About

The Keycloak Operator is a Kubernetes operator developed by Hostzero that manages Keycloak instances through the Keycloak Admin API. The overall goal is to provide a cloud-native management interface for Keycloak instances.

Features

• Declarative Configuration: Manage Keycloak resources as Kubernetes Custom Resources
• Automatic Synchronization: Changes to CRs are automatically applied to Keycloak
• Secret Management: Client secrets are automatically synced to Kubernetes Secrets
• Status Tracking: Resource status reflects the current state in Keycloak
• Finalizers: Proper cleanup when resources are deleted

Goals

• Manage Keycloak instances solely through Kubernetes resources
• Provide a GitOps-friendly way to manage Keycloak configuration
• Enable infrastructure-as-code for identity management
• Support multiple Keycloak instances from a single operator

Non-Goals

• Manage the deployment of Keycloak instances (use Keycloak Operator or Helm for that)
• Support other IdM solutions than Keycloak

Supported Resources

The operator manages Keycloak through a set of Custom Resource Definitions covering instances, realms, clients, users, groups, roles, identity providers, federation components, authentication flows, organizations, and more.

A minimal example looks like this:

apiVersion: keycloak.hostzero.com/v1beta1
kind: KeycloakRealm
metadata:
  name: my-realm
spec:
  instanceRef:
    name: my-keycloak
  definition:
    realm: my-realm
    enabled: true
    displayName: My Realm

See Custom Resource Definitions for the full list of supported resources and their schemas.

Enterprise Support

This operator is developed and maintained by Hostzero GmbH, a provider of sovereign IT infrastructure and security solutions based in Germany.

For organizations with critical infrastructure needs (KRITIS), we offer:

→ Contact Hostzero for enterprise solutions

License

This project is licensed under the MIT License. See the LICENSE file for details.