add keycloak usage guide

[yuhaosdl]

Summary by CodeRabbit

• Documentation
  • Added comprehensive Keycloak documentation covering overview, key features, use cases, and comparison with alternatives.
  • Includes Kubernetes quick start with PostgreSQL and Keycloak deployment examples, admin access and port-forward guidance, production considerations (ingress/TLS), a Red Hat SSO → Keycloak migration guide (export/import workflow), and reference materials.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added a new Keycloak documentation guide covering architecture, features, Kubernetes quick-start deployments (Postgres + Keycloak YAML), admin console access, and RH-SSO→Keycloak migration steps with export/import commands and examples.

Changes

Cohort / File(s)	Summary
Documentation docs/en/solutions/Keycloak_Guide.md	New comprehensive Keycloak guide: overview, features, use cases, Keycloak vs RH-SSO, Kubernetes quick-start (Postgres + Keycloak YAML), deployment/access steps (port-forward, admin creds), migration workflow (export/import, cross-cluster copy, import commands), production notes, references.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A guide arrives with a curious hop,
Secrets of realms and tokens to crop,
YAML and kubectl neatly in line,
Migrations and consoles—everything fine,
I nibble a carrot and celebrate the drop. 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'add keycloak usage guide' accurately summarizes the main change: adding a new comprehensive Keycloak documentation file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@docs/en/solutions/Keycloak_Guide.md`:
- Around line 50-100: The StatefulSet's serviceName "postgresql-db-service" does
not match the Service's metadata name "postgres-db", causing the headless
service linkage to fail; update one of them so they match (either change the
StatefulSet's serviceName to "postgres-db" or rename the Service metadata.name
to "postgresql-db-service") ensuring the Service selector/ports remain correct
for the postgresql-db StatefulSet.
- Around line 86-87: The snippet defines a volume named "cache-volume" using
emptyDir which causes data loss on pod restarts; update the docs next to the
"cache-volume" entry to add a clear warning that emptyDir is unsuitable for
PostgreSQL in production and recommend using a PersistentVolumeClaim (PVC) or
other persistent storage solution instead, and include a brief note explaining
that emptyDir is acceptable for dev/test only and will lose data if the pod is
deleted, restarted, or rescheduled.

🧹 Nitpick comments (3)

docs/en/solutions/Keycloak_Guide.md (3)

17-18: Add blank line before table.

Markdown tables should be surrounded by blank lines for proper rendering and consistency.

📝 Proposed fix

 # Keycloak vs Red Hat Single Sign-On (RH-SSO)
+
 | Category               | Keycloak                                  | Red Hat Single Sign-On (RH-SSO)                          |

---

192-192: Minor: Consider hyphenating "basic-auth-type".

For consistency with Kubernetes terminology, "basic-auth type Secret" could be written as "basic-auth-type Secret."

---

216-224: Minor: Add language identifier to code block.

The fenced code block should specify a language (e.g., text) for proper syntax highlighting and linting compliance.

📝 Proposed fix

 ### Overall Migration Process
-```
+```text
 RH-SSO (OpenShift)
    ↓ Export as JSON file

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8943816 and ef47e9e.

📒 Files selected for processing (1)

• docs/en/solutions/Keycloak_Guide.md

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2026-01-13T11:25:34.596Z

Learnt from: jing2uo
Repo: alauda/knowledge PR: 104
File: docs/en/solutions/How_to_Migrate_VirtualMachine_From_VMware.md:131-172
Timestamp: 2026-01-13T11:25:34.596Z
Learning: In VMware migration documentation (docs/en/solutions), when describing the Forklift Operator workflow for VMware, specify that the VMware provider secret should set insecureSkipVerify=true to accommodate self-signed certificates commonly used in enterprise vCenter/ESXi environments. Include a note on the security trade-offs and ensure readers understand this is for internal, controlled environments.

Applied to files:

• docs/en/solutions/Keycloak_Guide.md

🪛 LanguageTool

docs/en/solutions/Keycloak_Guide.md

[style] ~2-~2: Consider using a more concise synonym.
Context: ...ons, APIs and microservices, supporting a variety of mainstream identity authentication prot...

(A_VARIETY_OF)

---

[grammar] ~192-~192: Use a hyphen to join words.
Context: ...stores these credentials as a basic-auth type Secret object, which is in the same...

(QB_NEW_EN_HYPHEN)

🪛 markdownlint-cli2 (0.18.1)

docs/en/solutions/Keycloak_Guide.md

18-18: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

---

216-216: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@docs/en/solutions/Keycloak_Guide.md`:
- Around line 17-18: Add a single blank line between the header "# Keycloak vs
Red Hat Single Sign-On (RH-SSO)" and the start of the table row "| Category     
| Keycloak                                  | Red Hat Single Sign-On (RH-SSO)   
|" so the Markdown table renders correctly; update the Keycloak_Guide.md content
by inserting the blank line immediately after the header line and before the
table line.
- Around line 218-226: The code block containing the migration flow diagram
lacks a language identifier; update the opening fence of that triple-backtick
block to include a language token (e.g., change ``` to ```text) so the block is
rendered as plain text; locate the diagram block in Keycloak_Guide.md and modify
its opening fence accordingly while leaving the block contents and closing fence
unchanged.

🧹 Nitpick comments (3)

docs/en/solutions/Keycloak_Guide.md (3)

111-119: Consider explicitly specifying the database name.

While Keycloak defaults to database name "keycloak", explicitly specifying it in the CR improves clarity and prevents potential misconfiguration in production environments.

📝 Suggested enhancement

   db:
     vendor: postgres
     host: postgres-db
+    database: keycloak
     usernameSecret:
       name: keycloak-db-secret
       key: username

---

169-171: Explicitly enable ingress in production example.

While setting className and tlsSecret may imply ingress usage, explicitly setting enabled: true ensures clarity and prevents misconfiguration.

📝 Suggested enhancement

   ingress:
+    enabled: true
     className: nginx
     tlsSecret: example-tls-secret

---

249-249: Add caution about the --override flag.

The --override true flag will replace existing realms with the same name. Consider adding an explicit warning to prevent accidental data loss in production environments.

⚠️ Suggested documentation improvement

 ## Execute the import command
+# CAUTION: --override true will replace existing realms with the same name
 /opt/keycloak/bin/kc.sh import --file /tmp/sso-export.json --override true

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add blank line before table.

The comparison table should be preceded by a blank line for proper Markdown rendering.

📝 Proposed fix

 
 # Keycloak vs Red Hat Single Sign-On (RH-SSO)
+
 | Category               | Keycloak                                  | Red Hat Single Sign-On (RH-SSO)                          |

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Keycloak vs Red Hat Single Sign-On (RH-SSO)
	| Category | Keycloak | Red Hat Single Sign-On (RH-SSO) |
	# Keycloak vs Red Hat Single Sign-On (RH-SSO)
	| Category | Keycloak | Red Hat Single Sign-On (RH-SSO) |

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

18-18: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

🤖 Prompt for AI Agents

In `@docs/en/solutions/Keycloak_Guide.md` around lines 17 - 18, Add a single blank
line between the header "# Keycloak vs Red Hat Single Sign-On (RH-SSO)" and the
start of the table row "| Category               | Keycloak                     
| Red Hat Single Sign-On (RH-SSO)                          |" so the Markdown
table renders correctly; update the Keycloak_Guide.md content by inserting the
blank line immediately after the header line and before the table line.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Specify language for code block.

The migration flow diagram should specify a language identifier (e.g., text) for proper rendering.

📝 Proposed fix

-```
+```text
 RH-SSO (OpenShift)
    ↓ Export as JSON file

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	```
	RH-SSO (OpenShift)
	↓ Export as JSON file
	Local Server
	↓ Copy the migration file
	Keycloak (Kubernetes)
	↓ Import JSON file
	Migration Completed
	```

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

218-218: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

In `@docs/en/solutions/Keycloak_Guide.md` around lines 218 - 226, The code block
containing the migration flow diagram lacks a language identifier; update the
opening fence of that triple-backtick block to include a language token (e.g.,
change ``` to ```text) so the block is rendered as plain text; locate the
diagram block in Keycloak_Guide.md and modify its opening fence accordingly
while leaving the block contents and closing fence unchanged.