
Step-by-Step Centralized Authentication for K8s with Keycloak and Ambassador - crmccormick
https://blog.getambassador.io/centralized-authentication-with-keycloak-and-ambassador-edge-stack-d509ffbc7b6f
======
masonhensley
More orgs need to leverage keycloak more. I know java give some people shivers
here, but it's an excellent setup to help accelerate your authentication
needs, especially in the B2B space.

I'm not big on microservices unless your org is scaled people wise and need to
decouple your team, but I'm happy to outsource to Keycloak as an auth focused
service.

Cool integration in the k8's space.

~~~
saurabhsharan
[https://fusionauth.io/](https://fusionauth.io/) is also a more modern
alternative.

~~~
ForHackernews
More modern? Keycloak is only five or six years old!

------
bobberkarl
How is keycloak compared to Pomerium for example?

~~~
ForHackernews
Keycloak is an identity provider. It's an Oauth2/OpenIDConnect authorization
server. Pomerium looks to be some kind of proxy to enforce authorization (in
OAuth2 jargon, it would be a resource server).

Succinctly: Keycloak issues security tokens, Pomerium (I think) accepts
security tokens.

