Keycloak

Production-ready Keycloak deployment for identity and access management, supporting SSO, OAuth 2.0, OIDC, and SAML.

Key Features

Identity management — SSO, user federation, social login
Protocol support — OAuth 2.0, OpenID Connect, SAML 2.0
External database — PostgreSQL or MySQL backend support
Ingress support — Configurable with ingressClassName and TLS
Metrics — Prometheus metrics with ServiceMonitor
Security — Non-root containers, network policies, pod security
Realm import — Automatic realm configuration on startup

Installation

HTTPS repository:

helm repo add helmforge https://repo.helmforge.dev
helm repo update
helm install my-keycloak helmforge/keycloak

OCI registry:

helm install my-keycloak oci://ghcr.io/helmforgedev/helm/keycloak

Basic Example

# values.yaml
auth:
  adminUser: admin
  adminPassword: "my-secret-password"

ingress:
  enabled: true
  ingressClassName: traefik
  hosts:
    - host: auth.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: keycloak-tls
      hosts:
        - auth.example.com

External Database Example

auth:
  adminUser: admin
  adminPassword: "my-secret-password"

database:
  vendor: postgres
  hostname: postgresql.database.svc
  port: 5432
  database: keycloak
  username: keycloak
  password: "db-password"

ingress:
  enabled: true
  ingressClassName: traefik
  hosts:
    - host: auth.example.com
      paths:
        - path: /
          pathType: Prefix

Key Values

Key	Default	Description
`auth.adminUser`	`admin`	Keycloak admin username
`auth.adminPassword`	`""`	Keycloak admin password
`database.vendor`	`h2`	Database vendor: `h2`, `postgres`, `mysql`
`database.hostname`	`""`	External database hostname
`ingress.enabled`	`false`	Enable ingress
`ingress.ingressClassName`	`traefik`	Ingress class
`replicaCount`	`1`	Number of Keycloak replicas
`metrics.enabled`	`false`	Enable Prometheus metrics

More Information

See the source code and full values reference on GitHub.