Skip to content

ADR-047: Managed Keycloak for quick start

Category: architecture Provenance: human

Decision

Provide managed Keycloak option (operator deploys Keycloak) for quick start experience. No separate Keycloak installation required to begin using operator.

Rationale

Managed Keycloak reduces time-to-first-value. Users can deploy operator and start creating realms/clients immediately without separate Keycloak setup. Lowers adoption barrier for evaluation and development. Operator can optimize Keycloak configuration for its use cases. Still support external Keycloak for production where Keycloak is managed separately. Best of both worlds.

Agent Instructions

Implement Keycloak CRD deployment mode where operator manages full Keycloak lifecycle: deployment, configuration, upgrades. Provide sensible defaults for getting started. Include quickstart examples with managed Keycloak. Document both managed and external modes clearly.

Rejected Alternatives

External Keycloak only

High barrier to entry. Users must deploy Keycloak manually before using operator. Complicates getting started.

Managed Keycloak only

Doesn't support existing Keycloak deployments. Forces users to migrate.