatedIdentities;
+	private List<Credentials> credentials;
 	//	private Map<String, List<String>> attributes;
 
 	/**
@@ -120,7 +123,7 @@ public KeycloakAPIUserBuilder enabled(boolean enabled) {
 	 * @param realmRoles A set of Realm Roles that should be added the user
 	 * @return this
 	 */
-	public KeycloakAPIUserBuilder realmRoles(Set<String> realmRoles) {
+	public KeycloakAPIUserBuilder realmRoles(List<String> realmRoles) {
 		this.realmRoles = realmRoles;
 		return this;
 	}
@@ -133,7 +136,7 @@ public KeycloakAPIUserBuilder realmRoles(Set<String> realmRoles) {
 	 */
 	public KeycloakAPIUserBuilder realmRoles(String realmRole) {
 		if (realmRoles == null) {
-			realmRoles = new HashSet<>();
+			realmRoles = new ArrayList<>();
 		}
 		realmRoles.add(realmRole);
 		return this;
@@ -171,7 +174,7 @@ public KeycloakAPIUserBuilder clientRole(String clientRole, List<String> additio
 	 * @param requiredActions A set of Required Actions that should be added the user
 	 * @return this
 	 */
-	public KeycloakAPIUserBuilder requiredActions(Set<String> requiredActions) {
+	public KeycloakAPIUserBuilder requiredActions(List<String> requiredActions) {
 		this.requiredActions = requiredActions;
 		return this;
 	}
@@ -184,7 +187,7 @@ public KeycloakAPIUserBuilder requiredActions(Set<String> requiredActions) {
 	 */
 	public KeycloakAPIUserBuilder requiredActions(String requiredAction) {
 		if (requiredActions == null) {
-			requiredActions = new HashSet<>();
+			requiredActions = new ArrayList<>();
 		}
 		requiredActions.add(requiredAction);
 		return this;
@@ -196,7 +199,7 @@ public KeycloakAPIUserBuilder requiredActions(String requiredAction) {
 	 * @param groups A set of Groups that should be added the user
 	 * @return this
 	 */
-	public KeycloakAPIUserBuilder groups(Set<String> groups) {
+	public KeycloakAPIUserBuilder groups(List<String> groups) {
 		this.groups = groups;
 		return this;
 	}
@@ -209,7 +212,7 @@ public KeycloakAPIUserBuilder groups(Set<String> groups) {
 	 */
 	public KeycloakAPIUserBuilder groups(String group) {
 		if (groups == null) {
-			groups = new HashSet<>();
+			groups = new ArrayList<>();
 		}
 		groups.add(group);
 		return this;
@@ -221,7 +224,7 @@ public KeycloakAPIUserBuilder groups(String group) {
 	 * @param federatedIdentities A set of Federated Identities that should be added the user
 	 * @return this
 	 */
-	public KeycloakAPIUserBuilder federatedIdentities(Set<FederatedIdentity> federatedIdentities) {
+	public KeycloakAPIUserBuilder federatedIdentities(List<FederatedIdentities> federatedIdentities) {
 		this.federatedIdentities = federatedIdentities;
 		return this;
 	}
@@ -232,9 +235,9 @@ public KeycloakAPIUserBuilder federatedIdentities(Set<FederatedIdentity> federat
 	 * @param federatedIdentity The Federated Identity that should be added to the user ones
 	 * @return this
 	 */
-	public KeycloakAPIUserBuilder federatedIdentities(FederatedIdentity federatedIdentity) {
+	public KeycloakAPIUserBuilder federatedIdentities(FederatedIdentities federatedIdentity) {
 		if (federatedIdentities == null) {
-			federatedIdentities = new HashSet<>();
+			federatedIdentities = new ArrayList<>();
 		}
 		federatedIdentities.add(federatedIdentity);
 		return this;
@@ -246,7 +249,7 @@ public KeycloakAPIUserBuilder federatedIdentities(FederatedIdentity federatedIde
 	 * @param credentials A set of credential that should be added the user
 	 * @return this
 	 */
-	public KeycloakAPIUserBuilder credentials(Set<KeycloakCredential> credentials) {
+	public KeycloakAPIUserBuilder credentials(List<Credentials> credentials) {
 		this.credentials = credentials;
 		return this;
 	}
@@ -257,9 +260,9 @@ public KeycloakAPIUserBuilder credentials(Set<KeycloakCredential> credentials) {
 	 * @param credential The credential that should be added to the user ones
 	 * @return this
 	 */
-	public KeycloakAPIUserBuilder credentials(KeycloakCredential credential) {
+	public KeycloakAPIUserBuilder credentials(Credentials credential) {
 		if (credentials == null) {
-			credentials = new HashSet<>();
+			credentials = new ArrayList<>();
 		}
 		credentials.add(credential);
 		return this;
@@ -284,8 +287,8 @@ public KeycloakAPIUserBuilder credentials(KeycloakCredential credential) {
 	//		return this;
 	//	}
 
-	public KeycloakAPIUser build() {
-		KeycloakAPIUser keycloakAPIUser = new KeycloakAPIUser();
+	public Users build() {
+		Users keycloakAPIUser = new Users();
 		keycloakAPIUser.setId(id);
 		keycloakAPIUser.setUsername(username);
 		keycloakAPIUser.setFirstName(firstName);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakCredential.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakCredential.java
deleted file mode 100644
index 30f1dd0af..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakCredential.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakCredential {
-
-	/**
-	 * Credential Type.
-	 */
-	private String type;
-
-	/**
-	 * Credential Value.
-	 */
-	private String value;
-
-	/**
-	 * True if this credential object is temporary.
-	 */
-	private boolean temporary;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakCredentialBuilder.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakCredentialBuilder.java
index 3ab568d42..145b53e85 100644
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakCredentialBuilder.java
+++ b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakCredentialBuilder.java
@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec;
 
+import org.keycloak.v1alpha1.keycloakrealmspec.realm.users.Credentials;
+
 public final class KeycloakCredentialBuilder {
 	private String type;
 	private String value;
@@ -53,8 +55,8 @@ public KeycloakCredentialBuilder temporary(boolean temporary) {
 		return this;
 	}
 
-	public KeycloakCredential build() {
-		KeycloakCredential keycloakCredential = new KeycloakCredential();
+	public Credentials build() {
+		Credentials keycloakCredential = new Credentials();
 		keycloakCredential.setType(type);
 		keycloakCredential.setValue(value);
 		keycloakCredential.setTemporary(temporary);
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakUserSpec.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakUserSpec.java
deleted file mode 100644
index 9ed9d90c9..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/spec/KeycloakUserSpec.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.spec;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.fabric8.kubernetes.api.model.LabelSelector;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * KeycloakUserSpec defines the desired state of KeycloakUser.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakUserSpec {
-	/**
-	 * Selector for looking up KeycloakRealm Custom Resources.
-	 */
-	private LabelSelector realmSelector;
-
-	/**
-	 * Keycloak User REST object.
-	 */
-	private KeycloakAPIUser user;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/status/KeycloakUserStatus.java b/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/status/KeycloakUserStatus.java
deleted file mode 100644
index 780bd8550..000000000
--- a/tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/operator/keycloak/user/status/KeycloakUserStatus.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Copyright (C) 2023 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jboss.intersmash.tools.provision.openshift.operator.keycloak.user.status;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonInclude;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
-
-/**
- * KeycloakUserStatus defines the observed state of KeycloakUser.
- */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonIgnoreProperties(ignoreUnknown = true)
-@Getter
-@Setter
-@EqualsAndHashCode
-@ToString
-public class KeycloakUserStatus {
-
-	/**
-	 * Human-readable message indicating details about current operator phase or error.
-	 */
-	private String message;
-
-	/**
-	 * Current phase of the operator.
-	 */
-	private String phase;
-}
diff --git a/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakbackups_crd.yaml b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakbackups_crd.yaml
new file mode 100644
index 000000000..b002f0fbc
--- /dev/null
+++ b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakbackups_crd.yaml
@@ -0,0 +1,153 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: keycloakbackups.keycloak.org
+spec:
+  group: keycloak.org
+  names:
+    kind: KeycloakBackup
+    listKind: KeycloakBackupList
+    plural: keycloakbackups
+    singular: keycloakbackup
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: KeycloakBackup is the Schema for the keycloakbackups API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KeycloakBackupSpec defines the desired state of KeycloakBackup.
+            properties:
+              aws:
+                description: If provided, an automatic database backup will be created
+                  on AWS S3 instead of a local Persistent Volume. If this property
+                  is not provided - a local Persistent Volume backup will be chosen.
+                properties:
+                  credentialsSecretName:
+                    description: "Provides a secret name used for connecting to AWS
+                      S3 Service. The secret needs to be in the following form: \n
+                      \    apiVersion: v1     kind: Secret     metadata:       name:
+                      <Secret name>     type: Opaque     stringData:       AWS_S3_BUCKET_NAME:
+                      <S3 Bucket Name>       AWS_ACCESS_KEY_ID: <AWS Access Key ID>
+                      \      AWS_SECRET_ACCESS_KEY: <AWS Secret Key> \n For more information,
+                      please refer to the Operator documentation."
+                    type: string
+                  encryptionKeySecretName:
+                    description: "If provided, the database backup will be encrypted.
+                      Provides a secret name used for encrypting database data. The
+                      secret needs to be in the following form: \n     apiVersion:
+                      v1     kind: Secret     metadata:       name: <Secret name>
+                      \    type: Opaque     stringData:       GPG_PUBLIC_KEY: <GPG
+                      Public Key>       GPG_TRUST_MODEL: <GPG Trust Model>       GPG_RECIPIENT:
+                      <GPG Recipient> \n For more information, please refer to the
+                      Operator documentation."
+                    type: string
+                  schedule:
+                    description: If specified, it will be used as a schedule for creating
+                      a CronJob.
+                    type: string
+                type: object
+              instanceSelector:
+                description: Selector for looking up Keycloak Custom Resources.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+              restore:
+                description: "Controls automatic restore behavior. Currently not implemented.
+                  \n In the future this will be used to trigger automatic restore
+                  for a given KeycloakBackup. Each backup will correspond to a single
+                  snapshot of the database (stored either in a Persistent Volume or
+                  AWS). If a user wants to restore it, all he/she needs to do is to
+                  change this flag to true. Potentially, it will be possible to restore
+                  a single backup multiple times."
+                type: boolean
+              storageClassName:
+                description: Name of the StorageClass for Postgresql Backup Persistent
+                  Volume Claim
+                type: string
+            type: object
+          status:
+            description: KeycloakBackupStatus defines the observed state of KeycloakBackup.
+            properties:
+              message:
+                description: Human-readable message indicating details about current
+                  operator phase or error.
+                type: string
+              phase:
+                description: Current phase of the operator.
+                type: string
+              ready:
+                description: True if all resources are in a ready state and all work
+                  is done.
+                type: boolean
+              secondaryResources:
+                additionalProperties:
+                  items:
+                    type: string
+                  type: array
+                description: 'A map of all the secondary resources types and names
+                  created for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2"
+                  ]'
+                type: object
+            required:
+            - message
+            - phase
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakclients_crd.yaml b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakclients_crd.yaml
new file mode 100644
index 000000000..551e6f510
--- /dev/null
+++ b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakclients_crd.yaml
@@ -0,0 +1,848 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: keycloakclients.keycloak.org
+spec:
+  group: keycloak.org
+  names:
+    kind: KeycloakClient
+    listKind: KeycloakClientList
+    plural: keycloakclients
+    singular: keycloakclient
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: KeycloakClient is the Schema for the keycloakclients API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KeycloakClientSpec defines the desired state of KeycloakClient.
+            properties:
+              client:
+                description: Keycloak Client REST object.
+                properties:
+                  access:
+                    additionalProperties:
+                      type: boolean
+                    description: Access options.
+                    type: object
+                  adminUrl:
+                    description: Application Admin URL.
+                    type: string
+                  attributes:
+                    additionalProperties:
+                      type: string
+                    description: Client Attributes.
+                    type: object
+                  authenticationFlowBindingOverrides:
+                    additionalProperties:
+                      type: string
+                    description: Authentication Flow Binding Overrides.
+                    type: object
+                  authorizationServicesEnabled:
+                    description: True if fine-grained authorization support is enabled
+                      for this client.
+                    type: boolean
+                  authorizationSettings:
+                    description: Authorization settings for this resource server.
+                    properties:
+                      allowRemoteResourceManagement:
+                        description: True if resources should be managed remotely
+                          by the resource server.
+                        type: boolean
+                      clientId:
+                        description: Client ID.
+                        type: string
+                      decisionStrategy:
+                        description: The decision strategy dictates how permissions
+                          are evaluated and how a final decision is obtained. 'Affirmative'
+                          means that at least one permission must evaluate to a positive
+                          decision in order to grant access to a resource and its
+                          scopes. 'Unanimous' means that all permissions must evaluate
+                          to a positive decision in order for the final decision to
+                          be also positive.
+                        type: string
+                      id:
+                        description: ID.
+                        type: string
+                      name:
+                        description: Name.
+                        type: string
+                      policies:
+                        description: Policies.
+                        items:
+                          description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_policyrepresentation
+                          properties:
+                            config:
+                              additionalProperties:
+                                type: string
+                              description: Config.
+                              type: object
+                            decisionStrategy:
+                              description: The decision strategy dictates how the
+                                policies associated with a given permission are evaluated
+                                and how a final decision is obtained. 'Affirmative'
+                                means that at least one policy must evaluate to a
+                                positive decision in order for the final decision
+                                to be also positive. 'Unanimous' means that all policies
+                                must evaluate to a positive decision in order for
+                                the final decision to be also positive. 'Consensus'
+                                means that the number of positive decisions must be
+                                greater than the number of negative decisions. If
+                                the number of positive and negative is the same, the
+                                final decision will be negative.
+                              type: string
+                            description:
+                              description: A description for this policy.
+                              type: string
+                            id:
+                              description: ID.
+                              type: string
+                            logic:
+                              description: The logic dictates how the policy decision
+                                should be made. If 'Positive', the resulting effect
+                                (permit or deny) obtained during the evaluation of
+                                this policy will be used to perform a decision. If
+                                'Negative', the resulting effect will be negated,
+                                in other words, a permit becomes a deny and vice-versa.
+                              type: string
+                            name:
+                              description: The name of this policy.
+                              type: string
+                            owner:
+                              description: Owner.
+                              type: string
+                            policies:
+                              description: Policies.
+                              items:
+                                type: string
+                              type: array
+                            resources:
+                              description: Resources.
+                              items:
+                                type: string
+                              type: array
+                            resourcesData:
+                              description: Resources Data.
+                              items:
+                                description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_resourcerepresentation
+                                properties:
+                                  _id:
+                                    description: ID.
+                                    type: string
+                                  attributes:
+                                    additionalProperties:
+                                      type: string
+                                    description: The attributes associated with the
+                                      resource.
+                                    type: object
+                                  displayName:
+                                    description: A unique name for this resource.
+                                      The name can be used to uniquely identify a
+                                      resource, useful when querying for a specific
+                                      resource.
+                                    type: string
+                                  icon_uri:
+                                    description: An URI pointing to an icon.
+                                    type: string
+                                  name:
+                                    description: A unique name for this resource.
+                                      The name can be used to uniquely identify a
+                                      resource, useful when querying for a specific
+                                      resource.
+                                    type: string
+                                  ownerManagedAccess:
+                                    description: True if the access to this resource
+                                      can be managed by the resource owner.
+                                    type: boolean
+                                  scopes:
+                                    description: The scopes associated with this resource.
+                                    items:
+                                      x-kubernetes-preserve-unknown-fields: true
+                                    type: array
+                                  type:
+                                    description: The type of this resource. It can
+                                      be used to group different resource instances
+                                      with the same type.
+                                    type: string
+                                  uris:
+                                    description: Set of URIs which are protected by
+                                      resource.
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              type: array
+                            scopes:
+                              description: Scopes.
+                              items:
+                                type: string
+                              type: array
+                            scopesData:
+                              description: Scopes Data.
+                              items:
+                                x-kubernetes-preserve-unknown-fields: true
+                              type: array
+                            type:
+                              description: Type.
+                              type: string
+                          type: object
+                        type: array
+                      policyEnforcementMode:
+                        description: The policy enforcement mode dictates how policies
+                          are enforced when evaluating authorization requests. 'Enforcing'
+                          means requests are denied by default even when there is
+                          no policy associated with a given resource. 'Permissive'
+                          means requests are allowed even when there is no policy
+                          associated with a given resource. 'Disabled' completely
+                          disables the evaluation of policies and allows access to
+                          any resource.
+                        type: string
+                      resources:
+                        description: Resources.
+                        items:
+                          description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_resourcerepresentation
+                          properties:
+                            _id:
+                              description: ID.
+                              type: string
+                            attributes:
+                              additionalProperties:
+                                type: string
+                              description: The attributes associated with the resource.
+                              type: object
+                            displayName:
+                              description: A unique name for this resource. The name
+                                can be used to uniquely identify a resource, useful
+                                when querying for a specific resource.
+                              type: string
+                            icon_uri:
+                              description: An URI pointing to an icon.
+                              type: string
+                            name:
+                              description: A unique name for this resource. The name
+                                can be used to uniquely identify a resource, useful
+                                when querying for a specific resource.
+                              type: string
+                            ownerManagedAccess:
+                              description: True if the access to this resource can
+                                be managed by the resource owner.
+                              type: boolean
+                            scopes:
+                              description: The scopes associated with this resource.
+                              items:
+                                x-kubernetes-preserve-unknown-fields: true
+                              type: array
+                            type:
+                              description: The type of this resource. It can be used
+                                to group different resource instances with the same
+                                type.
+                              type: string
+                            uris:
+                              description: Set of URIs which are protected by resource.
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        type: array
+                      scopes:
+                        description: Authorization Scopes.
+                        items:
+                          description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_scoperepresentation
+                          properties:
+                            displayName:
+                              description: A unique name for this scope. The name
+                                can be used to uniquely identify a scope, useful when
+                                querying for a specific scope.
+                              type: string
+                            iconUri:
+                              description: An URI pointing to an icon.
+                              type: string
+                            id:
+                              description: ID.
+                              type: string
+                            name:
+                              description: A unique name for this scope. The name
+                                can be used to uniquely identify a scope, useful when
+                                querying for a specific scope.
+                              type: string
+                            policies:
+                              description: Policies.
+                              items:
+                                description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_policyrepresentation
+                                properties:
+                                  config:
+                                    additionalProperties:
+                                      type: string
+                                    description: Config.
+                                    type: object
+                                  decisionStrategy:
+                                    description: The decision strategy dictates how
+                                      the policies associated with a given permission
+                                      are evaluated and how a final decision is obtained.
+                                      'Affirmative' means that at least one policy
+                                      must evaluate to a positive decision in order
+                                      for the final decision to be also positive.
+                                      'Unanimous' means that all policies must evaluate
+                                      to a positive decision in order for the final
+                                      decision to be also positive. 'Consensus' means
+                                      that the number of positive decisions must be
+                                      greater than the number of negative decisions.
+                                      If the number of positive and negative is the
+                                      same, the final decision will be negative.
+                                    type: string
+                                  description:
+                                    description: A description for this policy.
+                                    type: string
+                                  id:
+                                    description: ID.
+                                    type: string
+                                  logic:
+                                    description: The logic dictates how the policy
+                                      decision should be made. If 'Positive', the
+                                      resulting effect (permit or deny) obtained during
+                                      the evaluation of this policy will be used to
+                                      perform a decision. If 'Negative', the resulting
+                                      effect will be negated, in other words, a permit
+                                      becomes a deny and vice-versa.
+                                    type: string
+                                  name:
+                                    description: The name of this policy.
+                                    type: string
+                                  owner:
+                                    description: Owner.
+                                    type: string
+                                  policies:
+                                    description: Policies.
+                                    items:
+                                      type: string
+                                    type: array
+                                  resources:
+                                    description: Resources.
+                                    items:
+                                      type: string
+                                    type: array
+                                  resourcesData:
+                                    description: Resources Data.
+                                    items:
+                                      description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_resourcerepresentation
+                                      properties:
+                                        _id:
+                                          description: ID.
+                                          type: string
+                                        attributes:
+                                          additionalProperties:
+                                            type: string
+                                          description: The attributes associated with
+                                            the resource.
+                                          type: object
+                                        displayName:
+                                          description: A unique name for this resource.
+                                            The name can be used to uniquely identify
+                                            a resource, useful when querying for a
+                                            specific resource.
+                                          type: string
+                                        icon_uri:
+                                          description: An URI pointing to an icon.
+                                          type: string
+                                        name:
+                                          description: A unique name for this resource.
+                                            The name can be used to uniquely identify
+                                            a resource, useful when querying for a
+                                            specific resource.
+                                          type: string
+                                        ownerManagedAccess:
+                                          description: True if the access to this
+                                            resource can be managed by the resource
+                                            owner.
+                                          type: boolean
+                                        scopes:
+                                          description: The scopes associated with
+                                            this resource.
+                                          items:
+                                            x-kubernetes-preserve-unknown-fields: true
+                                          type: array
+                                        type:
+                                          description: The type of this resource.
+                                            It can be used to group different resource
+                                            instances with the same type.
+                                          type: string
+                                        uris:
+                                          description: Set of URIs which are protected
+                                            by resource.
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    type: array
+                                  scopes:
+                                    description: Scopes.
+                                    items:
+                                      type: string
+                                    type: array
+                                  scopesData:
+                                    description: Scopes Data.
+                                    items:
+                                      x-kubernetes-preserve-unknown-fields: true
+                                    type: array
+                                  type:
+                                    description: Type.
+                                    type: string
+                                type: object
+                              type: array
+                            resources:
+                              description: Resources.
+                              items:
+                                description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_resourcerepresentation
+                                properties:
+                                  _id:
+                                    description: ID.
+                                    type: string
+                                  attributes:
+                                    additionalProperties:
+                                      type: string
+                                    description: The attributes associated with the
+                                      resource.
+                                    type: object
+                                  displayName:
+                                    description: A unique name for this resource.
+                                      The name can be used to uniquely identify a
+                                      resource, useful when querying for a specific
+                                      resource.
+                                    type: string
+                                  icon_uri:
+                                    description: An URI pointing to an icon.
+                                    type: string
+                                  name:
+                                    description: A unique name for this resource.
+                                      The name can be used to uniquely identify a
+                                      resource, useful when querying for a specific
+                                      resource.
+                                    type: string
+                                  ownerManagedAccess:
+                                    description: True if the access to this resource
+                                      can be managed by the resource owner.
+                                    type: boolean
+                                  scopes:
+                                    description: The scopes associated with this resource.
+                                    items:
+                                      x-kubernetes-preserve-unknown-fields: true
+                                    type: array
+                                  type:
+                                    description: The type of this resource. It can
+                                      be used to group different resource instances
+                                      with the same type.
+                                    type: string
+                                  uris:
+                                    description: Set of URIs which are protected by
+                                      resource.
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              type: array
+                          type: object
+                        type: array
+                    type: object
+                  baseUrl:
+                    description: Application base URL.
+                    type: string
+                  bearerOnly:
+                    description: True if a client supports only Bearer Tokens.
+                    type: boolean
+                  clientAuthenticatorType:
+                    description: What Client authentication type to use.
+                    type: string
+                  clientId:
+                    description: Client ID.
+                    type: string
+                  consentRequired:
+                    description: True if Consent Screen is required.
+                    type: boolean
+                  defaultClientScopes:
+                    description: A list of default client scopes. Default client scopes
+                      are always applied when issuing OpenID Connect tokens or SAML
+                      assertions for this client.
+                    items:
+                      type: string
+                    type: array
+                  defaultRoles:
+                    description: Default Client roles.
+                    items:
+                      type: string
+                    type: array
+                  description:
+                    description: Client description.
+                    type: string
+                  directAccessGrantsEnabled:
+                    description: True if Direct Grant is enabled.
+                    type: boolean
+                  enabled:
+                    description: Client enabled flag.
+                    type: boolean
+                  frontchannelLogout:
+                    description: True if this client supports Front Channel logout.
+                    type: boolean
+                  fullScopeAllowed:
+                    description: True if Full Scope is allowed.
+                    type: boolean
+                  id:
+                    description: Client ID. If not specified, automatically generated.
+                    type: string
+                  implicitFlowEnabled:
+                    description: True if Implicit flow is enabled.
+                    type: boolean
+                  name:
+                    description: Client name.
+                    type: string
+                  nodeReRegistrationTimeout:
+                    description: Node registration timeout.
+                    type: integer
+                  notBefore:
+                    description: Not Before setting.
+                    type: integer
+                  optionalClientScopes:
+                    description: A list of optional client scopes. Optional client
+                      scopes are applied when issuing tokens for this client, but
+                      only when they are requested by the scope parameter in the OpenID
+                      Connect authorization request.
+                    items:
+                      type: string
+                    type: array
+                  protocol:
+                    description: Protocol used for this Client.
+                    type: string
+                  protocolMappers:
+                    description: Protocol Mappers.
+                    items:
+                      properties:
+                        config:
+                          additionalProperties:
+                            type: string
+                          description: Config options.
+                          type: object
+                        consentRequired:
+                          description: True if Consent Screen is required.
+                          type: boolean
+                        consentText:
+                          description: Text to use for displaying Consent Screen.
+                          type: string
+                        id:
+                          description: Protocol Mapper ID.
+                          type: string
+                        name:
+                          description: Protocol Mapper Name.
+                          type: string
+                        protocol:
+                          description: Protocol to use.
+                          type: string
+                        protocolMapper:
+                          description: Protocol Mapper to use
+                          type: string
+                      type: object
+                    type: array
+                  publicClient:
+                    description: True if this is a public Client.
+                    type: boolean
+                  redirectUris:
+                    description: A list of valid Redirection URLs.
+                    items:
+                      type: string
+                    type: array
+                  rootUrl:
+                    description: Application root URL.
+                    type: string
+                  secret:
+                    description: Client Secret. The Operator will automatically create
+                      a Secret based on this value.
+                    type: string
+                  serviceAccountsEnabled:
+                    description: True if Service Accounts are enabled.
+                    type: boolean
+                  standardFlowEnabled:
+                    description: True if Standard flow is enabled.
+                    type: boolean
+                  surrogateAuthRequired:
+                    description: Surrogate Authentication Required option.
+                    type: boolean
+                  useTemplateConfig:
+                    description: True to use a Template Config.
+                    type: boolean
+                  useTemplateMappers:
+                    description: True to use Template Mappers.
+                    type: boolean
+                  useTemplateScope:
+                    description: True to use Template Scope.
+                    type: boolean
+                  webOrigins:
+                    description: A list of valid Web Origins.
+                    items:
+                      type: string
+                    type: array
+                required:
+                - clientId
+                type: object
+              realmSelector:
+                description: Selector for looking up KeycloakRealm Custom Resources.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+              roles:
+                description: Client Roles
+                items:
+                  description: https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_rolerepresentation
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        items:
+                          type: string
+                        type: array
+                      description: Role Attributes
+                      type: object
+                    clientRole:
+                      description: Client Role
+                      type: boolean
+                    composite:
+                      description: Composite
+                      type: boolean
+                    composites:
+                      description: Composites
+                      properties:
+                        client:
+                          additionalProperties:
+                            items:
+                              type: string
+                            type: array
+                          description: Map client => []role
+                          type: object
+                        realm:
+                          description: Realm roles
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    containerId:
+                      description: Container Id
+                      type: string
+                    description:
+                      description: Description
+                      type: string
+                    id:
+                      description: Id
+                      type: string
+                    name:
+                      description: Name
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - name
+                x-kubernetes-list-type: map
+              scopeMappings:
+                description: Scope Mappings
+                properties:
+                  clientMappings:
+                    additionalProperties:
+                      description: https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_clientmappingsrepresentation
+                      properties:
+                        client:
+                          description: Client
+                          type: string
+                        id:
+                          description: ID
+                          type: string
+                        mappings:
+                          description: Mappings
+                          items:
+                            description: https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_rolerepresentation
+                            properties:
+                              attributes:
+                                additionalProperties:
+                                  items:
+                                    type: string
+                                  type: array
+                                description: Role Attributes
+                                type: object
+                              clientRole:
+                                description: Client Role
+                                type: boolean
+                              composite:
+                                description: Composite
+                                type: boolean
+                              composites:
+                                description: Composites
+                                properties:
+                                  client:
+                                    additionalProperties:
+                                      items:
+                                        type: string
+                                      type: array
+                                    description: Map client => []role
+                                    type: object
+                                  realm:
+                                    description: Realm roles
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              containerId:
+                                description: Container Id
+                                type: string
+                              description:
+                                description: Description
+                                type: string
+                              id:
+                                description: Id
+                                type: string
+                              name:
+                                description: Name
+                                type: string
+                            required:
+                            - name
+                            type: object
+                          type: array
+                      type: object
+                    description: Client Mappings
+                    type: object
+                  realmMappings:
+                    description: Realm Mappings
+                    items:
+                      description: https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_rolerepresentation
+                      properties:
+                        attributes:
+                          additionalProperties:
+                            items:
+                              type: string
+                            type: array
+                          description: Role Attributes
+                          type: object
+                        clientRole:
+                          description: Client Role
+                          type: boolean
+                        composite:
+                          description: Composite
+                          type: boolean
+                        composites:
+                          description: Composites
+                          properties:
+                            client:
+                              additionalProperties:
+                                items:
+                                  type: string
+                                type: array
+                              description: Map client => []role
+                              type: object
+                            realm:
+                              description: Realm roles
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        containerId:
+                          description: Container Id
+                          type: string
+                        description:
+                          description: Description
+                          type: string
+                        id:
+                          description: Id
+                          type: string
+                        name:
+                          description: Name
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+            required:
+            - client
+            - realmSelector
+            type: object
+          status:
+            description: KeycloakClientStatus defines the observed state of KeycloakClient
+            properties:
+              message:
+                description: Human-readable message indicating details about current
+                  operator phase or error.
+                type: string
+              phase:
+                description: Current phase of the operator.
+                type: string
+              ready:
+                description: True if all resources are in a ready state and all work
+                  is done.
+                type: boolean
+              secondaryResources:
+                additionalProperties:
+                  items:
+                    type: string
+                  type: array
+                description: 'A map of all the secondary resources types and names
+                  created for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2"
+                  ]'
+                type: object
+            required:
+            - message
+            - phase
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakrealms_crd.yaml b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakrealms_crd.yaml
new file mode 100644
index 000000000..dcb845325
--- /dev/null
+++ b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakrealms_crd.yaml
@@ -0,0 +1,1366 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: keycloakrealms.keycloak.org
+spec:
+  group: keycloak.org
+  names:
+    kind: KeycloakRealm
+    listKind: KeycloakRealmList
+    plural: keycloakrealms
+    singular: keycloakrealm
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: KeycloakRealm is the Schema for the keycloakrealms API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KeycloakRealmSpec defines the desired state of KeycloakRealm.
+            properties:
+              instanceSelector:
+                description: Selector for looking up Keycloak Custom Resources.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+              realm:
+                description: Keycloak Realm REST object.
+                properties:
+                  accessTokenLifespan:
+                    description: Access Token Lifespan
+                    format: int32
+                    type: integer
+                  accessTokenLifespanForImplicitFlow:
+                    description: Access Token Lifespan For Implicit Flow
+                    format: int32
+                    type: integer
+                  accountTheme:
+                    description: Account Theme
+                    type: string
+                  adminEventsDetailsEnabled:
+                    description: 'Enable admin events details TODO: change to values
+                      and use kubebuilder default annotation once supported'
+                    type: boolean
+                  adminEventsEnabled:
+                    description: 'Enable events recording TODO: change to values and
+                      use kubebuilder default annotation once supported'
+                    type: boolean
+                  adminTheme:
+                    description: Admin Console Theme
+                    type: string
+                  authenticationFlows:
+                    description: Authentication flows
+                    items:
+                      properties:
+                        alias:
+                          description: Alias
+                          type: string
+                        authenticationExecutions:
+                          description: Authentication executions
+                          items:
+                            properties:
+                              authenticator:
+                                description: Authenticator
+                                type: string
+                              authenticatorConfig:
+                                description: Authenticator Config
+                                type: string
+                              authenticatorFlow:
+                                description: Authenticator flow
+                                type: boolean
+                              flowAlias:
+                                description: Flow Alias
+                                type: string
+                              priority:
+                                description: Priority
+                                format: int32
+                                type: integer
+                              requirement:
+                                description: Requirement [REQUIRED, OPTIONAL, ALTERNATIVE,
+                                  DISABLED]
+                                type: string
+                              userSetupAllowed:
+                                description: User setup allowed
+                                type: boolean
+                            type: object
+                          type: array
+                        builtIn:
+                          description: Built in
+                          type: boolean
+                        description:
+                          description: Description
+                          type: string
+                        id:
+                          description: ID
+                          type: string
+                        providerId:
+                          description: Provider ID
+                          type: string
+                        topLevel:
+                          description: Top level
+                          type: boolean
+                      required:
+                      - alias
+                      - authenticationExecutions
+                      type: object
+                    type: array
+                  authenticatorConfig:
+                    description: Authenticator config
+                    items:
+                      properties:
+                        alias:
+                          description: Alias
+                          type: string
+                        config:
+                          additionalProperties:
+                            type: string
+                          description: Config
+                          type: object
+                        id:
+                          description: ID
+                          type: string
+                      required:
+                      - alias
+                      type: object
+                    type: array
+                  bruteForceProtected:
+                    description: Brute Force Detection
+                    type: boolean
+                  clientScopeMappings:
+                    additionalProperties:
+                      items:
+                        description: https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_scopemappingrepresentation
+                        properties:
+                          client:
+                            description: Client
+                            type: string
+                          clientScope:
+                            description: Client Scope
+                            type: string
+                          roles:
+                            description: Roles
+                            items:
+                              type: string
+                            type: array
+                          self:
+                            description: Self
+                            type: string
+                        type: object
+                      type: array
+                    description: Client Scope Mappings
+                    type: object
+                  clientScopes:
+                    description: Client scopes
+                    items:
+                      properties:
+                        attributes:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        protocol:
+                          type: string
+                        protocolMappers:
+                          description: Protocol Mappers.
+                          items:
+                            properties:
+                              config:
+                                additionalProperties:
+                                  type: string
+                                description: Config options.
+                                type: object
+                              consentRequired:
+                                description: True if Consent Screen is required.
+                                type: boolean
+                              consentText:
+                                description: Text to use for displaying Consent Screen.
+                                type: string
+                              id:
+                                description: Protocol Mapper ID.
+                                type: string
+                              name:
+                                description: Protocol Mapper Name.
+                                type: string
+                              protocol:
+                                description: Protocol to use.
+                                type: string
+                              protocolMapper:
+                                description: Protocol Mapper to use
+                                type: string
+                            type: object
+                          type: array
+                      type: object
+                    type: array
+                  clients:
+                    description: A set of Keycloak Clients.
+                    items:
+                      properties:
+                        access:
+                          additionalProperties:
+                            type: boolean
+                          description: Access options.
+                          type: object
+                        adminUrl:
+                          description: Application Admin URL.
+                          type: string
+                        attributes:
+                          additionalProperties:
+                            type: string
+                          description: Client Attributes.
+                          type: object
+                        authenticationFlowBindingOverrides:
+                          additionalProperties:
+                            type: string
+                          description: Authentication Flow Binding Overrides.
+                          type: object
+                        authorizationServicesEnabled:
+                          description: True if fine-grained authorization support
+                            is enabled for this client.
+                          type: boolean
+                        authorizationSettings:
+                          description: Authorization settings for this resource server.
+                          properties:
+                            allowRemoteResourceManagement:
+                              description: True if resources should be managed remotely
+                                by the resource server.
+                              type: boolean
+                            clientId:
+                              description: Client ID.
+                              type: string
+                            decisionStrategy:
+                              description: The decision strategy dictates how permissions
+                                are evaluated and how a final decision is obtained.
+                                'Affirmative' means that at least one permission must
+                                evaluate to a positive decision in order to grant
+                                access to a resource and its scopes. 'Unanimous' means
+                                that all permissions must evaluate to a positive decision
+                                in order for the final decision to be also positive.
+                              type: string
+                            id:
+                              description: ID.
+                              type: string
+                            name:
+                              description: Name.
+                              type: string
+                            policies:
+                              description: Policies.
+                              items:
+                                description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_policyrepresentation
+                                properties:
+                                  config:
+                                    additionalProperties:
+                                      type: string
+                                    description: Config.
+                                    type: object
+                                  decisionStrategy:
+                                    description: The decision strategy dictates how
+                                      the policies associated with a given permission
+                                      are evaluated and how a final decision is obtained.
+                                      'Affirmative' means that at least one policy
+                                      must evaluate to a positive decision in order
+                                      for the final decision to be also positive.
+                                      'Unanimous' means that all policies must evaluate
+                                      to a positive decision in order for the final
+                                      decision to be also positive. 'Consensus' means
+                                      that the number of positive decisions must be
+                                      greater than the number of negative decisions.
+                                      If the number of positive and negative is the
+                                      same, the final decision will be negative.
+                                    type: string
+                                  description:
+                                    description: A description for this policy.
+                                    type: string
+                                  id:
+                                    description: ID.
+                                    type: string
+                                  logic:
+                                    description: The logic dictates how the policy
+                                      decision should be made. If 'Positive', the
+                                      resulting effect (permit or deny) obtained during
+                                      the evaluation of this policy will be used to
+                                      perform a decision. If 'Negative', the resulting
+                                      effect will be negated, in other words, a permit
+                                      becomes a deny and vice-versa.
+                                    type: string
+                                  name:
+                                    description: The name of this policy.
+                                    type: string
+                                  owner:
+                                    description: Owner.
+                                    type: string
+                                  policies:
+                                    description: Policies.
+                                    items:
+                                      type: string
+                                    type: array
+                                  resources:
+                                    description: Resources.
+                                    items:
+                                      type: string
+                                    type: array
+                                  resourcesData:
+                                    description: Resources Data.
+                                    items:
+                                      description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_resourcerepresentation
+                                      properties:
+                                        _id:
+                                          description: ID.
+                                          type: string
+                                        attributes:
+                                          additionalProperties:
+                                            type: string
+                                          description: The attributes associated with
+                                            the resource.
+                                          type: object
+                                        displayName:
+                                          description: A unique name for this resource.
+                                            The name can be used to uniquely identify
+                                            a resource, useful when querying for a
+                                            specific resource.
+                                          type: string
+                                        icon_uri:
+                                          description: An URI pointing to an icon.
+                                          type: string
+                                        name:
+                                          description: A unique name for this resource.
+                                            The name can be used to uniquely identify
+                                            a resource, useful when querying for a
+                                            specific resource.
+                                          type: string
+                                        ownerManagedAccess:
+                                          description: True if the access to this
+                                            resource can be managed by the resource
+                                            owner.
+                                          type: boolean
+                                        scopes:
+                                          description: The scopes associated with
+                                            this resource.
+                                          items:
+                                            x-kubernetes-preserve-unknown-fields: true
+                                          type: array
+                                        type:
+                                          description: The type of this resource.
+                                            It can be used to group different resource
+                                            instances with the same type.
+                                          type: string
+                                        uris:
+                                          description: Set of URIs which are protected
+                                            by resource.
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    type: array
+                                  scopes:
+                                    description: Scopes.
+                                    items:
+                                      type: string
+                                    type: array
+                                  scopesData:
+                                    description: Scopes Data.
+                                    items:
+                                      x-kubernetes-preserve-unknown-fields: true
+                                    type: array
+                                  type:
+                                    description: Type.
+                                    type: string
+                                type: object
+                              type: array
+                            policyEnforcementMode:
+                              description: The policy enforcement mode dictates how
+                                policies are enforced when evaluating authorization
+                                requests. 'Enforcing' means requests are denied by
+                                default even when there is no policy associated with
+                                a given resource. 'Permissive' means requests are
+                                allowed even when there is no policy associated with
+                                a given resource. 'Disabled' completely disables the
+                                evaluation of policies and allows access to any resource.
+                              type: string
+                            resources:
+                              description: Resources.
+                              items:
+                                description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_resourcerepresentation
+                                properties:
+                                  _id:
+                                    description: ID.
+                                    type: string
+                                  attributes:
+                                    additionalProperties:
+                                      type: string
+                                    description: The attributes associated with the
+                                      resource.
+                                    type: object
+                                  displayName:
+                                    description: A unique name for this resource.
+                                      The name can be used to uniquely identify a
+                                      resource, useful when querying for a specific
+                                      resource.
+                                    type: string
+                                  icon_uri:
+                                    description: An URI pointing to an icon.
+                                    type: string
+                                  name:
+                                    description: A unique name for this resource.
+                                      The name can be used to uniquely identify a
+                                      resource, useful when querying for a specific
+                                      resource.
+                                    type: string
+                                  ownerManagedAccess:
+                                    description: True if the access to this resource
+                                      can be managed by the resource owner.
+                                    type: boolean
+                                  scopes:
+                                    description: The scopes associated with this resource.
+                                    items:
+                                      x-kubernetes-preserve-unknown-fields: true
+                                    type: array
+                                  type:
+                                    description: The type of this resource. It can
+                                      be used to group different resource instances
+                                      with the same type.
+                                    type: string
+                                  uris:
+                                    description: Set of URIs which are protected by
+                                      resource.
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              type: array
+                            scopes:
+                              description: Authorization Scopes.
+                              items:
+                                description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_scoperepresentation
+                                properties:
+                                  displayName:
+                                    description: A unique name for this scope. The
+                                      name can be used to uniquely identify a scope,
+                                      useful when querying for a specific scope.
+                                    type: string
+                                  iconUri:
+                                    description: An URI pointing to an icon.
+                                    type: string
+                                  id:
+                                    description: ID.
+                                    type: string
+                                  name:
+                                    description: A unique name for this scope. The
+                                      name can be used to uniquely identify a scope,
+                                      useful when querying for a specific scope.
+                                    type: string
+                                  policies:
+                                    description: Policies.
+                                    items:
+                                      description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_policyrepresentation
+                                      properties:
+                                        config:
+                                          additionalProperties:
+                                            type: string
+                                          description: Config.
+                                          type: object
+                                        decisionStrategy:
+                                          description: The decision strategy dictates
+                                            how the policies associated with a given
+                                            permission are evaluated and how a final
+                                            decision is obtained. 'Affirmative' means
+                                            that at least one policy must evaluate
+                                            to a positive decision in order for the
+                                            final decision to be also positive. 'Unanimous'
+                                            means that all policies must evaluate
+                                            to a positive decision in order for the
+                                            final decision to be also positive. 'Consensus'
+                                            means that the number of positive decisions
+                                            must be greater than the number of negative
+                                            decisions. If the number of positive and
+                                            negative is the same, the final decision
+                                            will be negative.
+                                          type: string
+                                        description:
+                                          description: A description for this policy.
+                                          type: string
+                                        id:
+                                          description: ID.
+                                          type: string
+                                        logic:
+                                          description: The logic dictates how the
+                                            policy decision should be made. If 'Positive',
+                                            the resulting effect (permit or deny)
+                                            obtained during the evaluation of this
+                                            policy will be used to perform a decision.
+                                            If 'Negative', the resulting effect will
+                                            be negated, in other words, a permit becomes
+                                            a deny and vice-versa.
+                                          type: string
+                                        name:
+                                          description: The name of this policy.
+                                          type: string
+                                        owner:
+                                          description: Owner.
+                                          type: string
+                                        policies:
+                                          description: Policies.
+                                          items:
+                                            type: string
+                                          type: array
+                                        resources:
+                                          description: Resources.
+                                          items:
+                                            type: string
+                                          type: array
+                                        resourcesData:
+                                          description: Resources Data.
+                                          items:
+                                            description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_resourcerepresentation
+                                            properties:
+                                              _id:
+                                                description: ID.
+                                                type: string
+                                              attributes:
+                                                additionalProperties:
+                                                  type: string
+                                                description: The attributes associated
+                                                  with the resource.
+                                                type: object
+                                              displayName:
+                                                description: A unique name for this
+                                                  resource. The name can be used to
+                                                  uniquely identify a resource, useful
+                                                  when querying for a specific resource.
+                                                type: string
+                                              icon_uri:
+                                                description: An URI pointing to an
+                                                  icon.
+                                                type: string
+                                              name:
+                                                description: A unique name for this
+                                                  resource. The name can be used to
+                                                  uniquely identify a resource, useful
+                                                  when querying for a specific resource.
+                                                type: string
+                                              ownerManagedAccess:
+                                                description: True if the access to
+                                                  this resource can be managed by
+                                                  the resource owner.
+                                                type: boolean
+                                              scopes:
+                                                description: The scopes associated
+                                                  with this resource.
+                                                items:
+                                                  x-kubernetes-preserve-unknown-fields: true
+                                                type: array
+                                              type:
+                                                description: The type of this resource.
+                                                  It can be used to group different
+                                                  resource instances with the same
+                                                  type.
+                                                type: string
+                                              uris:
+                                                description: Set of URIs which are
+                                                  protected by resource.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          type: array
+                                        scopes:
+                                          description: Scopes.
+                                          items:
+                                            type: string
+                                          type: array
+                                        scopesData:
+                                          description: Scopes Data.
+                                          items:
+                                            x-kubernetes-preserve-unknown-fields: true
+                                          type: array
+                                        type:
+                                          description: Type.
+                                          type: string
+                                      type: object
+                                    type: array
+                                  resources:
+                                    description: Resources.
+                                    items:
+                                      description: https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_resourcerepresentation
+                                      properties:
+                                        _id:
+                                          description: ID.
+                                          type: string
+                                        attributes:
+                                          additionalProperties:
+                                            type: string
+                                          description: The attributes associated with
+                                            the resource.
+                                          type: object
+                                        displayName:
+                                          description: A unique name for this resource.
+                                            The name can be used to uniquely identify
+                                            a resource, useful when querying for a
+                                            specific resource.
+                                          type: string
+                                        icon_uri:
+                                          description: An URI pointing to an icon.
+                                          type: string
+                                        name:
+                                          description: A unique name for this resource.
+                                            The name can be used to uniquely identify
+                                            a resource, useful when querying for a
+                                            specific resource.
+                                          type: string
+                                        ownerManagedAccess:
+                                          description: True if the access to this
+                                            resource can be managed by the resource
+                                            owner.
+                                          type: boolean
+                                        scopes:
+                                          description: The scopes associated with
+                                            this resource.
+                                          items:
+                                            x-kubernetes-preserve-unknown-fields: true
+                                          type: array
+                                        type:
+                                          description: The type of this resource.
+                                            It can be used to group different resource
+                                            instances with the same type.
+                                          type: string
+                                        uris:
+                                          description: Set of URIs which are protected
+                                            by resource.
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    type: array
+                                type: object
+                              type: array
+                          type: object
+                        baseUrl:
+                          description: Application base URL.
+                          type: string
+                        bearerOnly:
+                          description: True if a client supports only Bearer Tokens.
+                          type: boolean
+                        clientAuthenticatorType:
+                          description: What Client authentication type to use.
+                          type: string
+                        clientId:
+                          description: Client ID.
+                          type: string
+                        consentRequired:
+                          description: True if Consent Screen is required.
+                          type: boolean
+                        defaultClientScopes:
+                          description: A list of default client scopes. Default client
+                            scopes are always applied when issuing OpenID Connect
+                            tokens or SAML assertions for this client.
+                          items:
+                            type: string
+                          type: array
+                        defaultRoles:
+                          description: Default Client roles.
+                          items:
+                            type: string
+                          type: array
+                        description:
+                          description: Client description.
+                          type: string
+                        directAccessGrantsEnabled:
+                          description: True if Direct Grant is enabled.
+                          type: boolean
+                        enabled:
+                          description: Client enabled flag.
+                          type: boolean
+                        frontchannelLogout:
+                          description: True if this client supports Front Channel
+                            logout.
+                          type: boolean
+                        fullScopeAllowed:
+                          description: True if Full Scope is allowed.
+                          type: boolean
+                        id:
+                          description: Client ID. If not specified, automatically
+                            generated.
+                          type: string
+                        implicitFlowEnabled:
+                          description: True if Implicit flow is enabled.
+                          type: boolean
+                        name:
+                          description: Client name.
+                          type: string
+                        nodeReRegistrationTimeout:
+                          description: Node registration timeout.
+                          type: integer
+                        notBefore:
+                          description: Not Before setting.
+                          type: integer
+                        optionalClientScopes:
+                          description: A list of optional client scopes. Optional
+                            client scopes are applied when issuing tokens for this
+                            client, but only when they are requested by the scope
+                            parameter in the OpenID Connect authorization request.
+                          items:
+                            type: string
+                          type: array
+                        protocol:
+                          description: Protocol used for this Client.
+                          type: string
+                        protocolMappers:
+                          description: Protocol Mappers.
+                          items:
+                            properties:
+                              config:
+                                additionalProperties:
+                                  type: string
+                                description: Config options.
+                                type: object
+                              consentRequired:
+                                description: True if Consent Screen is required.
+                                type: boolean
+                              consentText:
+                                description: Text to use for displaying Consent Screen.
+                                type: string
+                              id:
+                                description: Protocol Mapper ID.
+                                type: string
+                              name:
+                                description: Protocol Mapper Name.
+                                type: string
+                              protocol:
+                                description: Protocol to use.
+                                type: string
+                              protocolMapper:
+                                description: Protocol Mapper to use
+                                type: string
+                            type: object
+                          type: array
+                        publicClient:
+                          description: True if this is a public Client.
+                          type: boolean
+                        redirectUris:
+                          description: A list of valid Redirection URLs.
+                          items:
+                            type: string
+                          type: array
+                        rootUrl:
+                          description: Application root URL.
+                          type: string
+                        secret:
+                          description: Client Secret. The Operator will automatically
+                            create a Secret based on this value.
+                          type: string
+                        serviceAccountsEnabled:
+                          description: True if Service Accounts are enabled.
+                          type: boolean
+                        standardFlowEnabled:
+                          description: True if Standard flow is enabled.
+                          type: boolean
+                        surrogateAuthRequired:
+                          description: Surrogate Authentication Required option.
+                          type: boolean
+                        useTemplateConfig:
+                          description: True to use a Template Config.
+                          type: boolean
+                        useTemplateMappers:
+                          description: True to use Template Mappers.
+                          type: boolean
+                        useTemplateScope:
+                          description: True to use Template Scope.
+                          type: boolean
+                        webOrigins:
+                          description: A list of valid Web Origins.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - clientId
+                      type: object
+                    type: array
+                  defaultLocale:
+                    description: Default Locale
+                    type: string
+                  defaultRole:
+                    description: Default role
+                    properties:
+                      attributes:
+                        additionalProperties:
+                          items:
+                            type: string
+                          type: array
+                        description: Role Attributes
+                        type: object
+                      clientRole:
+                        description: Client Role
+                        type: boolean
+                      composite:
+                        description: Composite
+                        type: boolean
+                      composites:
+                        description: Composites
+                        properties:
+                          client:
+                            additionalProperties:
+                              items:
+                                type: string
+                              type: array
+                            description: Map client => []role
+                            type: object
+                          realm:
+                            description: Realm roles
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      containerId:
+                        description: Container Id
+                        type: string
+                      description:
+                        description: Description
+                        type: string
+                      id:
+                        description: Id
+                        type: string
+                      name:
+                        description: Name
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  displayName:
+                    description: Realm display name.
+                    type: string
+                  displayNameHtml:
+                    description: Realm HTML display name.
+                    type: string
+                  duplicateEmailsAllowed:
+                    description: Duplicate emails
+                    type: boolean
+                  editUsernameAllowed:
+                    description: Edit username
+                    type: boolean
+                  emailTheme:
+                    description: Email Theme
+                    type: string
+                  enabled:
+                    description: Realm enabled flag.
+                    type: boolean
+                  enabledEventTypes:
+                    description: Enabled event types
+                    items:
+                      type: string
+                    type: array
+                  eventsEnabled:
+                    description: 'Enable events recording TODO: change to values and
+                      use kubebuilder default annotation once supported'
+                    type: boolean
+                  eventsListeners:
+                    description: A set of Event Listeners.
+                    items:
+                      type: string
+                    type: array
+                  failureFactor:
+                    description: Max Login Failures
+                    format: int32
+                    type: integer
+                  id:
+                    type: string
+                  identityProviders:
+                    description: A set of Identity Providers.
+                    items:
+                      properties:
+                        addReadTokenRoleOnCreate:
+                          description: Adds Read Token role when creating this Identity
+                            Provider.
+                          type: boolean
+                        alias:
+                          description: Identity Provider Alias.
+                          type: string
+                        config:
+                          additionalProperties:
+                            type: string
+                          description: Identity Provider config.
+                          type: object
+                        displayName:
+                          description: Identity Provider Display Name.
+                          type: string
+                        enabled:
+                          description: Identity Provider enabled flag.
+                          type: boolean
+                        firstBrokerLoginFlowAlias:
+                          description: Identity Provider First Broker Login Flow Alias.
+                          type: string
+                        internalId:
+                          description: Identity Provider Internal ID.
+                          type: string
+                        linkOnly:
+                          description: Identity Provider Link Only setting.
+                          type: boolean
+                        postBrokerLoginFlowAlias:
+                          description: Identity Provider Post Broker Login Flow Alias.
+                          type: string
+                        providerId:
+                          description: Identity Provider ID.
+                          type: string
+                        storeToken:
+                          description: Identity Provider Store to Token.
+                          type: boolean
+                        trustEmail:
+                          description: Identity Provider Trust Email.
+                          type: boolean
+                      type: object
+                    type: array
+                  internationalizationEnabled:
+                    description: Internationalization Enabled
+                    type: boolean
+                  loginTheme:
+                    description: Login Theme
+                    type: string
+                  loginWithEmailAllowed:
+                    description: Login with email
+                    type: boolean
+                  maxDeltaTimeSeconds:
+                    description: Failure Reset Time
+                    format: int32
+                    type: integer
+                  maxFailureWaitSeconds:
+                    description: Max Wait
+                    format: int32
+                    type: integer
+                  minimumQuickLoginWaitSeconds:
+                    description: Minimum Quick Login Wait
+                    format: int32
+                    type: integer
+                  passwordPolicy:
+                    description: Realm Password Policy
+                    type: string
+                  permanentLockout:
+                    description: Permanent Lockout
+                    type: boolean
+                  quickLoginCheckMilliSeconds:
+                    description: Quick Login Check Milli Seconds
+                    format: int64
+                    type: integer
+                  realm:
+                    description: Realm name.
+                    type: string
+                  registrationAllowed:
+                    description: User registration
+                    type: boolean
+                  registrationEmailAsUsername:
+                    description: Email as username
+                    type: boolean
+                  rememberMe:
+                    description: Remember me
+                    type: boolean
+                  resetPasswordAllowed:
+                    description: Forgot password
+                    type: boolean
+                  roles:
+                    description: Roles
+                    properties:
+                      client:
+                        additionalProperties:
+                          items:
+                            description: https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_rolerepresentation
+                            properties:
+                              attributes:
+                                additionalProperties:
+                                  items:
+                                    type: string
+                                  type: array
+                                description: Role Attributes
+                                type: object
+                              clientRole:
+                                description: Client Role
+                                type: boolean
+                              composite:
+                                description: Composite
+                                type: boolean
+                              composites:
+                                description: Composites
+                                properties:
+                                  client:
+                                    additionalProperties:
+                                      items:
+                                        type: string
+                                      type: array
+                                    description: Map client => []role
+                                    type: object
+                                  realm:
+                                    description: Realm roles
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              containerId:
+                                description: Container Id
+                                type: string
+                              description:
+                                description: Description
+                                type: string
+                              id:
+                                description: Id
+                                type: string
+                              name:
+                                description: Name
+                                type: string
+                            required:
+                            - name
+                            type: object
+                          type: array
+                        description: Client Roles
+                        type: object
+                      realm:
+                        description: Realm Roles
+                        items:
+                          description: https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_rolerepresentation
+                          properties:
+                            attributes:
+                              additionalProperties:
+                                items:
+                                  type: string
+                                type: array
+                              description: Role Attributes
+                              type: object
+                            clientRole:
+                              description: Client Role
+                              type: boolean
+                            composite:
+                              description: Composite
+                              type: boolean
+                            composites:
+                              description: Composites
+                              properties:
+                                client:
+                                  additionalProperties:
+                                    items:
+                                      type: string
+                                    type: array
+                                  description: Map client => []role
+                                  type: object
+                                realm:
+                                  description: Realm roles
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            containerId:
+                              description: Container Id
+                              type: string
+                            description:
+                              description: Description
+                              type: string
+                            id:
+                              description: Id
+                              type: string
+                            name:
+                              description: Name
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                  scopeMappings:
+                    description: Scope Mappings
+                    items:
+                      description: https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_scopemappingrepresentation
+                      properties:
+                        client:
+                          description: Client
+                          type: string
+                        clientScope:
+                          description: Client Scope
+                          type: string
+                        roles:
+                          description: Roles
+                          items:
+                            type: string
+                          type: array
+                        self:
+                          description: Self
+                          type: string
+                      type: object
+                    type: array
+                  smtpServer:
+                    additionalProperties:
+                      type: string
+                    description: Email
+                    type: object
+                  sslRequired:
+                    description: Require SSL
+                    type: string
+                  supportedLocales:
+                    description: Supported Locales
+                    items:
+                      type: string
+                    type: array
+                  userFederationMappers:
+                    description: User federation mappers are extension points triggered
+                      by the user federation at various points.
+                    items:
+                      description: https://www.keycloak.org/docs/11.0/server_admin/#_ldap_mappers
+                        https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_userfederationmapperrepresentation
+                      properties:
+                        config:
+                          additionalProperties:
+                            type: string
+                          description: User federation mapper config.
+                          type: object
+                        federationMapperType:
+                          type: string
+                        federationProviderDisplayName:
+                          description: The displayName for the user federation provider
+                            this mapper applies to.
+                          type: string
+                        id:
+                          type: string
+                        name:
+                          type: string
+                      type: object
+                    type: array
+                  userFederationProviders:
+                    description: Point keycloak to an external user provider to validate
+                      credentials or pull in identity information.
+                    items:
+                      description: https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_userfederationproviderrepresentation
+                      properties:
+                        config:
+                          additionalProperties:
+                            type: string
+                          description: User federation provider config.
+                          type: object
+                        displayName:
+                          description: The display name of this provider instance.
+                          type: string
+                        fullSyncPeriod:
+                          format: int32
+                          type: integer
+                        id:
+                          description: The ID of this provider
+                          type: string
+                        priority:
+                          description: The priority of this provider when looking
+                            up users or adding a user.
+                          format: int32
+                          type: integer
+                        providerName:
+                          description: The name of the user provider, such as "ldap",
+                            "kerberos" or a custom SPI.
+                          type: string
+                      type: object
+                    type: array
+                  userManagedAccessAllowed:
+                    description: User Managed Access Allowed
+                    type: boolean
+                  users:
+                    description: A set of Keycloak Users.
+                    items:
+                      properties:
+                        attributes:
+                          additionalProperties:
+                            items:
+                              type: string
+                            type: array
+                          description: A set of Attributes.
+                          type: object
+                        clientRoles:
+                          additionalProperties:
+                            items:
+                              type: string
+                            type: array
+                          description: A set of Client Roles.
+                          type: object
+                        credentials:
+                          description: A set of Credentials.
+                          items:
+                            properties:
+                              temporary:
+                                description: True if this credential object is temporary.
+                                type: boolean
+                              type:
+                                description: Credential Type.
+                                type: string
+                              value:
+                                description: Credential Value.
+                                type: string
+                            type: object
+                          type: array
+                        email:
+                          description: Email.
+                          type: string
+                        emailVerified:
+                          description: True if email has already been verified.
+                          type: boolean
+                        enabled:
+                          description: User enabled flag.
+                          type: boolean
+                        federatedIdentities:
+                          description: A set of Federated Identities.
+                          items:
+                            properties:
+                              identityProvider:
+                                description: Federated Identity Provider.
+                                type: string
+                              userId:
+                                description: Federated Identity User ID.
+                                type: string
+                              userName:
+                                description: Federated Identity User Name.
+                                type: string
+                            type: object
+                          type: array
+                        firstName:
+                          description: First Name.
+                          type: string
+                        groups:
+                          description: A set of Groups.
+                          items:
+                            type: string
+                          type: array
+                        id:
+                          description: User ID.
+                          type: string
+                        lastName:
+                          description: Last Name.
+                          type: string
+                        realmRoles:
+                          description: A set of Realm Roles.
+                          items:
+                            type: string
+                          type: array
+                        requiredActions:
+                          description: A set of Required Actions.
+                          items:
+                            type: string
+                          type: array
+                        username:
+                          description: User Name.
+                          type: string
+                      type: object
+                    type: array
+                  verifyEmail:
+                    description: Verify email
+                    type: boolean
+                  waitIncrementSeconds:
+                    description: Wait Increment
+                    format: int32
+                    type: integer
+                required:
+                - realm
+                type: object
+              realmOverrides:
+                description: A list of overrides to the default Realm behavior.
+                items:
+                  properties:
+                    forFlow:
+                      description: Flow to be overridden.
+                      type: string
+                    identityProvider:
+                      description: Identity Provider to be overridden.
+                      type: string
+                  required:
+                  - identityProvider
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
+              unmanaged:
+                description: When set to true, this KeycloakRealm will be marked as
+                  unmanaged and not be managed by this operator. It can then be used
+                  for targeting purposes.
+                type: boolean
+            required:
+            - realm
+            type: object
+          status:
+            description: KeycloakRealmStatus defines the observed state of KeycloakRealm
+            properties:
+              loginURL:
+                description: TODO
+                type: string
+              message:
+                description: Human-readable message indicating details about current
+                  operator phase or error.
+                type: string
+              phase:
+                description: Current phase of the operator.
+                type: string
+              ready:
+                description: True if all resources are in a ready state and all work
+                  is done.
+                type: boolean
+              secondaryResources:
+                additionalProperties:
+                  items:
+                    type: string
+                  type: array
+                description: 'A map of all the secondary resources types and names
+                  created for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2"
+                  ]'
+                type: object
+            required:
+            - loginURL
+            - message
+            - phase
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloaks_crd.yaml b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloaks_crd.yaml
new file mode 100644
index 000000000..96e09d1f7
--- /dev/null
+++ b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloaks_crd.yaml
@@ -0,0 +1,1119 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: keycloaks.keycloak.org
+spec:
+  group: keycloak.org
+  names:
+    kind: Keycloak
+    listKind: KeycloakList
+    plural: keycloaks
+    singular: keycloak
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Keycloak is the Schema for the keycloaks API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KeycloakSpec defines the desired state of Keycloak.
+            properties:
+              DisableDefaultServiceMonitor:
+                description: Disables the integration with Application Monitoring
+                  Operator. When set to true, the operator doesn't create default
+                  PrometheusRule, ServiceMonitor and GrafanaDashboard objects and
+                  users will have to create them manually, if needed.
+                type: boolean
+              extensions:
+                description: A list of extensions, where each one is a URL to a JAR
+                  files that will be deployed in Keycloak.
+                items:
+                  type: string
+                type: array
+                x-kubernetes-list-type: set
+              external:
+                description: Contains configuration for external Keycloak instances.
+                  Unmanaged needs to be set to true to use this.
+                properties:
+                  enabled:
+                    description: If set to true, this Keycloak will be treated as
+                      an external instance. The unmanaged field also needs to be set
+                      to true if this field is true.
+                    type: boolean
+                  url:
+                    description: The URL to use for the keycloak admin API. Needs
+                      to be set if external is true.
+                    type: string
+                type: object
+              externalAccess:
+                description: Controls external Ingress/Route settings.
+                properties:
+                  enabled:
+                    description: If set to true, the Operator will create an Ingress
+                      or a Route pointing to Keycloak.
+                    type: boolean
+                  host:
+                    description: If set, the Operator will use value of host for Ingress
+                      host instead of default value keycloak.local. Using this setting
+                      in OpenShift environment will result an error. Only users with
+                      special permissions are allowed to modify the hostname.
+                    type: string
+                  tlsTermination:
+                    description: TLS Termination type for the external access. Setting
+                      this field to "reencrypt" will terminate TLS on the Ingress/Route
+                      level. Setting this field to "passthrough" will send encrypted
+                      traffic to the Pod. If unspecified, defaults to "reencrypt".
+                      Note, that this setting has no effect on Ingress as Ingress
+                      TLS settings are not reconciled by this operator. In other words,
+                      Ingress TLS configuration is the same in both cases and it is
+                      up to the user to configure TLS section of the Ingress.
+                    type: string
+                type: object
+              externalDatabase:
+                description: "Controls external database settings. Using an external
+                  database requires providing a secret containing credentials as well
+                  as connection details. Here's an example of such secret: \n     apiVersion:
+                  v1     kind: Secret     metadata:         name: keycloak-db-secret
+                  \        namespace: keycloak     stringData:         POSTGRES_DATABASE:
+                  <Database Name>         POSTGRES_EXTERNAL_ADDRESS: <External Database
+                  IP or URL (resolvable by K8s)>         POSTGRES_EXTERNAL_PORT: <External
+                  Database Port>         # Strongly recommended to use <'Keycloak
+                  CR Name'-postgresql>         POSTGRES_HOST: <Database Service Name>
+                  \        POSTGRES_PASSWORD: <Database Password>         # Required
+                  for AWS Backup functionality         POSTGRES_SUPERUSER: true         POSTGRES_USERNAME:
+                  <Database Username>      type: Opaque \n Both POSTGRES_EXTERNAL_ADDRESS
+                  and POSTGRES_EXTERNAL_PORT are specifically required for creating
+                  connection to the external database. The secret name is created
+                  using the following convention:       <Custom Resource Name>-db-secret
+                  \n For more information, please refer to the Operator documentation."
+                properties:
+                  enabled:
+                    description: If set to true, the Operator will use an external
+                      database pointing to Keycloak. The embedded database (externalDatabase.enabled
+                      = false) is deprecated.
+                    type: boolean
+                type: object
+              instances:
+                description: Number of Keycloak instances in HA mode. Default is 1.
+                type: integer
+              keycloakDeploymentSpec:
+                description: Resources (Requests and Limits) for KeycloakDeployment.
+                properties:
+                  experimental:
+                    description: 'Experimental section NOTE: This section might change
+                      or get removed without any notice. It may also cause the deployment
+                      to behave in an unpredictable fashion. Please use with care.'
+                    properties:
+                      affinity:
+                        description: Affinity settings
+                        properties:
+                          nodeAffinity:
+                            description: Describes node affinity scheduling rules
+                              for the pod.
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                description: The scheduler will prefer to schedule
+                                  pods to nodes that satisfy the affinity expressions
+                                  specified by this field, but it may choose a node
+                                  that violates one or more of the expressions. The
+                                  node that is most preferred is the one with the
+                                  greatest sum of weights, i.e. for each node that
+                                  meets all of the scheduling requirements (resource
+                                  request, requiredDuringScheduling affinity expressions,
+                                  etc.), compute a sum by iterating through the elements
+                                  of this field and adding "weight" to the sum if
+                                  the node matches the corresponding matchExpressions;
+                                  the node(s) with the highest sum are the most preferred.
+                                items:
+                                  description: An empty preferred scheduling term
+                                    matches all objects with implicit weight 0 (i.e.
+                                    it's a no-op). A null preferred scheduling term
+                                    matches no objects (i.e. is also a no-op).
+                                  properties:
+                                    preference:
+                                      description: A node selector term, associated
+                                        with the corresponding weight.
+                                      properties:
+                                        matchExpressions:
+                                          description: A list of node selector requirements
+                                            by node's labels.
+                                          items:
+                                            description: A node selector requirement
+                                              is a selector that contains values,
+                                              a key, and an operator that relates
+                                              the key and values.
+                                            properties:
+                                              key:
+                                                description: The label key that the
+                                                  selector applies to.
+                                                type: string
+                                              operator:
+                                                description: Represents a key's relationship
+                                                  to a set of values. Valid operators
+                                                  are In, NotIn, Exists, DoesNotExist.
+                                                  Gt, and Lt.
+                                                type: string
+                                              values:
+                                                description: An array of string values.
+                                                  If the operator is In or NotIn,
+                                                  the values array must be non-empty.
+                                                  If the operator is Exists or DoesNotExist,
+                                                  the values array must be empty.
+                                                  If the operator is Gt or Lt, the
+                                                  values array must have a single
+                                                  element, which will be interpreted
+                                                  as an integer. This array is replaced
+                                                  during a strategic merge patch.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchFields:
+                                          description: A list of node selector requirements
+                                            by node's fields.
+                                          items:
+                                            description: A node selector requirement
+                                              is a selector that contains values,
+                                              a key, and an operator that relates
+                                              the key and values.
+                                            properties:
+                                              key:
+                                                description: The label key that the
+                                                  selector applies to.
+                                                type: string
+                                              operator:
+                                                description: Represents a key's relationship
+                                                  to a set of values. Valid operators
+                                                  are In, NotIn, Exists, DoesNotExist.
+                                                  Gt, and Lt.
+                                                type: string
+                                              values:
+                                                description: An array of string values.
+                                                  If the operator is In or NotIn,
+                                                  the values array must be non-empty.
+                                                  If the operator is Exists or DoesNotExist,
+                                                  the values array must be empty.
+                                                  If the operator is Gt or Lt, the
+                                                  values array must have a single
+                                                  element, which will be interpreted
+                                                  as an integer. This array is replaced
+                                                  during a strategic merge patch.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                      type: object
+                                    weight:
+                                      description: Weight associated with matching
+                                        the corresponding nodeSelectorTerm, in the
+                                        range 1-100.
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - preference
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                description: If the affinity requirements specified
+                                  by this field are not met at scheduling time, the
+                                  pod will not be scheduled onto the node. If the
+                                  affinity requirements specified by this field cease
+                                  to be met at some point during pod execution (e.g.
+                                  due to an update), the system may or may not try
+                                  to eventually evict the pod from its node.
+                                properties:
+                                  nodeSelectorTerms:
+                                    description: Required. A list of node selector
+                                      terms. The terms are ORed.
+                                    items:
+                                      description: A null or empty node selector term
+                                        matches no objects. The requirements of them
+                                        are ANDed. The TopologySelectorTerm type implements
+                                        a subset of the NodeSelectorTerm.
+                                      properties:
+                                        matchExpressions:
+                                          description: A list of node selector requirements
+                                            by node's labels.
+                                          items:
+                                            description: A node selector requirement
+                                              is a selector that contains values,
+                                              a key, and an operator that relates
+                                              the key and values.
+                                            properties:
+                                              key:
+                                                description: The label key that the
+                                                  selector applies to.
+                                                type: string
+                                              operator:
+                                                description: Represents a key's relationship
+                                                  to a set of values. Valid operators
+                                                  are In, NotIn, Exists, DoesNotExist.
+                                                  Gt, and Lt.
+                                                type: string
+                                              values:
+                                                description: An array of string values.
+                                                  If the operator is In or NotIn,
+                                                  the values array must be non-empty.
+                                                  If the operator is Exists or DoesNotExist,
+                                                  the values array must be empty.
+                                                  If the operator is Gt or Lt, the
+                                                  values array must have a single
+                                                  element, which will be interpreted
+                                                  as an integer. This array is replaced
+                                                  during a strategic merge patch.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchFields:
+                                          description: A list of node selector requirements
+                                            by node's fields.
+                                          items:
+                                            description: A node selector requirement
+                                              is a selector that contains values,
+                                              a key, and an operator that relates
+                                              the key and values.
+                                            properties:
+                                              key:
+                                                description: The label key that the
+                                                  selector applies to.
+                                                type: string
+                                              operator:
+                                                description: Represents a key's relationship
+                                                  to a set of values. Valid operators
+                                                  are In, NotIn, Exists, DoesNotExist.
+                                                  Gt, and Lt.
+                                                type: string
+                                              values:
+                                                description: An array of string values.
+                                                  If the operator is In or NotIn,
+                                                  the values array must be non-empty.
+                                                  If the operator is Exists or DoesNotExist,
+                                                  the values array must be empty.
+                                                  If the operator is Gt or Lt, the
+                                                  values array must have a single
+                                                  element, which will be interpreted
+                                                  as an integer. This array is replaced
+                                                  during a strategic merge patch.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                      type: object
+                                    type: array
+                                required:
+                                - nodeSelectorTerms
+                                type: object
+                            type: object
+                          podAffinity:
+                            description: Describes pod affinity scheduling rules (e.g.
+                              co-locate this pod in the same node, zone, etc. as some
+                              other pod(s)).
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                description: The scheduler will prefer to schedule
+                                  pods to nodes that satisfy the affinity expressions
+                                  specified by this field, but it may choose a node
+                                  that violates one or more of the expressions. The
+                                  node that is most preferred is the one with the
+                                  greatest sum of weights, i.e. for each node that
+                                  meets all of the scheduling requirements (resource
+                                  request, requiredDuringScheduling affinity expressions,
+                                  etc.), compute a sum by iterating through the elements
+                                  of this field and adding "weight" to the sum if
+                                  the node has pods which matches the corresponding
+                                  podAffinityTerm; the node(s) with the highest sum
+                                  are the most preferred.
+                                items:
+                                  description: The weights of all of the matched WeightedPodAffinityTerm
+                                    fields are added per-node to find the most preferred
+                                    node(s)
+                                  properties:
+                                    podAffinityTerm:
+                                      description: Required. A pod affinity term,
+                                        associated with the corresponding weight.
+                                      properties:
+                                        labelSelector:
+                                          description: A label query over a set of
+                                            resources, in this case pods.
+                                          properties:
+                                            matchExpressions:
+                                              description: matchExpressions is a list
+                                                of label selector requirements. The
+                                                requirements are ANDed.
+                                              items:
+                                                description: A label selector requirement
+                                                  is a selector that contains values,
+                                                  a key, and an operator that relates
+                                                  the key and values.
+                                                properties:
+                                                  key:
+                                                    description: key is the label
+                                                      key that the selector applies
+                                                      to.
+                                                    type: string
+                                                  operator:
+                                                    description: operator represents
+                                                      a key's relationship to a set
+                                                      of values. Valid operators are
+                                                      In, NotIn, Exists and DoesNotExist.
+                                                    type: string
+                                                  values:
+                                                    description: values is an array
+                                                      of string values. If the operator
+                                                      is In or NotIn, the values array
+                                                      must be non-empty. If the operator
+                                                      is Exists or DoesNotExist, the
+                                                      values array must be empty.
+                                                      This array is replaced during
+                                                      a strategic merge patch.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              description: matchLabels is a map of
+                                                {key,value} pairs. A single {key,value}
+                                                in the matchLabels map is equivalent
+                                                to an element of matchExpressions,
+                                                whose key field is "key", the operator
+                                                is "In", and the values array contains
+                                                only "value". The requirements are
+                                                ANDed.
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          description: namespaces specifies which
+                                            namespaces the labelSelector applies to
+                                            (matches against); null or empty list
+                                            means "this pod's namespace"
+                                          items:
+                                            type: string
+                                          type: array
+                                        topologyKey:
+                                          description: This pod should be co-located
+                                            (affinity) or not co-located (anti-affinity)
+                                            with the pods matching the labelSelector
+                                            in the specified namespaces, where co-located
+                                            is defined as running on a node whose
+                                            value of the label with key topologyKey
+                                            matches that of any node on which any
+                                            of the selected pods is running. Empty
+                                            topologyKey is not allowed.
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      description: weight associated with matching
+                                        the corresponding podAffinityTerm, in the
+                                        range 1-100.
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                description: If the affinity requirements specified
+                                  by this field are not met at scheduling time, the
+                                  pod will not be scheduled onto the node. If the
+                                  affinity requirements specified by this field cease
+                                  to be met at some point during pod execution (e.g.
+                                  due to a pod label update), the system may or may
+                                  not try to eventually evict the pod from its node.
+                                  When there are multiple elements, the lists of nodes
+                                  corresponding to each podAffinityTerm are intersected,
+                                  i.e. all terms must be satisfied.
+                                items:
+                                  description: Defines a set of pods (namely those
+                                    matching the labelSelector relative to the given
+                                    namespace(s)) that this pod should be co-located
+                                    (affinity) or not co-located (anti-affinity) with,
+                                    where co-located is defined as running on a node
+                                    whose value of the label with key <topologyKey>
+                                    matches that of any node on which a pod of the
+                                    set of pods is running
+                                  properties:
+                                    labelSelector:
+                                      description: A label query over a set of resources,
+                                        in this case pods.
+                                      properties:
+                                        matchExpressions:
+                                          description: matchExpressions is a list
+                                            of label selector requirements. The requirements
+                                            are ANDed.
+                                          items:
+                                            description: A label selector requirement
+                                              is a selector that contains values,
+                                              a key, and an operator that relates
+                                              the key and values.
+                                            properties:
+                                              key:
+                                                description: key is the label key
+                                                  that the selector applies to.
+                                                type: string
+                                              operator:
+                                                description: operator represents a
+                                                  key's relationship to a set of values.
+                                                  Valid operators are In, NotIn, Exists
+                                                  and DoesNotExist.
+                                                type: string
+                                              values:
+                                                description: values is an array of
+                                                  string values. If the operator is
+                                                  In or NotIn, the values array must
+                                                  be non-empty. If the operator is
+                                                  Exists or DoesNotExist, the values
+                                                  array must be empty. This array
+                                                  is replaced during a strategic merge
+                                                  patch.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          description: matchLabels is a map of {key,value}
+                                            pairs. A single {key,value} in the matchLabels
+                                            map is equivalent to an element of matchExpressions,
+                                            whose key field is "key", the operator
+                                            is "In", and the values array contains
+                                            only "value". The requirements are ANDed.
+                                          type: object
+                                      type: object
+                                    namespaces:
+                                      description: namespaces specifies which namespaces
+                                        the labelSelector applies to (matches against);
+                                        null or empty list means "this pod's namespace"
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      description: This pod should be co-located (affinity)
+                                        or not co-located (anti-affinity) with the
+                                        pods matching the labelSelector in the specified
+                                        namespaces, where co-located is defined as
+                                        running on a node whose value of the label
+                                        with key topologyKey matches that of any node
+                                        on which any of the selected pods is running.
+                                        Empty topologyKey is not allowed.
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                            type: object
+                          podAntiAffinity:
+                            description: Describes pod anti-affinity scheduling rules
+                              (e.g. avoid putting this pod in the same node, zone,
+                              etc. as some other pod(s)).
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                description: The scheduler will prefer to schedule
+                                  pods to nodes that satisfy the anti-affinity expressions
+                                  specified by this field, but it may choose a node
+                                  that violates one or more of the expressions. The
+                                  node that is most preferred is the one with the
+                                  greatest sum of weights, i.e. for each node that
+                                  meets all of the scheduling requirements (resource
+                                  request, requiredDuringScheduling anti-affinity
+                                  expressions, etc.), compute a sum by iterating through
+                                  the elements of this field and adding "weight" to
+                                  the sum if the node has pods which matches the corresponding
+                                  podAffinityTerm; the node(s) with the highest sum
+                                  are the most preferred.
+                                items:
+                                  description: The weights of all of the matched WeightedPodAffinityTerm
+                                    fields are added per-node to find the most preferred
+                                    node(s)
+                                  properties:
+                                    podAffinityTerm:
+                                      description: Required. A pod affinity term,
+                                        associated with the corresponding weight.
+                                      properties:
+                                        labelSelector:
+                                          description: A label query over a set of
+                                            resources, in this case pods.
+                                          properties:
+                                            matchExpressions:
+                                              description: matchExpressions is a list
+                                                of label selector requirements. The
+                                                requirements are ANDed.
+                                              items:
+                                                description: A label selector requirement
+                                                  is a selector that contains values,
+                                                  a key, and an operator that relates
+                                                  the key and values.
+                                                properties:
+                                                  key:
+                                                    description: key is the label
+                                                      key that the selector applies
+                                                      to.
+                                                    type: string
+                                                  operator:
+                                                    description: operator represents
+                                                      a key's relationship to a set
+                                                      of values. Valid operators are
+                                                      In, NotIn, Exists and DoesNotExist.
+                                                    type: string
+                                                  values:
+                                                    description: values is an array
+                                                      of string values. If the operator
+                                                      is In or NotIn, the values array
+                                                      must be non-empty. If the operator
+                                                      is Exists or DoesNotExist, the
+                                                      values array must be empty.
+                                                      This array is replaced during
+                                                      a strategic merge patch.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              description: matchLabels is a map of
+                                                {key,value} pairs. A single {key,value}
+                                                in the matchLabels map is equivalent
+                                                to an element of matchExpressions,
+                                                whose key field is "key", the operator
+                                                is "In", and the values array contains
+                                                only "value". The requirements are
+                                                ANDed.
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          description: namespaces specifies which
+                                            namespaces the labelSelector applies to
+                                            (matches against); null or empty list
+                                            means "this pod's namespace"
+                                          items:
+                                            type: string
+                                          type: array
+                                        topologyKey:
+                                          description: This pod should be co-located
+                                            (affinity) or not co-located (anti-affinity)
+                                            with the pods matching the labelSelector
+                                            in the specified namespaces, where co-located
+                                            is defined as running on a node whose
+                                            value of the label with key topologyKey
+                                            matches that of any node on which any
+                                            of the selected pods is running. Empty
+                                            topologyKey is not allowed.
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      description: weight associated with matching
+                                        the corresponding podAffinityTerm, in the
+                                        range 1-100.
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                description: If the anti-affinity requirements specified
+                                  by this field are not met at scheduling time, the
+                                  pod will not be scheduled onto the node. If the
+                                  anti-affinity requirements specified by this field
+                                  cease to be met at some point during pod execution
+                                  (e.g. due to a pod label update), the system may
+                                  or may not try to eventually evict the pod from
+                                  its node. When there are multiple elements, the
+                                  lists of nodes corresponding to each podAffinityTerm
+                                  are intersected, i.e. all terms must be satisfied.
+                                items:
+                                  description: Defines a set of pods (namely those
+                                    matching the labelSelector relative to the given
+                                    namespace(s)) that this pod should be co-located
+                                    (affinity) or not co-located (anti-affinity) with,
+                                    where co-located is defined as running on a node
+                                    whose value of the label with key <topologyKey>
+                                    matches that of any node on which a pod of the
+                                    set of pods is running
+                                  properties:
+                                    labelSelector:
+                                      description: A label query over a set of resources,
+                                        in this case pods.
+                                      properties:
+                                        matchExpressions:
+                                          description: matchExpressions is a list
+                                            of label selector requirements. The requirements
+                                            are ANDed.
+                                          items:
+                                            description: A label selector requirement
+                                              is a selector that contains values,
+                                              a key, and an operator that relates
+                                              the key and values.
+                                            properties:
+                                              key:
+                                                description: key is the label key
+                                                  that the selector applies to.
+                                                type: string
+                                              operator:
+                                                description: operator represents a
+                                                  key's relationship to a set of values.
+                                                  Valid operators are In, NotIn, Exists
+                                                  and DoesNotExist.
+                                                type: string
+                                              values:
+                                                description: values is an array of
+                                                  string values. If the operator is
+                                                  In or NotIn, the values array must
+                                                  be non-empty. If the operator is
+                                                  Exists or DoesNotExist, the values
+                                                  array must be empty. This array
+                                                  is replaced during a strategic merge
+                                                  patch.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          description: matchLabels is a map of {key,value}
+                                            pairs. A single {key,value} in the matchLabels
+                                            map is equivalent to an element of matchExpressions,
+                                            whose key field is "key", the operator
+                                            is "In", and the values array contains
+                                            only "value". The requirements are ANDed.
+                                          type: object
+                                      type: object
+                                    namespaces:
+                                      description: namespaces specifies which namespaces
+                                        the labelSelector applies to (matches against);
+                                        null or empty list means "this pod's namespace"
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      description: This pod should be co-located (affinity)
+                                        or not co-located (anti-affinity) with the
+                                        pods matching the labelSelector in the specified
+                                        namespaces, where co-located is defined as
+                                        running on a node whose value of the label
+                                        with key topologyKey matches that of any node
+                                        on which any of the selected pods is running.
+                                        Empty topologyKey is not allowed.
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      args:
+                        description: Arguments to the entrypoint. Translates into
+                          Container CMD.
+                        items:
+                          type: string
+                        type: array
+                      command:
+                        description: Container command. Translates into Container
+                          ENTRYPOINT.
+                        items:
+                          type: string
+                        type: array
+                      env:
+                        description: List of environment variables to set in the container.
+                        items:
+                          description: EnvVar represents an environment variable present
+                            in a Container.
+                          properties:
+                            name:
+                              description: Name of the environment variable. Must
+                                be a C_IDENTIFIER.
+                              type: string
+                            value:
+                              description: 'Variable references $(VAR_NAME) are expanded
+                                using the previous defined environment variables in
+                                the container and any service environment variables.
+                                If a variable cannot be resolved, the reference in
+                                the input string will be unchanged. The $(VAR_NAME)
+                                syntax can be escaped with a double $$, ie: $$(VAR_NAME).
+                                Escaped references will never be expanded, regardless
+                                of whether the variable exists or not. Defaults to
+                                "".'
+                              type: string
+                            valueFrom:
+                              description: Source for the environment variable's value.
+                                Cannot be used if value is not empty.
+                              properties:
+                                configMapKeyRef:
+                                  description: Selects a key of a ConfigMap.
+                                  properties:
+                                    key:
+                                      description: The key to select.
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        TODO: Add other useful fields. apiVersion,
+                                        kind, uid?'
+                                      type: string
+                                    optional:
+                                      description: Specify whether the ConfigMap or
+                                        its key must be defined
+                                      type: boolean
+                                  required:
+                                  - key
+                                  type: object
+                                fieldRef:
+                                  description: 'Selects a field of the pod: supports
+                                    metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                    `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                    spec.serviceAccountName, status.hostIP, status.podIP,
+                                    status.podIPs.'
+                                  properties:
+                                    apiVersion:
+                                      description: Version of the schema the FieldPath
+                                        is written in terms of, defaults to "v1".
+                                      type: string
+                                    fieldPath:
+                                      description: Path of the field to select in
+                                        the specified API version.
+                                      type: string
+                                  required:
+                                  - fieldPath
+                                  type: object
+                                resourceFieldRef:
+                                  description: 'Selects a resource of the container:
+                                    only resources limits and requests (limits.cpu,
+                                    limits.memory, limits.ephemeral-storage, requests.cpu,
+                                    requests.memory and requests.ephemeral-storage)
+                                    are currently supported.'
+                                  properties:
+                                    containerName:
+                                      description: 'Container name: required for volumes,
+                                        optional for env vars'
+                                      type: string
+                                    divisor:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      description: Specifies the output format of
+                                        the exposed resources, defaults to "1"
+                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                      x-kubernetes-int-or-string: true
+                                    resource:
+                                      description: 'Required: resource to select'
+                                      type: string
+                                  required:
+                                  - resource
+                                  type: object
+                                secretKeyRef:
+                                  description: Selects a key of a secret in the pod's
+                                    namespace
+                                  properties:
+                                    key:
+                                      description: The key of the secret to select
+                                        from.  Must be a valid secret key.
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        TODO: Add other useful fields. apiVersion,
+                                        kind, uid?'
+                                      type: string
+                                    optional:
+                                      description: Specify whether the Secret or its
+                                        key must be defined
+                                      type: boolean
+                                  required:
+                                  - key
+                                  type: object
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      serviceAccountName:
+                        description: ServiceAccountName settings
+                        type: string
+                      volumes:
+                        description: Additional volume mounts
+                        properties:
+                          defaultMode:
+                            description: Permissions mode.
+                            format: int32
+                            type: integer
+                          items:
+                            items:
+                              properties:
+                                configMaps:
+                                  description: Allow multiple configmaps to mount
+                                    to the same directory
+                                  items:
+                                    type: string
+                                  type: array
+                                items:
+                                  description: Mount details
+                                  items:
+                                    description: Maps a string key to a path within
+                                      a volume.
+                                    properties:
+                                      key:
+                                        description: The key to project.
+                                        type: string
+                                      mode:
+                                        description: 'Optional: mode bits used to
+                                          set permissions on this file. Must be an
+                                          octal value between 0000 and 0777 or a decimal
+                                          value between 0 and 511. YAML accepts both
+                                          octal and decimal values, JSON requires
+                                          decimal values for mode bits. If not specified,
+                                          the volume defaultMode will be used. This
+                                          might be in conflict with other options
+                                          that affect the file mode, like fsGroup,
+                                          and the result can be other mode bits set.'
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        description: The relative path of the file
+                                          to map the key to. May not be an absolute
+                                          path. May not contain the path element '..'.
+                                          May not start with the string '..'.
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                mountPath:
+                                  description: An absolute path where to mount it
+                                  type: string
+                                name:
+                                  description: Volume name
+                                  type: string
+                                secrets:
+                                  description: Secret mount
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - mountPath
+                              type: object
+                            type: array
+                        type: object
+                    type: object
+                  podannotations:
+                    additionalProperties:
+                      type: string
+                    description: List of annotations to set in the keycloak pods
+                    type: object
+                  podlabels:
+                    additionalProperties:
+                      type: string
+                    description: List of labels to set in the keycloak pods
+                    type: object
+                  resources:
+                    description: Resources (Requests and Limits) for the Pods.
+                    properties:
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+                        type: object
+                    type: object
+                type: object
+              migration:
+                description: Specify Migration configuration
+                properties:
+                  backups:
+                    description: Set it to config backup policy for migration
+                    properties:
+                      enabled:
+                        description: If set to true, the operator will do database
+                          backup before doing migration
+                        type: boolean
+                    type: object
+                  strategy:
+                    description: Specify migration strategy
+                    type: string
+                type: object
+              multiAvailablityZones:
+                description: Specify PodAntiAffinity settings for Keycloak deployment
+                  in Multi AZ
+                properties:
+                  enabled:
+                    description: If set to true, the operator will create a podAntiAffinity
+                      settings for the Keycloak deployment.
+                    type: boolean
+                type: object
+              podDisruptionBudget:
+                description: Specify PodDisruptionBudget configuration.
+                properties:
+                  enabled:
+                    description: If set to true, the operator will create a PodDistruptionBudget
+                      for the Keycloak deployment and set its `maxUnavailable` value
+                      to 1.
+                    type: boolean
+                type: object
+              postgresDeploymentSpec:
+                description: Resources (Requests and Limits) for PostgresDeployment.
+                properties:
+                  resources:
+                    description: Resources (Requests and Limits) for the Pods.
+                    properties:
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+                        type: object
+                    type: object
+                type: object
+              profile:
+                description: Profile used for controlling Operator behavior. Default
+                  is empty.
+                type: string
+              storageClassName:
+                description: Name of the StorageClass for Postgresql Persistent Volume
+                  Claim
+                type: string
+              unmanaged:
+                description: When set to true, this Keycloak will be marked as unmanaged
+                  and will not be managed by this operator. It can then be used for
+                  targeting purposes.
+                type: boolean
+            type: object
+          status:
+            description: KeycloakStatus defines the observed state of Keycloak.
+            properties:
+              credentialSecret:
+                description: The secret where the admin credentials are to be found.
+                type: string
+              externalURL:
+                description: External URL for accessing Keycloak instance from outside
+                  the cluster. Is identical to external.URL if it's specified, otherwise
+                  is computed (e.g. from Ingress).
+                type: string
+              internalURL:
+                description: An internal URL (service name) to be used by the admin
+                  client.
+                type: string
+              message:
+                description: Human-readable message indicating details about current
+                  operator phase or error.
+                type: string
+              phase:
+                description: Current phase of the operator.
+                type: string
+              ready:
+                description: True if all resources are in a ready state and all work
+                  is done.
+                type: boolean
+              secondaryResources:
+                additionalProperties:
+                  items:
+                    type: string
+                  type: array
+                description: 'A map of all the secondary resources types and names
+                  created for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2"
+                  ].'
+                type: object
+              version:
+                description: Version of Keycloak or RHSSO running on the cluster.
+                type: string
+            required:
+            - credentialSecret
+            - internalURL
+            - message
+            - phase
+            - ready
+            - version
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakusers_crd.yaml b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakusers_crd.yaml
new file mode 100644
index 000000000..4a192c3bf
--- /dev/null
+++ b/tools/intersmash-tools-provisioners/src/main/resources/crds/keycloak.org_keycloakusers_crd.yaml
@@ -0,0 +1,183 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: keycloakusers.keycloak.org
+spec:
+  group: keycloak.org
+  names:
+    kind: KeycloakUser
+    listKind: KeycloakUserList
+    plural: keycloakusers
+    singular: keycloakuser
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: KeycloakUser is the Schema for the keycloakusers API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KeycloakUserSpec defines the desired state of KeycloakUser.
+            properties:
+              realmSelector:
+                description: Selector for looking up KeycloakRealm Custom Resources.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+              user:
+                description: Keycloak User REST object.
+                properties:
+                  attributes:
+                    additionalProperties:
+                      items:
+                        type: string
+                      type: array
+                    description: A set of Attributes.
+                    type: object
+                  clientRoles:
+                    additionalProperties:
+                      items:
+                        type: string
+                      type: array
+                    description: A set of Client Roles.
+                    type: object
+                  credentials:
+                    description: A set of Credentials.
+                    items:
+                      properties:
+                        temporary:
+                          description: True if this credential object is temporary.
+                          type: boolean
+                        type:
+                          description: Credential Type.
+                          type: string
+                        value:
+                          description: Credential Value.
+                          type: string
+                      type: object
+                    type: array
+                  email:
+                    description: Email.
+                    type: string
+                  emailVerified:
+                    description: True if email has already been verified.
+                    type: boolean
+                  enabled:
+                    description: User enabled flag.
+                    type: boolean
+                  federatedIdentities:
+                    description: A set of Federated Identities.
+                    items:
+                      properties:
+                        identityProvider:
+                          description: Federated Identity Provider.
+                          type: string
+                        userId:
+                          description: Federated Identity User ID.
+                          type: string
+                        userName:
+                          description: Federated Identity User Name.
+                          type: string
+                      type: object
+                    type: array
+                  firstName:
+                    description: First Name.
+                    type: string
+                  groups:
+                    description: A set of Groups.
+                    items:
+                      type: string
+                    type: array
+                  id:
+                    description: User ID.
+                    type: string
+                  lastName:
+                    description: Last Name.
+                    type: string
+                  realmRoles:
+                    description: A set of Realm Roles.
+                    items:
+                      type: string
+                    type: array
+                  requiredActions:
+                    description: A set of Required Actions.
+                    items:
+                      type: string
+                    type: array
+                  username:
+                    description: User Name.
+                    type: string
+                type: object
+            required:
+            - user
+            type: object
+          status:
+            description: KeycloakUserStatus defines the observed state of KeycloakUser.
+            properties:
+              message:
+                description: Human-readable message indicating details about current
+                  operator phase or error.
+                type: string
+              phase:
+                description: Current phase of the operator.
+                type: string
+            required:
+            - message
+            - phase
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}