Tutorials
This article explores Keycloak's persistent efforts to join the Cloud Native Computing Foundation, detailing its development, core functionalities, and the challenges it has faced on its path to broader cloud-native integration.
Keycloak: Bridging Identity Management with Cloud Native Innovation
Keycloak's Ambition for Cloud Native Recognition
Keycloak, an identity and access management (IAM) solution predominantly backed by Red Hat, has seen considerable acceptance within the tech community. However, its overarching ambition since late 2018 has been to achieve official recognition and integration with the Cloud Native Computing Foundation (CNCF). This pursuit underscores its developers' commitment to aligning the project with leading cloud-native standards.
Initial Obstacles and Renewed Efforts for CNCF Entry
The initial attempt by Keycloak to enter the CNCF aimed for an incubating-level status, a goal that was not met at the time. Undeterred, the project has since reapplied, seeking a sandbox-level inclusion. This renewed application is fortified by growing endorsements from major corporations like Bosch, Cisco, and Hitachi, signaling strong industry confidence. Keycloak's inception in 2014 was driven by a core objective: simplifying the integration of security features into applications, a task that many developers found overly complex and costly.
Addressing the Complexity of Identity and Access Management
According to Rich Sharples, a senior director of product management at Red Hat, the creation of Keycloak stemmed from a perceived difficulty in implementing robust identity and access management. Developers often struggled with integrating security, especially for complex features like single sign-on in cloud-native applications. Keycloak was conceptualized by a group of Red Hat developers to streamline this process, offering a more developer-centric approach to security in modern application development, including social logins, federated security, and integration with backend systems like Active Directory or LDAP.
Keycloak's Foundational Role in Application Security
At its heart, Keycloak is designed to simplify authentication processes across diverse application environments. It provides essential features such as single sign-on, user federation, identity brokering, and social login capabilities, all managed through an intuitive administration console. Keycloak abstracts the complexities of authentication, operating seamlessly in both traditional and containerized setups, independent of an application's architecture. This means applications can offload user authentication to Keycloak, allowing them to focus on core functionalities without managing login forms or user storage. Furthermore, Keycloak handles state management, a common challenge in containerized applications, freeing developers from this concern.
Emphasizing Cloud-Native Compatibility from Inception
From its earliest stages, Keycloak was developed with containerized environments in mind, with Red Hat OpenShift being a primary target. Sharples highlights its suitability for securing individual microservices and their interactions, contrasting it with more cumbersome solutions. Keycloak’s design inherently supports cloud-native development, ensuring it fits easily within container infrastructures.
Navigating Criticisms and Demonstrating Cloud-Native Credentials
During its first CNCF application, Joe Beda, a co-creator of Kubernetes and a CNCF TOC member, questioned Keycloak’s cloud-native alignment, pointing to its installation instructions and perceived ties to Red Hat's commercial offerings. In response, Boleslaw Dawidowicz, Red Hat’s senior manager overseeing Keycloak’s CNCF application, clarified that these were primarily documentation issues, citing a Docker image with millions of pulls as evidence of its cloud-native readiness. Dawidowicz also noted the project's diverse contributor base and plans for evolving governance to include more non-Red Hat maintainers.
Advancements with Keycloak.X and Future Outlook Amidst Global Challenges
Keycloak recently released version 10.0.1, building on the announcement of Keycloak.X, a leaner, more future-proof iteration. Keycloak.X aims to simplify configuration, scaling, and extensibility, introducing support for zero-downtime upgrades and continuous delivery. This new version will also feature an enhanced storage layer and a distribution powered by Quarkus, a Kubernetes-Native Java framework also supported by Red Hat. However, the ongoing pandemic has shifted immediate priorities, with a focus on supporting existing customers rather than rushing new products to market. Despite this, Keycloak’s bid for CNCF inclusion is progressing, bolstered by strong community and vendor support, reaffirming its commitment to joining the sandbox level.