The goal is simple. Manage my IDM in a GitOps way. I wanted a declarative operational model to configure in an easy way all my OAuth2 clients, apart from keeping track of them.
It is fully operational, and I've been using it for 6 months. In this time I've being listening the community and with some mates we improved the edge cases and tune the operator to be bullet proof.
It was working perfectly since the first day, no bugs, just minor tweaks. I handwrote it 1 year ago with a strong architecture and intensive e2e testing. Currently, I use AI for maintaining it and applying fast tweaks, it helped me keep the feedback loop fast and the tool maintainable and full of features.
The performance is great, the consumption of resources for the full services is pretty low, thanks to Rust and a good engineering job. Kanidm is awesome in that part because it doesn't require any external database, and the footprint is minimal.
I would especially like feedback on: - operator shape and CRD ergonomics - whether the GitOps identity-management angle is useful in practice - what people would expect from upgrades, backups and day-2 operations