Best practices when securing multiple applications in kubernetes

Is the best practice to create clients for each application and secure in this manner? We have combinations of applications that support oidc, others do not and also many APIs. Would you recommend grouping each application per client or is single client for all ok?

The client can’t be configured for all apps. For example some config options are binary options (e. g. client cannot be public and not public at the same time). Also when client secret is exposed, then it should be minimal security problem. So good practise is to have dedicated client for each app.

2 Likes

I’m wondering what the drawback is to declaring all clients?

Some scaling issue in Keycloak?

(otherwise, by default, one client for each app, if only that it’s the way to do it, so most probably you’ll run into bad surprises later if you don’t, but also for modularity reasons)

@jangaraj thanks for the response. This makes sense and we will proceed to add client per application.