How to manage keycloak using git-ops for multiple environment

Question

We are currently using keycloak for a very simple usecase that enables the Oauth2 client credential grants for sets of Apis behind nginx ingress controller on kubernetes.

Keycloak works well, as we can use the console to create the client, scope and maps to a specific resource server.

But what we have struggled with is how do we manage the keycloak changes? we are heavily depends on gitops with argocd for deploying kubernetes changes. With the keycloak operator, it only supports import. (From the documentation, seems like it does not even support update). Also, we have multiple environment, ideally we can codify it and move the changes from lower environment to higher environment.

Answer 1

Using Keycloak to manage changes in a Gitops workflow with ArgoCD can be challenging because of some limitations using Keycloak operator and the API's focusing on importing configurations.

Here are some suggestions that you can try:

1. Try storing external configurations

• Store Keycloak configurations like clients, roles, and mappings in YAML files outside of the Keycloak Operator manifests.

• Use ArgoCD to manage these YAML files alongside your other Kubernetes configurations.

• Leverage tools like keycloak-operator-client or custom scripts to dynamically apply these configs to Keycloak using the REST API. This allows granular control and updates beyond just imports.

2. You can try customizing the Keycloak Operator:

• Consider contributing to or forking the Keycloak Operator to incorporate update functionality.

• This requires familiarity with Go and the operator framework.

• Alternatively, explore existing community forks or tools that extend the operator's capabilities.