Keycloak infrastructure as Code (IaC) approach


I’ve a question regarding Keycloak and IaC approach:

We consider to use KC as our SSO solution, but we’ve met some difficulties with it. Our solution is hosted in kubernetes and all our infrastructure including settings is stored as code.
I’ve managed to get KC working in cluster mode in K8s. But there are problems with storing realm configuration. Initially I used realm export/import as approach to store configuration, it didn’t work well with KC 7.0 (for example roles assigned to clients doesn’t work after import). With upgrade to KC 8+ import stopped working at all (with exception: java.lang.RuntimeException: Script upload is disabled) which is confusing as I don’t upload any scripts.
And an idea that I’m missing something came to my mind.

So the question is: Are there any recommended approaches to store/restore/apply patches KC realm configuration?

The basic scenarios are:

  1. Start of a new environment for tests, etc. (KC realm should be completely restored)
  2. Apply configuration (apply patch) on running and configured KC realm: update of staging / live environment.
  3. Creating of the configuration patch/complete config when changes required.
    And all of that with IaC
1 Like

I’m very happy you asked about this @cspwizard !

Recently we started working on a new initiative called Keycloak Operator. This should actually work quite nicely in terms of spinning up, backing up and copying realms.

Please give it a try and if you can’t find what you need, please let us know on Keycloak Dev Group.

1 Like