We are currently using keycloak for a very simple usecase that enables the Oauth2 client credential grants for sets of Apis behind nginx ingress controller on kubernetes.
Keycloak works well, as we can use the console to create the client, scope and maps to a specific resource server.
But what we have struggled with is how do we manage the keycloak changes? we are heavily depends on gitops with argocd for deploying kubernetes changes. With the keycloak operator, it only supports import. (From the documentation, seems like it does not even support update). Also, we have multiple environment, ideally we can codify it and move the changes from lower environment to higher environment.
Changes are made in YAML files stored in a Git repository, then deployed to your environments through a CI/CD pipeline.
Here's a breakdown of the GitOps workflow for managing keycloak changes:
Structure your keycloak configuration
Divide your configuration files into folders for each environment.
Define keycloak realms, clients, users, roles, and other settings using YAML files.
For Kubernetes deployments, use Kustomize files to patch environment-specific values on top of base configuration.
Implement a CI/CD pipeline
Set up triggers in your CI/CD tool to run pipelines on Git commits or pull requests.
Build your keycloak configuration files and prepare them for deployment.
Deploy your configurations to the target environment
See also this document for additional info