Sign in Subscribe
Concepts

Deploying Keycloak on Kubernetes with Helm Chart

Andrios Robert

1 min read

The cluster’s heartbeat is silent until Keycloak takes its place. A single chart can bring it to life.

Deploying Keycloak with a Helm chart is direct, fast, and repeatable. Helm abstracts away Kubernetes complexity, letting you define identity management as code. With the right values configured, you can get Keycloak running in minutes and scale it across environments without manual steps.

Why use Helm for Keycloak

A Keycloak Helm Chart gives you a packaged deployment with clear parameters. It bundles StatefulSets, Services, Ingress, ConfigMaps, and Secrets into a versioned artifact. You can track changes, roll back, or upgrade with a single command. This makes CI/CD integration simple and avoids fragile, hand-written YAML files.

Prerequisites

  • A Kubernetes cluster (v1.20+)
  • kubectl installed and configured
  • Helm CLI installed (v3+)
  • Persistent storage provisioner in the cluster
  • DNS or LoadBalancer access for UI exposure

Deployment steps

  1. Access the UI: Expose via Ingress or LoadBalancer. Example Ingress configuration can be added in your values.yaml.

Verify pods:

kubectl get pods -n keycloak

Install the chart with custom values:

helm install keycloak codecentric/keycloak \
 --namespace keycloak \
 --set keycloak.username=admin \
 --set keycloak.password=strongpassword

Create a namespace:

kubectl create namespace keycloak

Add the chart repository:

helm repo add codecentric https://codecentric.github.io/helm-charts
helm repo update

Configuration tips

  • Set resources.limits to ensure predictable performance.
  • Configure an external database for production workloads.
  • Use extraEnv to pass environment variables for realm and client bootstrapping.
  • Enable TLS at the ingress level for secure admin login.

Scaling Keycloak

Define replicaCount in values.yaml to scale horizontally. Combine with Kubernetes HPA for automatic load-based scaling. Use session clustering features to sync authentication state across pods.

Keycloak Helm Chart deployment turns identity management from a manual chore into a reproducible, controlled operation. It fits seamlessly into a GitOps workflow, lowers operational risk, and ensures you can roll out changes without interrupting service.

Want to see this in action without writing a single manifest? Spin it up live in minutes at hoop.dev and watch your cluster serve identity like it was built to.