I am currently implementing update reconciliation for KeycloakRealm as well as other stuff which we require to manage multiple keycloaks. Question is are you interested in this, if so I will structure a couple of prs as well as tests.
I've read some things about Keycloak x operator here so not sure thats why I'm asking first before adding more things.
preview here: https://github.com/keycloak/keycloak-operator/compare/master...DoodleScheduling:identity-provider?expand=1
The following things are done:
* Remove the unmanaged condition, there is no need for this as it works perfectly with external keycloaks. The only place where the unmanaged field is required is in the Keycloak instance to not roll it out. There is no need to prevent a realm to be reconciled.
* Adding many missing fields to KeycloakRealm
* Adding suspend reconciliation to all Keycloak* resources
* The realm now gets updated if the realm field applyUpdates is set to true to be backwards compatible though from a k8s perspective there should be no such field and should be removed in a newer api version.
* I've implemented top level realm updates as well clientScopes, will add other sub level resources too.
* A new KeycloakIdentityProvider crd is introduced. Its actually the only one which makes sense. It would be unreasonable to create crds for each sub level resource of a Realm. In the case of KeycloakIdentityProvider it can refer to a k8s secret to load in secret information including especially the clientSecret. That way secrets can be kept as secrets from a k8s point of view. Everything else will be part of the realm reconciliation.