diff --git a/charts/keycloak/.helmignore b/charts/keycloak/.helmignore
new file mode 100644
index 0000000..207983f
--- /dev/null
+++ b/charts/keycloak/.helmignore
@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# img folder
+img/
+# Changelog
+CHANGELOG.md
diff --git a/charts/keycloak/CHANGELOG.md b/charts/keycloak/CHANGELOG.md
new file mode 100644
index 0000000..a1d8464
--- /dev/null
+++ b/charts/keycloak/CHANGELOG.md
@@ -0,0 +1,1756 @@
+# Changelog
+
+## 24.9.1 (2025-08-07)
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references ([#35578](https://github.com/bitnami/charts/pull/35578))
+
+## 24.9.0 (2025-08-04)
+
+* feat(keycloak/ingress): support template value for ingress and admin … (#35025) ([da4aaf3](https://github.com/bitnami/charts/commit/da4aaf376e800760fd5ada2b07e3c85c7c8ddd95)), closes [#35025](https://github.com/bitnami/charts/issues/35025)
+* [bitnami/*] docs: update BSI warning on charts' notes (#35340) ([07483a5](https://github.com/bitnami/charts/commit/07483a5ed964b409266dc025e4b55bf2eb0f621c)), closes [#35340](https://github.com/bitnami/charts/issues/35340)
+
+## <small>24.8.1 (2025-07-24)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#35278) ([7e8888d](https://github.com/bitnami/charts/commit/7e8888d3748c31f4081c3ce9aa9e99b8750f0701)), closes [#35278](https://github.com/bitnami/charts/issues/35278)
+
+## 24.8.0 (2025-07-21)
+
+* [bitnami/*] Adapt main README and change ascii (#35173) ([73d15e0](https://github.com/bitnami/charts/commit/73d15e03e04647efa902a1d14a09ea8657429cd0)), closes [#35173](https://github.com/bitnami/charts/issues/35173)
+* [bitnami/*] Adapt welcome message to BSI (#35170) ([e1c8146](https://github.com/bitnami/charts/commit/e1c8146831516fb35de736a6f3fd10e5e7a44286)), closes [#35170](https://github.com/bitnami/charts/issues/35170)
+* [bitnami/*] Add BSI to charts' READMEs (#35174) ([4973fd0](https://github.com/bitnami/charts/commit/4973fd08dd7e95398ddcc4054538023b542e19f2)), closes [#35174](https://github.com/bitnami/charts/issues/35174)
+* [bitnami/keycloak] Add support for customization of the Keycloak database schema (#35211) ([aea8732](https://github.com/bitnami/charts/commit/aea8732d32649ae7401c5a951cf0f0519fda907b)), closes [#35211](https://github.com/bitnami/charts/issues/35211)
+
+## <small>24.7.7 (2025-07-11)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#35004) ([827692c](https://github.com/bitnami/charts/commit/827692c4bf27135087b0287ff595440a59dfac85)), closes [#35004](https://github.com/bitnami/charts/issues/35004)
+
+## <small>24.7.6 (2025-07-09)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#34977) ([14ed3a1](https://github.com/bitnami/charts/commit/14ed3a17a40d05a10591c5fc7d3717c804093d08)), closes [#34977](https://github.com/bitnami/charts/issues/34977)
+
+## <small>24.7.5 (2025-07-02)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#34768) ([06b5c03](https://github.com/bitnami/charts/commit/06b5c0369578c9354a431c7e94105cdf5845d570)), closes [#34768](https://github.com/bitnami/charts/issues/34768)
+
+## <small>24.7.4 (2025-06-11)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#34343) ([6a2bc60](https://github.com/bitnami/charts/commit/6a2bc60e0b733c65dbd41d845d7d770d5982ab32)), closes [#34343](https://github.com/bitnami/charts/issues/34343)
+
+## <small>24.7.3 (2025-05-28)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#33943) ([007a5df](https://github.com/bitnami/charts/commit/007a5df8e73f1e062940bedf3763d91abdc498e4)), closes [#33943](https://github.com/bitnami/charts/issues/33943)
+
+## <small>24.7.2 (2025-05-28)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#33930) ([41ef43f](https://github.com/bitnami/charts/commit/41ef43f4ef7d091f75739eba41916b6e716e8e3f)), closes [#33930](https://github.com/bitnami/charts/issues/33930)
+
+## <small>24.7.1 (2025-05-22)</small>
+
+* [bitnami/keycloak] fix: preserve timestamps in init script (#33812) ([f3ec521](https://github.com/bitnami/charts/commit/f3ec521adf17b1e836760f963c99f8e129bbd276)), closes [#33812](https://github.com/bitnami/charts/issues/33812)
+
+## 24.7.0 (2025-05-19)
+
+* [bitnami/keycloak] Improvements to Keycloak cache handling (#32885) ([b2500eb](https://github.com/bitnami/charts/commit/b2500ebf9a4b983f8975d0d426a9c1473453fe1f)), closes [#32885](https://github.com/bitnami/charts/issues/32885)
+
+## <small>24.6.7 (2025-05-13)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#33671) ([15a8f8a](https://github.com/bitnami/charts/commit/15a8f8a55a365316236d089a3f802f7364a4d060)), closes [#33671](https://github.com/bitnami/charts/issues/33671)
+* [bitnami/kubeapps] Deprecation followup (#33579) ([77e312c](https://github.com/bitnami/charts/commit/77e312c1772d4d7c4dc5d3ac0e80f4e452e3a062)), closes [#33579](https://github.com/bitnami/charts/issues/33579)
+
+## <small>24.6.6 (2025-05-08)</small>
+
+* [bitnami/keycloak] :zap: :arrow_up: Update dependency references (#33565) ([e750bc1](https://github.com/bitnami/charts/commit/e750bc1d7f2228c15181e003b6589eff8133d155)), closes [#33565](https://github.com/bitnami/charts/issues/33565)
+
+## <small>24.6.5 (2025-05-06)</small>
+
+* [bitnami/keycloak] chore: :recycle: :arrow_up: Update common and remove k8s < 1.23 references (#3338 ([c347b21](https://github.com/bitnami/charts/commit/c347b21d2da034bce20f223f6bc2b7db9514b6d4)), closes [#33380](https://github.com/bitnami/charts/issues/33380)
+
+## <small>24.6.4 (2025-05-05)</small>
+
+* [bitnami/keycloak] Release 24.6.4 (#33327) ([848d1fd](https://github.com/bitnami/charts/commit/848d1fd7d3d1c44af4e2f098a1d367b79d3cb9d5)), closes [#33327](https://github.com/bitnami/charts/issues/33327)
+
+## <small>24.6.3 (2025-04-30)</small>
+
+* [bitnami/keycloak] Release 24.6.3 (#33258) ([442b42e](https://github.com/bitnami/charts/commit/442b42e0cbc6fc37765ff46030315d0260a01075)), closes [#33258](https://github.com/bitnami/charts/issues/33258)
+
+## <small>24.6.2 (2025-04-29)</small>
+
+* [bitnami/keycloak] Allow tpl of external database + external user (#33194) ([87cf760](https://github.com/bitnami/charts/commit/87cf7606054714f8ce435329285f3d0932fec595)), closes [#33194](https://github.com/bitnami/charts/issues/33194)
+
+## <small>24.6.1 (2025-04-23)</small>
+
+* [bitnami/keycloak] Release 24.6.1 (#33140) ([1be4740](https://github.com/bitnami/charts/commit/1be4740fad6e55faf8fee98e0e7ea04a15a93c77)), closes [#33140](https://github.com/bitnami/charts/issues/33140)
+
+## 24.6.0 (2025-04-23)
+
+* [bitnami/keycloak] Making keycloak config cli Availability Check configurable (#33130) ([0d4a0eb](https://github.com/bitnami/charts/commit/0d4a0ebad0f54693bfb92211b88500c638c53316)), closes [#33130](https://github.com/bitnami/charts/issues/33130)
+
+## <small>24.5.8 (2025-04-23)</small>
+
+* [bitnami/keycloak] Fix Keycloak external DB secret keys (#33117) ([afdd69c](https://github.com/bitnami/charts/commit/afdd69c8b509c8667cbb24b53ace764d7c77ff8d)), closes [#33117](https://github.com/bitnami/charts/issues/33117)
+
+## <small>24.5.7 (2025-04-22)</small>
+
+* [bitnami/keycloak] Dynamic tpl rendering of the external database port (#33040) ([43e308c](https://github.com/bitnami/charts/commit/43e308c340e6bc97bcda538be220c0866889dfe6)), closes [#33040](https://github.com/bitnami/charts/issues/33040)
+
+## <small>24.5.6 (2025-04-21)</small>
+
+* [bitnami/keycloak] Release 24.5.5 (#32980) ([20bfbca](https://github.com/bitnami/charts/commit/20bfbcad6062d5b369ede5ff56c157edccffeb4b)), closes [#32980](https://github.com/bitnami/charts/issues/32980)
+
+## <small>24.5.5 (2025-04-21)</small>
+
+* [bitnami/keycloak] Added themes to the list of writable dirs (#32993) ([7fb4af5](https://github.com/bitnami/charts/commit/7fb4af548b0cfe95748d654bb61ecb1f84fc3540)), closes [#32993](https://github.com/bitnami/charts/issues/32993)
+
+## <small>24.5.4 (2025-04-15)</small>
+
+* [bitnami/keycloak] bugfix: add prefix on projected db secret keys (#33004) ([5909cc7](https://github.com/bitnami/charts/commit/5909cc71c60b24b405bcc23562030de7953c38db)), closes [#33004](https://github.com/bitnami/charts/issues/33004)
+
+## <small>24.5.3 (2025-04-11)</small>
+
+* [bitnami/keycloak] Release 24.5.3 (#32970) ([5f9e017](https://github.com/bitnami/charts/commit/5f9e0175fa8e09211ccb591d36abcbe9abfd71a3)), closes [#32970](https://github.com/bitnami/charts/issues/32970)
+
+## <small>24.5.2 (2025-04-11)</small>
+
+* [bitnami/keycloak] Release 24.5.2 (#32968) ([2c775ce](https://github.com/bitnami/charts/commit/2c775ce92ee74c9222f060369bfaeed849f95efb)), closes [#32968](https://github.com/bitnami/charts/issues/32968)
+
+## <small>24.5.1 (2025-04-07)</small>
+
+* [bitnami/keycloak] Change .Release.Name to (include "common.names.fullname) ([c3573fd](https://github.com/bitnami/charts/commit/c3573fdc21301f06007546ad4faadab598f6305d))
+
+## 24.5.0 (2025-04-04)
+
+* [bitnami/keycloak] Set `usePasswordFiles=true` by default (#32594) ([6206296](https://github.com/bitnami/charts/commit/620629645b6354dc79fd49c5e33e794ab569d024)), closes [#32594](https://github.com/bitnami/charts/issues/32594)
+
+## <small>24.4.14 (2025-04-01)</small>
+
+* [bitnami/keycloak] Release 24.4.14 (#32707) ([4b6ae25](https://github.com/bitnami/charts/commit/4b6ae257d1f2710f3c13d858e4a39d219b75df2b)), closes [#32707](https://github.com/bitnami/charts/issues/32707)
+
+## <small>24.4.13 (2025-03-13)</small>
+
+* [bitnami/*] Add tanzuCategory annotation (#32409) ([a8fba5c](https://github.com/bitnami/charts/commit/a8fba5cb01f6f4464ca7f69c50b0fbe97d837a95)), closes [#32409](https://github.com/bitnami/charts/issues/32409)
+* [bitnami/keycloak] Release 24.4.13 (#32446) ([af8d013](https://github.com/bitnami/charts/commit/af8d01385b9fba2b809351b06bfa75d4a32ab178)), closes [#32446](https://github.com/bitnami/charts/issues/32446)
+
+## <small>24.4.12 (2025-03-11)</small>
+
+* [bitnami/keycloak] Update secret-external-db namespace to use common helper value (#32379) ([8e0642d](https://github.com/bitnami/charts/commit/8e0642dbec69b757b4313e5bfed9065d4c9765d0)), closes [#32379](https://github.com/bitnami/charts/issues/32379)
+
+## <small>24.4.11 (2025-02-28)</small>
+
+* [bitnami/keycloak] Release 24.4.11 (#32211) ([932c291](https://github.com/bitnami/charts/commit/932c2910f0b648bbdb006a1122792e6363b3b17a)), closes [#32211](https://github.com/bitnami/charts/issues/32211)
+
+## <small>24.4.10 (2025-02-17)</small>
+
+* [bitnami/*] Use CDN url for the Bitnami Application Icons (#31881) ([d9bb11a](https://github.com/bitnami/charts/commit/d9bb11a9076b9bfdcc70ea022c25ef50e9713657)), closes [#31881](https://github.com/bitnami/charts/issues/31881)
+* [bitnami/keycloak] Release 24.4.10 (#31951) ([0e98679](https://github.com/bitnami/charts/commit/0e98679e34dd8dd0098f4b0e4db96f8c69aa5a58)), closes [#31951](https://github.com/bitnami/charts/issues/31951)
+
+## <small>24.4.9 (2025-02-05)</small>
+
+* [bitnami/keycloak] Release 24.4.9 (#31788) ([0226b05](https://github.com/bitnami/charts/commit/0226b05a1ce8f96c707064f899f67313af7a5553)), closes [#31788](https://github.com/bitnami/charts/issues/31788)
+* Update copyright year (#31682) ([e9f02f5](https://github.com/bitnami/charts/commit/e9f02f5007068751f7eb2270fece811e685c99b6)), closes [#31682](https://github.com/bitnami/charts/issues/31682)
+
+## <small>24.4.8 (2025-01-31)</small>
+
+* [bitnami/keycloak] reverts(#30368) (#31227) ([328ffc4](https://github.com/bitnami/charts/commit/328ffc4dda3229d9093819942d5d6d8057ecc201)), closes [#30368](https://github.com/bitnami/charts/issues/30368) [#31227](https://github.com/bitnami/charts/issues/31227) [#30368](https://github.com/bitnami/charts/issues/30368)
+
+## <small>24.4.7 (2025-01-28)</small>
+
+* [bitnami/keycloak] Release 24.4.7 (#31625) ([22cc5c7](https://github.com/bitnami/charts/commit/22cc5c7fa8eef1895f5d2b38fc7895e860fa4654)), closes [#31625](https://github.com/bitnami/charts/issues/31625)
+
+## <small>24.4.6 (2025-01-21)</small>
+
+* [bitnami/keycloak] Improve keycloak value file comments on extraEnvVars property (#31054) ([fb276fe](https://github.com/bitnami/charts/commit/fb276feeb53dace5c792d8cbf8a6a77162425ae1)), closes [#31054](https://github.com/bitnami/charts/issues/31054)
+
+## <small>24.4.5 (2025-01-20)</small>
+
+* [bitnami/keycloak] Fix quotes for handling KC_PROXY_HEADER when options is set to passthrough (#3145 ([cd8d753](https://github.com/bitnami/charts/commit/cd8d753aa9af28a55c935c85cae5f967096eba5b)), closes [#31459](https://github.com/bitnami/charts/issues/31459)
+
+## <small>24.4.4 (2025-01-15)</small>
+
+* [bitnami/keycloak] Release 24.4.4 (#31380) ([820f59b](https://github.com/bitnami/charts/commit/820f59b6f9be409f7c9f0a3881975f451fe49174)), closes [#31380](https://github.com/bitnami/charts/issues/31380)
+
+## <small>24.4.3 (2025-01-14)</small>
+
+* [bitnami/keycloak] Release 24.4.3 (#31369) ([2276613](https://github.com/bitnami/charts/commit/2276613499faf4a44286e8bdc519f69ed9d7fa77)), closes [#31369](https://github.com/bitnami/charts/issues/31369)
+
+## <small>24.4.2 (2025-01-13)</small>
+
+* [bitnami/keycloak] Release 24.4.2 (#31340) ([e81606c](https://github.com/bitnami/charts/commit/e81606cb05043717405bc44e97e41b12dfe9992a)), closes [#31340](https://github.com/bitnami/charts/issues/31340)
+
+## <small>24.4.1 (2025-01-12)</small>
+
+* [bitnami/keycloak] Release 24.4.1 (#31305) ([24fc9ab](https://github.com/bitnami/charts/commit/24fc9abfdbb376fe367345c367fdd433d0ec1bde)), closes [#31305](https://github.com/bitnami/charts/issues/31305)
+
+## 24.4.0 (2025-01-10)
+
+* [bitnami/keycloak] add option to use dedicated version bound headless service for jgroups discovery  ([d1a8d92](https://github.com/bitnami/charts/commit/d1a8d923c78fb5d170267ef8554ae47c29864f59)), closes [#31271](https://github.com/bitnami/charts/issues/31271) [#31072](https://github.com/bitnami/charts/issues/31072)
+
+## <small>24.3.2 (2024-12-30)</small>
+
+* [bitnami/*] Fix typo in README (#31052) ([b41a51d](https://github.com/bitnami/charts/commit/b41a51d1bd04841fc108b78d3b8357a5292771c8)), closes [#31052](https://github.com/bitnami/charts/issues/31052)
+* [bitnami/keycloak] Update KEYCLOAK_ADMIN env variables deprecation (#30636) ([668bd27](https://github.com/bitnami/charts/commit/668bd2772c5ea45af7b1b57141c1776ccf4169f4)), closes [#30636](https://github.com/bitnami/charts/issues/30636)
+
+## <small>24.3.1 (2024-12-16)</small>
+
+* [bitnami/keycloak] KEYCLOAK_HOSTNAME present even if KEYCLOAK_PROXY_HEADERS is set (#30368) ([80b1bc3](https://github.com/bitnami/charts/commit/80b1bc3db52748c242a43a37ac9573eed311e6df)), closes [#30368](https://github.com/bitnami/charts/issues/30368)
+
+## 24.3.0 (2024-12-10)
+
+* [bitnami/*] Add Bitnami Premium to NOTES.txt (#30854) ([3dfc003](https://github.com/bitnami/charts/commit/3dfc00376df6631f0ce54b8d440d477f6caa6186)), closes [#30854](https://github.com/bitnami/charts/issues/30854)
+* [bitnami/keycloak] Detect non-standard images (#30902) ([6ee9c49](https://github.com/bitnami/charts/commit/6ee9c49966c3ff9d1f1d0fa05278d36a2e45af8e)), closes [#30902](https://github.com/bitnami/charts/issues/30902)
+
+## <small>24.2.3 (2024-12-03)</small>
+
+* [bitnami/*] docs: :memo: Add "Backup & Restore" section (#30711) ([35ab536](https://github.com/bitnami/charts/commit/35ab5363741e7548f4076f04da6e62d10153c60c)), closes [#30711](https://github.com/bitnami/charts/issues/30711)
+* [bitnami/*] docs: :memo: Add "Prometheus metrics" (batch 3) (#30666) ([82fc7e2](https://github.com/bitnami/charts/commit/82fc7e2fc12e2648ed22069942203c02bf5d4cc6)), closes [#30666](https://github.com/bitnami/charts/issues/30666)
+* [bitnami/*] docs: :memo: Add "Update Credentials" (batch 2) (#30687) ([c457848](https://github.com/bitnami/charts/commit/c457848b2a111aad59830b98f85ffa1e29918e10)), closes [#30687](https://github.com/bitnami/charts/issues/30687)
+* [bitnami/*] docs: :memo: Unify "Securing Traffic using TLS" section (#30707) ([b572333](https://github.com/bitnami/charts/commit/b57233336e4fe9af928ecb4f2a5f334011efb1bc)), closes [#30707](https://github.com/bitnami/charts/issues/30707)
+* [bitnami/keycloak] Release 24.2.3 (#30726) ([c163f68](https://github.com/bitnami/charts/commit/c163f689ad6c765c5b8d138ca597d85ab8402d14)), closes [#30726](https://github.com/bitnami/charts/issues/30726)
+
+## <small>24.2.2 (2024-11-22)</small>
+
+* [bitnami/*] docs: fix copy-paste typos with wrong references to Airflow (#30541) ([0a225d4](https://github.com/bitnami/charts/commit/0a225d44c1969429573b4e2630068eff129b6a96)), closes [#30541](https://github.com/bitnami/charts/issues/30541)
+* [bitnami/keycloak] Release 24.2.2 (#30576) ([c3f8e59](https://github.com/bitnami/charts/commit/c3f8e596428f2f546dd3479570e7d39958b16f3b)), closes [#30576](https://github.com/bitnami/charts/issues/30576)
+
+## <small>24.2.1 (2024-11-19)</small>
+
+* [bitnami/keycloak] Release 24.2.1 (#30522) ([6702319](https://github.com/bitnami/charts/commit/670231902a194d5585ab06283e45592353b07142)), closes [#30522](https://github.com/bitnami/charts/issues/30522)
+
+## 24.2.0 (2024-11-12)
+
+* [bitnami/keycloak] Fix metrics ports and servicemonitor (#30303) ([c289b97](https://github.com/bitnami/charts/commit/c289b97caddc8e511e00d46937b508204f41de9a)), closes [#30303](https://github.com/bitnami/charts/issues/30303)
+
+## 24.1.0 (2024-11-06)
+
+* [bitnami/keycloak] switches keycloak-metrics service to point to new port (#30095) ([8ca86ae](https://github.com/bitnami/charts/commit/8ca86ae9ecb2b375735787001188e5c7757d181b)), closes [#30095](https://github.com/bitnami/charts/issues/30095)
+
+## <small>24.0.5 (2024-11-04)</small>
+
+* [bitnami/keycloak] Added providers to the list of writable dirs (#29998) ([9de041c](https://github.com/bitnami/charts/commit/9de041c92e2788a108631052aa5401a9469e3592)), closes [#29998](https://github.com/bitnami/charts/issues/29998)
+
+## <small>24.0.4 (2024-11-01)</small>
+
+* [bitnami/keycloak] Release 24.0.4 (#30169) ([701a2b9](https://github.com/bitnami/charts/commit/701a2b96d7eff0b3d0c8a77c1ac14f24e0d3ccda)), closes [#30169](https://github.com/bitnami/charts/issues/30169)
+
+## <small>24.0.3 (2024-10-31)</small>
+
+* [bitnami/*] Remove wrong comment about imagePullPolicy (#30107) ([a51f9e4](https://github.com/bitnami/charts/commit/a51f9e4bb0fbf77199512d35de7ac8abe055d026)), closes [#30107](https://github.com/bitnami/charts/issues/30107)
+* [bitnami/keycloak] Release 24.0.3 (#30147) ([1cec61e](https://github.com/bitnami/charts/commit/1cec61e327d14d3be91ca06357bc68ddcafeceb7)), closes [#30147](https://github.com/bitnami/charts/issues/30147)
+
+## <small>24.0.2 (2024-10-24)</small>
+
+* [bitnami/keycloak] Release 24.0.2 (#30075) ([d86c1ee](https://github.com/bitnami/charts/commit/d86c1eedb774206f0eaeb191ad34551764be498b)), closes [#30075](https://github.com/bitnami/charts/issues/30075)
+
+## <small>24.0.1 (2024-10-17)</small>
+
+* [bitnami/keycloak] Release 24.0.1 (#29968) ([fa1d5b2](https://github.com/bitnami/charts/commit/fa1d5b278cb43b38fd5105a94005ba9a840beacc)), closes [#29968](https://github.com/bitnami/charts/issues/29968)
+* Update documentation links to techdocs.broadcom.com (#29931) ([f0d9ad7](https://github.com/bitnami/charts/commit/f0d9ad78f39f633d275fc576d32eae78ded4d0b8)), closes [#29931](https://github.com/bitnami/charts/issues/29931)
+
+## 24.0.0 (2024-10-08)
+
+* [bitnami/keycloak] Release 24.0.0 (#29815) ([02bf8f8](https://github.com/bitnami/charts/commit/02bf8f8821a875ca3605705f9c092a077ef29772)), closes [#29815](https://github.com/bitnami/charts/issues/29815)
+
+## 23.0.0 (2024-10-03)
+
+* [bitnami/keycloak] feat!: :arrow_up: :boom: Bump PostgreSQL to 17.x (#29735) ([8ce695d](https://github.com/bitnami/charts/commit/8ce695d44b25e3e2023c07961c66ae5b7b22ce4b)), closes [#29735](https://github.com/bitnami/charts/issues/29735)
+
+## <small>22.2.6 (2024-09-19)</small>
+
+* [bitnami/keycloak] Release 22.2.6 (#29542) ([754f9e2](https://github.com/bitnami/charts/commit/754f9e2365ab6d0786a997e4d582e2b6ce92c237)), closes [#29542](https://github.com/bitnami/charts/issues/29542)
+
+## <small>22.2.5 (2024-09-16)</small>
+
+* [bitnami/keycloak] Release 22.2.5 (#29449) ([704c76c](https://github.com/bitnami/charts/commit/704c76cb715c58a196407ad471b150e9a0148cf3)), closes [#29449](https://github.com/bitnami/charts/issues/29449)
+
+## <small>22.2.4 (2024-09-13)</small>
+
+* [bitnami/keycloak] Fix app-volume-dir mount path (#29397) ([665ea7c](https://github.com/bitnami/charts/commit/665ea7c362ca091d028320a62ae40891c319e223)), closes [#29397](https://github.com/bitnami/charts/issues/29397)
+
+## <small>22.2.3 (2024-09-10)</small>
+
+* [bitnami/keycloak] Release 22.2.3 (#29320) ([d392ad9](https://github.com/bitnami/charts/commit/d392ad9a93c9213a27b4d74575efac80dd1d7ee8)), closes [#29320](https://github.com/bitnami/charts/issues/29320)
+
+## <small>22.2.2 (2024-09-09)</small>
+
+* [bitnami/keycloak] Specify which keys must the secret have for jks in values.yaml comments (#29301) ([5287334](https://github.com/bitnami/charts/commit/5287334f451638971f6bbf59c8d3f57928aa00a3)), closes [#29301](https://github.com/bitnami/charts/issues/29301)
+
+## <small>22.2.1 (2024-08-26)</small>
+
+* [bitnami/keycloak] fix: :bug: Add emptyDir at /bitnami to allow init scripts (#29020) ([3d04a65](https://github.com/bitnami/charts/commit/3d04a655e59ce25587d84b1a2a44844dfcf19de3)), closes [#29020](https://github.com/bitnami/charts/issues/29020)
+
+## 22.2.0 (2024-08-26)
+
+* [bitnami/keycloak] Use database user secret key from PostgreSQL chart (#29008) ([bf7ea4a](https://github.com/bitnami/charts/commit/bf7ea4a17dbe47ea0171dfae8415c4d035e7c8ad)), closes [#29008](https://github.com/bitnami/charts/issues/29008)
+
+## <small>22.1.3 (2024-08-22)</small>
+
+* [bitnami/keycloak] Release 22.1.3 (#28984) ([bb21c84](https://github.com/bitnami/charts/commit/bb21c84c422bdef42fad01db0252798d33e3499d)), closes [#28984](https://github.com/bitnami/charts/issues/28984)
+
+## <small>22.1.2 (2024-08-19)</small>
+
+* [bitnami/keycloak] Release 22.1.2 (#28929) ([0ab3f3a](https://github.com/bitnami/charts/commit/0ab3f3a85f1ecbcf558977de0c5f584de495b1e4)), closes [#28929](https://github.com/bitnami/charts/issues/28929)
+
+## <small>22.1.1 (2024-08-13)</small>
+
+* [bitnami/keycloak] move hostname variables to config map to allow override (#28838) ([f919441](https://github.com/bitnami/charts/commit/f9194415ccfa5e6a06007e9bf24376a02b20bb05)), closes [#28838](https://github.com/bitnami/charts/issues/28838)
+
+## 22.1.0 (2024-08-06)
+
+* [bitnami/keycloak] use hostname v2 options (#28611) ([559b860](https://github.com/bitnami/charts/commit/559b8604bb021798592ee276e9553d80d0735bbf)), closes [#28611](https://github.com/bitnami/charts/issues/28611)
+
+## <small>22.0.2 (2024-08-06)</small>
+
+* [bitnami/keycloak] Release 22.0.2 (#28692) ([af28509](https://github.com/bitnami/charts/commit/af285099f496589b4d3ad8379c00ae96628baab5)), closes [#28692](https://github.com/bitnami/charts/issues/28692)
+
+## <small>22.0.1 (2024-08-06)</small>
+
+* [bitnami/keycloak] Preserve data on writable dirs (#28550) ([80bc148](https://github.com/bitnami/charts/commit/80bc148b1af4e75ff8619c68f20ec2be90015a37)), closes [#28550](https://github.com/bitnami/charts/issues/28550)
+
+## 22.0.0 (2024-07-29)
+
+* [bitnami/keycloak] Release 22.0.0 (#28563) ([81162c4](https://github.com/bitnami/charts/commit/81162c45a2a9759ac00ae26ad0bb5310af4597e4)), closes [#28563](https://github.com/bitnami/charts/issues/28563)
+
+## 21.8.0 (2024-07-26)
+
+* [bitnami/keycloak] Allow support for gce based ingress controllers (#28519) ([87b60d7](https://github.com/bitnami/charts/commit/87b60d7526474cc22fd8295732f6b1ed7b3771a6)), closes [#28519](https://github.com/bitnami/charts/issues/28519)
+
+## <small>21.7.6 (2024-07-26)</small>
+
+* [bitnami/keycloak] Fix invalid value of proxy headers when legacy proxy is used (#28530) ([372d263](https://github.com/bitnami/charts/commit/372d2638677330da509c8ff2783a2efd48484d45)), closes [#28530](https://github.com/bitnami/charts/issues/28530)
+
+## <small>21.7.5 (2024-07-25)</small>
+
+* [bitnami/keycloak] Release 21.7.5 (#28428) ([8c7be7d](https://github.com/bitnami/charts/commit/8c7be7d0937fb83efb89b26fdd44cd055c2c118e)), closes [#28428](https://github.com/bitnami/charts/issues/28428)
+
+## <small>21.7.4 (2024-07-24)</small>
+
+* [bitnami/keycloak] Fix broken theme assets by append the httpRelativeURL to the KC-HOSTNAME (#28176) ([2b15502](https://github.com/bitnami/charts/commit/2b15502a03c16d5c38877244650ff0d1f8f764b9)), closes [#28176](https://github.com/bitnami/charts/issues/28176)
+
+## <small>21.7.3 (2024-07-24)</small>
+
+* [bitnami/keycloak] Release 21.7.3 (#28299) ([06e9a9d](https://github.com/bitnami/charts/commit/06e9a9dfb2dc0bd10089947810fdf8867b2ffa37)), closes [#28299](https://github.com/bitnami/charts/issues/28299)
+
+## <small>21.7.2 (2024-07-24)</small>
+
+* [bitnami/keycloak] Release 21.7.2 (#28262) ([ec3f085](https://github.com/bitnami/charts/commit/ec3f085e78cd45e66fb2d782dec3c07654cbde56)), closes [#28262](https://github.com/bitnami/charts/issues/28262)
+
+## <small>21.7.1 (2024-07-18)</small>
+
+* [bitnami/keycloak] Global StorageClass as default value (#28039) ([b81cbe1](https://github.com/bitnami/charts/commit/b81cbe126960f5dd0d8cab5c40c00a2ab31fb68f)), closes [#28039](https://github.com/bitnami/charts/issues/28039)
+
+## 21.7.0 (2024-07-17)
+
+* [bitnami/keycloak] Add support for proxy-headers (#27890) ([eb2b3bd](https://github.com/bitnami/charts/commit/eb2b3bdd8612a754c1b7e28237e9a32f6661eaab)), closes [#27890](https://github.com/bitnami/charts/issues/27890)
+
+## <small>21.6.3 (2024-07-16)</small>
+
+* bitnami/keycloak Safer variable set of KC_HOSTNAME_URL (#27912) ([b713d56](https://github.com/bitnami/charts/commit/b713d56c29f99fa111d079c300fb1e1880be8553)), closes [#27912](https://github.com/bitnami/charts/issues/27912)
+
+## <small>21.6.2 (2024-07-15)</small>
+
+* [bitnami/keycloak] Release 21.6.2 (#27972) ([6b9fa9d](https://github.com/bitnami/charts/commit/6b9fa9d298f8651b50a73edbb87198ebc6d21f2b)), closes [#27972](https://github.com/bitnami/charts/issues/27972)
+
+## <small>21.6.1 (2024-07-11)</small>
+
+* [bitnami/keycloak] fix conditions for KC_HOSTNAME_URL (#27867) ([687d228](https://github.com/bitnami/charts/commit/687d2283b5806ab91a85b085f2477c68fbe4f260)), closes [#27867](https://github.com/bitnami/charts/issues/27867)
+
+## 21.6.0 (2024-07-09)
+
+* [bitnami/keycloak] Add support for minReadySeconds (#27550) ([bf357f9](https://github.com/bitnami/charts/commit/bf357f93bb2ad28d3a27826f4bae8a65a0bc3af5)), closes [#27550](https://github.com/bitnami/charts/issues/27550)
+
+## 21.5.0 (2024-07-08)
+
+* [bitnami/keycloak] Add custom certs to system truststore (#27197) ([82b4d3e](https://github.com/bitnami/charts/commit/82b4d3e5b1b23500b1ed3758bca474894c6d752d)), closes [#27197](https://github.com/bitnami/charts/issues/27197)
+
+## <small>21.4.6 (2024-07-08)</small>
+
+* bitnami/keycloak Diversity: Allow Keycloak admin realm to be changed/configurable (#27821) ([85124dd](https://github.com/bitnami/charts/commit/85124dd6953ee9ba63af032856e7830de9db3a92)), closes [#27821](https://github.com/bitnami/charts/issues/27821)
+
+## <small>21.4.5 (2024-07-03)</small>
+
+* [bitnami/*] Update README changing TAC wording (#27530) ([52dfed6](https://github.com/bitnami/charts/commit/52dfed6bac44d791efabfaf06f15daddc4fefb0c)), closes [#27530](https://github.com/bitnami/charts/issues/27530)
+* [bitnami/keycloak] Release 21.4.5 (#27693) ([ed5f4a4](https://github.com/bitnami/charts/commit/ed5f4a4a46bb408fea752de831eebe8ca9c6e9af)), closes [#27693](https://github.com/bitnami/charts/issues/27693)
+
+## <small>21.4.4 (2024-06-20)</small>
+
+* [bitnami/keycloak] fix Keycloak HTTP schema for edge proxy mode (#27436) ([f04548a](https://github.com/bitnami/charts/commit/f04548a1dbae55d5dbad34cea87e6972f97c9bb7)), closes [#27436](https://github.com/bitnami/charts/issues/27436)
+
+## <small>21.4.3 (2024-06-18)</small>
+
+* [bitnami/keycloak] Release 21.4.3 (#27361) ([31f011c](https://github.com/bitnami/charts/commit/31f011cb89e56bd33db8e51a9e42f7cc533dcc14)), closes [#27361](https://github.com/bitnami/charts/issues/27361)
+
+## <small>21.4.2 (2024-06-17)</small>
+
+* [bitnami/keycloak] Release 21.4.2 (#27237) ([2b574d0](https://github.com/bitnami/charts/commit/2b574d09f54adb8a9175775e6c90c7a3befa9395)), closes [#27237](https://github.com/bitnami/charts/issues/27237)
+
+## <small>21.4.1 (2024-06-06)</small>
+
+* [bitnami/keycloak] Release 21.4.1 (#26967) ([79c19c6](https://github.com/bitnami/charts/commit/79c19c6d961be1fa1efe48de045f5a7070fdf57b)), closes [#26967](https://github.com/bitnami/charts/issues/26967)
+
+## 21.4.0 (2024-06-06)
+
+* [bitnami/keycloak] Enable PodDisruptionBudgets (#26698) ([503099e](https://github.com/bitnami/charts/commit/503099eea8bc4abee20e571f90a5ce85c2ed7788)), closes [#26698](https://github.com/bitnami/charts/issues/26698)
+
+## <small>21.3.4 (2024-06-05)</small>
+
+* [bitnami/keycloak] Bump chart version (#26840) ([3a6cf28](https://github.com/bitnami/charts/commit/3a6cf284b4a629a321b3c6db0605230c5366c093)), closes [#26840](https://github.com/bitnami/charts/issues/26840)
+
+## <small>21.3.3 (2024-06-05)</small>
+
+* [bitnami/keycloak] Bump chart version (#26782) ([80cd32d](https://github.com/bitnami/charts/commit/80cd32d8c7cd97e4648a2ae750fffc75dd526beb)), closes [#26782](https://github.com/bitnami/charts/issues/26782)
+
+## <small>21.3.2 (2024-06-04)</small>
+
+* [bitnami/keycloak] Release 21.3.2 (#26716) ([d049a87](https://github.com/bitnami/charts/commit/d049a87ed702cde77028bb760ea558472607d34b)), closes [#26716](https://github.com/bitnami/charts/issues/26716)
+
+## <small>21.3.1 (2024-05-22)</small>
+
+* [bitnami/keycloak] Use different liveness/readiness probes (#26318) ([a4dc920](https://github.com/bitnami/charts/commit/a4dc920907f4f4a16e9832aed04552f1cb62313f)), closes [#26318](https://github.com/bitnami/charts/issues/26318)
+
+## 21.3.0 (2024-05-21)
+
+* [bitnami/*] ci: :construction_worker: Add tag and changelog support (#25359) ([91c707c](https://github.com/bitnami/charts/commit/91c707c9e4e574725a09505d2d313fb93f1b4c0a)), closes [#25359](https://github.com/bitnami/charts/issues/25359)
+* [bitnami/keycloak] feat: :sparkles: :lock: Add warning when original images are replaced (#26225) ([095e689](https://github.com/bitnami/charts/commit/095e68932882c925238918314f6f813bec4cf07d)), closes [#26225](https://github.com/bitnami/charts/issues/26225)
+* Update README.md (#25996) ([d04084c](https://github.com/bitnami/charts/commit/d04084c24191395c742681ac2cfaf20045af52ec)), closes [#25996](https://github.com/bitnami/charts/issues/25996)
+
+## <small>21.2.2 (2024-05-18)</small>
+
+* [bitnami/keycloak] Release 21.2.2 updating components versions (#26031) ([acf3910](https://github.com/bitnami/charts/commit/acf3910fd7ed92f6cd1b7ad9b16a135c04d53f3b)), closes [#26031](https://github.com/bitnami/charts/issues/26031)
+
+## <small>21.2.1 (2024-05-14)</small>
+
+* [bitnami/keycloak] Release 21.2.1 updating components versions (#25775) ([97af61b](https://github.com/bitnami/charts/commit/97af61b63116e3dc0f5ead4940b428c7d9180427)), closes [#25775](https://github.com/bitnami/charts/issues/25775)
+
+## 21.2.0 (2024-05-13)
+
+* [bitnami/keycloak] Add HPA Behavior when scaling up and down (#25681) ([7664aa5](https://github.com/bitnami/charts/commit/7664aa56af5e1ce3388f63abad893614840be33c)), closes [#25681](https://github.com/bitnami/charts/issues/25681)
+
+## <small>21.1.3 (2024-05-08)</small>
+
+* [bitnami/*] Change non-root and rolling-tags doc URLs (#25628) ([b067c94](https://github.com/bitnami/charts/commit/b067c94f6bcde427863c197fd355f0b5ba12ff5b)), closes [#25628](https://github.com/bitnami/charts/issues/25628)
+* [bitnami/*] Set new header/owner (#25558) ([8d1dc11](https://github.com/bitnami/charts/commit/8d1dc11f5fb30db6fba50c43d7af59d2f79deed3)), closes [#25558](https://github.com/bitnami/charts/issues/25558)
+* [bitnami/keycloak] Release 21.1.3 updating components versions (#25638) ([508f9c2](https://github.com/bitnami/charts/commit/508f9c2150a41a77eaf380e4ed11173aa8ee97fd)), closes [#25638](https://github.com/bitnami/charts/issues/25638)
+
+## <small>21.1.2 (2024-05-06)</small>
+
+* [bitnami/keycloak] Remove unicode characters (#25544) ([d85aa4a](https://github.com/bitnami/charts/commit/d85aa4a84e171f26eba935d7497ad21a064e7c29)), closes [#25544](https://github.com/bitnami/charts/issues/25544)
+
+## <small>21.1.1 (2024-05-02)</small>
+
+* [bitnami/keycloak] Fix default values for keycloak db secret keys (#25428) ([87c4663](https://github.com/bitnami/charts/commit/87c4663da7dc465fd688c52abc427a1dea717e75)), closes [#25428](https://github.com/bitnami/charts/issues/25428)
+
+## 21.1.0 (2024-04-29)
+
+* [bitnami/keycloak]: add url env vars to fix admin ingress access (#25386) ([43ccdb2](https://github.com/bitnami/charts/commit/43ccdb2e902638fb493ace373c0756f336472c69)), closes [#25386](https://github.com/bitnami/charts/issues/25386)
+
+## <small>21.0.4 (2024-04-25)</small>
+
+* [bitnami/keycloak] add else when '.Values.enableDefaultInitContainers: false', otherwise all initCon ([b3356af](https://github.com/bitnami/charts/commit/b3356afce8131a6ee45b96f26d3515f241ffd935)), closes [#25286](https://github.com/bitnami/charts/issues/25286)
+* [bitnami/keycloak] Release 21.0.4 updating components versions (#25389) ([35d6211](https://github.com/bitnami/charts/commit/35d62114207b5d44b81243b05e9fa62e76709d1a)), closes [#25389](https://github.com/bitnami/charts/issues/25389)
+* [bitnami/multiple charts] Fix typo: "NetworkPolice" vs "NetworkPolicy" (#25348) ([6970c1b](https://github.com/bitnami/charts/commit/6970c1ba245873506e73d459c6eac1e4919b778f)), closes [#25348](https://github.com/bitnami/charts/issues/25348)
+* Replace VMware by Broadcom copyright text (#25306) ([a5e4bd0](https://github.com/bitnami/charts/commit/a5e4bd0e35e419203793976a78d9d0a13de92c76)), closes [#25306](https://github.com/bitnami/charts/issues/25306)
+
+## <small>21.0.3 (2024-04-22)</small>
+
+* [bitnami/keycloak] fix: :bug: Remove unusable infinispan container port (#25222) ([d015cc6](https://github.com/bitnami/charts/commit/d015cc65a4fe5603c41b6056012bf4ee5093acd4)), closes [#25222](https://github.com/bitnami/charts/issues/25222)
+
+## <small>21.0.2 (2024-04-16)</small>
+
+* [bitnami/keycloak] Release 21.0.2 updating components versions (#25197) ([363d89f](https://github.com/bitnami/charts/commit/363d89fbcdabe1421565b2d7a20b84659b9d03e0)), closes [#25197](https://github.com/bitnami/charts/issues/25197)
+
+## <small>21.0.1 (2024-04-15)</small>
+
+* [bitnami/keycloak] fix: :bug: :lock: Expose missing ports in deployment spec and fix headless servic ([264277f](https://github.com/bitnami/charts/commit/264277f97578377ec79769f82433006b0c0348b5)), closes [#25110](https://github.com/bitnami/charts/issues/25110)
+
+## 21.0.0 (2024-04-05)
+
+* [bitnami/keycloak] Release 21.0.0 (#24677) ([792003d](https://github.com/bitnami/charts/commit/792003d123aa063fa580c1287371b339bfe881fa)), closes [#24677](https://github.com/bitnami/charts/issues/24677)
+
+## <small>20.0.1 (2024-04-05)</small>
+
+* [bitnami/keycloak] fix: :bug: Add empty-dir in data folder (#24939) ([f798112](https://github.com/bitnami/charts/commit/f798112e8abc1328da4642ffa5e7ca1f0b9bdfd0)), closes [#24939](https://github.com/bitnami/charts/issues/24939)
+
+## 20.0.0 (2024-04-03)
+
+* [bitnami/keycloak] feat!: :lock: :boom: Improve security defaults (#24671) ([3365b96](https://github.com/bitnami/charts/commit/3365b968353714d45f1736b1d23d2532283eaedb)), closes [#24671](https://github.com/bitnami/charts/issues/24671)
+* Update resourcesPreset comments (#24467) ([92e3e8a](https://github.com/bitnami/charts/commit/92e3e8a507326d2a20a8f10ab3e7746a2ec5c554)), closes [#24467](https://github.com/bitnami/charts/issues/24467)
+
+## <small>19.4.1 (2024-04-01)</small>
+
+* [bitnami/keycloak] Apply the openshift-compatibility fix also to the init-pod of Keycloak (#24569) ([9a862fa](https://github.com/bitnami/charts/commit/9a862faef59511bfa65e48cfb2ea639f66b4987a)), closes [#24569](https://github.com/bitnami/charts/issues/24569)
+
+## 19.4.0 (2024-04-01)
+
+* [bitnami/keycloak] Avoid initContainer execution with 3rd party Keycloak images (#24544) ([9c58f5c](https://github.com/bitnami/charts/commit/9c58f5c190130d7ad06f85491dc1811b01020d9f)), closes [#24544](https://github.com/bitnami/charts/issues/24544)
+
+## <small>19.3.4 (2024-03-21)</small>
+
+* [bitnami/*] Reorder Chart sections (#24455) ([0cf4048](https://github.com/bitnami/charts/commit/0cf4048e8743f70a9753d460655bd030cbff6824)), closes [#24455](https://github.com/bitnami/charts/issues/24455)
+* [bitnami/keycloak] Release 19.3.4 updating components versions (#24606) ([00788fa](https://github.com/bitnami/charts/commit/00788fa433a00d031f5bbcdd17a745c1c67a5e41)), closes [#24606](https://github.com/bitnami/charts/issues/24606)
+
+## <small>19.3.3 (2024-03-15)</small>
+
+* [bitnami/keycloak] Render value of KC_HOSTNAME_ADMIN through templating (#23976) ([d4f8730](https://github.com/bitnami/charts/commit/d4f8730f5aa98a1c40bb6366a00fd767f2c37f13)), closes [#23976](https://github.com/bitnami/charts/issues/23976)
+
+## <small>19.3.2 (2024-03-15)</small>
+
+* [bitnami/keycloak] Release 19.3.2 updating components versions (#24463) ([b2ded9d](https://github.com/bitnami/charts/commit/b2ded9d108859b78ec6e427849f4234334aa4b12)), closes [#24463](https://github.com/bitnami/charts/issues/24463)
+
+## <small>19.3.1 (2024-03-15)</small>
+
+* [bitnami/keycloak] Release 19.3.1 updating components versions (#24461) ([8433791](https://github.com/bitnami/charts/commit/8433791fd6c85996d3bc97d7c782d1d34e31ea41)), closes [#24461](https://github.com/bitnami/charts/issues/24461)
+
+## 19.3.0 (2024-03-08)
+
+* [bitnami/keycloak] Add support for annotations on statefulset (#24097) ([b860e91](https://github.com/bitnami/charts/commit/b860e91a90a00b187257546cd90ad0ec8c0c7bca)), closes [#24097](https://github.com/bitnami/charts/issues/24097)
+
+## 19.2.0 (2024-03-06)
+
+* [bitnami/keycloak] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23944) ([a06a258](https://github.com/bitnami/charts/commit/a06a258b9e2547fa390e26f04f5f40f1c8d0f6cc)), closes [#23944](https://github.com/bitnami/charts/issues/23944)
+
+## 19.1.0 (2024-03-05)
+
+* [bitnami/keycloak] feat: :sparkles: :lock: Add automatic adaptation for Openshift restricted-v2 SCC  ([1b1bd9f](https://github.com/bitnami/charts/commit/1b1bd9fbcb2d9b34edccd08ab2495acbcbc69fe2)), closes [#24101](https://github.com/bitnami/charts/issues/24101)
+
+## 19.0.0 (2024-03-04)
+
+* [bitnami/keycloak] Update bundled PostgreSQL (#24027) ([1f1ae91](https://github.com/bitnami/charts/commit/1f1ae9141e6b4b635d507536357b4d25b4366d0f)), closes [#24027](https://github.com/bitnami/charts/issues/24027)
+
+## <small>18.7.1 (2024-02-22)</small>
+
+* [bitnami/keycloak] Release 18.7.1 updating components versions (#23857) ([a3d8b36](https://github.com/bitnami/charts/commit/a3d8b36f03bca2a8f6e6f3e4d002bb1540361eca)), closes [#23857](https://github.com/bitnami/charts/issues/23857)
+
+## 18.7.0 (2024-02-22)
+
+* [bitnami/keycloak] Add admin ingress (#21872) ([91e315e](https://github.com/bitnami/charts/commit/91e315ee78fa4d7eebc7dac33c26f0d0d6400d7b)), closes [#21872](https://github.com/bitnami/charts/issues/21872)
+
+## <small>18.6.2 (2024-02-22)</small>
+
+* [bitnami/keycloak] Release 18.6.2 updating components versions (#23791) ([45fa848](https://github.com/bitnami/charts/commit/45fa8488130829fdfc9147bcde1087cc0c30c807)), closes [#23791](https://github.com/bitnami/charts/issues/23791)
+
+## <small>18.6.1 (2024-02-21)</small>
+
+* [bitnami/keycloak] Release 18.6.1 updating components versions (#23666) ([b11d8eb](https://github.com/bitnami/charts/commit/b11d8ebb9c611fb4fc8d82e72b90fb3681224c3a)), closes [#23666](https://github.com/bitnami/charts/issues/23666)
+
+## 18.6.0 (2024-02-20)
+
+* [bitnami/*] Bump all versions (#23602) ([b70ee2a](https://github.com/bitnami/charts/commit/b70ee2a30e4dc256bf0ac52928fb2fa7a70f049b)), closes [#23602](https://github.com/bitnami/charts/issues/23602)
+
+## 18.5.0 (2024-02-19)
+
+* [bitnami/keycloak] feat: :sparkles: :lock: Add resource preset support (#23469) ([8bece71](https://github.com/bitnami/charts/commit/8bece71756ce2d728d2eee21728a505ee6104906)), closes [#23469](https://github.com/bitnami/charts/issues/23469)
+
+## 18.4.0 (2024-02-06)
+
+* [bitnami/keycloak] feat: :lock: Enable networkPolicy (#23190) ([c76adea](https://github.com/bitnami/charts/commit/c76adeac0cf773a362522409e87b09b83063b51c)), closes [#23190](https://github.com/bitnami/charts/issues/23190)
+
+## <small>18.3.4 (2024-02-03)</small>
+
+* [bitnami/keycloak] Release 18.3.4 updating components versions (#23169) ([4f26202](https://github.com/bitnami/charts/commit/4f2620250f21acd946a60e86f8a03a0ed43b9d78)), closes [#23169](https://github.com/bitnami/charts/issues/23169)
+
+## <small>18.3.3 (2024-01-29)</small>
+
+* [bitnami/keycloak] Release 18.3.3 updating components versions (#22832) ([3ecf5f0](https://github.com/bitnami/charts/commit/3ecf5f0ff81ce43deb0e99766f55caaba9f5f26e)), closes [#22832](https://github.com/bitnami/charts/issues/22832)
+
+## <small>18.3.2 (2024-01-29)</small>
+
+* [bitnami/*] Move documentation sections from docs.bitnami.com back to the README (#22203) ([7564f36](https://github.com/bitnami/charts/commit/7564f36ca1e95ff30ee686652b7ab8690561a707)), closes [#22203](https://github.com/bitnami/charts/issues/22203)
+* [bitnami/keycloak] fix: :bug: Set seLinuxOptions to null for Openshift compatibility (#22606) ([3af8f12](https://github.com/bitnami/charts/commit/3af8f12def82995ec335373717a19b4f05ba646c)), closes [#22606](https://github.com/bitnami/charts/issues/22606)
+* [bitnami/keycloak] Release 18.3.2 updating components versions (#22822) ([e151ce8](https://github.com/bitnami/charts/commit/e151ce855d98e598d7c8e45c6f64d5b3d1f8847d)), closes [#22822](https://github.com/bitnami/charts/issues/22822)
+
+## <small>18.3.1 (2024-01-24)</small>
+
+* [bitnami/keycloak] Support 'tpl' on ingress.secrets (#22233) ([ade53a5](https://github.com/bitnami/charts/commit/ade53a5d3be0419dd7ceb2c537979adf2cebce78)), closes [#22233](https://github.com/bitnami/charts/issues/22233)
+
+## 18.3.0 (2024-01-22)
+
+* [bitnami/keycloak] fix: :lock: Move service-account token auto-mount to pod declaration (#22416) ([6b63287](https://github.com/bitnami/charts/commit/6b632870dcf2138fbf87a9eab5b73d80a3d3b0ed)), closes [#22416](https://github.com/bitnami/charts/issues/22416)
+
+## <small>18.2.1 (2024-01-18)</small>
+
+* [bitnami/keycloak] Release 18.2.1 updating components versions (#22290) ([5153872](https://github.com/bitnami/charts/commit/5153872f493acb30493ca4f2a53a324b5ba4c57a)), closes [#22290](https://github.com/bitnami/charts/issues/22290)
+
+## 18.2.0 (2024-01-17)
+
+* [bitnami/keycloak] fix: :lock: Improve podSecurityContext and containerSecurityContext with essentia ([b34d820](https://github.com/bitnami/charts/commit/b34d820d7b20b01efc016f7701716414cbbad940)), closes [#22137](https://github.com/bitnami/charts/issues/22137)
+
+## 18.1.0 (2024-01-12)
+
+* [bitnami/*] Fix docs.bitnami.com broken links (#21901) ([f35506d](https://github.com/bitnami/charts/commit/f35506d2dadee4f097986e7792df1f53ab215b5d)), closes [#21901](https://github.com/bitnami/charts/issues/21901)
+* [bitnami/*] Fix ref links (in comments) (#21822) ([e4fa296](https://github.com/bitnami/charts/commit/e4fa296106b225cf8c82445727c675c7c725e380)), closes [#21822](https://github.com/bitnami/charts/issues/21822)
+* [bitnami/keycloak] Add revisionHistoryLimit variable for statefulset (#21937) ([58fbf63](https://github.com/bitnami/charts/commit/58fbf6342fffe66c4ffc0d8c7ce424e48a465631)), closes [#21937](https://github.com/bitnami/charts/issues/21937)
+
+## <small>18.0.2 (2024-01-09)</small>
+
+* Fix the spelling error of KC_LOG_LEVEL, correct it to the correct KEYCLOAK_LOG_LEVEL (#21898) ([a22037b](https://github.com/bitnami/charts/commit/a22037b96df4ccc4fadb549c6586ecf9f4f9933f)), closes [#21898](https://github.com/bitnami/charts/issues/21898)
+
+## <small>18.0.1 (2024-01-08)</small>
+
+* [bitnami/*] Update copyright: Year and company (#21815) ([6c4bf75](https://github.com/bitnami/charts/commit/6c4bf75dec58fc7c9aee9f089777b1a858c17d5b)), closes [#21815](https://github.com/bitnami/charts/issues/21815)
+* [bitnami/keycloak] Release 18.0.1 updating components versions (#21889) ([05d428b](https://github.com/bitnami/charts/commit/05d428b892e764188d0abe05ebf2315d2b60bf41)), closes [#21889](https://github.com/bitnami/charts/issues/21889)
+
+## 18.0.0 (2023-12-27)
+
+* [bitnami/keycloak] Release 18.0.0 (#21762) ([67617c5](https://github.com/bitnami/charts/commit/67617c552716c6e472a8caf519037f1648a9b7f2)), closes [#21762](https://github.com/bitnami/charts/issues/21762)
+
+## <small>17.3.6 (2023-12-07)</small>
+
+* [bitnami/keycloak] Release 17.3.6 updating components versions (#21452) ([583a2e8](https://github.com/bitnami/charts/commit/583a2e837d8775074f7793227a2383797461fe04)), closes [#21452](https://github.com/bitnami/charts/issues/21452)
+
+## <small>17.3.5 (2023-12-05)</small>
+
+* [bitnami/keycloak] Replace deprecated pull secret partial (#21377) ([7c73d59](https://github.com/bitnami/charts/commit/7c73d595a81a494b240f167bec29ae5931da5003)), closes [#21377](https://github.com/bitnami/charts/issues/21377)
+
+## <small>17.3.4 (2023-11-21)</small>
+
+* [bitnami/*] Rename solutions to "Bitnami package for ..." (#21038) ([b82f979](https://github.com/bitnami/charts/commit/b82f979e4fb63423fe6e2192c946d09d79c944fc)), closes [#21038](https://github.com/bitnami/charts/issues/21038)
+* [bitnami/keycloak] Release 17.3.4 updating components versions (#21128) ([301f6da](https://github.com/bitnami/charts/commit/301f6daf05d07bfa14a4c8ee7bfc2ed07182dcfb)), closes [#21128](https://github.com/bitnami/charts/issues/21128)
+
+## <small>17.3.3 (2023-11-21)</small>
+
+* [bitnami/keycloak] Release 17.3.3 updating components versions (#21074) ([d15b15b](https://github.com/bitnami/charts/commit/d15b15b1f1ec382dc0f5a161a146631206425028)), closes [#21074](https://github.com/bitnami/charts/issues/21074)
+
+## <small>17.3.2 (2023-11-21)</small>
+
+* [bitnami/*] Remove relative links to non-README sections, add verification for that and update TL;DR ([1103633](https://github.com/bitnami/charts/commit/11036334d82df0490aa4abdb591543cab6cf7d7f)), closes [#20967](https://github.com/bitnami/charts/issues/20967)
+* [bitnami/keycloak] Release 17.3.2 updating components versions (#21070) ([d8996bd](https://github.com/bitnami/charts/commit/d8996bd7d784759437b229d9390b93e751914c16)), closes [#21070](https://github.com/bitnami/charts/issues/21070)
+
+## <small>17.3.1 (2023-11-08)</small>
+
+* [bitnami/keycloak] Release 17.3.1 updating components versions (#20702) ([acde051](https://github.com/bitnami/charts/commit/acde0514612fe6f9109e6589a51e01e649b1f5ea)), closes [#20702](https://github.com/bitnami/charts/issues/20702)
+
+## 17.3.0 (2023-11-06)
+
+* [bitnami/keycloak] fix: add extraPorts to metrics service (#20569) ([f01639d](https://github.com/bitnami/charts/commit/f01639d259b480d994a13d255c4ff5d0b9dc32f5)), closes [#20569](https://github.com/bitnami/charts/issues/20569)
+
+## <small>17.2.1 (2023-10-31)</small>
+
+* [bitnami/keycloak] assure servicemonitor endpoints port is a string (#20431) ([28f3e26](https://github.com/bitnami/charts/commit/28f3e263a8d6caaf834bc4b670b443f647481ee9)), closes [#20431](https://github.com/bitnami/charts/issues/20431)
+
+## 17.2.0 (2023-10-27)
+
+* [bitnami/keycloak] feat: :sparkles: Add support for PSA restricted policy (#20459) ([ea1e6e5](https://github.com/bitnami/charts/commit/ea1e6e5b8e67623d76b08d69f567e83a90dbfda7)), closes [#20459](https://github.com/bitnami/charts/issues/20459)
+
+## <small>17.1.2 (2023-10-24)</small>
+
+* [bitnami/*] Rename VMware Application Catalog (#20361) ([3acc734](https://github.com/bitnami/charts/commit/3acc73472beb6fb56c4d99f929061001205bc57e)), closes [#20361](https://github.com/bitnami/charts/issues/20361)
+* [bitnami/*] Skip image's tag in the README files of the Bitnami Charts (#19841) ([bb9a01b](https://github.com/bitnami/charts/commit/bb9a01b65911c87e48318db922cc05eb42785e42)), closes [#19841](https://github.com/bitnami/charts/issues/19841)
+* [bitnami/*] Standardize documentation (#19835) ([af5f753](https://github.com/bitnami/charts/commit/af5f7530c1bc8c5ded53a6c4f7b8f384ac1804f2)), closes [#19835](https://github.com/bitnami/charts/issues/19835)
+* [bitnami/keycloak] Documentation regarding importing and exporting a keycloak realm (#20252) ([1da1445](https://github.com/bitnami/charts/commit/1da1445d1c99ca463569c31608741cf14088e1c5)), closes [#20252](https://github.com/bitnami/charts/issues/20252)
+* [bitnami/keycloak] Release 17.1.2 updating components versions (#20384) ([6edd6ce](https://github.com/bitnami/charts/commit/6edd6cec24c1ce2c759a69a3686c503a82aebbfa)), closes [#20384](https://github.com/bitnami/charts/issues/20384)
+
+## <small>17.1.1 (2023-10-18)</small>
+
+* [bitnami/keycloak] Release 17.1.1 (#20299) ([f099afd](https://github.com/bitnami/charts/commit/f099afda9dd10b3c13ee35efe18990778c8eee36)), closes [#20299](https://github.com/bitnami/charts/issues/20299)
+
+## 17.1.0 (2023-10-17)
+
+* [bitnami/keycloak] add annotation for auto-generated secrets (#19706) ([25087bc](https://github.com/bitnami/charts/commit/25087bcf639b22942019301c3589a4fca89a30a3)), closes [#19706](https://github.com/bitnami/charts/issues/19706)
+* [bitnami/keycloak] Remove reference to missing param in README (#20072) ([da65f3c](https://github.com/bitnami/charts/commit/da65f3cfeb01a3b2fc5c8ab238899ca62bd3e607)), closes [#20072](https://github.com/bitnami/charts/issues/20072)
+
+## <small>17.0.4 (2023-10-12)</small>
+
+* [bitnami/keycloak] Release 17.0.4 (#20146) ([98a304e](https://github.com/bitnami/charts/commit/98a304e798adc82e25e72a17f3a4f603c35feaf8)), closes [#20146](https://github.com/bitnami/charts/issues/20146)
+
+## <small>17.0.3 (2023-10-10)</small>
+
+* [bitnami/keycloak] Release 17.0.3 (#19995) ([3ac844f](https://github.com/bitnami/charts/commit/3ac844f786aae0d645e114375ce47949ec9a6905)), closes [#19995](https://github.com/bitnami/charts/issues/19995)
+
+## <small>17.0.2 (2023-10-10)</small>
+
+* [bitnami/*] Update Helm charts prerequisites (#19745) ([eb755dd](https://github.com/bitnami/charts/commit/eb755dd36a4dd3cf6635be8e0598f9a7f4c4a554)), closes [#19745](https://github.com/bitnami/charts/issues/19745)
+* [bitnami/keycloak] Release 17.0.2 (#19966) ([53098d3](https://github.com/bitnami/charts/commit/53098d344d2cbe740205a20a24df627fa6ce7aea)), closes [#19966](https://github.com/bitnami/charts/issues/19966)
+
+## <small>17.0.1 (2023-10-04)</small>
+
+* [bitnami/keycloak] Release 17.0.1 (#19749) ([5ce0ad0](https://github.com/bitnami/charts/commit/5ce0ad08f2b72e651ce6037a3306cc8dc5b01e84)), closes [#19749](https://github.com/bitnami/charts/issues/19749)
+
+## 17.0.0 (2023-09-29)
+
+* [bitnami/keycloak] Update dependencies (#19616) ([39f01d5](https://github.com/bitnami/charts/commit/39f01d5806c71cae4eaba6a72deb6c1701165a76)), closes [#19616](https://github.com/bitnami/charts/issues/19616)
+
+## <small>16.1.7 (2023-09-26)</small>
+
+* [bitnami/keycloak] Release 16.1.7 updating components versions (#19548) ([0247e76](https://github.com/bitnami/charts/commit/0247e76728deb7804139b355d08c2a7988f98fb6)), closes [#19548](https://github.com/bitnami/charts/issues/19548)
+
+## <small>16.1.6 (2023-09-26)</small>
+
+* [bitnami/keycloak] Release 16.1.6 (#19534) ([a9933b0](https://github.com/bitnami/charts/commit/a9933b0a0b9227aa8507f91c590674c01c51a0c7)), closes [#19534](https://github.com/bitnami/charts/issues/19534)
+* Revert "Autogenerate schema files (#19194)" (#19335) ([73d80be](https://github.com/bitnami/charts/commit/73d80be525c88fb4b8a54451a55acd506e337062)), closes [#19194](https://github.com/bitnami/charts/issues/19194) [#19335](https://github.com/bitnami/charts/issues/19335)
+
+## <small>16.1.5 (2023-09-15)</small>
+
+* [bitnami/keycloak]: Use merge helper (#19120) ([47255b1](https://github.com/bitnami/charts/commit/47255b1a1bf94c48bd9a600d842df36cef7b6f14)), closes [#19120](https://github.com/bitnami/charts/issues/19120)
+
+## <small>16.1.4 (2023-09-12)</small>
+
+* [bitnami/keycloak] Release 16.1.4 (#19252) ([2a8cd5c](https://github.com/bitnami/charts/commit/2a8cd5c09d4b952c8a90be69b5445b9a69934c31)), closes [#19252](https://github.com/bitnami/charts/issues/19252)
+
+## <small>16.1.3 (2023-09-12)</small>
+
+* [bitnami/keycloak] Release 16.1.3 (#19235) ([b954011](https://github.com/bitnami/charts/commit/b954011bd9baac6b3b81e5de20d4e8cd183fb877)), closes [#19235](https://github.com/bitnami/charts/issues/19235)
+* Autogenerate schema files (#19194) ([a2c2090](https://github.com/bitnami/charts/commit/a2c2090b5ac97f47b745c8028c6452bf99739772)), closes [#19194](https://github.com/bitnami/charts/issues/19194)
+
+## <small>16.1.2 (2023-09-05)</small>
+
+* [bitnami/keycloak] fix on metadata name templating for keycloakConfigCli job (#18958) ([baab785](https://github.com/bitnami/charts/commit/baab78529caefea1ea454f00d723e8c7a69bef41)), closes [#18958](https://github.com/bitnami/charts/issues/18958)
+
+## <small>16.1.1 (2023-08-29)</small>
+
+* [bitnami/keycloak] Release 16.1.1 (#18936) ([5220116](https://github.com/bitnami/charts/commit/5220116113c2e7c5935642a19783acabbb50d267)), closes [#18936](https://github.com/bitnami/charts/issues/18936)
+
+## 16.1.0 (2023-08-28)
+
+* [bitnami/keycloak] Support for customizing standard labels (#18611) ([f0003ab](https://github.com/bitnami/charts/commit/f0003ab64fda67378ce6e984486e0bfcc4813fbe)), closes [#18611](https://github.com/bitnami/charts/issues/18611)
+
+## <small>16.0.5 (2023-08-19)</small>
+
+* [bitnami/keycloak] Release 16.0.5 (#18675) ([072deb5](https://github.com/bitnami/charts/commit/072deb5c9e1c5db75d79ba17afa998aa0ca92ebb)), closes [#18675](https://github.com/bitnami/charts/issues/18675)
+
+## <small>16.0.4 (2023-08-17)</small>
+
+* [bitnami/keycloak] Release 16.0.4 (#18533) ([6e614c5](https://github.com/bitnami/charts/commit/6e614c546af743267f158baa29b1dd3f3baebf99)), closes [#18533](https://github.com/bitnami/charts/issues/18533)
+
+## <small>16.0.3 (2023-08-04)</small>
+
+* [bitnami/keycloak] Keycloak Config CLI Job Name Invalid. No more than 63 characters. (#17955) ([4b19147](https://github.com/bitnami/charts/commit/4b19147bdaa5b021511f863bc112e4110889a740)), closes [#17955](https://github.com/bitnami/charts/issues/17955)
+
+## <small>16.0.2 (2023-08-02)</small>
+
+* [bitnami/keycloak] Release 16.0.2 (#18148) ([4729dc0](https://github.com/bitnami/charts/commit/4729dc0c89226859625de2cd8ebb9cf7ad1c4c29)), closes [#18148](https://github.com/bitnami/charts/issues/18148)
+
+## <small>16.0.1 (2023-08-02)</small>
+
+* [bitnami/keycloak] Release 16.0.1 (#18147) ([e9ae7ab](https://github.com/bitnami/charts/commit/e9ae7ab4ff8e226d02f63842cdcd71d23a24980c)), closes [#18147](https://github.com/bitnami/charts/issues/18147)
+
+## 16.0.0 (2023-07-28)
+
+* [bitnami/keycloak] Release 16.0.0 (#18011) ([2e8b876](https://github.com/bitnami/charts/commit/2e8b876794a230f98158e8f238aded8579599292)), closes [#18011](https://github.com/bitnami/charts/issues/18011)
+
+## <small>15.1.8 (2023-07-25)</small>
+
+* [bitnami/keycloak] Release 15.1.8 (#17907) ([df63869](https://github.com/bitnami/charts/commit/df638697464307b86eaea802a0721b5678ec6553)), closes [#17907](https://github.com/bitnami/charts/issues/17907)
+
+## <small>15.1.7 (2023-07-15)</small>
+
+* [bitnami/keycloak] Release 1 (#17608) ([9f92525](https://github.com/bitnami/charts/commit/9f9252580d17a213204aafb28b6bd0c5368b0890)), closes [#17608](https://github.com/bitnami/charts/issues/17608)
+
+## <small>15.1.6 (2023-06-28)</small>
+
+* [bitnami/keycloak] Release 15.1.6 (#17380) ([52f902e](https://github.com/bitnami/charts/commit/52f902ece8f065e114cc6583e26c6677fafecca7)), closes [#17380](https://github.com/bitnami/charts/issues/17380)
+
+## <small>15.1.5 (2023-06-26)</small>
+
+* Add copyright header (#17300) ([da68be8](https://github.com/bitnami/charts/commit/da68be8e951225133c7dfb572d5101ca3d61c5ae)), closes [#17300](https://github.com/bitnami/charts/issues/17300)
+* Drop unnecessary secret mount in Keycloak container (#17332) ([347d993](https://github.com/bitnami/charts/commit/347d993e1a7d6ae206087d2995e109bf5407efe8)), closes [#17332](https://github.com/bitnami/charts/issues/17332)
+* Update charts readme (#17217) ([31b3c0a](https://github.com/bitnami/charts/commit/31b3c0afd968ff4429107e34101f7509e6a0e913)), closes [#17217](https://github.com/bitnami/charts/issues/17217)
+
+## <small>15.1.4 (2023-06-20)</small>
+
+* [bitnami/keycloak] Release 15.1.4 (#17239) ([92ba107](https://github.com/bitnami/charts/commit/92ba107d0d0c350afeb6523412efe5db90ceeae7)), closes [#17239](https://github.com/bitnami/charts/issues/17239)
+* enable custom ingress labels (#17026) ([d345ad0](https://github.com/bitnami/charts/commit/d345ad082b2d87912c333c84fc35ee9c20d780ee)), closes [#17026](https://github.com/bitnami/charts/issues/17026)
+
+## <small>15.1.3 (2023-06-06)</small>
+
+* [bitnami/*] Change copyright section in READMEs (#17006) ([ef986a1](https://github.com/bitnami/charts/commit/ef986a1605241102b3dcafe9fd8089e6fc1201ad)), closes [#17006](https://github.com/bitnami/charts/issues/17006)
+* [bitnami/keycloak] Remove erroneous 'name' property from tls-secret (#16990) ([727c6a6](https://github.com/bitnami/charts/commit/727c6a65cc791067147d0d2a20a296bf6455ffa3)), closes [#16990](https://github.com/bitnami/charts/issues/16990) [#16989](https://github.com/bitnami/charts/issues/16989)
+* [bitnami/several] Change copyright section in READMEs (#16989) ([5b6a5cf](https://github.com/bitnami/charts/commit/5b6a5cfb7625a751848a2e5cd796bd7278f406ca)), closes [#16989](https://github.com/bitnami/charts/issues/16989)
+* Revert "Drop unnecessary secret moint in Keycloak container (#16013)" (#16617) ([7e05f6a](https://github.com/bitnami/charts/commit/7e05f6a1bd26cbf518d9d446591ef1ccdcd47965)), closes [#16013](https://github.com/bitnami/charts/issues/16013) [#16617](https://github.com/bitnami/charts/issues/16617)
+
+## <small>15.1.2 (2023-05-21)</small>
+
+* [bitnami/keycloak] Release 15.1.2 (#16828) ([b66b026](https://github.com/bitnami/charts/commit/b66b02695e525d1fdcd30d6b4103091fe1b4ef2a)), closes [#16828](https://github.com/bitnami/charts/issues/16828)
+
+## <small>15.1.1 (2023-05-12)</small>
+
+* [bitnami/keycloak] Fix keycloak notes message when not using tls (#16594) ([1a019b2](https://github.com/bitnami/charts/commit/1a019b2b4dbec99352195f8e1fd03dfbed711525)), closes [#16594](https://github.com/bitnami/charts/issues/16594)
+* Add wording for enterprise page (#16560) ([8f22774](https://github.com/bitnami/charts/commit/8f2277440b976d52785ba9149762ad8620a73d1f)), closes [#16560](https://github.com/bitnami/charts/issues/16560)
+
+## 15.1.0 (2023-05-09)
+
+* [bitnami/several] Adapt Chart.yaml to set desired OCI annotations (#16546) ([fc9b18f](https://github.com/bitnami/charts/commit/fc9b18f2e98805d4df629acbcde696f44f973344)), closes [#16546](https://github.com/bitnami/charts/issues/16546)
+
+## <small>15.0.5 (2023-05-09)</small>
+
+* [bitnami/keycloak] Release 15.0.5 (#16542) ([02593f7](https://github.com/bitnami/charts/commit/02593f7ea7a4cdcd0e05075694ac70602f45b525)), closes [#16542](https://github.com/bitnami/charts/issues/16542)
+
+## <small>15.0.4 (2023-05-09)</small>
+
+* [bitnami/keycloak] Add dnsConfig to keycloak statefulset template (#16394) ([3012b7a](https://github.com/bitnami/charts/commit/3012b7a1a5258482bdec2e7be7ec26f21f453e4c)), closes [#16394](https://github.com/bitnami/charts/issues/16394) [#16337](https://github.com/bitnami/charts/issues/16337)
+
+## <small>15.0.3 (2023-05-08)</small>
+
+* [bitnami/keycloak] Release 15.0.3 (#16433) ([e970673](https://github.com/bitnami/charts/commit/e970673297032d2c420d0f6eb3ef657511c4091c)), closes [#16433](https://github.com/bitnami/charts/issues/16433)
+
+## <small>15.0.2 (2023-05-08)</small>
+
+* bitnami/keycloak add values for getting external database information from a secret (#16378) ([6e37fbd](https://github.com/bitnami/charts/commit/6e37fbdfa0223eb2669e63e13d1d38e456be8633)), closes [#16378](https://github.com/bitnami/charts/issues/16378)
+
+## <small>15.0.1 (2023-05-05)</small>
+
+* [bitnami/keycloak] Fix keycloakConfigCli (#16375) ([3e28645](https://github.com/bitnami/charts/commit/3e2864539640868b058482f222e92ceb725aa441)), closes [#16375](https://github.com/bitnami/charts/issues/16375)
+
+## 15.0.0 (2023-05-04)
+
+* adjust default service to ClusterAPI (#16158) ([40067ec](https://github.com/bitnami/charts/commit/40067ec81e2f38a4f596457ccefa41bb4f2e7af0)), closes [#16158](https://github.com/bitnami/charts/issues/16158)
+
+## 14.5.0 (2023-05-02)
+
+* [bitnami/keycloak] keycloakConfigCli extraEnvVars templating (#16257) ([abd3434](https://github.com/bitnami/charts/commit/abd3434e3c0a3ecc4021b3b262a25d3f7e13e810)), closes [#16257](https://github.com/bitnami/charts/issues/16257)
+
+## <small>14.4.2 (2023-05-02)</small>
+
+* [bitnami/keycloak] Release 14.4.2 (#16333) ([8c4b991](https://github.com/bitnami/charts/commit/8c4b991b2b2e5f7de159d6b07f1b401086996707)), closes [#16333](https://github.com/bitnami/charts/issues/16333)
+
+## <small>14.4.1 (2023-04-30)</small>
+
+* [bitnami/keycloak] Release 14.4.1 (#16289) ([1892fa4](https://github.com/bitnami/charts/commit/1892fa4708c379d77fa0e576340b97549717eaec)), closes [#16289](https://github.com/bitnami/charts/issues/16289)
+
+## 14.4.0 (2023-04-25)
+
+* [bitnami/keycloak] Use `httpRelativePath` for ingress path and service monitor endpoints (#16183) ([66eb845](https://github.com/bitnami/charts/commit/66eb845d5871c86d63141cb28afbddfdb02bf1d9)), closes [#16183](https://github.com/bitnami/charts/issues/16183)
+
+## 14.3.0 (2023-04-20)
+
+* [bitnami/*] Make Helm charts 100% OCI (#15998) ([8841510](https://github.com/bitnami/charts/commit/884151035efcbf2e1b3206e7def85511073fb57d)), closes [#15998](https://github.com/bitnami/charts/issues/15998)
+
+## 14.2.0 (2023-04-13)
+
+* Drop unnecessary secret mount in Keycloak container (#16013) ([dc83778](https://github.com/bitnami/charts/commit/dc83778c2e40c9f7f011a2b747407e3f12aa2b54)), closes [#16013](https://github.com/bitnami/charts/issues/16013)
+
+## 14.1.0 (2023-04-10)
+
+* Added templating for `externalDatabase.host` (#15954) ([c36b1ac](https://github.com/bitnami/charts/commit/c36b1ac2d4bd68de20d2b819b16e77fdb7bad3f7)), closes [#15954](https://github.com/bitnami/charts/issues/15954)
+
+## 14.0.0 (2023-03-31)
+
+* [bitnami/keycloak] Release 14.0.0 (#15832) ([2b813ba](https://github.com/bitnami/charts/commit/2b813bac6a44cbbd6179170ef434967df57f1246)), closes [#15832](https://github.com/bitnami/charts/issues/15832)
+
+## <small>13.4.1 (2023-03-28)</small>
+
+* [bitnami/keycloak] Update keycloak cli job image tag to 5.6.1-debian-11-r4 (#15732) ([cf7a903](https://github.com/bitnami/charts/commit/cf7a9037c7dbd1264b8230cca4ae45c1d796fbc6)), closes [#15732](https://github.com/bitnami/charts/issues/15732)
+
+## 13.4.0 (2023-03-23)
+
+* [bitnami/keycloak] Added nodeSelector and option to automatic cleanup finished jobs to the keycloak- ([6a938d8](https://github.com/bitnami/charts/commit/6a938d8e000aedd2ddcac6e7c5ccc3d07188c732)), closes [#15689](https://github.com/bitnami/charts/issues/15689)
+
+## 13.3.0 (2023-03-10)
+
+* [bitnami/charts] Apply linter to README files (#15357) ([0e29e60](https://github.com/bitnami/charts/commit/0e29e600d3adc8b1b46e506eccb3decfab3b4e63)), closes [#15357](https://github.com/bitnami/charts/issues/15357)
+* [bitnami/keycloak] Add support for service.headless.annotations (#15432) ([8ec5c82](https://github.com/bitnami/charts/commit/8ec5c8242d1114dc79d5b15bcef651fff8d5f488)), closes [#15432](https://github.com/bitnami/charts/issues/15432)
+
+## 13.2.0 (2023-03-06)
+
+* [bitnami/keycloak] add support to disable service links (#15184) ([0f9a159](https://github.com/bitnami/charts/commit/0f9a159c38b7a4ce693de79e243f6ee050275fdd)), closes [#15184](https://github.com/bitnami/charts/issues/15184)
+
+## <small>13.1.3 (2023-03-01)</small>
+
+* [bitnami/keycloak] Release 13.1.3 (#15255) ([b50ae02](https://github.com/bitnami/charts/commit/b50ae02026f32feb53f6acae05f43a2e1bd35f4d)), closes [#15255](https://github.com/bitnami/charts/issues/15255)
+
+## <small>13.1.2 (2023-03-01)</small>
+
+* [bitnami/keycloak] Release 13.1.2 (#15210) ([123f9a9](https://github.com/bitnami/charts/commit/123f9a904b5e5b4284413541c4e1653b19d7ca13)), closes [#15210](https://github.com/bitnami/charts/issues/15210)
+
+## <small>13.1.1 (2023-02-22)</small>
+
+* [bitnami/keycloak] Release 13.1.1 (#15103) ([3047b69](https://github.com/bitnami/charts/commit/3047b694c57e84a0e9a76a01257dbab233503301)), closes [#15103](https://github.com/bitnami/charts/issues/15103)
+
+## 13.1.0 (2023-02-20)
+
+* [bitnami/keycloak] Fix NetworkPolicy to open the Infinispan port (7800) (#14576) ([149c7da](https://github.com/bitnami/charts/commit/149c7da9582b25e9dc0ee205db6273ff55a5a891)), closes [#14576](https://github.com/bitnami/charts/issues/14576)
+
+## <small>13.0.6 (2023-02-17)</small>
+
+* [bitnami/*] Fix markdown linter issues (#14874) ([a51e0e8](https://github.com/bitnami/charts/commit/a51e0e8d35495b907f3e70dd2f8e7c3bcbf4166a)), closes [#14874](https://github.com/bitnami/charts/issues/14874)
+* [bitnami/*] Remove unexpected extra spaces (#14873) ([c97c714](https://github.com/bitnami/charts/commit/c97c714887380d47eae7bfeff316bf01595ecd1d)), closes [#14873](https://github.com/bitnami/charts/issues/14873)
+* [bitnami/keycloak] Release 13.0.6 (#14978) ([6f85ef2](https://github.com/bitnami/charts/commit/6f85ef271770e3a22cd27af065fa76fd56fdf830)), closes [#14978](https://github.com/bitnami/charts/issues/14978)
+
+## <small>13.0.5 (2023-02-14)</small>
+
+* [bitnami/keycloak] Support extraLabels for serviceAccount (#14852) ([6861814](https://github.com/bitnami/charts/commit/6861814b2dca27f2883a15cdf58ccbd03b803ff4)), closes [#14852](https://github.com/bitnami/charts/issues/14852)
+
+## <small>13.0.4 (2023-02-04)</small>
+
+* [bitnami/keycloak] Don't regenerate self-signed certs on upgrade (#14630) ([763653d](https://github.com/bitnami/charts/commit/763653d3024df662c904ab4e335ce2232330d380)), closes [#14630](https://github.com/bitnami/charts/issues/14630)
+* [bitnami/keycloak] Release 13.0.4 (#14746) ([284a74f](https://github.com/bitnami/charts/commit/284a74f1f7b4d18965e4abf3750f1f9949831f69)), closes [#14746](https://github.com/bitnami/charts/issues/14746)
+
+## <small>13.0.3 (2023-02-01)</small>
+
+* [bitnami/*] Change copyright date (#14682) ([add4ec7](https://github.com/bitnami/charts/commit/add4ec701108ac36ed4de2dffbdf407a0d091067)), closes [#14682](https://github.com/bitnami/charts/issues/14682)
+* [bitnami/*] Unify READMEs (#14472) ([2064fb8](https://github.com/bitnami/charts/commit/2064fb8dcc78a845cdede8211af8c3cc52551161)), closes [#14472](https://github.com/bitnami/charts/issues/14472)
+* [bitnami/keycloak] Release 13.0.3 (#14692) ([17e66fc](https://github.com/bitnami/charts/commit/17e66fceefcda2c4c1405f94272b473f55b7956d)), closes [#14692](https://github.com/bitnami/charts/issues/14692)
+* bitnami/keycloak: Document possible use of MSSQL as an external DB (#14134) ([40bd9fb](https://github.com/bitnami/charts/commit/40bd9fb6ab9dbb05fc0abda127f2b84867076a5b)), closes [#14134](https://github.com/bitnami/charts/issues/14134)
+
+## <small>13.0.2 (2023-01-20)</small>
+
+* [bitnami/*] Change licenses annotation format (#14377) ([0ab7608](https://github.com/bitnami/charts/commit/0ab760862c660fcc78cffadf8e1d8cdd70881473)), closes [#14377](https://github.com/bitnami/charts/issues/14377)
+* [bitnami/keycloak] Release 13.0.2 (#14475) ([a82e327](https://github.com/bitnami/charts/commit/a82e32724657c9eda9db71a6685a02e959195f62)), closes [#14475](https://github.com/bitnami/charts/issues/14475)
+
+## <small>13.0.1 (2023-01-12)</small>
+
+* [bitnami/*] Add license annotation and remove obsolete engine parameter (#14293) ([da2a794](https://github.com/bitnami/charts/commit/da2a7943bae95b6e9b5b4ed972c15e990b69fdb0)), closes [#14293](https://github.com/bitnami/charts/issues/14293)
+* [bitnami/keycloak] Release 13.0.1 (#14319) ([d4c4e8a](https://github.com/bitnami/charts/commit/d4c4e8a6acd7d26c964fc16e5d290a232ac3a642)), closes [#14319](https://github.com/bitnami/charts/issues/14319)
+
+## 13.0.0 (2022-12-20)
+
+* [bitnami/keycloak] Release 13.0.0 (#14031) ([6f05162](https://github.com/bitnami/charts/commit/6f05162517ba2fcd0920df7ff53fe19e0f750a96)), closes [#14031](https://github.com/bitnami/charts/issues/14031)
+
+## 12.3.0 (2022-12-17)
+
+* [bitnami/keycloak] Updating to use your latest container version (20.0.1)and adding KC_LOG_LEVEL (#1 ([4263f07](https://github.com/bitnami/charts/commit/4263f07ee4efd170aadff677ea33d26fde0e16c2)), closes [#13845](https://github.com/bitnami/charts/issues/13845)
+
+## 12.2.0 (2022-12-06)
+
+* [bitnami/keycloak] Add postgresql.auth.postgresPassword to default values to expose this to the user ([763b37d](https://github.com/bitnami/charts/commit/763b37d1c140ff8127cb77556c3448debeb2b31e)), closes [#13772](https://github.com/bitnami/charts/issues/13772)
+
+## <small>12.1.5 (2022-11-25)</small>
+
+* [bitnami/keycloak] Release 12.1.5 (#13695) ([8ad7a83](https://github.com/bitnami/charts/commit/8ad7a83b916902a48bf772ed7ab37045038af131)), closes [#13695](https://github.com/bitnami/charts/issues/13695)
+
+## <small>12.1.4 (2022-11-24)</small>
+
+* [bitnami/keycloak] Update config cli image version (#13673) ([0f4d038](https://github.com/bitnami/charts/commit/0f4d038a760180eb3c5fde78565cb1f9a130b836)), closes [#13673](https://github.com/bitnami/charts/issues/13673)
+
+## <small>12.1.3 (2022-11-22)</small>
+
+* [bitnami/keycloak] fix apiversion hardcode for NetworkPolicy (#13598) ([3833c02](https://github.com/bitnami/charts/commit/3833c0251381a9e8f3af919c5a3790e5c19ea6e3)), closes [#13598](https://github.com/bitnami/charts/issues/13598)
+
+## <small>12.1.2 (2022-11-14)</small>
+
+* [bitnami/keycloak] Fix truststore and keystore passwords env vars in statefulset (#13437) ([ca5432a](https://github.com/bitnami/charts/commit/ca5432a4fb21d45b8001e80e723a32b8cb20c557)), closes [#13437](https://github.com/bitnami/charts/issues/13437)
+
+## <small>12.1.1 (2022-11-07)</small>
+
+* [bitnami/keycloak] Use correct value for SPI truststore file (#13334) ([e77e917](https://github.com/bitnami/charts/commit/e77e917eebf26b8caf8097358b223f9d9723216d)), closes [#13334](https://github.com/bitnami/charts/issues/13334)
+
+## 12.1.0 (2022-11-02)
+
+* [bitnami/keycloak] Add support for custom infinispan/jgroups cache stacks (e.g. istio) (#13155) ([786a60a](https://github.com/bitnami/charts/commit/786a60accc64eec1f7fd05192351f6e9fa8c399d)), closes [#13155](https://github.com/bitnami/charts/issues/13155)
+
+## <small>12.0.1 (2022-10-30)</small>
+
+* [bitnami/keycloak] Fix SPI truststore env (#13214) ([1026f4c](https://github.com/bitnami/charts/commit/1026f4c42be4ffc2cac62c49a490e73d9a6e543c)), closes [#13214](https://github.com/bitnami/charts/issues/13214)
+
+## 12.0.0 (2022-10-28)
+
+* [bitnami/keycloak] Update dependencies (#13219) ([20072bf](https://github.com/bitnami/charts/commit/20072bfbebed1ac8d25606aadc7fce30f075690f)), closes [#13219](https://github.com/bitnami/charts/issues/13219)
+
+## <small>11.0.1 (2022-10-28)</small>
+
+* [bitnami/keycloak] Fix reference to external db secret password key (#13190) ([ba2dedd](https://github.com/bitnami/charts/commit/ba2dedd73c8f5d944d21b5d0283480d816013648)), closes [#13190](https://github.com/bitnami/charts/issues/13190)
+
+## 11.0.0 (2022-10-27)
+
+* [bitnami/keycloak] Keycloak major 11 (#13103) ([7f810e9](https://github.com/bitnami/charts/commit/7f810e97efb66833290af02c1b78c99e4aa69f1e)), closes [#13103](https://github.com/bitnami/charts/issues/13103)
+
+## <small>10.1.8 (2022-10-26)</small>
+
+* [bitnami/keycloak] Fix prometheus rule (#13116) ([f0ecf99](https://github.com/bitnami/charts/commit/f0ecf99d20df121e7a03d33c6f53a1da7142b228)), closes [#13116](https://github.com/bitnami/charts/issues/13116)
+
+## <small>10.1.7 (2022-10-26)</small>
+
+* [bitnami/keycloak] Release 10.1.7 (#13160) ([ffbca96](https://github.com/bitnami/charts/commit/ffbca96473c1b866b29db7aa8121d5396eb6e595)), closes [#13160](https://github.com/bitnami/charts/issues/13160)
+
+## <small>10.1.6 (2022-10-19)</small>
+
+* [bitnami/*] Use new default branch name in links (#12943) ([a529e02](https://github.com/bitnami/charts/commit/a529e02597d49d944eba1eb0f190713293247176)), closes [#12943](https://github.com/bitnami/charts/issues/12943)
+* [bitnami/keycloak] Release 10.1.6 (#13030) ([9e693b6](https://github.com/bitnami/charts/commit/9e693b6c6ac9628227181180263583a6b6972704)), closes [#13030](https://github.com/bitnami/charts/issues/13030)
+* [bitnami/keycloak]add tolerations for keycloak config cli job pod (#12869) ([cdbc3d9](https://github.com/bitnami/charts/commit/cdbc3d96f349b02b89c98bd44c5d687295ff5043)), closes [#12869](https://github.com/bitnami/charts/issues/12869)
+
+## <small>10.1.5 (2022-10-12)</small>
+
+* [bitnami/keycloak] Release 10.1.5 (#12928) ([62c9206](https://github.com/bitnami/charts/commit/62c920604c7e9c36ad36c851672948442e0ae9bd)), closes [#12928](https://github.com/bitnami/charts/issues/12928)
+
+## <small>10.1.4 (2022-10-05)</small>
+
+* [bitnami/keycloak] Release 10.1.4 (#12811) ([4d406aa](https://github.com/bitnami/charts/commit/4d406aa42dafc6a061ace6b9ae939139595cc31c)), closes [#12811](https://github.com/bitnami/charts/issues/12811)
+* Generic README instructions related to the repo (#12792) ([3cf6b10](https://github.com/bitnami/charts/commit/3cf6b10e10e60df4b3e191d6b99aa99a9f597755)), closes [#12792](https://github.com/bitnami/charts/issues/12792)
+
+## <small>10.1.3 (2022-09-28)</small>
+
+* Break reference cycle in ServiceMonitor template (#12333) ([45b1c6d](https://github.com/bitnami/charts/commit/45b1c6d22c7cfed42e38897800eccb9dafbd1384)), closes [#12333](https://github.com/bitnami/charts/issues/12333)
+
+## <small>10.1.2 (2022-09-20)</small>
+
+* [bitnami/keycloak] Use custom probes if given (#12511) ([cc3ceb4](https://github.com/bitnami/charts/commit/cc3ceb40b9bcce7c6fc44f168e2d39a3cff58cca)), closes [#12511](https://github.com/bitnami/charts/issues/12511) [#12354](https://github.com/bitnami/charts/issues/12354)
+
+## <small>10.1.1 (2022-09-16)</small>
+
+* [bitnami/keycloak] Release 10.0.1 (#12423) ([3d9f0dd](https://github.com/bitnami/charts/commit/3d9f0dd9934c3a3eb63f956024f05b7a078fa8d6)), closes [#12423](https://github.com/bitnami/charts/issues/12423)
+
+## 10.1.0 (2022-09-14)
+
+* [bitnami/keycloak] initContainers and sidecars support for keycloak-config-cli job (#12341) ([c9b2362](https://github.com/bitnami/charts/commit/c9b23628130861fc634b1860aefa7689f1bd049e)), closes [#12341](https://github.com/bitnami/charts/issues/12341)
+
+## 10.0.0 (2022-09-12)
+
+* [bitnami/keycloak] Release 10.0.0 (#12312) ([e9d1d05](https://github.com/bitnami/charts/commit/e9d1d05e49b04a823b34c2590e133f85757b26bd)), closes [#12312](https://github.com/bitnami/charts/issues/12312)
+
+## <small>9.8.1 (2022-09-07)</small>
+
+* Do not duplicate groups key in PrometheusRule (#12307) ([7044987](https://github.com/bitnami/charts/commit/7044987069654e0bafa898eb0da1ad5983392dea)), closes [#12307](https://github.com/bitnami/charts/issues/12307)
+
+## 9.8.0 (2022-09-07)
+
+* [bitnami/keycloak] Option to scrape extra monitoring endpoints and configure alerts (#12268) ([e481262](https://github.com/bitnami/charts/commit/e481262cef704e5bb95616f894f7c61c7cd345b3)), closes [#12268](https://github.com/bitnami/charts/issues/12268)
+
+## <small>9.7.4 (2022-09-06)</small>
+
+* [bitnami/keycloak] Added ability to toggle http port on k8s service (#11504) ([b9bcea3](https://github.com/bitnami/charts/commit/b9bcea36d539fc2bdfbb5753033db78b82c4955a)), closes [#11504](https://github.com/bitnami/charts/issues/11504)
+* [bitnami/keycloak] Release 9.7.4 (#12292) ([85e545d](https://github.com/bitnami/charts/commit/85e545ddf9dce80bc06ccb14317fab1c15a7d45f)), closes [#12292](https://github.com/bitnami/charts/issues/12292)
+
+## <small>9.7.3 (2022-09-02)</small>
+
+* [bitnami/keycloak] Ensure the admin user env-var is set according to keycloak (#11497) ([83705e0](https://github.com/bitnami/charts/commit/83705e06fa3296184e4b27d20301c8eb0036367f)), closes [#11497](https://github.com/bitnami/charts/issues/11497)
+
+## <small>9.7.2 (2022-08-25)</small>
+
+* [bitnami/keycloak] Release 9.7.2 (#12148) ([2a326f1](https://github.com/bitnami/charts/commit/2a326f1a1ea5abbe4e8486666ba4f813264c98cf)), closes [#12148](https://github.com/bitnami/charts/issues/12148)
+
+## <small>9.7.1 (2022-08-23)</small>
+
+* [bitnami/keycloak] Update Chart.lock (#12121) ([6b01f6e](https://github.com/bitnami/charts/commit/6b01f6eae93a6610e6034c40207893fe4811752e)), closes [#12121](https://github.com/bitnami/charts/issues/12121)
+
+## 9.7.0 (2022-08-22)
+
+* [bitnami/keycloak] Add support for image digest apart from tag (#11907) ([e2fca9a](https://github.com/bitnami/charts/commit/e2fca9ae50aafbadb4b7d5972fa244268cacd061)), closes [#11907](https://github.com/bitnami/charts/issues/11907)
+
+## <small>9.6.9 (2022-08-17)</small>
+
+* [bitnami/keycloak] Release 9.6.9 (#11818) ([4b3d4eb](https://github.com/bitnami/charts/commit/4b3d4eb780f7ad02357a10ef26d9a96f81a29ebe)), closes [#11818](https://github.com/bitnami/charts/issues/11818)
+
+## <small>9.6.8 (2022-08-09)</small>
+
+* [bitnami/keycloak] Release 9.6.8 (#11650) ([c99dced](https://github.com/bitnami/charts/commit/c99dcedc0f93f77cb3827ef44e4f81db1445ce19)), closes [#11650](https://github.com/bitnami/charts/issues/11650)
+
+## <small>9.6.7 (2022-08-06)</small>
+
+* [bitnami/keycloak] Release 9.6.7 (#11627) ([13eceda](https://github.com/bitnami/charts/commit/13eceda3e3fd122b0d9be2b9783cb5c0f13334fa)), closes [#11627](https://github.com/bitnami/charts/issues/11627)
+
+## <small>9.6.6 (2022-08-05)</small>
+
+* keycloak: consider httpRelativePath in keycloak-config-cli + bump chart version (#11201) ([18d19f5](https://github.com/bitnami/charts/commit/18d19f5b370db098ce3c6c8d8684556b231f009a)), closes [#11201](https://github.com/bitnami/charts/issues/11201)
+
+## <small>9.6.5 (2022-08-05)</small>
+
+* [bitnami/keycloak] Release 9.6.5 (#11608) ([7052f3e](https://github.com/bitnami/charts/commit/7052f3e3da6e273201feafb45f1e24182e126b47)), closes [#11608](https://github.com/bitnami/charts/issues/11608)
+
+## <small>9.6.4 (2022-08-04)</small>
+
+* [bitnami/keycloak] Release 9.6.4 (#11581) ([c8db169](https://github.com/bitnami/charts/commit/c8db16925b27e8535403bfec6d3e986ab65046bf)), closes [#11581](https://github.com/bitnami/charts/issues/11581)
+
+## <small>9.6.3 (2022-08-04)</small>
+
+* [bitnami/keycloak] remove Wildfly management port and secret key (#11326) ([bd2be29](https://github.com/bitnami/charts/commit/bd2be294519243bda4fae8856181759878ba9212)), closes [#11326](https://github.com/bitnami/charts/issues/11326)
+
+## <small>9.6.2 (2022-08-03)</small>
+
+* [bitnami/keycloak] Release 9.6.2 (#11540) ([da13110](https://github.com/bitnami/charts/commit/da1311018a64b0feec4d62308d6d0b02d3f0f830)), closes [#11540](https://github.com/bitnami/charts/issues/11540)
+
+## <small>9.6.1 (2022-07-28)</small>
+
+* [bitnami/*] Update URLs to point to the new bitnami/containers monorepo (#11352) ([d665af0](https://github.com/bitnami/charts/commit/d665af0c708846192d8d5fb2f5f9ea65dd464ab0)), closes [#11352](https://github.com/bitnami/charts/issues/11352)
+* [bitnami/keycloak] Release 9.6.1 (#11405) ([50addb1](https://github.com/bitnami/charts/commit/50addb19cf4f6963feafc3aa4bae665cdab697d8)), closes [#11405](https://github.com/bitnami/charts/issues/11405)
+* Only PostgreSQL is supporte for external database configuration (#11309) ([b2b629f](https://github.com/bitnami/charts/commit/b2b629fb3a454cecf3bf882b4025e0bc6d6b6f4b)), closes [#11309](https://github.com/bitnami/charts/issues/11309)
+
+## 9.6.0 (2022-07-20)
+
+* [bitnami/keycloak] Allow overriding namespace via values  (#11176) ([e18d1dc](https://github.com/bitnami/charts/commit/e18d1dc2411a0d4dd02329bcd0288e0cb8dc1317)), closes [#11176](https://github.com/bitnami/charts/issues/11176)
+
+## 9.5.0 (2022-07-18)
+
+* keycloak: make metrics endpoint+port configurable, rename metrics port (#11124) ([27f3ed9](https://github.com/bitnami/charts/commit/27f3ed9dc81f0ceab1d36dbfcbf9417152dbea30)), closes [#11124](https://github.com/bitnami/charts/issues/11124)
+
+## <small>9.4.3 (2022-07-18)</small>
+
+* [bitnami/keycloak] Release 9.4.3 (#11227) ([c630999](https://github.com/bitnami/charts/commit/c630999f7cb1861a28bb05f2ae39414601697439)), closes [#11227](https://github.com/bitnami/charts/issues/11227)
+
+## <small>9.4.2 (2022-07-15)</small>
+
+* [bitnami/keycloak] switch to default keycloak port 8080, while scraping metrics (#10976) ([8b90600](https://github.com/bitnami/charts/commit/8b90600a62c7a78e06db389803cf2efe22f14506)), closes [#10976](https://github.com/bitnami/charts/issues/10976)
+
+## <small>9.4.1 (2022-07-12)</small>
+
+* [bitnami/keycloak] Do not expose https port if tls is not enabled (#11095) ([9a641f8](https://github.com/bitnami/charts/commit/9a641f8281fe1948a222b81a36c446ce25944926)), closes [#11095](https://github.com/bitnami/charts/issues/11095)
+
+## 9.4.0 (2022-07-06)
+
+* [bitnami/keycloak] Fix Kubernetes discovery, add httpRelativePath to make migration easier (#10910) ([27fb870](https://github.com/bitnami/charts/commit/27fb870c537d52916f51ab761ca7223a59b4ef0b)), closes [#10910](https://github.com/bitnami/charts/issues/10910)
+
+## <small>9.3.7 (2022-07-06)</small>
+
+* feat: ingress hostname (#10990) ([db4b1a5](https://github.com/bitnami/charts/commit/db4b1a5d04119d74f6ff0dca6f123cd9b09ffab8)), closes [#10990](https://github.com/bitnami/charts/issues/10990)
+
+## <small>9.3.6 (2022-07-04)</small>
+
+* Make sure truststore files not exist before creation (#10978) ([2a00e6c](https://github.com/bitnami/charts/commit/2a00e6c8361531eff6992bbaf489087bee78a6b3)), closes [#10978](https://github.com/bitnami/charts/issues/10978)
+
+## <small>9.3.5 (2022-07-01)</small>
+
+* [bitnami/keycloak] Release 9.3.5 (#11002) ([6d377b2](https://github.com/bitnami/charts/commit/6d377b253e060c7599a538671ac6857ff0ea64be)), closes [#11002](https://github.com/bitnami/charts/issues/11002)
+
+## <small>9.3.4 (2022-06-30)</small>
+
+* [bitnami/keycloak] Release 9.3.4 (#10970) ([2dc3212](https://github.com/bitnami/charts/commit/2dc32125ec4e0bee109b02116234c7f90a61fe78)), closes [#10970](https://github.com/bitnami/charts/issues/10970)
+
+## <small>9.3.3 (2022-06-29)</small>
+
+* [bitnami/keycloak] Add missing .Values.auth.existingSecret checks (#10876) ([5e62b53](https://github.com/bitnami/charts/commit/5e62b53282f56ca55420e96b39f6a7935d449c2a)), closes [#10876](https://github.com/bitnami/charts/issues/10876)
+* [bitnami/keycloak] Bump chart version (#10908) ([d90381c](https://github.com/bitnami/charts/commit/d90381c9f60986dc3d0cc45e7a5cb585a5ebe59d)), closes [#10908](https://github.com/bitnami/charts/issues/10908)
+
+## <small>9.3.2 (2022-06-25)</small>
+
+* [bitnami/keycloak] Release 9.3.2 updating components versions ([3965dd3](https://github.com/bitnami/charts/commit/3965dd3d3c0530abe30a536767f2da5f65572c9f))
+
+## <small>9.3.1 (2022-06-24)</small>
+
+* [bitnami/keycloak] Fix typos related to truststore (#10852) ([fd2e02b](https://github.com/bitnami/charts/commit/fd2e02ba9c51b8043636055fbb129861461ab9f0)), closes [#10852](https://github.com/bitnami/charts/issues/10852)
+* feat(keycloak): add support for KEYCLOAK_LOG_OUTPUT (#10822) ([8f82908](https://github.com/bitnami/charts/commit/8f82908ca2c00b6541c4440bcfa3bea0b1290d49)), closes [#10822](https://github.com/bitnami/charts/issues/10822)
+
+## 9.3.0 (2022-06-23)
+
+* [bitnami/keycloak] Remove unused value auth.createAdminUser (#10831) ([66351d0](https://github.com/bitnami/charts/commit/66351d084434fef0dcd12674f655488480f3ca74)), closes [#10831](https://github.com/bitnami/charts/issues/10831)
+
+## <small>9.2.12 (2022-06-22)</small>
+
+* [bitnami/keycloak] add missing tls.autogenerated checks (#10811) ([874751b](https://github.com/bitnami/charts/commit/874751b7468d5e59cf4d445b2813909ee1250f70)), closes [#10811](https://github.com/bitnami/charts/issues/10811)
+
+## <small>9.2.11 (2022-06-16)</small>
+
+* [bitnami/keycloak] Release 9.2.11 updating components versions ([b967dd9](https://github.com/bitnami/charts/commit/b967dd9c0c918bf0b27e52625529d16141c44497))
+
+## <small>9.2.10 (2022-06-15)</small>
+
+* [bitnami/keycloak] Release 9.2.10 updating components versions ([0fed34b](https://github.com/bitnami/charts/commit/0fed34bc25054ecf26905a620bd2f31884986290))
+* Set cache type "local" if cache is disabled (#10724) ([5e2b5fc](https://github.com/bitnami/charts/commit/5e2b5fcd61238887286554482ee99ee38aae03e6)), closes [#10724](https://github.com/bitnami/charts/issues/10724)
+
+## <small>9.2.9 (2022-06-14)</small>
+
+* [bitnami/keycloak] Release 9.2.9 updating components versions ([13b813e](https://github.com/bitnami/charts/commit/13b813e08653a47e7d5ec02c309a0e72ef1cb999))
+
+## <small>9.2.8 (2022-06-13)</small>
+
+* [bitnami/Keycloak] Fix tls ingress documentation (#10722) ([a147c28](https://github.com/bitnami/charts/commit/a147c28d75ce5436441116459967e604a05960cb)), closes [#10722](https://github.com/bitnami/charts/issues/10722)
+
+## <small>9.2.7 (2022-06-10)</small>
+
+* [bitnami/keycloak] Release 9.2.7 updating components versions ([29d5888](https://github.com/bitnami/charts/commit/29d5888416084c5a4b278bb295183297f839031f))
+
+## <small>9.2.6 (2022-06-09)</small>
+
+* [bitnami/keycloak] Fix ingress TLS with provided secret (#10671) ([4c22db8](https://github.com/bitnami/charts/commit/4c22db860f373d2f7894f197dda2d4f638286a82)), closes [#10671](https://github.com/bitnami/charts/issues/10671)
+
+## <small>9.2.5 (2022-06-08)</small>
+
+* [bitnami/keycloak] Release 9.2.5 updating components versions ([06f9deb](https://github.com/bitnami/charts/commit/06f9debdd2aef58f80c842d76fb00bd12eb8e689))
+* fix TLS misconfig in statefulset and secrets (#10611) ([c6383b8](https://github.com/bitnami/charts/commit/c6383b8aede0c3faf2c7a45b43b2809458748f11)), closes [#10611](https://github.com/bitnami/charts/issues/10611)
+
+## <small>9.2.4 (2022-06-07)</small>
+
+* [bitnami/*] Replace Kubeapps URL in READMEs (and kubeapps Chart.yaml) and remove BKPR references (#1 ([c6a7914](https://github.com/bitnami/charts/commit/c6a7914361e5aea6016fb45bf4d621edfd111d32)), closes [#10600](https://github.com/bitnami/charts/issues/10600)
+* Fix tolerations and topologySpreadConstraints default values (#10630) ([c37f262](https://github.com/bitnami/charts/commit/c37f2624f90de94b7673a53a6ee31eee0bd1d732)), closes [#10630](https://github.com/bitnami/charts/issues/10630)
+
+## <small>9.2.3 (2022-06-07)</small>
+
+* [bitnami/keycloak] Release 9.2.3 updating components versions ([63982ae](https://github.com/bitnami/charts/commit/63982aed3bd6d8680c0fd51a9072e23a7a52f0f6))
+
+## <small>9.2.2 (2022-06-01)</small>
+
+* [bitnami/several] Replace maintainers email by url (#10523) ([ff3cf61](https://github.com/bitnami/charts/commit/ff3cf617a1680509b0f3855d17c4ccff7b29a0ff)), closes [#10523](https://github.com/bitnami/charts/issues/10523)
+
+## <small>9.2.1 (2022-05-30)</small>
+
+* [bitnami/several] Replace base64 --decode with base64 -d (#10495) ([099286a](https://github.com/bitnami/charts/commit/099286ae7a87784cf809df0b64ab24f7ff0144c8)), closes [#10495](https://github.com/bitnami/charts/issues/10495)
+
+## 9.2.0 (2022-05-26)
+
+* [bitnami/keycloak] Add missing service parameter (#10418) ([a1c4e3e](https://github.com/bitnami/charts/commit/a1c4e3e1beda63427740c1c43fc2df25dbfc5edb)), closes [#10418](https://github.com/bitnami/charts/issues/10418)
+
+## <small>9.1.1 (2022-05-26)</small>
+
+* [bitnami/keycloak] Release 9.1.1 updating components versions ([e7e5999](https://github.com/bitnami/charts/commit/e7e599973a77d5fce724889991c47d195ede2758))
+
+## 9.1.0 (2022-05-25)
+
+* [bitnami/keycloak] Add support for distributed caching in kubernetes (#10387) ([ace0b1b](https://github.com/bitnami/charts/commit/ace0b1be0db6f03bbbe8956b5e3c750b4aeae0c5)), closes [#10387](https://github.com/bitnami/charts/issues/10387)
+
+## <small>9.0.5 (2022-05-24)</small>
+
+* [bitnami/keycloak] Use the new helper for HPA API version (#10200) ([9f7666f](https://github.com/bitnami/charts/commit/9f7666fc4f7f6ca4b3a6f96f8355425979c3ad67)), closes [#10200](https://github.com/bitnami/charts/issues/10200)
+
+## <small>9.0.4 (2022-05-22)</small>
+
+* [bitnami/keycloak] Release 9.0.4 updating components versions ([07b3e22](https://github.com/bitnami/charts/commit/07b3e22bc8f3a804b83152f2257e0c47abcd2006))
+
+## <small>9.0.3 (2022-05-20)</small>
+
+* Update ENV for keycloak-config-cli v5.0.0+ (#10321) ([14aaad1](https://github.com/bitnami/charts/commit/14aaad1c6d81751e4cdc3ecb68f0db316f9d1a50)), closes [#10321](https://github.com/bitnami/charts/issues/10321)
+
+## <small>9.0.2 (2022-05-19)</small>
+
+* [bitnami/keycloak] Release 9.0.2 updating components versions ([a451c96](https://github.com/bitnami/charts/commit/a451c96ad219bcadcdd9f51c0b3ef62f2e251984))
+
+## <small>9.0.1 (2022-05-18)</small>
+
+* [bitnami/keycloak] Release 9.0.1 updating components versions ([80a5111](https://github.com/bitnami/charts/commit/80a511181febc0bbb20f7c8cd77e6fc675c0da1f))
+
+## 9.0.0 (2022-05-16)
+
+* [bitnami/keycloak] Release 9.0.0 updating components versions ([e7dab0a](https://github.com/bitnami/charts/commit/e7dab0a38d785034e50ec85e2efa1a705202bcb7))
+
+## 8.1.0 (2022-05-16)
+
+* [bitnami/*] add ingress extraRules feature (#10253) ([0f6cbb9](https://github.com/bitnami/charts/commit/0f6cbb9099b0e56685cc1d36ba50340f3d7278a1)), closes [#10253](https://github.com/bitnami/charts/issues/10253)
+
+## <small>8.0.2 (2022-05-13)</small>
+
+* [bitnami/*] Remove old 'ci' files (#10171) ([5df30c4](https://github.com/bitnami/charts/commit/5df30c44dbd1812da8786579ce4a94917d46a6ad)), closes [#10171](https://github.com/bitnami/charts/issues/10171)
+* [bitnami/*] Unify k8s directives separators (#10185) ([2650214](https://github.com/bitnami/charts/commit/26502141d146ca3bdfb3bf744fcdec8ca5cece44)), closes [#10185](https://github.com/bitnami/charts/issues/10185)
+
+## <small>8.0.1 (2022-05-12)</small>
+
+* [bitnami/keycloak] update configuration (#10170) ([540878d](https://github.com/bitnami/charts/commit/540878da260e1c0611a8ad0581d7b3aa0dbba600)), closes [#10170](https://github.com/bitnami/charts/issues/10170)
+
+## 8.0.0 (2022-05-11)
+
+* [bitnami/keycloak] Keycloak 17 (#10095) ([2c68c54](https://github.com/bitnami/charts/commit/2c68c5494c4b08d1fb171dad3323b20d5052fced)), closes [#10095](https://github.com/bitnami/charts/issues/10095)
+
+## <small>7.1.19 (2022-05-11)</small>
+
+* [bitnami/*] Fix typo in comments (relay -> rely) (#10151) ([9cfe4a4](https://github.com/bitnami/charts/commit/9cfe4a48cc35851faea6be7ffb2a978d223befa0)), closes [#10151](https://github.com/bitnami/charts/issues/10151)
+
+## <small>7.1.18 (2022-04-26)</small>
+
+* Fix postgresql replication usage issue (#9910) ([5bed384](https://github.com/bitnami/charts/commit/5bed3846e1da09597c16aff032716d3f290f60da)), closes [#9910](https://github.com/bitnami/charts/issues/9910)
+
+## <small>7.1.17 (2022-04-21)</small>
+
+* [bitnami/keycloak] Release 7.1.17 updating components versions ([a919764](https://github.com/bitnami/charts/commit/a919764ab7eef235a7496bd6c205e3b1814d40e6))
+
+## <small>7.1.16 (2022-04-20)</small>
+
+* [bitnami/keycloak] Release 7.1.16 updating components versions ([c457bf3](https://github.com/bitnami/charts/commit/c457bf3c16d5a919a4e0cf1427e22f09af582b8e))
+
+## <small>7.1.15 (2022-04-19)</small>
+
+* [bitnami/keycloak] Release 7.1.15 updating components versions ([f8a2f9f](https://github.com/bitnami/charts/commit/f8a2f9f9bc72fc7e0b3d359ae2c37f7f7749cdbf))
+
+## <small>7.1.14 (2022-04-08)</small>
+
+* [bitnami/keycloak] Fix nil pointer evaluating interface {}.tls (#9723) ([e5bad29](https://github.com/bitnami/charts/commit/e5bad29b6ee1ef7eefc9b73c25008ba4af189d8d)), closes [#9723](https://github.com/bitnami/charts/issues/9723)
+
+## <small>7.1.13 (2022-04-06)</small>
+
+* [bitnami/keycloak] Release 7.1.13 updating components versions ([7ea1aab](https://github.com/bitnami/charts/commit/7ea1aab9b1acfc4582e2b0aa194a42a70fff69b4))
+
+## <small>7.1.12 (2022-04-03)</small>
+
+* [bitnami/keycloak] Release 7.1.12 updating components versions ([2ff3c8d](https://github.com/bitnami/charts/commit/2ff3c8dff424012b6ea3cc9bf85006d456d7588d))
+
+## <small>7.1.11 (2022-04-02)</small>
+
+* [bitnami/keycloak] Release 7.1.11 updating components versions ([113954e](https://github.com/bitnami/charts/commit/113954e598387838800ab9cf345d136451665c6d))
+
+## <small>7.1.10 (2022-03-29)</small>
+
+* [bitnami/keycloak] Release 7.1.10 updating components versions ([be64e8c](https://github.com/bitnami/charts/commit/be64e8cb919e8b890b80a1bff4399a0e56a1005e))
+
+## <small>7.1.9 (2022-03-28)</small>
+
+* [bitnami/keycloak] Release 7.1.9 updating components versions ([b71fa6a](https://github.com/bitnami/charts/commit/b71fa6a78173292e79c66c006d354b8b50943b3d))
+
+## <small>7.1.8 (2022-03-27)</small>
+
+* [bitnami/keycloak] Release 7.1.8 updating components versions ([7b0bc4f](https://github.com/bitnami/charts/commit/7b0bc4f538cf88ca3f07c274ebbb7e57fea418ec))
+
+## <small>7.1.7 (2022-03-25)</small>
+
+* [bitnami/keycloak] :bug: Fix loadBalancerSourceRanges evaluation bug (#9557) ([fb0197b](https://github.com/bitnami/charts/commit/fb0197be1550916d0ee149d6e6eb4e6d1c7f38ef)), closes [#9557](https://github.com/bitnami/charts/issues/9557)
+
+## <small>7.1.6 (2022-03-18)</small>
+
+* [bitnami/keycloak] Release 7.1.6 updating components versions ([923437f](https://github.com/bitnami/charts/commit/923437f7dabec4f6e317d373476a2d41673b08d7))
+
+## <small>7.1.5 (2022-03-16)</small>
+
+* docs(keycloak): fix typos in values.yml (#9446) ([7f01612](https://github.com/bitnami/charts/commit/7f0161276249a3a531af2235b095487d344dd959)), closes [#9446](https://github.com/bitnami/charts/issues/9446)
+
+## <small>7.1.4 (2022-03-16)</small>
+
+* [bitnami/keycloak] Release 7.1.4 updating components versions ([1cb07b8](https://github.com/bitnami/charts/commit/1cb07b8cd71b373d26419eeb4d42a1d5ed9f4bdd))
+
+## <small>7.1.3 (2022-03-15)</small>
+
+* [bitnami/keycloak] Fix externalDB secret issue when using 'externalDabatase.password' (#9383) ([f7ccba1](https://github.com/bitnami/charts/commit/f7ccba10848f2a7b137dbd1101c8b0dc3ceafab5)), closes [#9383](https://github.com/bitnami/charts/issues/9383)
+* [bitnami/keycloak] Release 7.1.3 updating components versions ([f14da8d](https://github.com/bitnami/charts/commit/f14da8d4da0720be4d023af7e503d00aae66b203))
+
+## <small>7.1.2 (2022-03-11)</small>
+
+* fix: sets default to true for automountServiceAccountToken in keycloak chart (#9372) (#9382) ([e5ae714](https://github.com/bitnami/charts/commit/e5ae7149f3660170d441d67eaa61ed1bfb483969)), closes [#9372](https://github.com/bitnami/charts/issues/9372) [#9382](https://github.com/bitnami/charts/issues/9382)
+
+## <small>7.1.1 (2022-03-10)</small>
+
+* [bitnami/keycloak] Remove unused 'database-password' key (#9315) ([b4c79bd](https://github.com/bitnami/charts/commit/b4c79bd326d27541834a62a2cf8df209fdfbdf54)), closes [#9315](https://github.com/bitnami/charts/issues/9315) [#9274](https://github.com/bitnami/charts/issues/9274)
+
+## 7.1.0 (2022-03-08)
+
+* [bitnami/keycloak] Chart standardized (#9333) ([8fb4fcd](https://github.com/bitnami/charts/commit/8fb4fcd7f86b1828627ff01ba97ec7a13b01ce39)), closes [#9333](https://github.com/bitnami/charts/issues/9333)
+
+## <small>7.0.3 (2022-03-07)</small>
+
+* [bitnami/*] Take 'global.postgresql' values into account (#9314) ([dd428a0](https://github.com/bitnami/charts/commit/dd428a06614551c92500afa84ce9750c4d8b90c9)), closes [#9314](https://github.com/bitnami/charts/issues/9314)
+
+## <small>7.0.2 (2022-03-07)</small>
+
+* Use existing secrets to recover information during upgrades (#9300) ([e5eab14](https://github.com/bitnami/charts/commit/e5eab14062a0f29523d5cde5c1a4de5076c17770)), closes [#9300](https://github.com/bitnami/charts/issues/9300)
+
+## <small>7.0.1 (2022-03-04)</small>
+
+* [bitnami/several] Reorder subcharts (#9299) ([a041f6b](https://github.com/bitnami/charts/commit/a041f6b0ff2dea82b3d030cb99454cede94dbc9a)), closes [#9299](https://github.com/bitnami/charts/issues/9299)
+
+## 7.0.0 (2022-03-02)
+
+* [bitnami/keycloak]: feat! :arrow_up: Bump PostgreSQL subchart (#9260) ([85e4e58](https://github.com/bitnami/charts/commit/85e4e5858f2ad44a835382d145e5b5fed7783179)), closes [#9260](https://github.com/bitnami/charts/issues/9260)
+
+## <small>6.2.5 (2022-03-01)</small>
+
+* [bitnami/several] Prettify Chart.yaml ([a056e06](https://github.com/bitnami/charts/commit/a056e061fb6541870ea8d9d0a715315f1ec3bcbc))
+
+## <small>6.2.4 (2022-02-28)</small>
+
+* [bitnami/keycloak] Release 6.2.4 updating components versions ([cb7d893](https://github.com/bitnami/charts/commit/cb7d893701b77b43480b3414ec12f9684e92f1f9))
+
+## <small>6.2.3 (2022-02-27)</small>
+
+* [bitnami/keycloak] Release 6.2.3 updating components versions ([7d532a8](https://github.com/bitnami/charts/commit/7d532a859b4215008d8eb127a6f186153f764449))
+
+## <small>6.2.2 (2022-02-26)</small>
+
+* [bitnami/keycloak] Release 6.2.2 updating components versions ([6000b6c](https://github.com/bitnami/charts/commit/6000b6c446ca017c11f32ec6ff680f0f6bb17524))
+
+## <small>6.2.1 (2022-02-25)</small>
+
+* [bitnami/Keycloak] Improve documentation for tls ingress (#8973) ([11c0116](https://github.com/bitnami/charts/commit/11c01168577d8cb5ee61f9f890a1966c709d443e)), closes [#8973](https://github.com/bitnami/charts/issues/8973) [#7734](https://github.com/bitnami/charts/issues/7734)
+
+## 6.2.0 (2022-02-23)
+
+* [bitnami/keycloak] Add support for PEM certificates (#9039) ([4591aba](https://github.com/bitnami/charts/commit/4591aba6720263181b059cdca90e1ffc0ae58acb)), closes [#9039](https://github.com/bitnami/charts/issues/9039)
+
+## <small>6.1.6 (2022-02-21)</small>
+
+* [bitnami/keycloak] Do not hardcode PDB apiVersion (#9097) ([cf56ca4](https://github.com/bitnami/charts/commit/cf56ca42c002f2a3126c4a45c574532ed8c60fa3)), closes [#9097](https://github.com/bitnami/charts/issues/9097)
+
+## <small>6.1.5 (2022-02-09)</small>
+
+* Added possibility to overwrite podManagementPolicy to keycloak statefulset (#8925) ([4fb5ae3](https://github.com/bitnami/charts/commit/4fb5ae31aa6217849a1cd7e2f05596d59dc94175)), closes [#8925](https://github.com/bitnami/charts/issues/8925)
+
+## <small>6.1.4 (2022-02-03)</small>
+
+* [bitnami/keycloak] Fix externalDatabase property population (#8835) ([d0dc8fd](https://github.com/bitnami/charts/commit/d0dc8fdabe16ef33f19c00c195bf1e059dae4807)), closes [#8835](https://github.com/bitnami/charts/issues/8835)
+
+## <small>6.1.3 (2022-02-02)</small>
+
+* [bitnami/*] Make use of new "common.ingress.certManagerRequest" helper (#8862) ([12e4c37](https://github.com/bitnami/charts/commit/12e4c3733eaeaa9a5579fdf917fa098a0f2aae23)), closes [#8862](https://github.com/bitnami/charts/issues/8862)
+
+## <small>6.1.2 (2022-02-01)</small>
+
+* [bitnami/*] Fix non-utf8 characters (#8826) ([aebe0ed](https://github.com/bitnami/charts/commit/aebe0ed63d845e1e2b38751103810adf200b18f5)), closes [#8826](https://github.com/bitnami/charts/issues/8826)
+* [bitnami/several] Prettify Chart.yaml (#8858) ([10e49fd](https://github.com/bitnami/charts/commit/10e49fdd6843558762daff0a1f96b9162bb78321)), closes [#8858](https://github.com/bitnami/charts/issues/8858)
+
+## <small>6.1.1 (2022-01-26)</small>
+
+* [bitnami/keycloak] Release 6.1.1 updating components versions ([713f264](https://github.com/bitnami/charts/commit/713f2642cec7c6ca31ad1d59fd42b16ce32f33ba))
+
+## 6.1.0 (2022-01-25)
+
+* [bitnami/keycloak] Fix Ingress + TLS generation (#8772) ([c7272ae](https://github.com/bitnami/charts/commit/c7272aeb46d1965187d374165b2e2d16e0c4a2df)), closes [#8772](https://github.com/bitnami/charts/issues/8772)
+
+## <small>6.0.1 (2022-01-20)</small>
+
+* [bitnami/*] Readme automation (#8579) ([78d1938](https://github.com/bitnami/charts/commit/78d193831c900d178198491ffd08fa2217a64ecd)), closes [#8579](https://github.com/bitnami/charts/issues/8579)
+* [bitnami/*] Update READMEs (#8716) ([b9a9533](https://github.com/bitnami/charts/commit/b9a953337590eb2979453385874a267bacf50936)), closes [#8716](https://github.com/bitnami/charts/issues/8716)
+* [bitnami/several] Add license to the README ([05f7633](https://github.com/bitnami/charts/commit/05f763372501d596e57db713dd53ff4ff3027cc4))
+* [bitnami/several] Add license to the README ([32fb238](https://github.com/bitnami/charts/commit/32fb238e60a0affc6debd3142eaa3c3d9089ec2a))
+* [bitnami/several] Add license to the README ([b87c2f7](https://github.com/bitnami/charts/commit/b87c2f7899d48a8b02c506765e6ae82937e9ba3f))
+* [bitnami/several] Change prerequisites (#8725) ([8d740c5](https://github.com/bitnami/charts/commit/8d740c566cfdb7e2d933c40128b4e919fce953a5)), closes [#8725](https://github.com/bitnami/charts/issues/8725)
+
+## 6.0.0 (2021-12-31)
+
+* [bitnami/keycloak] Release 6.0.0 updating components versions ([bbad0a2](https://github.com/bitnami/charts/commit/bbad0a22cf29eb8f6f7500310b1c62ab6965d80f))
+
+## <small>5.2.8 (2021-12-27)</small>
+
+* [bitnami/keycloak] Release 5.2.8 updating components versions ([13f5068](https://github.com/bitnami/charts/commit/13f5068db399ead6fb3c66fd72a8a5b72e418874))
+
+## <small>5.2.7 (2021-12-17)</small>
+
+* [bitnami/keycloak] Release 5.2.7 updating components versions ([3d09c7b](https://github.com/bitnami/charts/commit/3d09c7b8b4d2bef8f8912a5025c0f50b39a39a09))
+
+## <small>5.2.6 (2021-12-17)</small>
+
+* [bitnami/keycloak] Release 5.2.6 updating components versions ([efe5758](https://github.com/bitnami/charts/commit/efe575825afab781d2b04aa82534cceb7323e6aa))
+
+## <small>5.2.5 (2021-12-16)</small>
+
+* [bitnami/keycloak] Release 5.2.5 updating components versions ([987e6f0](https://github.com/bitnami/charts/commit/987e6f05eccd255e95ee740f5249f30b82fe37ad))
+
+## <small>5.2.4 (2021-12-10)</small>
+
+* [bitnami/keycloak] Release 5.2.4 updating components versions ([6f6f669](https://github.com/bitnami/charts/commit/6f6f669411164c26573fd77af55ef8c3b6028fdb))
+
+## <small>5.2.3 (2021-12-02)</small>
+
+* [bitnami/*] Fix parameters for schema generation (#8297) ([d7d52ac](https://github.com/bitnami/charts/commit/d7d52acdbd1b0629e4e5295652fa6f5830daf2af)), closes [#8297](https://github.com/bitnami/charts/issues/8297)
+
+## <small>5.2.2 (2021-11-29)</small>
+
+* [bitnami/several] Regenerate README tables ([ac75243](https://github.com/bitnami/charts/commit/ac752431b90e935d0a4dbfef70dc44f24f3d3dd2))
+* [bitnami/several] Replace HTTP by HTTPS when possible (#8259) ([eafb5bd](https://github.com/bitnami/charts/commit/eafb5bd5a2cc3aaf04fc1e8ebedd73f420d76864)), closes [#8259](https://github.com/bitnami/charts/issues/8259)
+
+## <small>5.2.1 (2021-11-26)</small>
+
+* [bitnami/keycloak] Release 5.2.1 updating components versions ([3ea8e45](https://github.com/bitnami/charts/commit/3ea8e45fdcafdad2df32ae5b835d9645315b52dd))
+* [bitnami/several] Regenerate README tables ([7b091c0](https://github.com/bitnami/charts/commit/7b091c0808ef00425c404cb97fe73c0578ccf1a3))
+
+## 5.2.0 (2021-11-17)
+
+* [bitnami/keycloak] automounting of serviceAccountTtoken (#8091) ([1745f77](https://github.com/bitnami/charts/commit/1745f770729217b7e5f19a8f34167108c2b9f867)), closes [#8091](https://github.com/bitnami/charts/issues/8091)
+
+## <small>5.1.7 (2021-11-15)</small>
+
+* [bitnami/keycloak] Run correct configCli jar for version of keycloak (#8107) ([6caf7d3](https://github.com/bitnami/charts/commit/6caf7d3aa613dd7df6c1245fb1039ec5c45bb064)), closes [#8107](https://github.com/bitnami/charts/issues/8107)
+
+## <small>5.1.6 (2021-11-02)</small>
+
+* [bitnami/contour-operator, bitnami/keycloak] Fix Chart.yaml format (#8002) ([2818bea](https://github.com/bitnami/charts/commit/2818bea6868c1fdf4b4b2365f4ffe1db33d8c483)), closes [#8002](https://github.com/bitnami/charts/issues/8002)
+* [bitnami/several] Regenerate README tables ([bb0eee1](https://github.com/bitnami/charts/commit/bb0eee13ee8394ec2cae7ef078a06502267d1891))
+
+## <small>5.1.5 (2021-10-27)</small>
+
+* [bitnami/keycloack] Fix externalDatabase password (#7863) ([77c8bbf](https://github.com/bitnami/charts/commit/77c8bbfcab3b8e67a5495abf04c4a3a1fbd0c6ff)), closes [#7863](https://github.com/bitnami/charts/issues/7863)
+
+## <small>5.1.4 (2021-10-27)</small>
+
+* [bitnami/keycloak] Release 5.1.4 updating components versions ([bceaa7c](https://github.com/bitnami/charts/commit/bceaa7cdad1f44ce29b92b49c6959857d6f456d5))
+
+## <small>5.1.3 (2021-10-22)</small>
+
+* [bitnami/keycloak] Add the solution for #6940 in docs - SSL Offload (#7838) ([ab31c94](https://github.com/bitnami/charts/commit/ab31c94a6e8b7a38c762a3ef79017fa668d4fb2a)), closes [#6940](https://github.com/bitnami/charts/issues/6940) [#7838](https://github.com/bitnami/charts/issues/7838) [#6940](https://github.com/bitnami/charts/issues/6940)
+* [bitnami/several] Add chart info to NOTES.txt (#7889) ([a6751cd](https://github.com/bitnami/charts/commit/a6751cdd33c461fabbc459fbea6f219ec64ab6b2)), closes [#7889](https://github.com/bitnami/charts/issues/7889)
+* [bitnami/several] Regenerate README tables ([cdcf8c1](https://github.com/bitnami/charts/commit/cdcf8c1407a9a23b93fadf513be21ca1f9c7c056))
+
+## <small>5.1.2 (2021-10-04)</small>
+
+* [bitnami/keycloak] Release 5.1.2 updating components versions ([1f8ada2](https://github.com/bitnami/charts/commit/1f8ada29bd38758acee2d5543444f126a9faa9e3))
+
+## <small>5.1.1 (2021-10-01)</small>
+
+* [bitnami/*] Drop support for deprecated cert-manager annotation (#7582) ([a081792](https://github.com/bitnami/charts/commit/a08179293543f063e5de966a9976ca967161de7b)), closes [#7582](https://github.com/bitnami/charts/issues/7582)
+* [bitnami/several] Regenerate README tables ([9d60bbd](https://github.com/bitnami/charts/commit/9d60bbdd3b400b3585476f9c0b8e29e5c9e00892))
+
+## 5.1.0 (2021-09-27)
+
+* [bitnami/keycloak] Implement support for startupProbe for faster pod startups (#7613) ([85cccdd](https://github.com/bitnami/charts/commit/85cccddc6bb3bf703becddc3d22fc42272f6e90f)), closes [#7613](https://github.com/bitnami/charts/issues/7613)
+* [bitnami/several] Regenerate README tables ([a94b593](https://github.com/bitnami/charts/commit/a94b5937a8665743457afc158202ebc33405c8e1))
+
+## <small>5.0.7 (2021-09-10)</small>
+
+* [bitnami/keycloak] Release 5.0.7 updating components versions ([a304a62](https://github.com/bitnami/charts/commit/a304a62b1d31a77c0ac8d7c37ed610bf57397811))
+* [bitnami/several] Regenerate README tables ([e0a27b4](https://github.com/bitnami/charts/commit/e0a27b4c05c509da51859373dad032294438af74))
+
+## <small>5.0.6 (2021-09-07)</small>
+
+* [bitnami/keycloak] Release 5.0.6 updating components versions ([df0e5f7](https://github.com/bitnami/charts/commit/df0e5f70a1ef20086c21c835588f3289e19a8dd2))
+* [bitnami/several] Regenerate README tables ([64d5d74](https://github.com/bitnami/charts/commit/64d5d747b84299ca9f63ea8a586b13870abe31a6))
+
+## <small>5.0.5 (2021-08-31)</small>
+
+* #7334 Missing line-break for external database (#7340) ([ad064d6](https://github.com/bitnami/charts/commit/ad064d69abd5e6b547e274c98d022ca0e733b305)), closes [#7334](https://github.com/bitnami/charts/issues/7334) [#7340](https://github.com/bitnami/charts/issues/7340) [#7334](https://github.com/bitnami/charts/issues/7334)
+
+## <small>5.0.4 (2021-08-26)</small>
+
+* [bitnami/keycloak] Fix db credentials (#7319) ([3884536](https://github.com/bitnami/charts/commit/3884536a4d28fae3682f56954958a0fbde5134ad)), closes [#7319](https://github.com/bitnami/charts/issues/7319)
+* [bitnami/several] Regenerate README tables ([da2513b](https://github.com/bitnami/charts/commit/da2513bf0a33819f3b1151d387c631a9ffdb03e2))
+
+## <small>5.0.3 (2021-08-25)</small>
+
+* [bitnami/keycloak] Release 5.0.3 updating components versions ([cd741b9](https://github.com/bitnami/charts/commit/cd741b9932719580fdb7433b3a48710f1aa2f456))
+* bitnami/keycloak: tpl existingSecret/existingSecretPerPassword (#7286) ([f4ec593](https://github.com/bitnami/charts/commit/f4ec593e3e37d0332aae3d14c928536926f96695)), closes [#7286](https://github.com/bitnami/charts/issues/7286)
+
+## <small>5.0.2 (2021-08-24)</small>
+
+* [bitnami/keycloak] Default postgresql.postgresqlPassword to a random … (#7287) ([2ef505a](https://github.com/bitnami/charts/commit/2ef505a4f0bb8e889771565147b1a991079dea02)), closes [#7287](https://github.com/bitnami/charts/issues/7287)
+* [bitnami/several] Regenerate README tables ([6c9124f](https://github.com/bitnami/charts/commit/6c9124f79491aa65f53a87c1ed598b47ffa8b411))
+
+## <small>5.0.1 (2021-08-20)</small>
+
+* [bitnami/keycloak] Release 5.0.1 updating components versions ([246abe3](https://github.com/bitnami/charts/commit/246abe3c8685a16e9fbbdd80ec41ea83681a5f5a))
+
+## 5.0.0 (2021-08-19)
+
+* [bitnami/keycloak] Release 5.0.0 updating components versions ([cf14b39](https://github.com/bitnami/charts/commit/cf14b39f0cfd52c68481f024703d7c80bd45a4ce))
+
+## 4.3.0 (2021-08-19)
+
+* keycloak: handle postgresql nameOverride and fullnameOverride (#7266) ([bfb3b88](https://github.com/bitnami/charts/commit/bfb3b88277b1830b23b1f6b32bb2b776f3b76884)), closes [#7266](https://github.com/bitnami/charts/issues/7266)
+
+## 4.2.0 (2021-08-17)
+
+* [bitnami/keycloak] Include keystoreFilename and truststoreFilename keys (#7149) ([461bd55](https://github.com/bitnami/charts/commit/461bd555abd65ab60d145ecc0d24ca49a945b0d8)), closes [#7149](https://github.com/bitnami/charts/issues/7149)
+* [bitnami/several] Regenerate README tables ([6c107e8](https://github.com/bitnami/charts/commit/6c107e835d6caf8db2e8b17dcd48c5971637e013))
+
+## <small>4.1.3 (2021-08-11)</small>
+
+* [bitnami/keycloak] Fix service reference in ingress (#7160) ([b340c62](https://github.com/bitnami/charts/commit/b340c62c75adf7fd657c8ccefe792784798c8676)), closes [#7160](https://github.com/bitnami/charts/issues/7160)
+
+## <small>4.1.2 (2021-08-04)</small>
+
+* [bitnami/keycloak] Release 4.1.2 updating components versions ([44af773](https://github.com/bitnami/charts/commit/44af77398f0860426b50ec15188bbf8057574703))
+
+## <small>4.1.1 (2021-08-03)</small>
+
+* [bitnami/keycloak] Adding a post initContainer value to allow init containers to be added to the cha ([ebbc39c](https://github.com/bitnami/charts/commit/ebbc39cb04f7e5e92de0e89b40587ebf312d1058)), closes [#7061](https://github.com/bitnami/charts/issues/7061)
+* [bitnami/several] Update READMEs (#7108) ([44961d9](https://github.com/bitnami/charts/commit/44961d9cdfae1b0d06808124c4b47e8adc3de146)), closes [#7108](https://github.com/bitnami/charts/issues/7108)
+
+## 4.1.0 (2021-07-29)
+
+* [bitnami/keycloak] Add existingSecret for ingress TLS (#7072) ([bd88584](https://github.com/bitnami/charts/commit/bd885845baeb4da535f239e1a71b353e0b388884)), closes [#7072](https://github.com/bitnami/charts/issues/7072)
+
+## <small>4.0.3 (2021-07-27)</small>
+
+* [bitnami/several] Fix default values and regenerate README (#7024) ([4c86733](https://github.com/bitnami/charts/commit/4c867335c5c9c5aba041868df16ebb8f64ac68bd)), closes [#7024](https://github.com/bitnami/charts/issues/7024)
+
+## <small>4.0.2 (2021-07-09)</small>
+
+* T40804 Improved README (#6892) ([809b110](https://github.com/bitnami/charts/commit/809b110ecaabfdbe7097a031feecde4f212705c6)), closes [#6892](https://github.com/bitnami/charts/issues/6892)
+
+## <small>4.0.1 (2021-07-08)</small>
+
+* [bitnami/*] Adapt values.yaml of Keykloak, Kiam and Kibana charts (#6858) ([1c52336](https://github.com/bitnami/charts/commit/1c523366e09a2e62b34aab0a4962e4d5d5bb0199)), closes [#6858](https://github.com/bitnami/charts/issues/6858)
+
+## 4.0.0 (2021-07-07)
+
+* [bitnami/keycloak] Release 4.0.0 updating components versions ([090b2fe](https://github.com/bitnami/charts/commit/090b2fe171ed9e3f1e18a97312902e9bb44d322b))
+
+## <small>3.2.1 (2021-07-07)</small>
+
+* [bitnami/keycloak] Fix long name issue enabling autogenerated support (#6865) ([f622c85](https://github.com/bitnami/charts/commit/f622c85267174c4b9d9369ac38b02f9e2f0b006d)), closes [#6865](https://github.com/bitnami/charts/issues/6865)
+
+## 3.2.0 (2021-07-06)
+
+* [bitnami/keycloak] Add support for ingressClassName (#6849) ([f33cd72](https://github.com/bitnami/charts/commit/f33cd72a92d316080da9b87fed2d0fd453221f35)), closes [#6849](https://github.com/bitnami/charts/issues/6849)
+
+## <small>3.1.1 (2021-06-18)</small>
+
+* [bitnami/keycloak] Release 3.1.1 updating components versions ([27bcf73](https://github.com/bitnami/charts/commit/27bcf73f89cf1c92c326b2aacdcbea1fc3f228aa))
+
+## 3.1.0 (2021-06-16)
+
+* [bitnami/keycloak] Add support for autogenerated certs (#6527) ([5b29da8](https://github.com/bitnami/charts/commit/5b29da835b1c0edc30c388ff37abd6c75696dffe)), closes [#6527](https://github.com/bitnami/charts/issues/6527)
+
+## <small>3.0.4 (2021-05-28)</small>
+
+* [bitnami/keycloak] Release 3.0.4 updating components versions ([26de7a5](https://github.com/bitnami/charts/commit/26de7a5c3fdd2b8190d480b2903a8fb77b0e770a))
+
+## <small>3.0.3 (2021-05-25)</small>
+
+* [bitnami/keycloak] Release 3.0.3 updating components versions ([6b8700e](https://github.com/bitnami/charts/commit/6b8700e99e461e6c15e847248ed89d24876352ec))
+* Update values.yaml ([acb8c74](https://github.com/bitnami/charts/commit/acb8c74bae06632e63955ef58118db81951ce56e))
+
+## <small>3.0.2 (2021-05-19)</small>
+
+* [bitnami/keycloak] Keycloak updated notes.txt (#6405) ([7af6473](https://github.com/bitnami/charts/commit/7af6473bc5e92ac6837908ff02e6795f6b1d4be3)), closes [#6405](https://github.com/bitnami/charts/issues/6405)
+* Update values.yaml ([4569920](https://github.com/bitnami/charts/commit/4569920abc6a83c1d8ec5b78521f290365dc2919))
+
+## <small>3.0.1 (2021-05-18)</small>
+
+* [bitnami/keycloak] Release 3.0.1 updating components versions ([8fda404](https://github.com/bitnami/charts/commit/8fda404d4b49c80c5cf9b81ffd7b89c5ed1e4bbf))
+
+## 3.0.0 (2021-05-17)
+
+* [bitnami/keycloak] Release 3.0.0 updating components versions ([2a547f9](https://github.com/bitnami/charts/commit/2a547f9bdfe9319ea95dcbe553f1b20ebf202605))
+
+## <small>2.4.8 (2021-05-06)</small>
+
+* [bitnami/keycloak] Update ingress.yaml to support optional hostname (#6300) ([7c0aa70](https://github.com/bitnami/charts/commit/7c0aa70c9b72da7e3c2d6372348794d5a4368f63)), closes [#6300](https://github.com/bitnami/charts/issues/6300)
+
+## <small>2.4.7 (2021-04-30)</small>
+
+* Fix typos in several README files (#6252) ([fd16565](https://github.com/bitnami/charts/commit/fd1656587a007ac9b8e9d895f6b99607fb225f7c)), closes [#6252](https://github.com/bitnami/charts/issues/6252)
+* Update README.md (#6222) ([d978dc5](https://github.com/bitnami/charts/commit/d978dc520746f91d856a69dfda9ac4784ca77037)), closes [#6222](https://github.com/bitnami/charts/issues/6222)
+
+## <small>2.4.6 (2021-04-20)</small>
+
+* [bitnami/keycloak] Release 2.4.6 updating components versions ([39ed9e6](https://github.com/bitnami/charts/commit/39ed9e63d67f73abfab98ffea2163ad41d08ce18))
+* Update README.md (#6154) ([597342f](https://github.com/bitnami/charts/commit/597342fda2896ef501390bb64eccb7d95b507762)), closes [#6154](https://github.com/bitnami/charts/issues/6154)
+
+## <small>2.4.5 (2021-04-19)</small>
+
+* [bitnami/keycloak] Release 2.4.5 updating components versions ([c33e08c](https://github.com/bitnami/charts/commit/c33e08c1fcbac0c9e6aaffb1451b7c99e59128a3))
+
+## <small>2.4.4 (2021-04-15)</small>
+
+* bump version (#6120) ([20a412f](https://github.com/bitnami/charts/commit/20a412fc343160b581d0cc55821dec7a2d502c3d)), closes [#6120](https://github.com/bitnami/charts/issues/6120)
+* fix error on missing existingSecret (#6043) ([3262147](https://github.com/bitnami/charts/commit/3262147df79ed77e90f9c32cd0089f5705105662)), closes [#6043](https://github.com/bitnami/charts/issues/6043)
+
+## <small>2.4.3 (2021-04-07)</small>
+
+* [bitnami/keycloak] Release 2.4.3 updating components versions ([be648c1](https://github.com/bitnami/charts/commit/be648c19e21cc4a388ab0f5c74d49ca9988d1437))
+
+## <small>2.4.2 (2021-03-29)</small>
+
+* [bitnami/keycloak] Fix extraHosts option for ingress (#5936) ([c6735cb](https://github.com/bitnami/charts/commit/c6735cbd8dc106def39e8557417025b0a2cb0ec1)), closes [#5936](https://github.com/bitnami/charts/issues/5936)
+
+## <small>2.4.1 (2021-03-23)</small>
+
+* [bitnami/keycloak] Fix config map template bug (#5881) ([7f1c8b5](https://github.com/bitnami/charts/commit/7f1c8b5b555b2ed1d7021e07959e626e46519f27)), closes [#5881](https://github.com/bitnami/charts/issues/5881) [#5074](https://github.com/bitnami/charts/issues/5074)
+
+## 2.4.0 (2021-03-19)
+
+* add external database secret for use in keycloak chart (#5844) ([22bc7b6](https://github.com/bitnami/charts/commit/22bc7b61306c6d851c0f8332b9031af39c746c66)), closes [#5844](https://github.com/bitnami/charts/issues/5844)
+
+## 2.3.0 (2021-03-08)
+
+* [bitnami/keycloak] Add keycloak-config-cli job (#5167) ([d04baf2](https://github.com/bitnami/charts/commit/d04baf21da3f8c21fdaeb89321305778e480397a)), closes [#5167](https://github.com/bitnami/charts/issues/5167)
+
+## <small>2.2.4 (2021-03-05)</small>
+
+* [bitnami/*] Remove minideb mentions (#5677) ([870bc4d](https://github.com/bitnami/charts/commit/870bc4dba1fc3aa55dd157da6687b25e8d352206)), closes [#5677](https://github.com/bitnami/charts/issues/5677)
+* [bitnami/keycloak] Release 2.2.4 updating components versions ([3dd6cb1](https://github.com/bitnami/charts/commit/3dd6cb1e0dab2951eea9aca9f7f4748df561c608))
+
+## <small>2.2.3 (2021-03-04)</small>
+
+* [bitnami/keycloak] Release 2.2.3 updating components versions ([dc58d7f](https://github.com/bitnami/charts/commit/dc58d7f586f4b9a2a949a6dc413ba932c594ef9a))
+
+## <small>2.2.2 (2021-03-01)</small>
+
+* [bitnami/keycloak] Release 2.2.2 updating components versions ([86242e5](https://github.com/bitnami/charts/commit/86242e53316078bb506d14c8df53351598bcf39c))
+
+## <small>2.2.1 (2021-02-22)</small>
+
+* [bitnami/*] Use common macro to define RBAC apiVersion (#5585) ([71fb99f](https://github.com/bitnami/charts/commit/71fb99f541e971b1daafaa20ffb7d18b153b8d60)), closes [#5585](https://github.com/bitnami/charts/issues/5585)
+
+## 2.2.0 (2021-02-22)
+
+* [bitnami/keycloak] Allow passwords from different secrets (#5496) ([91dbd11](https://github.com/bitnami/charts/commit/91dbd11bcdd9284029e5857235b0b7b0ddade1b5)), closes [#5496](https://github.com/bitnami/charts/issues/5496)
+
+## <small>2.1.2 (2021-02-18)</small>
+
+* [bitnami/keycloak] Release 2.1.2 updating components versions ([7ade14c](https://github.com/bitnami/charts/commit/7ade14c492ccf2590c1b9a8a4100e46bf8162e70))
+
+## <small>2.1.1 (2021-02-16)</small>
+
+* [bitnami/keycloak] Release 2.1.1 updating components versions ([4ed411d](https://github.com/bitnami/charts/commit/4ed411d59f521ca2313d4e189e0f24448a53d71c))
+
+## 2.1.0 (2021-02-16)
+
+* [bitnami/keycloak] HTTPS between the ingress and the pods (#5478) ([2fbd0c9](https://github.com/bitnami/charts/commit/2fbd0c9e1695918a3b83937f5c12bf53902f00ac)), closes [#5478](https://github.com/bitnami/charts/issues/5478)
+
+## <small>2.0.1 (2021-02-12)</small>
+
+* [bitnami/*] Add notice regarding parameters immutability after chart installation (#4853) ([5f09573](https://github.com/bitnami/charts/commit/5f095734f92555dec7cd0e3ee961f315eac170ff)), closes [#4853](https://github.com/bitnami/charts/issues/4853)
+* [bitnami/keycloak] Fix password notes reading the secret (#5472) ([7be880b](https://github.com/bitnami/charts/commit/7be880b77f6740c5d632ff941f6056aca6c01bf7)), closes [#5472](https://github.com/bitnami/charts/issues/5472)
+
+## 2.0.0 (2021-02-03)
+
+* [bitnami/keycloak] Release 2.0.0 updating components versions ([2f4c7cb](https://github.com/bitnami/charts/commit/2f4c7cbc049a274b0ac65aed8eb681f6ac8538c9))
+* Keycloak missing postgresql parameters (#5342) ([f1c25cc](https://github.com/bitnami/charts/commit/f1c25cc15c02a3cd521f9ddd91bce4f46bef5a02)), closes [#5342](https://github.com/bitnami/charts/issues/5342)
+
+## <small>1.4.3 (2021-02-01)</small>
+
+* [bitnami/keycloak] Release 1.4.3 updating components versions ([8c55b54](https://github.com/bitnami/charts/commit/8c55b54593796448d04cbb13e54e7f9b7aac4040))
+
+## <small>1.4.2 (2021-01-29)</small>
+
+* [bitnami/keycloak] fix configMap cert directory permission issues (#4967) ([455e739](https://github.com/bitnami/charts/commit/455e739724a96b4fc29a66ff8425871666d2ff45)), closes [#4967](https://github.com/bitnami/charts/issues/4967)
+* [bitnami/keycloak] fix: considere existing secret when validating passwords (#5340) ([2e53d85](https://github.com/bitnami/charts/commit/2e53d850261f7818a18363660ed13ad392234dc6)), closes [#5340](https://github.com/bitnami/charts/issues/5340)
+
+## <small>1.4.1 (2021-01-29)</small>
+
+* [bitnami/keycloak] fix invalid templates/init-scripts-configmap.yaml rendering (#5296) ([3120a12](https://github.com/bitnami/charts/commit/3120a12b503fa47ee876aaec7deb8aa7eaec390d)), closes [#5296](https://github.com/bitnami/charts/issues/5296)
+
+## 1.4.0 (2021-01-28)
+
+* [bitnami/keycloak] Add hostAliases (#5249) ([8471de7](https://github.com/bitnami/charts/commit/8471de71b05374ed8b07f070cba7ac1ec06042f9)), closes [#5249](https://github.com/bitnami/charts/issues/5249)
+
+## <small>1.3.1 (2021-01-27)</small>
+
+* [bitnami/keycloak] fix: error with secret when release name too long (#5273) ([fdc4baa](https://github.com/bitnami/charts/commit/fdc4baadd6f490861950f281d4e195d371d15f16)), closes [#5273](https://github.com/bitnami/charts/issues/5273)
+
+## 1.3.0 (2021-01-26)
+
+* [bitnami/keycloak] feat: add existing secret feature (#5189) ([62a0f30](https://github.com/bitnami/charts/commit/62a0f3014c4648e2253f3d381f45650a26cc5f54)), closes [#5189](https://github.com/bitnami/charts/issues/5189)
+
+## <small>1.2.1 (2021-01-25)</small>
+
+* [bitnami/*] Change helm version in the prerequisites (#5090) ([c5e67a3](https://github.com/bitnami/charts/commit/c5e67a388743cbee28439d2cabca27884b9daf97)), closes [#5090](https://github.com/bitnami/charts/issues/5090)
+* [bitnami/*] Unify icons in Chart.yaml and add missing fields (#5206) ([0462921](https://github.com/bitnami/charts/commit/0462921418ca8d54308b7466197a6d53ffae4628)), closes [#5206](https://github.com/bitnami/charts/issues/5206)
+
+## 1.2.0 (2021-01-08)
+
+* Update ingress rules (#4889) ([edc7ff6](https://github.com/bitnami/charts/commit/edc7ff6a3608aecea1c4355a2afffcd0089d4e51)), closes [#4889](https://github.com/bitnami/charts/issues/4889)
+
+## <small>1.1.7 (2021-01-04)</small>
+
+* [bitnami/keycloak] Release 1.1.7 updating components versions ([f48bec5](https://github.com/bitnami/charts/commit/f48bec5c7c13d098294a5b5106efa3ddec39cb0e))
+
+## <small>1.1.6 (2021-01-02)</small>
+
+* [bitnami/keycloak] Release 1.1.6 updating components versions ([2e95e84](https://github.com/bitnami/charts/commit/2e95e84c76b37ac0581eacce879b84801140aaa4))
+
+## <small>1.1.5 (2020-12-21)</small>
+
+* [bitnami/*] fix typos (#4699) ([49adc63](https://github.com/bitnami/charts/commit/49adc63b672da976c55af2e077aa5648a357b77f)), closes [#4699](https://github.com/bitnami/charts/issues/4699)
+* [bitnami/keycloak] fix: use calculate apiVersion instead (#4803) ([702e7d1](https://github.com/bitnami/charts/commit/702e7d1b4c0459aa5d7c7a86fac32c45eee58e09)), closes [#4803](https://github.com/bitnami/charts/issues/4803)
+
+## <small>1.1.4 (2020-12-11)</small>
+
+* [bitnami/keycloak] Fix entrypoint usage with auth.tls.enabled (#4697) ([ba142bd](https://github.com/bitnami/charts/commit/ba142bd157254c1bf605406815212a8964d2776f)), closes [#4697](https://github.com/bitnami/charts/issues/4697)
+
+## <small>1.1.3 (2020-12-11)</small>
+
+* [bitnami/*] Update dependencies (#4694) ([2826c12](https://github.com/bitnami/charts/commit/2826c125b42505f28431301e3c1bbe5366e47a01)), closes [#4694](https://github.com/bitnami/charts/issues/4694)
+
+## <small>1.1.1 (2020-12-10)</small>
+
+* [bitnami/*] Update CI *-values.yaml files (#4674) ([b473fa9](https://github.com/bitnami/charts/commit/b473fa98f79cb1b06bf592cfe8495c92a6fda16b)), closes [#4674](https://github.com/bitnami/charts/issues/4674)
+
+## 1.1.0 (2020-12-03)
+
+* [bitnami/keycloak] Add extra startup args support (#4583) ([5aa7723](https://github.com/bitnami/charts/commit/5aa77239b2bfd81a31cbb8bd756a52c52b1bb36d)), closes [#4583](https://github.com/bitnami/charts/issues/4583)
+
+## <small>1.0.5 (2020-12-02)</small>
+
+* [bitnami/*] Add upgrade details to README (#4480) ([10bd8e1](https://github.com/bitnami/charts/commit/10bd8e1fbbe69461a5d90ba61562f72b526c9caf)), closes [#4480](https://github.com/bitnami/charts/issues/4480)
+* [bitnami/keycloak] Release 1.0.5 updating components versions ([b84505d](https://github.com/bitnami/charts/commit/b84505d2b2a555013a9acf16ba9c773e3c3b94d6))
+
+## <small>1.0.4 (2020-11-24)</small>
+
+* [bitnami/keycloak] Release 1.0.4 updating components versions ([c3d3f1b](https://github.com/bitnami/charts/commit/c3d3f1b07bc7a89db697ea60b2f6e5e80b76ae6d))
+
+## <small>1.0.3 (2020-11-24)</small>
+
+* [bitnami/keycloack] Add validation for Keycloack admin password (#4447) ([9445e64](https://github.com/bitnami/charts/commit/9445e64b15c890818761516bf95a61ea41ece2d8)), closes [#4447](https://github.com/bitnami/charts/issues/4447)
+
+## <small>1.0.2 (2020-11-19)</small>
+
+* [bitnami/keycloak] Remove 'bindAddress' parameter (#4434) ([b97a641](https://github.com/bitnami/charts/commit/b97a641798ab8ac51a4ee07f113aaea3304eded5)), closes [#4434](https://github.com/bitnami/charts/issues/4434)
+
+## <small>1.0.1 (2020-11-18)</small>
+
+* [bitnami/keycloak] Fix ingress extraHost range (#4413) ([5768deb](https://github.com/bitnami/charts/commit/5768deb4f74b8e9ace320cae8bb10d98ed67c62b)), closes [#4413](https://github.com/bitnami/charts/issues/4413)
+
+## 1.0.0 (2020-11-18)
+
+* [bitnami/keycloak] Major version. Adapt Chart to apiVersion: v2 (#4330) ([d53b7c7](https://github.com/bitnami/charts/commit/d53b7c7728779793e4fc7769de12380b39041d5d)), closes [#4330](https://github.com/bitnami/charts/issues/4330)
+
+## <small>0.1.2 (2020-11-09)</small>
+
+* [bitnami/keycloak] Release 0.1.2 updating components versions ([c74df53](https://github.com/bitnami/charts/commit/c74df53dce43f17c8b9710514bc30191c2c2b2d1))
+
+## <small>0.1.1 (2020-11-06)</small>
+
+* [bitnami/keycloak] Release 0.1.1 updating components versions ([afbb079](https://github.com/bitnami/charts/commit/afbb079f41fcac61c8c975e9bb15ddd0bdee24de))
+
+## 0.1.0 (2020-11-05)
+
+* Add new chart: Keycloak (#4163) ([b7a5f54](https://github.com/bitnami/charts/commit/b7a5f543c261cf519f011ff3e62d0f2b2f055f12)), closes [#4163](https://github.com/bitnami/charts/issues/4163)
diff --git a/charts/keycloak/Chart.lock b/charts/keycloak/Chart.lock
new file mode 100644
index 0000000..d82d014
--- /dev/null
+++ b/charts/keycloak/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 16.7.21
+- name: common
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 2.31.3
+digest: sha256:cc4b0618c5eb9e447c5538ba043869a7cbd6548d32768d8f63267fa27fdc5459
+generated: "2025-08-07T14:44:22.967095866Z"
diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml
new file mode 100644
index 0000000..0db5e03
--- /dev/null
+++ b/charts/keycloak/Chart.yaml
@@ -0,0 +1,39 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+annotations:
+  category: DeveloperTools
+  images: |
+    - name: keycloak
+      image: docker.io/bitnami/keycloak:26.3.2-debian-12-r1
+    - name: keycloak-config-cli
+      image: docker.io/bitnami/keycloak-config-cli:6.4.0-debian-12-r11
+  licenses: Apache-2.0
+  tanzuCategory: application
+apiVersion: v2
+appVersion: 26.3.2
+dependencies:
+- condition: postgresql.enabled
+  name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 16.x.x
+- name: common
+  repository: oci://registry-1.docker.io/bitnamicharts
+  tags:
+  - bitnami-common
+  version: 2.x.x
+description: Keycloak is a high performance Java-based identity and access management
+  solution. It lets developers add an authentication layer to their applications with
+  minimum effort.
+home: https://bitnami.com
+icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/keycloak/img/keycloak-stack-220x234.png
+keywords:
+- keycloak
+- access-management
+maintainers:
+- name: Broadcom, Inc. All Rights Reserved.
+  url: https://github.com/bitnami/charts
+name: keycloak
+sources:
+- https://github.com/bitnami/charts/tree/main/bitnami/keycloak
+version: 24.9.1
diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md
new file mode 100644
index 0000000..fea98b8
--- /dev/null
+++ b/charts/keycloak/README.md
@@ -0,0 +1,883 @@
+<!--- app-name: Keycloak -->
+
+# Bitnami package for Keycloak
+
+Keycloak is a high performance Java-based identity and access management solution. It lets developers add an authentication layer to their applications with minimum effort.
+
+[Overview of Keycloak](https://www.keycloak.org/)
+
+Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
+
+## TL;DR
+
+```console
+helm install my-release oci://registry-1.docker.io/bitnamicharts/keycloak
+```
+
+Looking to use Keycloak in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog.
+
+## ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
+
+Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
+
+- Granting community users access for the first time to security-optimized versions of popular container images.
+- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
+- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
+- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
+
+These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).
+
+## Introduction
+
+Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.
+
+This chart bootstraps a [Keycloak](https://github.com/bitnami/containers/tree/main/bitnami/keycloak) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.23+
+- Helm 3.8.0+
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/keycloak
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
+These commands deploy a Keycloak application on the Kubernetes cluster in the default configuration.
+
+> **Tip**: List all releases using `helm list`
+
+## Configuration and installation details
+
+### Resource requests and limits
+
+Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
+
+To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
+
+### Prometheus metrics
+
+This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will expose Keycloak native Prometheus endpoint in a `metrics` service, which can be configured under the `metrics.service` section. It will have the necessary annotations to be automatically scraped by Prometheus.
+
+#### Prometheus requirements
+
+It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the [Bitnami Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/prometheus) or the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) to easily have a working Prometheus in your cluster.
+
+#### Integration with Prometheus Operator
+
+The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `metrics.serviceMonitor.enabled=true`. Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error:
+
+```text
+no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
+```
+
+Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) for having the necessary CRDs and the Prometheus Operator.
+
+### [Rolling vs Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html)
+
+It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
+
+Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
+
+### Update credentials
+
+Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
+
+- Update the user password following [the upstream documentation](https://www.keycloak.org/server/configuration)
+- Update the password secret with the new values (replace the SECRET_NAME and PASSWORD placeholders)
+
+```shell
+kubectl create secret generic SECRET_NAME --from-literal=admin-password=PASSWORD --dry-run -o yaml | kubectl apply -f -
+```
+
+### Use an external database
+
+Sometimes, you may want to have Keycloak connect to an external PostgreSQL database rather than a database within your cluster - for example, when using a managed database service, or when running a single database server for all your applications. To do this, set the `postgresql.enabled` parameter to `false` and specify the credentials for the external database using the `externalDatabase.*` parameters. Here is an example:
+
+```text
+postgresql.enabled=false
+externalDatabase.host=myexternalhost
+externalDatabase.user=myuser
+externalDatabase.password=mypassword
+externalDatabase.database=mydatabase
+externalDatabase.port=5432
+externalDatabase.schema=public
+```
+
+> NOTE: Only PostgreSQL database server is supported as external database
+
+It is not supported but possible to run Keycloak with an external MSSQL database with the following settings:
+
+```yaml
+externalDatabase:
+  host: "mssql.example.com"
+  port: 1433
+  user: keycloak
+  database: keycloak
+  existingSecret: passwords
+extraEnvVars:
+  - name: KC_DB # override values from the conf file
+    value: 'mssql'
+  - name: KC_DB_URL
+    value: 'jdbc:sqlserver://mssql.example.com:1433;databaseName=keycloak;'
+```
+
+### Importing and exporting a realm
+
+#### Importing a realm
+
+You can import a realm by setting the `KEYCLOAK_EXTRA_ARGS` to contain the `--import-realm` argument.
+
+This will import all `*.json` under `/opt/bitnami/keycloak/data/import` files as a realm into keycloak as per the
+official documentation [here](https://www.keycloak.org/server/importExport#_importing_a_realm_from_a_directory). You
+can supply the files by mounting a volume e.g. with docker compose as follows:
+
+```yaml
+keycloak:
+  image: bitnami/keycloak:latest
+  volumes:
+    - /local/path/to/realms/folder:/opt/bitnami/keycloak/data/import
+```
+
+#### Exporting a realm
+
+You can export a realm through the GUI but it will not export users even the option is set, this is a known keycloak
+[bug](https://github.com/keycloak/keycloak/issues/23970).
+
+By using the `kc.sh` script you can export a realm with users. Be sure to mount the export folder to a local folder:
+
+```yaml
+keycloak:
+  image: bitnami/keycloak:latest
+  volumes:
+    - /local/path/to/export/folder:/export
+```
+
+Then open a terminal in the running keycloak container and run:
+
+```bash
+kc.sh export --dir /export/ --users realm_file
+````
+
+This will export the all the realms with users to the `/export` folder.
+
+### Configure Ingress
+
+This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`.
+
+The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host.
+
+However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts.
+
+> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers.
+
+Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the  application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.
+
+[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
+
+### Configure admin Ingress
+
+In addition to the Ingress resource described above, this chart also provides the ability to define an Ingress for the admin area of Keycloak, for example the `master` realm.
+
+For this scenario, you can use the Keycloak Config CLI integration with the following values, where `keycloak-admin.example.com` is to be replaced by the actual hostname:
+
+```yaml
+adminIngress:
+  enabled: true
+  hostname: keycloak-admin.example.com
+keycloakConfigCli:
+  enabled: true
+  configuration:
+    master.json: |
+      {
+        "realm" : "master",
+        "attributes": {
+          "frontendUrl": "https://keycloak-admin.example.com"
+        }
+      }
+```
+
+### Configure TLS Secrets for use with Ingress
+
+This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases:
+
+- Generate certificate secrets based on chart parameters.
+- Enable externally generated certificates.
+- Manage application certificates via an external service (like [cert-manager](https://github.com/jetstack/cert-manager/)).
+- Create self-signed certificates within the chart (if supported).
+
+In the first two cases, a certificate and a key are needed. Files are expected in `.pem` format.
+
+Here is an example of a certificate file:
+
+> NOTE: There may be more than one certificate if there is a certificate chain.
+
+```text
+-----BEGIN CERTIFICATE-----
+MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+...
+jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7
+-----END CERTIFICATE-----
+```
+
+Here is an example of a certificate key:
+
+```text
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4
+...
+wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
+-----END RSA PRIVATE KEY-----
+```
+
+- If using Helm to manage the certificates based on the parameters, copy these values into the `certificate` and `key` values for a given `*.ingress.secrets` entry.
+- If managing TLS secrets separately, it is necessary to create a TLS secret with name `INGRESS_HOSTNAME-tls` (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the `*.ingress.hostname` parameter).
+- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, add to `*.ingress.annotations` the [corresponding ones](https://cert-manager.io/docs/usage/ingress/#supported-annotations) for cert-manager.
+- If using self-signed certificates created by Helm, set both `*.ingress.tls` and `*.ingress.selfSigned` to `true`.
+
+### Securing traffic using TLS
+
+Keycloak can work with TLS interally by setting `tls.enabled=true`. The chart allows two configuration options:
+
+- Provide your own secret using the `tls.existingSecret` value. Also set the correct name of the truststore and keystore using the `tls.truststoreFilename` and `tls.keystoreFilename` values.
+- Have the chart auto-generate the certificates using `tls.autoGenerated=true`.
+
+### Use with ingress offloading SSL
+
+If your ingress controller has the SSL Termination, you should set `proxy` to `edge`.
+
+### Manage secrets and passwords
+
+This chart provides several ways to manage passwords:
+
+- Values passed to the chart: In this scenario, a new secret including all the passwords will be created during the chart installation. When upgrading, it is necessary to provide the secrets to the chart as shown below. Replace the KC_BOOTSTRAP_ADMIN_PASSWORD, POSTGRESQL_PASSWORD and POSTGRESQL_PVC placeholders with the correct passwords and PVC name.
+
+```console
+helm upgrade keycloak bitnami/keycloak \
+  --set auth.adminPassword=KC_BOOTSTRAP_ADMIN_PASSWORD \
+  --set postgresql.postgresqlPassword=POSTGRESQL_PASSWORD \
+  --set postgresql.persistence.existingClaim=POSTGRESQL_PVC
+```
+
+- An existing secret with all the passwords via the `existingSecret` parameter.
+
+### Backup and restore
+
+To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using [Velero](https://velero.io/), a Kubernetes backup/restore tool. Find the instructions for using Velero in [this guide](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-backup-restore-deployments-velero-index.html).
+
+### Add extra environment variables
+
+In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property.
+
+```yaml
+extraEnvVars:
+  - name: KEYCLOAK_LOG_LEVEL
+    value: DEBUG
+```
+
+Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values.
+
+### Use Sidecars and Init Containers
+
+If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter.
+
+```yaml
+sidecars:
+- name: your-image-name
+  image: your-image
+  imagePullPolicy: Always
+  ports:
+  - name: portname
+    containerPort: 1234
+```
+
+If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below:
+
+```yaml
+service:
+  extraPorts:
+  - name: extraPort
+    port: 11311
+    targetPort: 11311
+```
+
+> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers.
+
+If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example:
+
+```yaml
+initContainers:
+  - name: your-image-name
+    image: your-image
+    imagePullPolicy: Always
+    ports:
+      - name: portname
+        containerPort: 1234
+```
+
+Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+
+### Initialize a fresh instance
+
+The [Bitnami Keycloak](https://github.com/bitnami/containers/tree/main/bitnami/keycloak) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, you can specify custom scripts using the `initdbScripts` parameter as dict.
+
+In addition to this option, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option.
+
+The allowed extensions is `.sh`.
+
+### Deploy extra resources
+
+There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter.
+
+### Set Pod affinity
+
+This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
+
+As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
+
+## Parameters
+
+### Global parameters
+
+| Name                                                  | Description                                                                                                                                                                                                                                                                                                                                                         | Value   |
+| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `global.imageRegistry`                                | Global Docker image registry                                                                                                                                                                                                                                                                                                                                        | `""`    |
+| `global.imagePullSecrets`                             | Global Docker registry secret names as an array                                                                                                                                                                                                                                                                                                                     | `[]`    |
+| `global.defaultStorageClass`                          | Global default StorageClass for Persistent Volume(s)                                                                                                                                                                                                                                                                                                                | `""`    |
+| `global.storageClass`                                 | DEPRECATED: use global.defaultStorageClass instead                                                                                                                                                                                                                                                                                                                  | `""`    |
+| `global.security.allowInsecureImages`                 | Allows skipping image verification                                                                                                                                                                                                                                                                                                                                  | `false` |
+| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto`  |
+
+### Common parameters
+
+| Name                     | Description                                                                             | Value           |
+| ------------------------ | --------------------------------------------------------------------------------------- | --------------- |
+| `kubeVersion`            | Force target Kubernetes version (using Helm capabilities if not set)                    | `""`            |
+| `nameOverride`           | String to partially override common.names.fullname                                      | `""`            |
+| `fullnameOverride`       | String to fully override common.names.fullname                                          | `""`            |
+| `namespaceOverride`      | String to fully override common.names.namespace                                         | `""`            |
+| `commonLabels`           | Labels to add to all deployed objects                                                   | `{}`            |
+| `enableServiceLinks`     | If set to false, disable Kubernetes service links in the pod spec                       | `true`          |
+| `commonAnnotations`      | Annotations to add to all deployed objects                                              | `{}`            |
+| `dnsPolicy`              | DNS Policy for pod                                                                      | `""`            |
+| `dnsConfig`              | DNS Configuration pod                                                                   | `{}`            |
+| `clusterDomain`          | Default Kubernetes cluster domain                                                       | `cluster.local` |
+| `extraDeploy`            | Array of extra objects to deploy with the release                                       | `[]`            |
+| `usePasswordFiles`       | Mount credentials as files instead of using environment variables                       | `true`          |
+| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false`         |
+| `diagnosticMode.command` | Command to override all containers in the the statefulset                               | `["sleep"]`     |
+| `diagnosticMode.args`    | Args to override all containers in the the statefulset                                  | `["infinity"]`  |
+
+### Keycloak parameters
+
+| Name                             | Description                                                                                                                                            | Value                         |
+| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------- |
+| `image.registry`                 | Keycloak image registry                                                                                                                                | `REGISTRY_NAME`               |
+| `image.repository`               | Keycloak image repository                                                                                                                              | `REPOSITORY_NAME/keycloak`    |
+| `image.digest`                   | Keycloak image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                               | `""`                          |
+| `image.pullPolicy`               | Keycloak image pull policy                                                                                                                             | `IfNotPresent`                |
+| `image.pullSecrets`              | Specify docker-registry secret names as an array                                                                                                       | `[]`                          |
+| `image.debug`                    | Specify if debug logs should be enabled                                                                                                                | `false`                       |
+| `auth.adminUser`                 | Keycloak administrator user                                                                                                                            | `user`                        |
+| `auth.adminPassword`             | Keycloak administrator password for the new user                                                                                                       | `""`                          |
+| `auth.existingSecret`            | Existing secret containing Keycloak admin password                                                                                                     | `""`                          |
+| `auth.passwordSecretKey`         | Key where the Keycloak admin password is being stored inside the existing secret.                                                                      | `""`                          |
+| `auth.annotations`               | Additional custom annotations for Keycloak auth secret object                                                                                          | `{}`                          |
+| `customCaExistingSecret`         | Name of the secret containing the Keycloak custom CA certificates. The secret will be mounted as a directory and configured using KC_TRUSTSTORE_PATHS. | `""`                          |
+| `tls.enabled`                    | Enable TLS encryption. Required for HTTPs traffic.                                                                                                     | `false`                       |
+| `tls.autoGenerated`              | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates                                                          | `false`                       |
+| `tls.existingSecret`             | Existing secret containing the TLS certificates per Keycloak replica                                                                                   | `""`                          |
+| `tls.usePem`                     | Use PEM certificates as input instead of PKS12/JKS stores                                                                                              | `false`                       |
+| `tls.truststoreFilename`         | Truststore filename inside the existing secret                                                                                                         | `keycloak.truststore.jks`     |
+| `tls.keystoreFilename`           | Keystore filename inside the existing secret                                                                                                           | `keycloak.keystore.jks`       |
+| `tls.keystorePassword`           | Password to access the keystore when it's password-protected                                                                                           | `""`                          |
+| `tls.truststorePassword`         | Password to access the truststore when it's password-protected                                                                                         | `""`                          |
+| `tls.passwordsSecret`            | Secret containing the Keystore and Truststore passwords.                                                                                               | `""`                          |
+| `spi.existingSecret`             | Existing secret containing the Keycloak truststore for SPI connection over HTTPS/TLS                                                                   | `""`                          |
+| `spi.truststorePassword`         | Password to access the truststore when it's password-protected                                                                                         | `""`                          |
+| `spi.truststoreFilename`         | Truststore filename inside the existing secret                                                                                                         | `keycloak-spi.truststore.jks` |
+| `spi.passwordsSecret`            | Secret containing the SPI Truststore passwords.                                                                                                        | `""`                          |
+| `spi.hostnameVerificationPolicy` | Verify the hostname of the server's certificate. Allowed values: "ANY", "WILDCARD", "STRICT".                                                          | `""`                          |
+| `adminRealm`                     | Name of the admin realm                                                                                                                                | `master`                      |
+| `production`                     | Run Keycloak in production mode. TLS configuration is required except when using proxy=edge.                                                           | `false`                       |
+| `proxyHeaders`                   | Set Keycloak proxy headers                                                                                                                             | `""`                          |
+| `proxy`                          | reverse Proxy mode edge, reencrypt, passthrough or none                                                                                                | `""`                          |
+| `httpRelativePath`               | Set the path relative to '/' for serving resources. Useful if you are migrating from older version which were using '/auth/'                           | `/`                           |
+| `configuration`                  | Keycloak Configuration. Auto-generated based on other parameters when not specified                                                                    | `""`                          |
+| `existingConfigmap`              | Name of existing ConfigMap with Keycloak configuration                                                                                                 | `""`                          |
+| `extraStartupArgs`               | Extra default startup args                                                                                                                             | `""`                          |
+| `enableDefaultInitContainers`    | Deploy default init containers                                                                                                                         | `true`                        |
+| `initdbScripts`                  | Dictionary of initdb scripts                                                                                                                           | `{}`                          |
+| `initdbScriptsConfigMap`         | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`)                                                                                    | `""`                          |
+| `command`                        | Override default container command (useful when using custom images)                                                                                   | `[]`                          |
+| `args`                           | Override default container args (useful when using custom images)                                                                                      | `[]`                          |
+| `extraEnvVars`                   | Extra environment variables to be set on Keycloak container                                                                                            | `[]`                          |
+| `extraEnvVarsCM`                 | Name of existing ConfigMap containing extra env vars                                                                                                   | `""`                          |
+| `extraEnvVarsSecret`             | Name of existing Secret containing extra env vars                                                                                                      | `""`                          |
+
+### Keycloak statefulset parameters
+
+| Name                                                | Description                                                                                                                                                                                                       | Value            |
+| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `replicaCount`                                      | Number of Keycloak replicas to deploy                                                                                                                                                                             | `1`              |
+| `revisionHistoryLimitCount`                         | Number of controller revisions to keep                                                                                                                                                                            | `10`             |
+| `containerPorts.http`                               | Keycloak HTTP container port                                                                                                                                                                                      | `8080`           |
+| `containerPorts.https`                              | Keycloak HTTPS container port                                                                                                                                                                                     | `8443`           |
+| `containerPorts.metrics`                            | Keycloak metrics container port                                                                                                                                                                                   | `9000`           |
+| `extraContainerPorts`                               | Optionally specify extra list of additional port-mappings for Keycloak container                                                                                                                                  | `[]`             |
+| `statefulsetAnnotations`                            | Optionally add extra annotations on the statefulset resource                                                                                                                                                      | `{}`             |
+| `podSecurityContext.enabled`                        | Enabled Keycloak pods' Security Context                                                                                                                                                                           | `true`           |
+| `podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                                                                                                                | `Always`         |
+| `podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface                                                                                                                                                                    | `[]`             |
+| `podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                                                                                                                       | `[]`             |
+| `podSecurityContext.fsGroup`                        | Set Keycloak pod's Security Context fsGroup                                                                                                                                                                       | `1001`           |
+| `containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                                                                                                                              | `true`           |
+| `containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                  | `{}`             |
+| `containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                                                                                                                                        | `1001`           |
+| `containerSecurityContext.runAsGroup`               | Set containers' Security Context runAsGroup                                                                                                                                                                       | `1001`           |
+| `containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                                                                                                                                     | `true`           |
+| `containerSecurityContext.privileged`               | Set container's Security Context privileged                                                                                                                                                                       | `false`          |
+| `containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context readOnlyRootFilesystem                                                                                                                                                           | `true`           |
+| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation                                                                                                                                                         | `false`          |
+| `containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                                                                                                                | `["ALL"]`        |
+| `containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                                                                                                                  | `RuntimeDefault` |
+| `resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small`          |
+| `resources`                                         | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                 | `{}`             |
+| `livenessProbe.enabled`                             | Enable livenessProbe on Keycloak containers                                                                                                                                                                       | `true`           |
+| `livenessProbe.initialDelaySeconds`                 | Initial delay seconds for livenessProbe                                                                                                                                                                           | `300`            |
+| `livenessProbe.periodSeconds`                       | Period seconds for livenessProbe                                                                                                                                                                                  | `1`              |
+| `livenessProbe.timeoutSeconds`                      | Timeout seconds for livenessProbe                                                                                                                                                                                 | `5`              |
+| `livenessProbe.failureThreshold`                    | Failure threshold for livenessProbe                                                                                                                                                                               | `3`              |
+| `livenessProbe.successThreshold`                    | Success threshold for livenessProbe                                                                                                                                                                               | `1`              |
+| `readinessProbe.enabled`                            | Enable readinessProbe on Keycloak containers                                                                                                                                                                      | `true`           |
+| `readinessProbe.initialDelaySeconds`                | Initial delay seconds for readinessProbe                                                                                                                                                                          | `30`             |
+| `readinessProbe.periodSeconds`                      | Period seconds for readinessProbe                                                                                                                                                                                 | `10`             |
+| `readinessProbe.timeoutSeconds`                     | Timeout seconds for readinessProbe                                                                                                                                                                                | `1`              |
+| `readinessProbe.failureThreshold`                   | Failure threshold for readinessProbe                                                                                                                                                                              | `3`              |
+| `readinessProbe.successThreshold`                   | Success threshold for readinessProbe                                                                                                                                                                              | `1`              |
+| `startupProbe.enabled`                              | Enable startupProbe on Keycloak containers                                                                                                                                                                        | `false`          |
+| `startupProbe.initialDelaySeconds`                  | Initial delay seconds for startupProbe                                                                                                                                                                            | `30`             |
+| `startupProbe.periodSeconds`                        | Period seconds for startupProbe                                                                                                                                                                                   | `5`              |
+| `startupProbe.timeoutSeconds`                       | Timeout seconds for startupProbe                                                                                                                                                                                  | `1`              |
+| `startupProbe.failureThreshold`                     | Failure threshold for startupProbe                                                                                                                                                                                | `60`             |
+| `startupProbe.successThreshold`                     | Success threshold for startupProbe                                                                                                                                                                                | `1`              |
+| `customLivenessProbe`                               | Custom Liveness probes for Keycloak                                                                                                                                                                               | `{}`             |
+| `customReadinessProbe`                              | Custom Rediness probes Keycloak                                                                                                                                                                                   | `{}`             |
+| `customStartupProbe`                                | Custom Startup probes for Keycloak                                                                                                                                                                                | `{}`             |
+| `lifecycleHooks`                                    | LifecycleHooks to set additional configuration at startup                                                                                                                                                         | `{}`             |
+| `automountServiceAccountToken`                      | Mount Service Account token in pod                                                                                                                                                                                | `true`           |
+| `hostAliases`                                       | Deployment pod host aliases                                                                                                                                                                                       | `[]`             |
+| `podLabels`                                         | Extra labels for Keycloak pods                                                                                                                                                                                    | `{}`             |
+| `podAnnotations`                                    | Annotations for Keycloak pods                                                                                                                                                                                     | `{}`             |
+| `podAffinityPreset`                                 | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`                                                                                                                               | `""`             |
+| `podAntiAffinityPreset`                             | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`                                                                                                                          | `soft`           |
+| `nodeAffinityPreset.type`                           | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`                                                                                                                         | `""`             |
+| `nodeAffinityPreset.key`                            | Node label key to match. Ignored if `affinity` is set.                                                                                                                                                            | `""`             |
+| `nodeAffinityPreset.values`                         | Node label values to match. Ignored if `affinity` is set.                                                                                                                                                         | `[]`             |
+| `affinity`                                          | Affinity for pod assignment                                                                                                                                                                                       | `{}`             |
+| `nodeSelector`                                      | Node labels for pod assignment                                                                                                                                                                                    | `{}`             |
+| `tolerations`                                       | Tolerations for pod assignment                                                                                                                                                                                    | `[]`             |
+| `topologySpreadConstraints`                         | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template                                                                                          | `[]`             |
+| `podManagementPolicy`                               | Pod management policy for the Keycloak statefulset                                                                                                                                                                | `Parallel`       |
+| `priorityClassName`                                 | Keycloak pods' Priority Class Name                                                                                                                                                                                | `""`             |
+| `schedulerName`                                     | Use an alternate scheduler, e.g. "stork".                                                                                                                                                                         | `""`             |
+| `terminationGracePeriodSeconds`                     | Seconds Keycloak pod needs to terminate gracefully                                                                                                                                                                | `""`             |
+| `updateStrategy.type`                               | Keycloak statefulset strategy type                                                                                                                                                                                | `RollingUpdate`  |
+| `updateStrategy.rollingUpdate`                      | Keycloak statefulset rolling update configuration parameters                                                                                                                                                      | `{}`             |
+| `minReadySeconds`                                   | How many seconds a pod needs to be ready before killing the next, during update                                                                                                                                   | `0`              |
+| `extraVolumes`                                      | Optionally specify extra list of additional volumes for Keycloak pods                                                                                                                                             | `[]`             |
+| `extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for Keycloak container(s)                                                                                                                                | `[]`             |
+| `initContainers`                                    | Add additional init containers to the Keycloak pods                                                                                                                                                               | `[]`             |
+| `sidecars`                                          | Add additional sidecar containers to the Keycloak pods                                                                                                                                                            | `[]`             |
+
+### Exposure parameters
+
+| Name                                    | Description                                                                                                                      | Value                    |
+| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
+| `service.type`                          | Kubernetes service type                                                                                                          | `ClusterIP`              |
+| `service.http.enabled`                  | Enable http port on service                                                                                                      | `true`                   |
+| `service.ports.http`                    | Keycloak service HTTP port                                                                                                       | `80`                     |
+| `service.ports.https`                   | Keycloak service HTTPS port                                                                                                      | `443`                    |
+| `service.nodePorts`                     | Specify the nodePort values for the LoadBalancer and NodePort service types.                                                     | `{}`                     |
+| `service.sessionAffinity`               | Control where client requests go, to the same pod or round-robin                                                                 | `None`                   |
+| `service.sessionAffinityConfig`         | Additional settings for the sessionAffinity                                                                                      | `{}`                     |
+| `service.clusterIP`                     | Keycloak service clusterIP IP                                                                                                    | `""`                     |
+| `service.loadBalancerIP`                | loadBalancerIP for the SuiteCRM Service (optional, cloud specific)                                                               | `""`                     |
+| `service.loadBalancerSourceRanges`      | Address that are allowed when service is LoadBalancer                                                                            | `[]`                     |
+| `service.externalTrafficPolicy`         | Enable client source IP preservation                                                                                             | `Cluster`                |
+| `service.annotations`                   | Additional custom annotations for Keycloak service                                                                               | `{}`                     |
+| `service.extraPorts`                    | Extra port to expose on Keycloak service                                                                                         | `[]`                     |
+| `service.extraHeadlessPorts`            | Extra ports to expose on Keycloak headless service                                                                               | `[]`                     |
+| `service.headless.annotations`          | Annotations for the headless service.                                                                                            | `{}`                     |
+| `service.headless.extraPorts`           | Extra ports to expose on Keycloak headless service                                                                               | `[]`                     |
+| `ingress.enabled`                       | Enable ingress record generation for Keycloak                                                                                    | `false`                  |
+| `ingress.ingressClassName`              | IngressClass that will be be used to implement the Ingress (evaluated as template) (Kubernetes 1.18+)                            | `""`                     |
+| `ingress.pathType`                      | Ingress path type                                                                                                                | `ImplementationSpecific` |
+| `ingress.apiVersion`                    | Force Ingress API version (automatically detected if not set)                                                                    | `""`                     |
+| `ingress.controller`                    | The ingress controller type. Currently supports `default` and `gce`                                                              | `default`                |
+| `ingress.hostname`                      | Default host for the ingress record (evaluated as template)                                                                      | `keycloak.local`         |
+| `ingress.hostnameStrict`                | Disables dynamically resolving the hostname from request headers.                                                                | `false`                  |
+| `ingress.path`                          | Default path for the ingress record (evaluated as template)                                                                      | `""`                     |
+| `ingress.servicePort`                   | Backend service port to use                                                                                                      | `http`                   |
+| `ingress.annotations`                   | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `ingress.labels`                        | Additional labels for the Ingress resource.                                                                                      | `{}`                     |
+| `ingress.tls`                           | Enable TLS configuration for the host defined at `ingress.hostname` parameter                                                    | `false`                  |
+| `ingress.selfSigned`                    | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
+| `ingress.extraHosts`                    | An array with additional hostname(s) to be covered with the ingress record                                                       | `[]`                     |
+| `ingress.extraPaths`                    | Any additional arbitrary paths that may need to be added to the ingress under the main host.                                     | `[]`                     |
+| `ingress.extraTls`                      | The tls configuration for additional hostnames to be covered with this ingress record.                                           | `[]`                     |
+| `ingress.secrets`                       | If you're providing your own certificates, please use this to add the certificates as secrets                                    | `[]`                     |
+| `ingress.extraRules`                    | Additional rules to be covered with this ingress record                                                                          | `[]`                     |
+| `adminIngress.enabled`                  | Enable admin ingress record generation for Keycloak                                                                              | `false`                  |
+| `adminIngress.ingressClassName`         | IngressClass that will be be used to implement the Ingress (evaluated as template) (Kubernetes 1.18+)                            | `""`                     |
+| `adminIngress.pathType`                 | Ingress path type                                                                                                                | `ImplementationSpecific` |
+| `adminIngress.apiVersion`               | Force Ingress API version (automatically detected if not set)                                                                    | `""`                     |
+| `adminIngress.controller`               | The ingress controller type. Currently supports `default` and `gce`                                                              | `default`                |
+| `adminIngress.hostname`                 | Default host for the admin ingress record (evaluated as template)                                                                | `keycloak.local`         |
+| `adminIngress.path`                     | Default path for the admin ingress record (evaluated as template)                                                                | `""`                     |
+| `adminIngress.servicePort`              | Backend service port to use                                                                                                      | `http`                   |
+| `adminIngress.annotations`              | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `adminIngress.labels`                   | Additional labels for the Ingress resource.                                                                                      | `{}`                     |
+| `adminIngress.tls`                      | Enable TLS configuration for the host defined at `adminIngress.hostname` parameter                                               | `false`                  |
+| `adminIngress.selfSigned`               | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
+| `adminIngress.extraHosts`               | An array with additional hostname(s) to be covered with the admin ingress record                                                 | `[]`                     |
+| `adminIngress.extraPaths`               | Any additional arbitrary paths that may need to be added to the admin ingress under the main host.                               | `[]`                     |
+| `adminIngress.extraTls`                 | The tls configuration for additional hostnames to be covered with this ingress record.                                           | `[]`                     |
+| `adminIngress.secrets`                  | If you're providing your own certificates, please use this to add the certificates as secrets                                    | `[]`                     |
+| `adminIngress.extraRules`               | Additional rules to be covered with this ingress record                                                                          | `[]`                     |
+| `networkPolicy.enabled`                 | Specifies whether a NetworkPolicy should be created                                                                              | `true`                   |
+| `networkPolicy.allowExternal`           | Don't require server label for connections                                                                                       | `true`                   |
+| `networkPolicy.allowExternalEgress`     | Allow the pod to access any range of port and all destinations.                                                                  | `true`                   |
+| `networkPolicy.kubeAPIServerPorts`      | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)                               | `[]`                     |
+| `networkPolicy.extraIngress`            | Add extra ingress rules to the NetworkPolicy                                                                                     | `[]`                     |
+| `networkPolicy.extraEgress`             | Add extra ingress rules to the NetworkPolicy                                                                                     | `[]`                     |
+| `networkPolicy.ingressNSMatchLabels`    | Labels to match to allow traffic from other namespaces                                                                           | `{}`                     |
+| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces                                                                       | `{}`                     |
+
+### RBAC parameter
+
+| Name                                          | Description                                               | Value   |
+| --------------------------------------------- | --------------------------------------------------------- | ------- |
+| `serviceAccount.create`                       | Enable the creation of a ServiceAccount for Keycloak pods | `true`  |
+| `serviceAccount.name`                         | Name of the created ServiceAccount                        | `""`    |
+| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod           | `false` |
+| `serviceAccount.annotations`                  | Additional custom annotations for the ServiceAccount      | `{}`    |
+| `serviceAccount.extraLabels`                  | Additional labels for the ServiceAccount                  | `{}`    |
+| `rbac.create`                                 | Whether to create and use RBAC resources or not           | `false` |
+| `rbac.rules`                                  | Custom RBAC rules                                         | `[]`    |
+
+### Other parameters
+
+| Name                                                        | Description                                                                                  | Value   |
+| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------- | ------- |
+| `pdb.create`                                                | Enable/disable a Pod Disruption Budget creation                                              | `true`  |
+| `pdb.minAvailable`                                          | Minimum number/percentage of pods that should remain scheduled                               | `""`    |
+| `pdb.maxUnavailable`                                        | Maximum number/percentage of pods that may be made unavailable                               | `""`    |
+| `autoscaling.enabled`                                       | Enable autoscaling for Keycloak                                                              | `false` |
+| `autoscaling.minReplicas`                                   | Minimum number of Keycloak replicas                                                          | `1`     |
+| `autoscaling.maxReplicas`                                   | Maximum number of Keycloak replicas                                                          | `11`    |
+| `autoscaling.targetCPU`                                     | Target CPU utilization percentage                                                            | `""`    |
+| `autoscaling.targetMemory`                                  | Target Memory utilization percentage                                                         | `""`    |
+| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds`   | The number of seconds for which past recommendations should be considered while scaling up   | `120`   |
+| `autoscaling.behavior.scaleUp.selectPolicy`                 | The priority of policies that the autoscaler will apply when scaling up                      | `Max`   |
+| `autoscaling.behavior.scaleUp.policies`                     | HPA scaling policies when scaling up                                                         | `[]`    |
+| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | The number of seconds for which past recommendations should be considered while scaling down | `300`   |
+| `autoscaling.behavior.scaleDown.selectPolicy`               | The priority of policies that the autoscaler will apply when scaling down                    | `Max`   |
+| `autoscaling.behavior.scaleDown.policies`                   | HPA scaling policies when scaling down                                                       | `[]`    |
+
+### Metrics parameters
+
+| Name                                       | Description                                                                                                                                        | Value     |
+| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------- | --------- |
+| `metrics.enabled`                          | Enable exposing Keycloak statistics                                                                                                                | `false`   |
+| `metrics.service.ports.http`               | Metrics service HTTP port                                                                                                                          | `8080`    |
+| `metrics.service.ports.https`              | Metrics service HTTPS port                                                                                                                         | `8443`    |
+| `metrics.service.ports.metrics`            | Metrics service Metrics port                                                                                                                       | `9000`    |
+| `metrics.service.annotations`              | Annotations for enabling prometheus to access the metrics endpoints                                                                                | `{}`      |
+| `metrics.service.extraPorts`               | Add additional ports to the keycloak metrics service (i.e. admin port 9000)                                                                        | `[]`      |
+| `metrics.serviceMonitor.enabled`           | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator                                                                       | `false`   |
+| `metrics.serviceMonitor.port`              | Metrics service HTTP port                                                                                                                          | `metrics` |
+| `metrics.serviceMonitor.scheme`            | Metrics service scheme                                                                                                                             | `http`    |
+| `metrics.serviceMonitor.tlsConfig`         | Metrics service TLS configuration                                                                                                                  | `{}`      |
+| `metrics.serviceMonitor.endpoints`         | The endpoint configuration of the ServiceMonitor. Path is mandatory. Port, scheme, tlsConfig, interval, timeout and labellings can be overwritten. | `[]`      |
+| `metrics.serviceMonitor.path`              | Metrics service HTTP path. Deprecated: Use @param metrics.serviceMonitor.endpoints instead                                                         | `""`      |
+| `metrics.serviceMonitor.namespace`         | Namespace which Prometheus is running in                                                                                                           | `""`      |
+| `metrics.serviceMonitor.interval`          | Interval at which metrics should be scraped                                                                                                        | `30s`     |
+| `metrics.serviceMonitor.scrapeTimeout`     | Specify the timeout after which the scrape is ended                                                                                                | `""`      |
+| `metrics.serviceMonitor.labels`            | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus                                                              | `{}`      |
+| `metrics.serviceMonitor.selector`          | Prometheus instance selector labels                                                                                                                | `{}`      |
+| `metrics.serviceMonitor.relabelings`       | RelabelConfigs to apply to samples before scraping                                                                                                 | `[]`      |
+| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion                                                                                          | `[]`      |
+| `metrics.serviceMonitor.honorLabels`       | honorLabels chooses the metric's labels on collisions with target labels                                                                           | `false`   |
+| `metrics.serviceMonitor.jobLabel`          | The name of the label on the target service to use as the job name in prometheus.                                                                  | `""`      |
+| `metrics.prometheusRule.enabled`           | Create PrometheusRule Resource for scraping metrics using PrometheusOperator                                                                       | `false`   |
+| `metrics.prometheusRule.namespace`         | Namespace which Prometheus is running in                                                                                                           | `""`      |
+| `metrics.prometheusRule.labels`            | Additional labels that can be used so PrometheusRule will be discovered by Prometheus                                                              | `{}`      |
+| `metrics.prometheusRule.groups`            | Groups, containing the alert rules.                                                                                                                | `[]`      |
+
+### keycloak-config-cli parameters
+
+| Name                                                                  | Description                                                                                                                                                                                                                                           | Value                                 |
+| --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- |
+| `keycloakConfigCli.enabled`                                           | Whether to enable keycloak-config-cli job                                                                                                                                                                                                             | `false`                               |
+| `keycloakConfigCli.image.registry`                                    | keycloak-config-cli container image registry                                                                                                                                                                                                          | `REGISTRY_NAME`                       |
+| `keycloakConfigCli.image.repository`                                  | keycloak-config-cli container image repository                                                                                                                                                                                                        | `REPOSITORY_NAME/keycloak-config-cli` |
+| `keycloakConfigCli.image.digest`                                      | keycloak-config-cli container image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                                                                                                         | `""`                                  |
+| `keycloakConfigCli.image.pullPolicy`                                  | keycloak-config-cli container image pull policy                                                                                                                                                                                                       | `IfNotPresent`                        |
+| `keycloakConfigCli.image.pullSecrets`                                 | keycloak-config-cli container image pull secrets                                                                                                                                                                                                      | `[]`                                  |
+| `keycloakConfigCli.annotations`                                       | Annotations for keycloak-config-cli job                                                                                                                                                                                                               | `{}`                                  |
+| `keycloakConfigCli.command`                                           | Command for running the container (set to default if not set). Use array form                                                                                                                                                                         | `[]`                                  |
+| `keycloakConfigCli.args`                                              | Args for running the container (set to default if not set). Use array form                                                                                                                                                                            | `[]`                                  |
+| `keycloakConfigCli.automountServiceAccountToken`                      | Mount Service Account token in pod                                                                                                                                                                                                                    | `true`                                |
+| `keycloakConfigCli.hostAliases`                                       | Job pod host aliases                                                                                                                                                                                                                                  | `[]`                                  |
+| `keycloakConfigCli.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if keycloakConfigCli.resources is set (keycloakConfigCli.resources is recommended for production). | `small`                               |
+| `keycloakConfigCli.resources`                                         | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                                                     | `{}`                                  |
+| `keycloakConfigCli.containerSecurityContext.enabled`                  | Enabled keycloak-config-cli Security Context                                                                                                                                                                                                          | `true`                                |
+| `keycloakConfigCli.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                                                      | `{}`                                  |
+| `keycloakConfigCli.containerSecurityContext.runAsUser`                | Set keycloak-config-cli Security Context runAsUser                                                                                                                                                                                                    | `1001`                                |
+| `keycloakConfigCli.containerSecurityContext.runAsGroup`               | Set keycloak-config-cli Security Context runAsGroup                                                                                                                                                                                                   | `1001`                                |
+| `keycloakConfigCli.containerSecurityContext.runAsNonRoot`             | Set keycloak-config-cli Security Context runAsNonRoot                                                                                                                                                                                                 | `true`                                |
+| `keycloakConfigCli.containerSecurityContext.privileged`               | Set keycloak-config-cli Security Context privileged                                                                                                                                                                                                   | `false`                               |
+| `keycloakConfigCli.containerSecurityContext.readOnlyRootFilesystem`   | Set keycloak-config-cli Security Context readOnlyRootFilesystem                                                                                                                                                                                       | `true`                                |
+| `keycloakConfigCli.containerSecurityContext.allowPrivilegeEscalation` | Set keycloak-config-cli Security Context allowPrivilegeEscalation                                                                                                                                                                                     | `false`                               |
+| `keycloakConfigCli.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                                                                                                                                                    | `["ALL"]`                             |
+| `keycloakConfigCli.containerSecurityContext.seccompProfile.type`      | Set keycloak-config-cli Security Context seccomp profile                                                                                                                                                                                              | `RuntimeDefault`                      |
+| `keycloakConfigCli.podSecurityContext.enabled`                        | Enabled keycloak-config-cli pods' Security Context                                                                                                                                                                                                    | `true`                                |
+| `keycloakConfigCli.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                                                                                                                                                    | `Always`                              |
+| `keycloakConfigCli.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface                                                                                                                                                                                                        | `[]`                                  |
+| `keycloakConfigCli.podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                                                                                                                                                           | `[]`                                  |
+| `keycloakConfigCli.podSecurityContext.fsGroup`                        | Set keycloak-config-cli pod's Security Context fsGroup                                                                                                                                                                                                | `1001`                                |
+| `keycloakConfigCli.backoffLimit`                                      | Number of retries before considering a Job as failed                                                                                                                                                                                                  | `1`                                   |
+| `keycloakConfigCli.podLabels`                                         | Pod extra labels                                                                                                                                                                                                                                      | `{}`                                  |
+| `keycloakConfigCli.podAnnotations`                                    | Annotations for job pod                                                                                                                                                                                                                               | `{}`                                  |
+| `keycloakConfigCli.nodeSelector`                                      | Node labels for pod assignment                                                                                                                                                                                                                        | `{}`                                  |
+| `keycloakConfigCli.podTolerations`                                    | Tolerations for job pod assignment                                                                                                                                                                                                                    | `[]`                                  |
+| `keycloakConfigCli.availabilityCheck.enabled`                         | Whether to wait until Keycloak is available                                                                                                                                                                                                           | `true`                                |
+| `keycloakConfigCli.availabilityCheck.timeout`                         | Timeout for the availability check (Default is 120s)                                                                                                                                                                                                  | `""`                                  |
+| `keycloakConfigCli.extraEnvVars`                                      | Additional environment variables to set                                                                                                                                                                                                               | `[]`                                  |
+| `keycloakConfigCli.extraEnvVarsCM`                                    | ConfigMap with extra environment variables                                                                                                                                                                                                            | `""`                                  |
+| `keycloakConfigCli.extraEnvVarsSecret`                                | Secret with extra environment variables                                                                                                                                                                                                               | `""`                                  |
+| `keycloakConfigCli.extraVolumes`                                      | Extra volumes to add to the job                                                                                                                                                                                                                       | `[]`                                  |
+| `keycloakConfigCli.extraVolumeMounts`                                 | Extra volume mounts to add to the container                                                                                                                                                                                                           | `[]`                                  |
+| `keycloakConfigCli.initContainers`                                    | Add additional init containers to the Keycloak config cli pod                                                                                                                                                                                         | `[]`                                  |
+| `keycloakConfigCli.sidecars`                                          | Add additional sidecar containers to the Keycloak config cli pod                                                                                                                                                                                      | `[]`                                  |
+| `keycloakConfigCli.configuration`                                     | keycloak-config-cli realms configuration                                                                                                                                                                                                              | `{}`                                  |
+| `keycloakConfigCli.existingConfigmap`                                 | ConfigMap with keycloak-config-cli configuration                                                                                                                                                                                                      | `""`                                  |
+| `keycloakConfigCli.cleanupAfterFinished.enabled`                      | Enables Cleanup for Finished Jobs                                                                                                                                                                                                                     | `false`                               |
+| `keycloakConfigCli.cleanupAfterFinished.seconds`                      | Sets the value of ttlSecondsAfterFinished                                                                                                                                                                                                             | `600`                                 |
+
+### Database parameters
+
+| Name                                         | Description                                                                                                       | Value              |
+| -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------ |
+| `postgresql.enabled`                         | Switch to enable or disable the PostgreSQL helm chart                                                             | `true`             |
+| `postgresql.auth.postgresPassword`           | Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided | `""`               |
+| `postgresql.auth.username`                   | Name for a custom user to create                                                                                  | `bn_keycloak`      |
+| `postgresql.auth.password`                   | Password for the custom user to create                                                                            | `""`               |
+| `postgresql.auth.database`                   | Name for a custom database to create                                                                              | `bitnami_keycloak` |
+| `postgresql.auth.existingSecret`             | Name of existing secret to use for PostgreSQL credentials                                                         | `""`               |
+| `postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.    | `password`         |
+| `postgresql.architecture`                    | PostgreSQL architecture (`standalone` or `replication`)                                                           | `standalone`       |
+| `externalDatabase.host`                      | Database host                                                                                                     | `""`               |
+| `externalDatabase.port`                      | Database port number                                                                                              | `5432`             |
+| `externalDatabase.user`                      | Non-root username for Keycloak                                                                                    | `bn_keycloak`      |
+| `externalDatabase.password`                  | Password for the non-root username for Keycloak                                                                   | `""`               |
+| `externalDatabase.database`                  | Keycloak database name                                                                                            | `bitnami_keycloak` |
+| `externalDatabase.schema`                    | Keycloak database schema                                                                                          | `public`           |
+| `externalDatabase.existingSecret`            | Name of an existing secret resource containing the database credentials                                           | `""`               |
+| `externalDatabase.existingSecretHostKey`     | Name of an existing secret key containing the database host name                                                  | `""`               |
+| `externalDatabase.existingSecretPortKey`     | Name of an existing secret key containing the database port                                                       | `""`               |
+| `externalDatabase.existingSecretUserKey`     | Name of an existing secret key containing the database user                                                       | `""`               |
+| `externalDatabase.existingSecretDatabaseKey` | Name of an existing secret key containing the database name                                                       | `""`               |
+| `externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials                                                | `""`               |
+| `externalDatabase.annotations`               | Additional custom annotations for external database secret object                                                 | `{}`               |
+
+### Keycloak Cache parameters
+
+| Name                                     | Description                                                                                                                             | Value            |
+| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `cache.enabled`                          | Switch to enable or disable the keycloak distributed cache for kubernetes.                                                              | `true`           |
+| `cache.stack`                            | Set infinispan cache stack to use, sets KC_CACHE_STACK (<https://www.keycloak.org/server/all-config?q=cache-stack>)                     | `kubernetes`     |
+| `cache.configFile`                       | Set infinispan cache stack config filename sets KC_CACHE_CONFIG_FILE (<https://www.keycloak.org/server/all-config?q=cache-config-file>) | `cache-ispn.xml` |
+| `cache.useHeadlessServiceWithAppVersion` | Set to true to create the headless service used for ispn containing the app version                                                     | `false`          |
+
+### Keycloak Logging parameters
+
+| Name             | Description                                                                    | Value     |
+| ---------------- | ------------------------------------------------------------------------------ | --------- |
+| `logging.output` | Alternates between the default log output format or json format                | `default` |
+| `logging.level`  | Allowed values as documented: FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL, OFF | `INFO`    |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install my-release --set auth.adminPassword=secretpassword oci://REGISTRY_NAME/REPOSITORY_NAME/keycloak
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
+The above command sets the Keycloak administrator password to `secretpassword`.
+
+> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```console
+helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/keycloak
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/keycloak/values.yaml)
+
+Keycloak realms, users and clients can be created from the Keycloak administration panel.
+
+## Troubleshooting
+
+Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
+
+## Upgrading
+
+### To 24.3.0
+
+This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850).
+
+### To 24.1.0
+
+With this update the metrics service listening port is switched to 9000, the same as the keycloak management endpoint is using.
+This can be changed by setting `metrics.service.ports.http` to a different value, e.g. 8080 like before this change.
+
+### To 23.0.0
+
+This major updates the PostgreSQL subchart to its newest major, 16.0.0, which uses PostgreSQL 17.x.  Follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x.
+
+### To 21.0.0
+
+This major release updates the keycloak branch to its newest major, 24.x.x. Follow the [upstream documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-24-0-0) for upgrade instructions.
+
+### To 20.0.0
+
+This major bump changes the following security defaults:
+
+- `runAsGroup` is changed from `0` to `1001`
+- `readOnlyRootFilesystem` is set to `true`
+- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
+- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
+
+This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
+
+### To 19.0.0
+
+This major release bumps the PostgreSQL chart version to [14.x.x](https://github.com/bitnami/charts/pull/22750); no major issues are expected during the upgrade.
+
+### To 17.0.0
+
+This major updates the PostgreSQL subchart to its newest major, 13.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1300) you can find more information about the changes introduced in that version.
+
+### To 15.0.0
+
+This major updates the default serviceType from `LoadBalancer` to `ClusterIP` to avoid inadvertently exposing Keycloak directly to the internet without an Ingress.
+
+### To 12.0.0
+
+This major updates the PostgreSQL subchart to its newest major, 12.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1200) you can find more information about the changes introduced in that version.
+
+### To 10.0.0
+
+This major release updates Keycloak to its major version `19`. Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-19-0-0) for a complete list of changes and further information.
+
+### To 9.0.0
+
+This major release updates Keycloak to its major version `18`. Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-18-0-0) for a complete list of changes and further information.
+
+### To 8.0.0
+
+This major release updates Keycloak to its major version `17`. Among other features, this new version has deprecated WildFly in favor of Quarkus, which introduces breaking changes like:
+
+- Removal of `/auth` from the default context path.
+- Changes in the configuration and deployment of custom providers.
+- Significant changes in configuring Keycloak.
+
+Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-17-0-0) and [Migrating to Quarkus distribution document](https://www.keycloak.org/migration/migrating-to-quarkus) for a complete list of changes and further information.
+
+### To 7.0.0
+
+This major release updates the PostgreSQL subchart to its newest major *11.x.x*, which contain several changes in the supported values (check the [upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1100) to obtain more information).
+
+#### Upgrading Instructions
+
+To upgrade to *7.0.0* from *6.x*, it should be done reusing the PVC(s) used to hold the data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is *keycloak* and the release namespace *default*):
+
+1. Obtain the credentials and the names of the PVCs used to hold the data on your current release:
+
+```console
+export KEYCLOAK_PASSWORD=$(kubectl get secret --namespace default keycloak -o jsonpath="{.data.admin-password}" | base64 --decode)
+export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default keycloak-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
+export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=keycloak,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}")
+```
+
+1. Delete the PostgreSQL statefulset (notice the option *--cascade=false*) and secret:
+
+```console
+kubectl delete statefulsets.apps --cascade=false keycloak-postgresql
+kubectl delete secret keycloak-postgresql --namespace default
+```
+
+1. Upgrade your release using the same PostgreSQL version:
+
+```console
+CURRENT_PG_VERSION=$(kubectl exec keycloak-postgresql-0 -- bash -c 'echo $BITNAMI_IMAGE_VERSION')
+helm upgrade keycloak bitnami/keycloak \
+  --set auth.adminPassword=$KEYCLOAK_PASSWORD \
+  --set postgresql.image.tag=$CURRENT_PG_VERSION \
+  --set postgresql.auth.password=$POSTGRESQL_PASSWORD \
+  --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC
+```
+
+1. Delete the existing PostgreSQL pods and the new statefulset will create a new one:
+
+```console
+kubectl delete pod keycloak-postgresql-0
+```
+
+### To 1.0.0
+
+[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
+
+#### What changes were introduced in this major version?
+
+- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
+- Move dependency information from the *requirements.yaml* to the *Chart.yaml*
+- After running *helm dependency update*, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock*
+- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart.
+
+#### Considerations when upgrading to this version
+
+- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version does not support Helm v2 anymore.
+- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3.
+
+#### Useful links
+
+- [Bitnami Tutorial](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-resolve-helm2-helm3-post-migration-issues-index.html)
+- [Helm docs](https://helm.sh/docs/topics/v2_v3_migration)
+- [Helm Blog](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3)
+
+## License
+
+Copyright &copy; 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+<http://www.apache.org/licenses/LICENSE-2.0>
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/charts/keycloak/templates/NOTES.txt b/charts/keycloak/templates/NOTES.txt
new file mode 100644
index 0000000..12a0ed9
--- /dev/null
+++ b/charts/keycloak/templates/NOTES.txt
@@ -0,0 +1,109 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+⚠ WARNING: Since August 28th, 2025, only a limited subset of images/charts are available for free.
+    Subscribe to Bitnami Secure Images to receive continued support and security updates.
+    More info at https://bitnami.com and https://github.com/bitnami/containers/issues/83267
+
+** Please be patient while the chart is being deployed **
+
+Keycloak can be accessed through the following DNS name from within your cluster:
+
+    {{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ coalesce .Values.service.ports.http .Values.service.port }})
+
+To access Keycloak from outside the cluster execute the following commands:
+
+{{- if .Values.ingress.enabled }}
+
+1. Get the Keycloak URL and associate its hostname to your cluster external IP:
+
+   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
+   echo "Keycloak URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ (tpl .Values.ingress.hostname .) }}/"
+   echo "$CLUSTER_IP  {{ (tpl .Values.ingress.hostname .) }}" | sudo tee -a /etc/hosts
+
+{{- if .Values.adminIngress.enabled }}
+The admin area of Keycloak has been configured to point to a different domain ({{ .Values.adminIngress.hostname }}). Please remember to update the `frontendUrl` property of the `{{ .Values.adminRealm | default "master" }}` (or any other) realm for it to work properly (see README for an example) :
+
+   echo "Keycloak admin URL: http{{ if .Values.adminIngress.tls }}s{{ end }}://{{ (tpl .Values.adminIngress.hostname .) }}/"
+   echo "$CLUSTER_IP  {{ (tpl .Values.adminIngress.hostname .) }}" | sudo tee -a /etc/hosts
+{{- end }}
+
+{{- else }}
+
+1. Get the Keycloak URL by running these commands:
+
+{{- if contains "NodePort" .Values.service.type }}
+
+    export HTTP_NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='http')].nodePort}" services {{ include "common.names.fullname" . }})
+    {{- if .Values.tls.enabled }}
+    export HTTPS_NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='https')].nodePort}" services {{ include "common.names.fullname" . }})
+    {{- end }}
+    export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+
+    echo "http://${NODE_IP}:${HTTP_NODE_PORT}/"
+    {{- if .Values.tls.enabled }}
+    echo "https://${NODE_IP}:${HTTPS_NODE_PORT}/"
+    {{- end }}
+
+{{- else if contains "LoadBalancer" .Values.service.type }}
+
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        You can watch its status by running 'kubectl get --namespace {{ include "common.names.namespace" . }} svc -w {{ include "common.names.fullname" . }}'
+
+    export HTTP_SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='http')].port}" services {{ include "common.names.fullname" . }})
+    {{- if .Values.tls.enabled }}
+    export HTTPS_SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='https')].port}" services {{ include "common.names.fullname" . }})
+    {{- end }}
+    export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+
+    echo "http://${SERVICE_IP}:${HTTP_SERVICE_PORT}/"
+    {{- if .Values.tls.enabled }}
+    echo "https://${SERVICE_IP}:${HTTPS_SERVICE_PORT}/"
+    {{- end }}
+
+{{- else if contains "ClusterIP" .Values.service.type }}
+
+    export HTTP_SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='http')].port}" services {{ include "common.names.fullname" . }})
+    {{- if .Values.tls.enabled }}
+    export HTTPS_SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='https')].port}" services {{ include "common.names.fullname" . }})
+    kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} ${HTTP_SERVICE_PORT}:${HTTP_SERVICE_PORT} ${HTTPS_SERVICE_PORT}:${HTTPS_SERVICE_PORT} &
+    {{- else }}
+    kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} ${HTTP_SERVICE_PORT}:${HTTP_SERVICE_PORT} &
+    {{- end }}
+
+    echo "http://127.0.0.1:${HTTP_SERVICE_PORT}/"
+    {{- if .Values.tls.enabled }}
+    echo "https://127.0.0.1:${HTTPS_SERVICE_PORT}/"
+    {{- end }}
+
+{{- end }}
+{{- end }}
+
+2. Access Keycloak using the obtained URL.
+{{- if and .Values.auth.adminUser .Values.auth.adminPassword }}
+3. Access the Administration Console using the following credentials:
+
+  echo Username: {{ .Values.auth.adminUser }}
+  echo Password: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ include "keycloak.secretName" . }} -o jsonpath="{.data.{{ include "keycloak.secretKey" .}}}" | base64 -d)
+{{- end }}
+{{- if .Values.metrics.enabled }}
+
+You can access the Prometheus metrics following the steps below:
+
+1. Get the Keycloak Prometheus metrics URL by running:
+
+    {{- $metricsPort := coalesce .Values.metrics.service.ports.metrics .Values.metrics.service.port | toString }}
+    kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ $metricsPort }}:{{ $metricsPort }} &
+    echo "Keycloak Prometheus metrics URL: http://127.0.0.1:{{ $metricsPort }}/metrics"
+
+2. Open a browser and access Keycloak Prometheus metrics using the obtained URL.
+
+{{- end }}
+
+{{- include "keycloak.validateValues" . }}
+{{- include "common.warnings.rollingTag" .Values.image }}
+{{- include "common.warnings.rollingTag" .Values.keycloakConfigCli.image }}
+{{- include "common.warnings.resources" (dict "sections" (list "keycloakConfigCli" "") "context" $) }}
+{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.keycloakConfigCli.image) "context" $) }}
+{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.keycloakConfigCli.image) "context" $) }}
diff --git a/charts/keycloak/templates/_helpers.tpl b/charts/keycloak/templates/_helpers.tpl
new file mode 100644
index 0000000..52a1fb1
--- /dev/null
+++ b/charts/keycloak/templates/_helpers.tpl
@@ -0,0 +1,355 @@
+{{/*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/*
+Return the proper Keycloak image name
+*/}}
+{{- define "keycloak.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper keycloak-config-cli image name
+*/}}
+{{- define "keycloak.keycloakConfigCli.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.keycloakConfigCli.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the keycloak-config-cli configuration configmap.
+*/}}
+{{- define "keycloak.keycloakConfigCli.configmapName" -}}
+{{- if .Values.keycloakConfigCli.existingConfigmap -}}
+    {{- printf "%s" (tpl .Values.keycloakConfigCli.existingConfigmap $) -}}
+{{- else -}}
+    {{- printf "%s-keycloak-config-cli-configmap" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created for keycloak-config-cli
+*/}}
+{{- define "keycloak.keycloakConfigCli.createConfigmap" -}}
+{{- if and .Values.keycloakConfigCli.enabled .Values.keycloakConfigCli.configuration (not .Values.keycloakConfigCli.existingConfigmap) -}}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "keycloak.imagePullSecrets" -}}
+{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.keycloakConfigCli.image) "context" $) -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "keycloak.postgresql.fullname" -}}
+{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "keycloak.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the path Keycloak is hosted on. This looks at httpRelativePath and returns it with a trailing slash. For example:
+    / -> / (the default httpRelativePath)
+    /auth -> /auth/ (trailing slash added)
+    /custom/ -> /custom/ (unchanged)
+*/}}
+{{- define "keycloak.httpPath" -}}
+{{ ternary .Values.httpRelativePath (printf "%s%s" .Values.httpRelativePath "/") (hasSuffix "/" .Values.httpRelativePath) }}
+{{- end -}}
+
+{{/*
+Return the Keycloak configuration configmap
+*/}}
+{{- define "keycloak.configmapName" -}}
+{{- if .Values.existingConfigmap -}}
+    {{- printf "%s" (tpl .Values.existingConfigmap $) -}}
+{{- else -}}
+    {{- printf "%s-configuration" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created
+*/}}
+{{- define "keycloak.createConfigmap" -}}
+{{- if and .Values.configuration (not .Values.existingConfigmap) }}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Database hostname
+*/}}
+{{- define "keycloak.databaseHost" -}}
+{{- if eq .Values.postgresql.architecture "replication" }}
+{{- ternary (include "keycloak.postgresql.fullname" .) (tpl .Values.externalDatabase.host $) .Values.postgresql.enabled -}}-primary
+{{- else -}}
+{{- ternary (include "keycloak.postgresql.fullname" .) (tpl .Values.externalDatabase.host $) .Values.postgresql.enabled -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Database port
+*/}}
+{{- define "keycloak.databasePort" -}}
+{{- ternary "5432" (tpl (.Values.externalDatabase.port | toString) $) .Values.postgresql.enabled | quote -}}
+{{- end -}}
+
+{{/*
+Return the Database database name
+*/}}
+{{- define "keycloak.databaseName" -}}
+{{- if .Values.postgresql.enabled }}
+    {{- if .Values.global.postgresql }}
+        {{- if .Values.global.postgresql.auth }}
+            {{- coalesce .Values.global.postgresql.auth.database .Values.postgresql.auth.database -}}
+        {{- else -}}
+            {{- .Values.postgresql.auth.database -}}
+        {{- end -}}
+    {{- else -}}
+        {{- .Values.postgresql.auth.database -}}
+    {{- end -}}
+{{- else -}}
+    {{- tpl .Values.externalDatabase.database $ -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Database port
+*/}}
+{{- define "keycloak.databaseSchema" -}}
+{{- ternary "public" (tpl (.Values.externalDatabase.schema | toString) $) .Values.postgresql.enabled | quote -}}
+{{- end -}}
+
+{{/*
+Return the Database user
+*/}}
+{{- define "keycloak.databaseUser" -}}
+{{- if .Values.postgresql.enabled -}}
+    {{- if .Values.global.postgresql -}}
+        {{- if .Values.global.postgresql.auth -}}
+            {{- coalesce .Values.global.postgresql.auth.username .Values.postgresql.auth.username -}}
+        {{- else -}}
+            {{- .Values.postgresql.auth.username -}}
+        {{- end -}}
+    {{- else -}}
+        {{- .Values.postgresql.auth.username -}}
+    {{- end -}}
+{{- else -}}
+    {{- tpl .Values.externalDatabase.user $ -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Database encrypted password
+*/}}
+{{- define "keycloak.databaseSecretName" -}}
+{{- if .Values.postgresql.enabled -}}
+    {{- if .Values.global.postgresql -}}
+        {{- if .Values.global.postgresql.auth -}}
+            {{- if .Values.global.postgresql.auth.existingSecret -}}
+                {{- tpl .Values.global.postgresql.auth.existingSecret $ -}}
+            {{- else -}}
+                {{- default (include "keycloak.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
+            {{- end -}}
+        {{- else -}}
+            {{- default (include "keycloak.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
+        {{- end -}}
+    {{- else -}}
+        {{- default (include "keycloak.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
+    {{- end -}}
+{{- else -}}
+    {{- default (printf "%s-externaldb" (include "common.names.fullname" .)) (tpl .Values.externalDatabase.existingSecret $) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Add environment variables to configure database values
+*/}}
+{{- define "keycloak.databaseSecretPasswordKey" -}}
+{{- if .Values.postgresql.enabled -}}
+    {{- printf "%s" (.Values.postgresql.auth.secretKeys.userPasswordKey | default "password") -}}
+{{- else -}}
+    {{- if .Values.externalDatabase.existingSecret -}}
+        {{- if .Values.externalDatabase.existingSecretPasswordKey -}}
+            {{- printf "%s" .Values.externalDatabase.existingSecretPasswordKey -}}
+        {{- else -}}
+            {{- print "db-password" -}}
+        {{- end -}}
+    {{- else -}}
+        {{- print "db-password" -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "keycloak.databaseSecretHostKey" -}}
+    {{- if .Values.externalDatabase.existingSecretHostKey -}}
+        {{- printf "%s" .Values.externalDatabase.existingSecretHostKey -}}
+    {{- else -}}
+        {{- print "db-host" -}}
+    {{- end -}}
+{{- end -}}
+{{- define "keycloak.databaseSecretPortKey" -}}
+    {{- if .Values.externalDatabase.existingSecretPortKey -}}
+        {{- printf "%s" .Values.externalDatabase.existingSecretPortKey -}}
+    {{- else -}}
+        {{- print "db-port" -}}
+    {{- end -}}
+{{- end -}}
+{{- define "keycloak.databaseSecretUserKey" -}}
+    {{- if .Values.externalDatabase.existingSecretUserKey -}}
+        {{- printf "%s" .Values.externalDatabase.existingSecretUserKey -}}
+    {{- else -}}
+        {{- print "db-user" -}}
+    {{- end -}}
+{{- end -}}
+{{- define "keycloak.databaseSecretDatabaseKey" -}}
+    {{- if .Values.externalDatabase.existingSecretDatabaseKey -}}
+        {{- printf "%s" .Values.externalDatabase.existingSecretDatabaseKey -}}
+    {{- else -}}
+        {{- print "db-database" -}}
+    {{- end -}}
+{{- end -}}
+
+{{/*
+Return the Keycloak initdb scripts configmap
+*/}}
+{{- define "keycloak.initdbScriptsCM" -}}
+{{- if .Values.initdbScriptsConfigMap -}}
+    {{- printf "%s" .Values.initdbScriptsConfigMap -}}
+{{- else -}}
+    {{- printf "%s-init-scripts" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret containing the Keycloak admin password
+*/}}
+{{- define "keycloak.secretName" -}}
+{{- $secretName := .Values.auth.existingSecret -}}
+{{- if $secretName -}}
+    {{- printf "%s" (tpl $secretName $) -}}
+{{- else -}}
+    {{- printf "%s" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret key that contains the Keycloak admin password
+*/}}
+{{- define "keycloak.secretKey" -}}
+{{- $secretName := .Values.auth.existingSecret -}}
+{{- if and $secretName .Values.auth.passwordSecretKey -}}
+    {{- printf "%s" .Values.auth.passwordSecretKey -}}
+{{- else -}}
+    {{- print "admin-password" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret containing Keycloak HTTPS/TLS certificates
+*/}}
+{{- define "keycloak.tlsSecretName" -}}
+{{- $secretName := .Values.tls.existingSecret -}}
+{{- if $secretName -}}
+    {{- printf "%s" (tpl $secretName $) -}}
+{{- else -}}
+    {{- printf "%s-crt" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret containing Keycloak HTTPS/TLS keystore and truststore passwords
+*/}}
+{{- define "keycloak.tlsPasswordsSecretName" -}}
+{{- $secretName := .Values.tls.passwordsSecret -}}
+{{- if $secretName -}}
+    {{- printf "%s" (tpl $secretName $) -}}
+{{- else -}}
+    {{- printf "%s-tls-passwords" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret containing Keycloak SPI TLS certificates
+*/}}
+{{- define "keycloak.spiPasswordsSecretName" -}}
+{{- $secretName := .Values.spi.passwordsSecret -}}
+{{- if $secretName -}}
+    {{- printf "%s" (tpl $secretName $) -}}
+{{- else -}}
+    {{- printf "%s-spi-passwords" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a TLS secret object should be created
+*/}}
+{{- define "keycloak.createTlsSecret" -}}
+{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "keycloak.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "keycloak.validateValues.database" .) -}}
+{{- $messages := append $messages (include "keycloak.validateValues.tls" .) -}}
+{{- $messages := append $messages (include "keycloak.validateValues.production" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Keycloak - database */}}
+{{- define "keycloak.validateValues.database" -}}
+{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.host) (and (not .Values.externalDatabase.password) (not .Values.externalDatabase.existingSecret)) -}}
+keycloak: database
+    You disabled the PostgreSQL sub-chart but did not specify an external PostgreSQL host.
+    Either deploy the PostgreSQL sub-chart (--set postgresql.enabled=true),
+    or set a value for the external database host (--set externalDatabase.host=FOO)
+    and set a value for the external database password (--set externalDatabase.password=BAR)
+    or existing secret (--set externalDatabase.existingSecret=BAR).
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Keycloak - TLS enabled */}}
+{{- define "keycloak.validateValues.tls" -}}
+{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) }}
+keycloak: tls.enabled
+    In order to enable TLS, you also need to provide
+    an existing secret containing the Keystore and Truststore or
+    enable auto-generated certificates.
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Keycloak - Production mode enabled */}}
+{{- define "keycloak.validateValues.production" -}}
+{{- if and .Values.production (not .Values.tls.enabled) (not (eq .Values.proxy "edge")) (empty .Values.proxyHeaders) -}}
+keycloak: production
+    In order to enable Production mode, you also need to enable HTTPS/TLS
+    using the value 'tls.enabled' and providing an existing secret containing the Keystore and Trustore.
+{{- end -}}
+{{- end -}}
diff --git a/charts/keycloak/templates/admin-ingress.yaml b/charts/keycloak/templates/admin-ingress.yaml
new file mode 100644
index 0000000..4f822dc
--- /dev/null
+++ b/charts/keycloak/templates/admin-ingress.yaml
@@ -0,0 +1,57 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.adminIngress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ include "common.names.fullname" . }}-admin
+  namespace: {{ include "common.names.namespace" . | quote }}
+  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.adminIngress.labels .Values.commonLabels ) "context" . ) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if or .Values.adminIngress.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.adminIngress.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.adminIngress.ingressClassName }}
+  ingressClassName: {{ include "common.tplvalues.render" ( dict "value" .Values.adminIngress.ingressClassName "context" $ ) | quote }}
+  {{- end }}
+  rules:
+    {{- if .Values.adminIngress.hostname }}
+    - host: {{ (tpl .Values.adminIngress.hostname .) | quote }}
+      http:
+        paths:
+          {{- if .Values.adminIngress.extraPaths }}
+          {{- toYaml .Values.adminIngress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ include "common.tplvalues.render" ( dict "value" .Values.adminIngress.path "context" $) }}
+            pathType: {{ .Values.adminIngress.pathType }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.adminIngress.servicePort "context" $)  | nindent 14 }}
+    {{- end }}
+    {{- range .Values.adminIngress.extraHosts }}
+    - host: {{ (tpl .name $) }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.adminIngress.servicePort "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.adminIngress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.adminIngress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.adminIngress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.adminIngress.annotations )) .Values.adminIngress.selfSigned .Values.adminIngress.secrets )) .Values.adminIngress.extraTls }}
+  tls:
+  {{- if and .Values.adminIngress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.adminIngress.annotations )) .Values.adminIngress.secrets .Values.adminIngress.selfSigned) }}
+    - hosts:
+        - {{ (tpl .Values.adminIngress.hostname .) | quote }}
+      secretName: {{ printf "%s-tls" (tpl .Values.adminIngress.hostname .) }}
+    {{- end }}
+    {{- if .Values.adminIngress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.adminIngress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/configmap-env-vars.yaml b/charts/keycloak/templates/configmap-env-vars.yaml
new file mode 100644
index 0000000..f76c163
--- /dev/null
+++ b/charts/keycloak/templates/configmap-env-vars.yaml
@@ -0,0 +1,109 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-env-vars" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  KC_BOOTSTRAP_ADMIN_USERNAME: {{ .Values.auth.adminUser | quote }}
+  KEYCLOAK_HTTP_PORT: {{ .Values.containerPorts.http | quote }}
+  {{- if and .Values.proxy (empty .Values.proxyHeaders) }}
+  KEYCLOAK_PROXY_HEADERS: {{ ternary "" "xforwarded" (eq .Values.proxy "passthrough") | quote }}
+  {{- else }}
+  KEYCLOAK_PROXY_HEADERS: {{ .Values.proxyHeaders | quote }}
+  {{- end }}
+  {{- if and .Values.adminIngress.enabled .Values.adminIngress.hostname }}
+  KEYCLOAK_HOSTNAME_ADMIN: |-
+    {{ ternary "https://" "http://" ( or .Values.adminIngress.tls (eq .Values.proxy "edge") (not (empty .Values.proxyHeaders)) ) -}}    {{- include "common.tplvalues.render" (dict "value" .Values.adminIngress.hostname "context" $) -}}
+    {{- if eq .Values.adminIngress.controller "default" }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.adminIngress.path "context" $) }}
+    {{- else if eq .Values.adminIngress.controller "gce" }}
+      {{- $path := .Values.adminIngress.path -}}
+      {{- if hasSuffix "*" $path -}}
+        {{- $path = trimSuffix "*" $path -}}
+      {{- end -}}
+      {{- include "common.tplvalues.render" (dict "value" $path "context" $) }}
+    {{- end }}
+  {{- end }}
+  {{- if and .Values.ingress.enabled .Values.ingress.hostname }}
+  KEYCLOAK_HOSTNAME: |-
+    {{ ternary "https://" "http://" ( or .Values.ingress.tls (eq .Values.proxy "edge") (not (empty .Values.proxyHeaders)) ) -}}    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.hostname "context" $) -}}
+    {{- if eq .Values.ingress.controller "default" }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.ingress.path "context" $) }}
+    {{- else if eq .Values.ingress.controller "gce" }}
+      {{- $path := .Values.ingress.path -}}
+      {{- if hasSuffix "*" $path -}}
+        {{- $path = trimSuffix "*" $path -}}
+      {{- end -}}
+      {{- include "common.tplvalues.render" (dict "value" $path "context" $) }}
+    {{- end }}
+  {{- end }}
+  {{- if .Values.ingress.enabled }}
+  KEYCLOAK_HOSTNAME_STRICT: {{ ternary "true" "false" .Values.ingress.hostnameStrict | quote }}
+  {{- end }}
+  KEYCLOAK_ENABLE_STATISTICS: {{ ternary "true" "false" .Values.metrics.enabled | quote }}
+  {{- if not .Values.externalDatabase.existingSecretHostKey }}
+  KEYCLOAK_DATABASE_HOST: {{ include "keycloak.databaseHost" . | quote }}
+  {{- end }}
+  {{- if not .Values.externalDatabase.existingSecretPortKey }}
+  KEYCLOAK_DATABASE_PORT: {{ include "keycloak.databasePort" . }}
+  {{- end }}
+  {{- if not .Values.externalDatabase.existingSecretDatabaseKey }}
+  KEYCLOAK_DATABASE_NAME: {{ include "keycloak.databaseName" . | quote }}
+  {{- end }}
+  KEYCLOAK_DATABASE_SCHEMA: {{ include "keycloak.databaseSchema" . }}
+  {{- if not .Values.externalDatabase.existingSecretUserKey }}
+  KEYCLOAK_DATABASE_USER: {{ include "keycloak.databaseUser" . | quote }}
+  {{- end }}
+  KEYCLOAK_PRODUCTION: {{ ternary "true" "false" .Values.production | quote }}
+  KEYCLOAK_ENABLE_HTTPS: {{ ternary "true" "false" .Values.tls.enabled | quote }}
+  {{- if .Values.customCaExistingSecret }}
+  KC_TRUSTSTORE_PATHS: "/opt/bitnami/keycloak/custom-ca"
+  {{- end }}
+  {{- if .Values.tls.enabled }}
+  KEYCLOAK_HTTPS_PORT: {{ .Values.containerPorts.https | quote }}
+  KEYCLOAK_HTTPS_USE_PEM: {{ ternary "true" "false" (or .Values.tls.usePem .Values.tls.autoGenerated) | quote }}
+  {{- if or .Values.tls.usePem .Values.tls.autoGenerated }}
+  KEYCLOAK_HTTPS_CERTIFICATE_FILE: "/opt/bitnami/keycloak/certs/tls.crt"
+  KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE: "/opt/bitnami/keycloak/certs/tls.key"
+  {{- else }}
+  KEYCLOAK_HTTPS_KEY_STORE_FILE: {{ printf "/opt/bitnami/keycloak/certs/%s" .Values.tls.keystoreFilename | quote }}
+  KEYCLOAK_HTTPS_TRUST_STORE_FILE: {{ printf "/opt/bitnami/keycloak/certs/%s" .Values.tls.truststoreFilename | quote }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.spi.existingSecret }}
+  {{- if .Values.spi.hostnameVerificationPolicy }}
+  KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY: {{ .Values.spi.hostnameVerificationPolicy | quote }}
+  {{- end }}
+  KEYCLOAK_SPI_TRUSTSTORE_FILE: {{ printf "/opt/bitnami/keycloak/spi-certs/%s" .Values.spi.truststoreFilename }}
+  {{- end }}
+  {{- if .Values.cache.enabled }}
+  KC_CACHE_TYPE: "ispn"
+  {{- if .Values.cache.stack }}
+  KC_CACHE_STACK: {{ .Values.cache.stack | quote }}
+  {{- end }}
+  {{- if .Values.cache.configFile }}
+  KC_CACHE_CONFIG_FILE: {{ .Values.cache.configFile | quote }}
+  {{- end }}
+  {{- if .Values.cache.useHeadlessServiceWithAppVersion }}
+  JAVA_OPTS_APPEND: {{ printf "-Djgroups.dns.query=%s-headless-ispn-%s.%s.svc.%s" (include "common.names.fullname" .) (replace "." "-" .Chart.AppVersion) (include "common.names.namespace" .) .Values.clusterDomain | quote }}
+  {{- else }}
+  JAVA_OPTS_APPEND: {{ printf "-Djgroups.dns.query=%s-headless.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain | quote }}
+  {{- end }}
+  {{- else }}
+  KC_CACHE_TYPE: "local"
+  {{- end }}
+  {{- if .Values.logging }}
+  KEYCLOAK_LOG_OUTPUT: {{ .Values.logging.output | quote }}
+  KEYCLOAK_LOG_LEVEL: {{ .Values.logging.level | quote }}
+  {{- end }}
+
diff --git a/charts/keycloak/templates/configmap.yaml b/charts/keycloak/templates/configmap.yaml
new file mode 100644
index 0000000..12cca41
--- /dev/null
+++ b/charts/keycloak/templates/configmap.yaml
@@ -0,0 +1,20 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "keycloak.createConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-configuration" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  keycloak.conf: |-
+    {{- .Values.configuration | nindent 4 }}
+{{- end }}
diff --git a/charts/keycloak/templates/extra-list.yaml b/charts/keycloak/templates/extra-list.yaml
new file mode 100644
index 0000000..329f5c6
--- /dev/null
+++ b/charts/keycloak/templates/extra-list.yaml
@@ -0,0 +1,9 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/charts/keycloak/templates/headless-service-ispn.yaml b/charts/keycloak/templates/headless-service-ispn.yaml
new file mode 100644
index 0000000..c61626d
--- /dev/null
+++ b/charts/keycloak/templates/headless-service-ispn.yaml
@@ -0,0 +1,43 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.cache.enabled .Values.cache.useHeadlessServiceWithAppVersion }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-headless-ispn-%s" (include "common.names.fullname" .) (replace "." "-" .Chart.AppVersion) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if or .Values.commonAnnotations .Values.service.headless.annotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - name: http
+      port: {{ .Values.containerPorts.http }}
+      protocol: TCP
+      targetPort: http
+    {{- if .Values.tls.enabled }}
+    - name: https
+      port: {{ .Values.containerPorts.https }}
+      protocol: TCP
+      targetPort: https
+    {{- end }}
+    {{- if .Values.service.extraHeadlessPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.service.extraHeadlessPorts "context" $) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.service.headless.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.service.headless.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  publishNotReadyAddresses: true
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+    app.kubernetes.io/app-version: {{ .Chart.AppVersion }}
+{{- end }}
diff --git a/charts/keycloak/templates/headless-service.yaml b/charts/keycloak/templates/headless-service.yaml
new file mode 100644
index 0000000..c71e9a8
--- /dev/null
+++ b/charts/keycloak/templates/headless-service.yaml
@@ -0,0 +1,40 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if or .Values.commonAnnotations .Values.service.headless.annotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - name: http
+      port: {{ .Values.containerPorts.http }}
+      protocol: TCP
+      targetPort: http
+    {{- if .Values.tls.enabled }}
+    - name: https
+      port: {{ .Values.containerPorts.https }}
+      protocol: TCP
+      targetPort: https
+    {{- end }}
+    {{- if .Values.service.extraHeadlessPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.service.extraHeadlessPorts "context" $) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.service.headless.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.service.headless.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  publishNotReadyAddresses: true
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
diff --git a/charts/keycloak/templates/hpa.yaml b/charts/keycloak/templates/hpa.yaml
new file mode 100644
index 0000000..aaf757d
--- /dev/null
+++ b/charts/keycloak/templates/hpa.yaml
@@ -0,0 +1,58 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+    kind: StatefulSet
+    name: {{ template "common.names.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPU }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemory }}
+    {{- end }}
+  {{- if or .Values.autoscaling.behavior.scaleDown.policies .Values.autoscaling.behavior.scaleUp.policies }}
+  behavior:
+    {{- if .Values.autoscaling.behavior.scaleDown.policies }}
+    scaleDown:
+      stabilizationWindowSeconds: {{ .Values.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }}
+      selectPolicy: {{ .Values.autoscaling.behavior.scaleDown.selectPolicy }}
+      policies:
+        {{- toYaml .Values.autoscaling.behavior.scaleDown.policies | nindent 8 }}
+    {{- end }}
+    {{- if .Values.autoscaling.behavior.scaleUp.policies }}
+    scaleUp:
+      stabilizationWindowSeconds: {{ .Values.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }}
+      selectPolicy: {{ .Values.autoscaling.behavior.scaleUp.selectPolicy }}
+      policies:
+       {{- toYaml .Values.autoscaling.behavior.scaleUp.policies | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/ingress.yaml b/charts/keycloak/templates/ingress.yaml
new file mode 100644
index 0000000..3fd6046
--- /dev/null
+++ b/charts/keycloak/templates/ingress.yaml
@@ -0,0 +1,57 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.labels .Values.commonLabels ) "context" . ) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.ingressClassName }}
+  ingressClassName: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.ingressClassName "context" $ ) | quote }}
+  {{- end }}
+  rules:
+    {{- if .Values.ingress.hostname }}
+    - host: {{ (tpl .Values.ingress.hostname .) | quote }}
+      http:
+        paths:
+          {{- if .Values.ingress.extraPaths }}
+          {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.path "context" $) }}
+            pathType: {{ .Values.ingress.pathType }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.ingress.servicePort "context" $)  | nindent 14 }}
+    {{- end }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ (tpl .name $) }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.ingress.servicePort "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned .Values.ingress.secrets )) .Values.ingress.extraTls }}
+  tls:
+  {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.secrets .Values.ingress.selfSigned) }}
+    - hosts:
+        - {{ (tpl .Values.ingress.hostname .) | quote }}
+      secretName: {{ printf "%s-tls" (tpl .Values.ingress.hostname .) }}
+    {{- end }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/init-scripts-configmap.yaml b/charts/keycloak/templates/init-scripts-configmap.yaml
new file mode 100644
index 0000000..a758d40
--- /dev/null
+++ b/charts/keycloak/templates/init-scripts-configmap.yaml
@@ -0,0 +1,19 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }}
+{{ end }}
diff --git a/charts/keycloak/templates/keycloak-config-cli-configmap.yaml b/charts/keycloak/templates/keycloak-config-cli-configmap.yaml
new file mode 100644
index 0000000..bba17b7
--- /dev/null
+++ b/charts/keycloak/templates/keycloak-config-cli-configmap.yaml
@@ -0,0 +1,23 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "keycloak.keycloakConfigCli.createConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "keycloak.keycloakConfigCli.configmapName" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak-config-cli
+data:
+  {{- range $fileName, $fileContent := .Values.keycloakConfigCli.configuration }}
+  {{- if $fileContent }}
+  {{ $fileName }}: |
+    {{- include "common.tplvalues.render" (dict "value" $fileContent "context" $) | nindent 4 }}
+  {{- else }}
+    {{- ($.Files.Glob $fileName).AsConfig | nindent 2 }}
+  {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/keycloak-config-cli-job.yaml b/charts/keycloak/templates/keycloak-config-cli-job.yaml
new file mode 100644
index 0000000..6939d3d
--- /dev/null
+++ b/charts/keycloak/templates/keycloak-config-cli-job.yaml
@@ -0,0 +1,142 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.keycloakConfigCli.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ printf "%s-keycloak-config-cli" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak-config-cli
+  {{- if or .Values.keycloakConfigCli.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.keycloakConfigCli.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  backoffLimit: {{ .Values.keycloakConfigCli.backoffLimit }}
+  {{- if .Values.keycloakConfigCli.cleanupAfterFinished.enabled }}
+  ttlSecondsAfterFinished: {{ .Values.keycloakConfigCli.cleanupAfterFinished.seconds }}
+  {{- end }}
+  template:
+    metadata:
+      {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.keycloakConfigCli.podLabels .Values.commonLabels ) "context" . ) }}
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+        app.kubernetes.io/component: keycloak-config-cli
+      annotations:
+        {{- if (include "keycloak.keycloakConfigCli.createConfigmap" .) }}
+        checksum/configuration: {{ include (print $.Template.BasePath "/keycloak-config-cli-configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.keycloakConfigCli.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ template "keycloak.serviceAccountName" . }}
+      {{- include "keycloak.imagePullSecrets" . | nindent 6 }}
+      restartPolicy: Never
+      {{- if .Values.keycloakConfigCli.podSecurityContext.enabled }}
+      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.keycloakConfigCli.podSecurityContext "context" $) | nindent 8 }}
+      {{- end }}
+      automountServiceAccountToken: {{ .Values.keycloakConfigCli.automountServiceAccountToken }}
+      {{- if .Values.keycloakConfigCli.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.keycloakConfigCli.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.keycloakConfigCli.podTolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.podTolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.keycloakConfigCli.initContainers }}
+      initContainers:
+        {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.initContainers "context" $) | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: keycloak-config-cli
+          image: {{ template "keycloak.keycloakConfigCli.image" . }}
+          imagePullPolicy: {{ .Values.keycloakConfigCli.image.pullPolicy }}
+          {{- if .Values.keycloakConfigCli.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.command "context" $) | nindent 12 }}
+          {{- else }}
+          command:
+            - java
+            - -jar
+            - /opt/bitnami/keycloak-config-cli/keycloak-config-cli.jar
+          {{- end }}
+          {{- if .Values.keycloakConfigCli.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.args "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.keycloakConfigCli.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.keycloakConfigCli.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            - name: KEYCLOAK_URL
+              value: {{ printf "http://%s-headless:%d%s" (include "common.names.fullname" .) (.Values.containerPorts.http | int) (.Values.httpRelativePath) }}
+            - name: KEYCLOAK_USER
+              value: {{ .Values.auth.adminUser | quote }}
+            - name: KEYCLOAK_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.secretName" . }}
+                  key: {{ include "keycloak.secretKey" . }}
+            {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap }}
+            - name: IMPORT_FILES_LOCATIONS
+              value: /config/*
+            {{- end }}
+            - name: KEYCLOAK_AVAILABILITYCHECK_ENABLED
+              value: {{ .Values.keycloakConfigCli.availabilityCheck.enabled | quote }}
+            {{- if and .Values.keycloakConfigCli.availabilityCheck.enabled .Values.keycloakConfigCli.availabilityCheck.timeout }}
+            - name: KEYCLOAK_AVAILABILITYCHECK_TIMEOUT
+              value: {{ .Values.keycloakConfigCli.availabilityCheck.timeout }}
+            {{- end }}
+            {{- if .Values.keycloakConfigCli.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if or .Values.keycloakConfigCli.extraEnvVarsCM .Values.keycloakConfigCli.extraEnvVarsSecret }}
+          envFrom:
+            {{- if .Values.keycloakConfigCli.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.keycloakConfigCli.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          {{- end }}
+          {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap .Values.keycloakConfigCli.extraVolumeMounts }}
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap }}
+            - name: config-volume
+              mountPath: /config
+            {{- end }}
+            {{- if .Values.keycloakConfigCli.extraVolumeMounts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.extraVolumeMounts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.keycloakConfigCli.resources }}
+          resources: {{- toYaml .Values.keycloakConfigCli.resources | nindent 12 }}
+          {{- else if ne .Values.keycloakConfigCli.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.keycloakConfigCli.resourcesPreset) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.keycloakConfigCli.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.keycloakConfigCli.sidecars "context" $) | nindent 8 }}
+        {{- end }}
+      {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap .Values.keycloakConfigCli.extraVolumes }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap }}
+        - name: config-volume
+          configMap:
+            name: {{ include "keycloak.keycloakConfigCli.configmapName" . }}
+        {{- end }}
+        {{- if .Values.keycloakConfigCli.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
+      {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/metrics-service.yaml b/charts/keycloak/templates/metrics-service.yaml
new file mode 100644
index 0000000..8987b17
--- /dev/null
+++ b/charts/keycloak/templates/metrics-service.yaml
@@ -0,0 +1,41 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: metrics
+  {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: metrics
+      port: {{ .Values.metrics.service.ports.metrics }}
+      protocol: TCP
+      targetPort: {{ .Values.containerPorts.metrics }}
+    - name: http
+      port: {{ .Values.metrics.service.ports.http }}
+      protocol: TCP
+      targetPort: {{ .Values.containerPorts.http }}
+    {{- if .Values.tls.enabled }}
+    - name: https
+      port: {{ .Values.metrics.service.ports.https }}
+      protocol: TCP
+      targetPort: {{ .Values.containerPorts.https }}
+    {{- end }}
+    {{- if .Values.metrics.service.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }}
+    {{- end }}      
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+{{- end }}
diff --git a/charts/keycloak/templates/networkpolicy.yaml b/charts/keycloak/templates/networkpolicy.yaml
new file mode 100644
index 0000000..ffb5828
--- /dev/null
+++ b/charts/keycloak/templates/networkpolicy.yaml
@@ -0,0 +1,102 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: keycloak
+  policyTypes:
+    - Ingress
+    - Egress
+  {{- if .Values.networkPolicy.allowExternalEgress }}
+  egress:
+    - {}
+  {{- else }}
+  egress:
+    - ports:
+        # Allow dns resolution
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+        {{- range $port := .Values.networkPolicy.kubeAPIServerPorts }}
+        - port: {{ $port }}
+        {{- end }}
+    # Allow connection to PostgreSQL
+    - ports:
+        - port: {{ include "keycloak.databasePort" . | trimAll "\"" | int }}
+      {{- if .Values.postgresql.enabled }}
+      to:
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: postgresql
+              app.kubernetes.io/instance: {{ .Release.Name }}              
+      {{- end }}
+    # Allow connection to other keycloak nodes
+    - ports:
+        {{- /* Constant in code: https://github.com/keycloak/keycloak/blob/ce8e925c1ad9bf7a3180d1496e181aeea0ab5f8a/operator/src/main/java/org/keycloak/operator/Constants.java#L60 */}}
+        - port: 7800
+        - port: {{ .Values.containerPorts.http }}
+        {{- if .Values.tls.enabled }}
+        - port: {{ .Values.containerPorts.https }}
+        {{- end }}
+      to:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+              app.kubernetes.io/component: keycloak
+    {{- if .Values.networkPolicy.extraEgress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  ingress:
+    - ports:
+        {{- /* Constant in code: https://github.com/keycloak/keycloak/blob/ce8e925c1ad9bf7a3180d1496e181aeea0ab5f8a/operator/src/main/java/org/keycloak/operator/Constants.java#L60 */}}
+        - port: 7800
+        {{- if and (.Values.metrics.enabled) (not (eq (.Values.containerPorts.http | int) (.Values.containerPorts.metrics | int) )) }}
+        - port: {{ .Values.containerPorts.metrics }} # metrics and health
+        {{- end }}
+        - port: {{ .Values.containerPorts.http }}
+        {{- if .Values.tls.enabled }}
+        - port: {{ .Values.containerPorts.https }}
+        {{- end }}
+      {{- if not .Values.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+        - podSelector:
+            matchLabels:
+              {{ template "common.names.fullname" . }}-client: "true"
+        {{- if .Values.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- $extraIngress := coalesce .Values.networkPolicy.additionalRules .Values.networkPolicy.extraIngress }}
+    {{- if $extraIngress }}
+    {{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) | nindent 4 }}
+    {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/pdb.yaml b/charts/keycloak/templates/pdb.yaml
new file mode 100644
index 0000000..653b953
--- /dev/null
+++ b/charts/keycloak/templates/pdb.yaml
@@ -0,0 +1,28 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.pdb.create }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.pdb.minAvailable }}
+  minAvailable: {{ .Values.pdb.minAvailable }}
+  {{- end }}
+  {{- if or .Values.pdb.maxUnavailable ( not .Values.pdb.minAvailable ) }}
+  maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }}
+  {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: keycloak
+{{- end }}
diff --git a/charts/keycloak/templates/prometheusrule.yaml b/charts/keycloak/templates/prometheusrule.yaml
new file mode 100644
index 0000000..2792392
--- /dev/null
+++ b/charts/keycloak/templates/prometheusrule.yaml
@@ -0,0 +1,20 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled .Values.metrics.prometheusRule.groups}}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace }}
+  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.prometheusRule.labels .Values.commonLabels ) "context" . ) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  groups: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.groups "context" .) | nindent 4 }}
+{{- end }}
diff --git a/charts/keycloak/templates/role.yaml b/charts/keycloak/templates/role.yaml
new file mode 100644
index 0000000..e913b15
--- /dev/null
+++ b/charts/keycloak/templates/role.yaml
@@ -0,0 +1,28 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.serviceAccount.create .Values.rbac.create }}
+kind: Role
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+rules:
+  {{- if .Values.rbac.rules }}
+  {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
+  {{- end }}
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+{{- end }}
diff --git a/charts/keycloak/templates/rolebinding.yaml b/charts/keycloak/templates/rolebinding.yaml
new file mode 100644
index 0000000..c954da8
--- /dev/null
+++ b/charts/keycloak/templates/rolebinding.yaml
@@ -0,0 +1,25 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.serviceAccount.create .Values.rbac.create }}
+kind: RoleBinding
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "common.names.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "keycloak.serviceAccountName" . }}
+    namespace: {{ include "common.names.namespace" . | quote }}
+{{- end }}
diff --git a/charts/keycloak/templates/secret-external-db.yaml b/charts/keycloak/templates/secret-external-db.yaml
new file mode 100644
index 0000000..ca61a5a
--- /dev/null
+++ b/charts/keycloak/templates/secret-external-db.yaml
@@ -0,0 +1,19 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-externaldb" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }}
+  {{- if or .Values.externalDatabase.annotations .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.merge" (dict "values" (list .Values.externalDatabase.annotations .Values.commonAnnotations) "context" $) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  db-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-externaldb" (include "common.names.fullname" .)) "key" "db-password" "length" 10 "providedValues" (list "externalDatabase.password") "context" $) }}
+{{- end }}
diff --git a/charts/keycloak/templates/secrets.yaml b/charts/keycloak/templates/secrets.yaml
new file mode 100644
index 0000000..f1b9025
--- /dev/null
+++ b/charts/keycloak/templates/secrets.yaml
@@ -0,0 +1,20 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if not .Values.auth.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if or .Values.auth.annotations .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.merge" (dict "values" (list .Values.auth.annotations .Values.commonAnnotations) "context" $) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  admin-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-") "key" "admin-password" "length" 10 "providedValues" (list "auth.adminPassword") "context" $) }}
+{{- end }}
diff --git a/charts/keycloak/templates/service.yaml b/charts/keycloak/templates/service.yaml
new file mode 100644
index 0000000..dec9cb5
--- /dev/null
+++ b/charts/keycloak/templates/service.yaml
@@ -0,0 +1,65 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if or .Values.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.service.clusterIP }}
+  {{- end }}
+  {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
+  loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
+  {{- end }}
+  {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.sessionAffinity }}
+  sessionAffinity: {{ .Values.service.sessionAffinity }}
+  {{- end }}
+  {{- if .Values.service.sessionAffinityConfig }}
+  sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
+  {{- end }}
+  ports:
+    {{- if .Values.service.http.enabled }}
+    - name: http
+      port: {{ coalesce .Values.service.ports.http .Values.service.port }}
+      protocol: TCP
+      targetPort: http
+      {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }}
+      nodePort: {{ .Values.service.nodePorts.http }}
+      {{- else if eq .Values.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- end }}
+    {{- if .Values.tls.enabled }}
+    - name: https
+      port: {{ coalesce .Values.service.ports.https .Values.service.httpsPort }}
+      protocol: TCP
+      targetPort: https
+      {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }}
+      nodePort: {{ .Values.service.nodePorts.https }}
+      {{- else if eq .Values.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- end }}
+    {{- if .Values.service.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
diff --git a/charts/keycloak/templates/serviceaccount.yaml b/charts/keycloak/templates/serviceaccount.yaml
new file mode 100644
index 0000000..467e14b
--- /dev/null
+++ b/charts/keycloak/templates/serviceaccount.yaml
@@ -0,0 +1,22 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "keycloak.serviceAccountName" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+    {{- if .Values.serviceAccount.extraLabels }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.extraLabels "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end }}
diff --git a/charts/keycloak/templates/servicemonitor.yaml b/charts/keycloak/templates/servicemonitor.yaml
new file mode 100644
index 0000000..a63d53e
--- /dev/null
+++ b/charts/keycloak/templates/servicemonitor.yaml
@@ -0,0 +1,58 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace }}
+  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.metrics.serviceMonitor.jobLabel }}
+  jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
+  {{- end }}
+  endpoints:
+    {{- $defaultEndpoint := pick .Values.metrics.serviceMonitor "port" "scheme" "tlsConfig" "interval" "scrapeTimeout" "relabelings" "metricRelabelings" "honorLabels" }}
+    {{- $endpoints := ternary (.Values.metrics.serviceMonitor.endpoints) (list (dict "path" .Values.metrics.serviceMonitor.path)) (empty .Values.metrics.serviceMonitor.path) }}
+    {{- range $endpoints }}
+    {{- $endpoint := merge . $defaultEndpoint }}
+    - port: {{ $endpoint.port | quote }}
+      scheme: {{ $endpoint.scheme | quote }}
+      {{- if $endpoint.tlsConfig }}
+      tlsConfig: {{- include "common.tplvalues.render" ( dict "value" $endpoint.tlsConfig "context" $) | nindent 8 }}
+      {{- end }}
+      path: {{ include "common.tplvalues.render" ( dict "value" $endpoint.path "context" $) }}
+      {{- if $endpoint.interval }}
+      interval: {{ $endpoint.interval }}
+      {{- end }}
+      {{- if $endpoint.scrapeTimeout }}
+      scrapeTimeout: {{ $endpoint.scrapeTimeout }}
+      {{- end }}
+      {{- if $endpoint.relabelings }}
+      relabelings: {{- include "common.tplvalues.render" ( dict "value" $endpoint.relabelings "context" $) | nindent 6 }}
+      {{- end }}
+      {{- if $endpoint.metricRelabelings }}
+      metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" $endpoint.metricRelabelings "context" $) | nindent 6 }}
+      {{- end }}
+      {{- if $endpoint.honorLabels }}
+      honorLabels: {{ $endpoint.honorLabels }}
+      {{- end }}
+    {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ include "common.names.namespace" . | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+      {{- if .Values.metrics.serviceMonitor.selector }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+      {{- end }}
+      app.kubernetes.io/component: metrics
+{{- end }}
diff --git a/charts/keycloak/templates/statefulset.yaml b/charts/keycloak/templates/statefulset.yaml
new file mode 100644
index 0000000..eb40418
--- /dev/null
+++ b/charts/keycloak/templates/statefulset.yaml
@@ -0,0 +1,449 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if or .Values.statefulsetAnnotations .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.merge" ( dict "values" ( list .Values.statefulsetAnnotations .Values.commonAnnotations ) "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimitCount }}
+  podManagementPolicy: {{ .Values.podManagementPolicy }}
+  serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+  updateStrategy:
+    {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
+  {{- if .Values.minReadySeconds }}
+  minReadySeconds: {{ .Values.minReadySeconds }}
+  {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: keycloak
+  template:
+    metadata:
+      annotations:
+        checksum/configmap-env-vars: {{ include (print $.Template.BasePath "/configmap-env-vars.yaml") . | sha256sum }}
+        {{- if not .Values.auth.existingSecret  }}
+        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if (include "keycloak.createConfigmap" .) }}
+        checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+        app.kubernetes.io/component: keycloak
+        app.kubernetes.io/app-version: {{ .Chart.AppVersion }}
+    spec:
+      serviceAccountName: {{ template "keycloak.serviceAccountName" . }}
+      {{- include "keycloak.imagePullSecrets" . | nindent 6 }}
+      automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
+      {{- if .Values.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.schedulerName }}
+      schedulerName: {{ .Values.schedulerName }}
+      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy }}
+      {{- end }}
+      {{- if .Values.dnsConfig }}
+      dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" .) | nindent 8 }}
+      {{- end }}
+      enableServiceLinks: {{ .Values.enableServiceLinks }}
+      {{- if .Values.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- end }}
+      {{- if or .Values.enableDefaultInitContainers .Values.initContainers }}
+      initContainers:
+        {{- if .Values.enableDefaultInitContainers }}
+        - name: prepare-write-dirs
+          image: {{ template "keycloak.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - /bin/bash
+          args:
+            - -ec
+            - |
+              . /opt/bitnami/scripts/liblog.sh
+
+              info "Copying writable dirs to empty dir"
+              # In order to not break the application functionality we need to make some
+              # directories writable, so we need to copy it to an empty dir volume
+              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/lib/quarkus /emptydir/app-quarkus-dir
+              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/data /emptydir/app-data-dir
+              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/providers /emptydir/app-providers-dir
+              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/themes /emptydir/app-themes-dir
+              info "Copy operation completed"
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- else if ne .Values.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+           - name: empty-dir
+             mountPath: /emptydir
+        {{- end }}
+        {{- if .Values.initContainers }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: keycloak
+          image: {{ template "keycloak.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else if .Values.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else if .Values.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            - name: KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+            {{- if .Values.usePasswordFiles }}
+            - name: KC_BOOTSTRAP_ADMIN_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/keycloak/secrets/%s" (include "keycloak.secretKey" .) }}
+            - name: KEYCLOAK_DATABASE_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/keycloak/secrets/db-%s" (include "keycloak.databaseSecretPasswordKey" .) }}
+            {{- if .Values.externalDatabase.existingSecretHostKey }}
+            - name: KEYCLOAK_DATABASE_HOST_FILE
+              value: {{ printf "/opt/bitnami/keycloak/secrets/db-%s" (include "keycloak.databaseSecretHostKey" .) }}
+            {{- end }}
+            {{- if .Values.externalDatabase.existingSecretPortKey }}
+            - name: KEYCLOAK_DATABASE_PORT_FILE
+              value: {{ printf "/opt/bitnami/keycloak/secrets/db-%s" (include "keycloak.databaseSecretPortKey" .) }}
+            {{- end }}
+            {{- if .Values.externalDatabase.existingSecretUserKey }}
+            - name: KEYCLOAK_DATABASE_USER_FILE
+              value: {{ printf "/opt/bitnami/keycloak/secrets/db-%s" (include "keycloak.databaseSecretUserKey" .) }}
+            {{- end }}
+            {{- if .Values.externalDatabase.existingSecretDatabaseKey }}
+            - name: KEYCLOAK_DATABASE_NAME_FILE
+              value: {{ printf "/opt/bitnami/keycloak/secrets/db-%s" (include "keycloak.databaseSecretDatabaseKey" .) }}
+            {{- end }}
+            {{- if and .Values.tls.enabled (or .Values.tls.keystorePassword .Values.tls.passwordsSecret) }}
+            - name: KEYCLOAK_HTTPS_KEY_STORE_PASSWORD_FILE
+              value: "/opt/bitnami/keycloak/secrets/tls-keystore-password"
+            {{- end }}
+            {{- if and .Values.tls.enabled (or .Values.tls.truststorePassword .Values.tls.passwordsSecret) }}
+            - name: KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD_FILE
+              value: "/opt/bitnami/keycloak/secrets/tls-truststore-password"
+            {{- end }}
+            {{- if and .Values.spi.existingSecret (or .Values.spi.truststorePassword .Values.spi.passwordsSecret) }}
+            - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD_FILE
+              value: "/opt/bitnami/keycloak/secrets/spi-truststore-password"
+            {{- end }}
+            {{- else }}
+            - name: KC_BOOTSTRAP_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.secretName" . }}
+                  key: {{ include "keycloak.secretKey" . }}
+            - name: KEYCLOAK_DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.databaseSecretName" . }}
+                  key: {{ include "keycloak.databaseSecretPasswordKey" . }}
+            {{- if .Values.externalDatabase.existingSecretHostKey }}
+            - name: KEYCLOAK_DATABASE_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.databaseSecretName" . }}
+                  key: {{ include "keycloak.databaseSecretHostKey" . }}
+            {{- end }}
+            {{- if .Values.externalDatabase.existingSecretPortKey }}
+            - name: KEYCLOAK_DATABASE_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.databaseSecretName" . }}
+                  key: {{ include "keycloak.databaseSecretPortKey" . }}
+            {{- end }}
+            {{- if .Values.externalDatabase.existingSecretUserKey }}
+            - name: KEYCLOAK_DATABASE_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.databaseSecretName" . }}
+                  key: {{ include "keycloak.databaseSecretUserKey" . }}
+            {{- end }}
+            {{- if .Values.externalDatabase.existingSecretDatabaseKey }}
+            - name: KEYCLOAK_DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.databaseSecretName" . }}
+                  key: {{ include "keycloak.databaseSecretDatabaseKey" . }}
+            {{- end }}
+            {{- if and .Values.tls.enabled (or .Values.tls.keystorePassword .Values.tls.passwordsSecret) }}
+            - name: KEYCLOAK_HTTPS_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.tlsPasswordsSecretName" . }}
+                  key: "tls-keystore-password"
+            {{- end }}
+            {{- if and .Values.tls.enabled (or .Values.tls.truststorePassword .Values.tls.passwordsSecret) }}
+            - name: KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.tlsPasswordsSecretName" . }}
+                  key: "tls-truststore-password"
+            {{- end }}
+            {{- if and .Values.spi.existingSecret (or .Values.spi.truststorePassword .Values.spi.passwordsSecret) }}
+            - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "keycloak.spiPasswordsSecretName" . }}
+                  key: "spi-truststore-password"
+            {{- end }}
+            {{- end }}
+            - name: KEYCLOAK_HTTP_RELATIVE_PATH
+              value: {{ .Values.httpRelativePath | quote }}
+            {{- if .Values.extraStartupArgs }}
+            - name: KEYCLOAK_EXTRA_ARGS
+              value: {{ .Values.extraStartupArgs | quote }}
+            {{- end }}
+            {{- if .Values.adminRealm }}
+            - name: KC_SPI_ADMIN_REALM
+              value: "{{ .Values.adminRealm }}"
+            {{- end }}
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            - configMapRef:
+                name: {{ printf "%s-env-vars" (include "common.names.fullname" .) }}
+            {{- if .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- else if ne .Values.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.containerPorts.http }}
+              protocol: TCP
+            {{- if .Values.tls.enabled }}
+            - name: https
+              containerPort: {{ .Values.containerPorts.https }}
+              protocol: TCP
+            {{- end }}
+            {{- if and (.Values.metrics.enabled) (not (eq (.Values.containerPorts.http | int) (.Values.containerPorts.metrics | int) )) }}
+            - name: metrics
+              containerPort: {{ .Values.containerPorts.metrics }}
+              protocol: TCP
+            {{- end}}
+            {{- /* Constant in code: https://github.com/keycloak/keycloak/blob/ce8e925c1ad9bf7a3180d1496e181aeea0ab5f8a/operator/src/main/java/org/keycloak/operator/Constants.java#L60 */}}
+            - name: discovery
+              containerPort: 7800
+            {{- if .Values.extraContainerPorts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+          {{- else if .Values.startupProbe.enabled }}
+          startupProbe: {{- omit .Values.startupProbe "enabled" | toYaml | nindent 12 }}
+            httpGet:
+              path: {{ .Values.httpRelativePath }}
+              port: http
+          {{- end }}
+          {{- if .Values.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.livenessProbe.enabled }}
+          livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }}
+            tcpSocket:
+              port: http
+          {{- end }}
+          {{- if .Values.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.readinessProbe.enabled }}
+          readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }}
+            httpGet:
+              path: {{ .Values.httpRelativePath }}realms/{{ .Values.adminRealm | default "master" }}
+              port: http
+          {{- end }}
+          {{- end }}
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            - name: empty-dir
+              mountPath: /bitnami/keycloak
+              subPath: app-volume-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/keycloak/conf
+              subPath: app-conf-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/keycloak/lib/quarkus
+              subPath: app-quarkus-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/keycloak/data
+              subPath: app-data-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/keycloak/providers
+              subPath: app-providers-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/keycloak/themes
+              subPath: app-themes-dir
+            {{- if  .Values.usePasswordFiles }}
+            - name: keycloak-secrets
+              mountPath: /opt/bitnami/keycloak/secrets
+            {{- end }}
+            {{- if or .Values.configuration .Values.existingConfigmap }}
+            - name: keycloak-config
+              mountPath: /bitnami/keycloak/conf/keycloak.conf
+              subPath: keycloak.conf
+            {{- end }}
+            {{- if .Values.tls.enabled }}
+            - name: certificates
+              mountPath: /opt/bitnami/keycloak/certs
+              readOnly: true
+            {{- end }}
+            {{- if .Values.customCaExistingSecret }}
+            - name: custom-ca
+              mountPath: /opt/bitnami/keycloak/custom-ca
+              readOnly: true
+            {{- end }}
+            {{- if .Values.spi.existingSecret }}
+            - name: spi-certificates
+              mountPath: /opt/bitnami/keycloak/spi-certs
+              readOnly: true
+            {{- end }}
+            {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+            - name: custom-init-scripts
+              mountPath: /docker-entrypoint-initdb.d
+            {{- end }}
+            {{- if .Values.extraVolumeMounts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
+            {{- end }}
+        {{- if .Values.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+        {{- end }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        {{- if .Values.usePasswordFiles }}
+        - name: keycloak-secrets
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "keycloak.secretName" . }}
+              - secret:
+                  name: {{ include "keycloak.databaseSecretName" . }}
+                  items:
+                    - key: {{ include "keycloak.databaseSecretPasswordKey" . }}
+                      path: {{ printf "db-%s" (include "keycloak.databaseSecretPasswordKey" .) }}
+                    {{- if .Values.externalDatabase.existingSecretHostKey }}
+                    - key: {{ include "keycloak.databaseSecretHostKey" . }}
+                      path: {{ printf "db-%s" (include "keycloak.databaseSecretHostKey" .) }}
+                    {{- end }}
+                    {{- if .Values.externalDatabase.existingSecretPortKey }}
+                    - key: {{ include "keycloak.databaseSecretPortKey" . }}
+                      path: {{ printf "db-%s" (include "keycloak.databaseSecretPortKey" .) }}
+                    {{- end }}
+                    {{- if .Values.externalDatabase.existingSecretUserKey }}
+                    - key: {{ include "keycloak.databaseSecretUserKey" . }}
+                      path: {{ printf "db-%s" (include "keycloak.databaseSecretUserKey" .) }}
+                    {{- end }}
+                    {{- if .Values.externalDatabase.existingSecretDatabaseKey }}
+                    - key: {{ include "keycloak.databaseSecretDatabaseKey" . }}
+                      path: {{ printf "db-%s" (include "keycloak.databaseSecretDatabaseKey" .) }}
+                    {{- end }}
+              {{- if and .Values.tls.enabled (or .Values.tls.keystorePassword .Values.tls.truststorePassword .Values.tls.passwordsSecret) }}
+              - secret:
+                  name: {{ include "keycloak.tlsPasswordsSecretName" . }}
+              {{- end }}
+              {{- if and .Values.spi.existingSecret (or .Values.spi.truststorePassword .Values.spi.passwordsSecret) }}
+              - secret:
+                  name: {{ include "keycloak.spiPasswordsSecretName" . }}
+              {{- end }}
+        {{- end }}
+        {{- if or .Values.configuration .Values.existingConfigmap }}
+        - name: keycloak-config
+          configMap:
+            name: {{ include "keycloak.configmapName" . }}
+        {{- end }}
+        {{- if .Values.tls.enabled }}
+        - name: certificates
+          secret:
+            secretName: {{ include "keycloak.tlsSecretName" . }}
+            defaultMode: 420
+        {{- end }}
+        {{- if .Values.customCaExistingSecret }}
+        - name: custom-ca
+          secret:
+            secretName: {{ .Values.customCaExistingSecret }}
+            defaultMode: 420
+        {{- end }}
+        {{- if .Values.spi.existingSecret }}
+        - name: spi-certificates
+          secret:
+            secretName: {{ .Values.spi.existingSecret }}
+            defaultMode: 420
+        {{- end }}
+        {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+        - name: custom-init-scripts
+          configMap:
+            name: {{ include "keycloak.initdbScriptsCM" . }}
+        {{- end }}
+        {{- if .Values.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
diff --git a/charts/keycloak/templates/tls-pass-secret.yaml b/charts/keycloak/templates/tls-pass-secret.yaml
new file mode 100644
index 0000000..cedcab5
--- /dev/null
+++ b/charts/keycloak/templates/tls-pass-secret.yaml
@@ -0,0 +1,43 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (or .Values.tls.keystorePassword .Values.tls.truststorePassword) (not .Values.tls.passwordsSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-tls-passwords" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  {{- if .Values.tls.keystorePassword }}
+  tls-keystore-password: {{ .Values.tls.keystorePassword | b64enc | quote }}
+  {{- end }}
+  {{- if .Values.tls.truststorePassword }}
+  tls-truststore-password: {{ .Values.tls.truststorePassword | b64enc | quote }}
+  {{- end }}
+---
+{{- end }}
+{{- if and .Values.spi.truststorePassword (not .Values.spi.passwordsSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-spi-passwords" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  {{- if .Values.spi.truststorePassword }}
+  spi-truststore-password: {{ .Values.spi.truststorePassword | b64enc | quote }}
+  {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/tls-secret.yaml b/charts/keycloak/templates/tls-secret.yaml
new file mode 100644
index 0000000..91e0647
--- /dev/null
+++ b/charts/keycloak/templates/tls-secret.yaml
@@ -0,0 +1,71 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.ingress.enabled }}
+{{- if .Values.ingress.secrets }}
+{{- range .Values.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }}
+  namespace: {{ include "common.names.namespace" $ | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.tplvalues.render" ( dict "value" .certificate "context" $ ) | b64enc }}
+  tls.key: {{ include "common.tplvalues.render" ( dict "value" .key "context" $ ) | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
+{{- $ca := genCA "keycloak-ca" 365 }}
+{{- $cert := genSignedCert (tpl .Values.ingress.hostname .) nil (list (tpl .Values.ingress.hostname .)) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+  ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
+{{- end }}
+{{- if (include "keycloak.createTlsSecret" $) }}
+{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
+{{- $ca := genCA "keycloak-ca" 365 }}
+{{- $releaseNamespace := include "common.names.namespace" . }}
+{{- $clusterDomain := .Values.clusterDomain }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: keycloak
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  {{- $replicaCount := int .Values.replicaCount }}
+  {{- $svcName := include "common.names.fullname" . }}
+  {{- $altNames := list (printf "%s.%s.svc.%s" $svcName $releaseNamespace $clusterDomain) (printf "%s.%s" $svcName $releaseNamespace) $svcName }}
+  {{- $cert := genSignedCert $svcName nil $altNames 365 $ca }}
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+  ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
+
diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml
new file mode 100644
index 0000000..3990e0b
--- /dev/null
+++ b/charts/keycloak/values.yaml
@@ -0,0 +1,1403 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+## @section Global parameters
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
+##
+
+## @param global.imageRegistry Global Docker image registry
+## @param global.imagePullSecrets Global Docker registry secret names as an array
+## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
+## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
+##
+global:
+  imageRegistry: ""
+  ## E.g.
+  ## imagePullSecrets:
+  ##   - myRegistryKeySecretName
+  ##
+  imagePullSecrets: []
+  defaultStorageClass: ""
+  storageClass: ""
+  ## Security parameters
+  ##
+  security:
+    ## @param global.security.allowInsecureImages Allows skipping image verification
+    allowInsecureImages: false
+  ## Compatibility adaptations for Kubernetes platforms
+  ##
+  compatibility:
+    ## Compatibility adaptations for Openshift
+    ##
+    openshift:
+      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
+      ##
+      adaptSecurityContext: auto
+## @section Common parameters
+##
+
+## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
+##
+kubeVersion: ""
+## @param nameOverride String to partially override common.names.fullname
+##
+nameOverride: ""
+## @param fullnameOverride String to fully override common.names.fullname
+##
+fullnameOverride: ""
+## @param namespaceOverride String to fully override common.names.namespace
+##
+namespaceOverride: ""
+## @param commonLabels Labels to add to all deployed objects
+##
+commonLabels: {}
+## @param enableServiceLinks If set to false, disable Kubernetes service links in the pod spec
+## Ref: https://kubernetes.io/docs/tutorials/services/connect-applications-service/#accessing-the-service
+##
+enableServiceLinks: true
+## @param commonAnnotations Annotations to add to all deployed objects
+##
+commonAnnotations: {}
+## @param dnsPolicy DNS Policy for pod
+## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
+## E.g.
+## dnsPolicy: ClusterFirst
+dnsPolicy: ""
+## @param dnsConfig DNS Configuration pod
+## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
+## E.g.
+## dnsConfig:
+##   options:
+##   - name: ndots
+##     value: "4"
+dnsConfig: {}
+## @param clusterDomain Default Kubernetes cluster domain
+##
+clusterDomain: cluster.local
+## @param extraDeploy Array of extra objects to deploy with the release
+##
+extraDeploy: []
+## @param usePasswordFiles Mount credentials as files instead of using environment variables
+##
+usePasswordFiles: true
+## Enable diagnostic mode in the statefulset
+##
+diagnosticMode:
+  ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
+  ##
+  enabled: false
+  ## @param diagnosticMode.command Command to override all containers in the the statefulset
+  ##
+  command:
+    - sleep
+  ## @param diagnosticMode.args Args to override all containers in the the statefulset
+  ##
+  args:
+    - infinity
+## @section Keycloak parameters
+
+## Bitnami Keycloak image version
+## ref: https://hub.docker.com/r/bitnami/keycloak/tags/
+## @param image.registry [default: REGISTRY_NAME] Keycloak image registry
+## @param image.repository [default: REPOSITORY_NAME/keycloak] Keycloak image repository
+## @skip image.tag Keycloak image tag (immutable tags are recommended)
+## @param image.digest Keycloak image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+## @param image.pullPolicy Keycloak image pull policy
+## @param image.pullSecrets Specify docker-registry secret names as an array
+## @param image.debug Specify if debug logs should be enabled
+##
+image:
+  registry: docker.io
+  repository: bitnami/keycloak
+  tag: 26.3.2-debian-12-r1
+  digest: ""
+  ## Specify a imagePullPolicy
+  ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+  ##
+  pullPolicy: IfNotPresent
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ## Example:
+  ## pullSecrets:
+  ##   - myRegistryKeySecretName
+  ##
+  pullSecrets: []
+  ## Set to true if you would like to see extra information on logs
+  ##
+  debug: false
+## Keycloak authentication parameters
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/keycloak#admin-credentials
+##
+auth:
+  ## @param auth.adminUser Keycloak administrator user
+  ##
+  adminUser: user
+  ## @param auth.adminPassword Keycloak administrator password for the new user
+  ##
+  adminPassword: ""
+  ## @param auth.existingSecret Existing secret containing Keycloak admin password
+  ##
+  existingSecret: ""
+  ## @param auth.passwordSecretKey Key where the Keycloak admin password is being stored inside the existing secret.
+  ##
+  passwordSecretKey: ""
+  ## @param auth.annotations Additional custom annotations for Keycloak auth secret object
+  ##
+  annotations: {}
+## Custom Certificates
+## @param customCaExistingSecret Name of the secret containing the Keycloak custom CA certificates. The secret will be mounted as a directory and configured using KC_TRUSTSTORE_PATHS.
+## https://www.keycloak.org/server/keycloak-truststore
+## Could be created like this: kubectl create secret generic secretName --from-file=./certificateToMerge.pem
+customCaExistingSecret: ""
+## HTTPS settings
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/keycloak#tls-encryption
+##
+tls:
+  ## @param tls.enabled Enable TLS encryption. Required for HTTPs traffic.
+  ##
+  enabled: false
+  ## @param tls.autoGenerated Generate automatically self-signed TLS certificates. Currently only supports PEM certificates
+  ##
+  autoGenerated: false
+  ## @param tls.existingSecret Existing secret containing the TLS certificates per Keycloak replica
+  ## Create this secret following the steps below:
+  ## 1) Generate your truststore and keystore files (more info at https://www.keycloak.org/docs/latest/server_installation/#_setting_up_ssl)
+  ## 2) Rename your truststore to `keycloak.truststore.jks` or use a different name overwriting the value 'tls.truststoreFilename'.
+  ## 3) Rename your keystores to `keycloak.keystore.jks` or use a different name overwriting the value 'tls.keystoreFilename'.
+  ## 4) Run the command below where SECRET_NAME is the name of the secret you want to create:
+  ##       kubectl create secret generic SECRET_NAME --from-file=./keycloak.truststore.jks --from-file=./keycloak.keystore.jks
+  ## NOTE: If usePem enabled, make sure the PEM key and cert are named 'tls.key' and 'tls.crt' respectively.
+  ##
+  existingSecret: ""
+  ## @param tls.usePem Use PEM certificates as input instead of PKS12/JKS stores
+  ## If "true", the Keycloak chart will look for the files tls.key and tls.crt inside the secret provided with 'existingSecret'.
+  ##
+  usePem: false
+  ## @param tls.truststoreFilename Truststore filename inside the existing secret
+  ##
+  truststoreFilename: "keycloak.truststore.jks"
+  ## @param tls.keystoreFilename Keystore filename inside the existing secret
+  ##
+  keystoreFilename: "keycloak.keystore.jks"
+  ## @param tls.keystorePassword Password to access the keystore when it's password-protected
+  ##
+  keystorePassword: ""
+  ## @param tls.truststorePassword Password to access the truststore when it's password-protected
+  ##
+  truststorePassword: ""
+  ## @param tls.passwordsSecret Secret containing the Keystore and Truststore passwords.
+  ## The secret must have "tls-keystore-password" and "tls-truststore-password" keys for the keystore and truststore respectively.
+  ##
+  passwordsSecret: ""
+## SPI TLS settings
+## ref: https://www.keycloak.org/server/keycloak-truststore
+##
+spi:
+  ## @param spi.existingSecret Existing secret containing the Keycloak truststore for SPI connection over HTTPS/TLS
+  ## Create this secret following the steps below:
+  ## 1) Rename your truststore to `keycloak-spi.truststore.jks` or use a different name overwriting the value 'spi.truststoreFilename'.
+  ## 2) Run the command below where SECRET_NAME is the name of the secret you want to create:
+  ##       kubectl create secret generic SECRET_NAME --from-file=./keycloak-spi.truststore.jks --from-file=./keycloak.keystore.jks
+  ##
+  existingSecret: ""
+  ## @param spi.truststorePassword Password to access the truststore when it's password-protected
+  ##
+  truststorePassword: ""
+  ## @param spi.truststoreFilename Truststore filename inside the existing secret
+  ##
+  truststoreFilename: "keycloak-spi.truststore.jks"
+  ## @param spi.passwordsSecret Secret containing the SPI Truststore passwords.
+  ## The secret must have "spi-truststore-password" key.
+  ##
+  passwordsSecret: ""
+  ## @param spi.hostnameVerificationPolicy Verify the hostname of the server's certificate. Allowed values: "ANY", "WILDCARD", "STRICT".
+  ##
+  hostnameVerificationPolicy: ""
+## @param adminRealm Name of the admin realm
+##
+adminRealm: "master"
+## @param production Run Keycloak in production mode. TLS configuration is required except when using proxy=edge.
+##
+production: false
+## @param proxyHeaders Set Keycloak proxy headers
+##
+proxyHeaders: ""
+## @param proxy reverse Proxy mode edge, reencrypt, passthrough or none
+## DEPRECATED: use proxyHeaders instead
+## ref: https://www.keycloak.org/server/reverseproxy
+##
+proxy: ""
+## @param httpRelativePath Set the path relative to '/' for serving resources. Useful if you are migrating from older version which were using '/auth/'
+## ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed
+##
+httpRelativePath: "/"
+## Keycloak Service Discovery settings
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/keycloak#cluster-configuration
+##
+## @param configuration Keycloak Configuration. Auto-generated based on other parameters when not specified
+## Specify content for keycloak.conf
+## NOTE: This will override configuring Keycloak based on environment variables (including those set by the chart)
+## The keycloak.conf is auto-generated based on other parameters when this parameter is not specified
+##
+## Example:
+## configuration: |-
+##    foo: bar
+##    baz:
+##
+configuration: ""
+## @param existingConfigmap Name of existing ConfigMap with Keycloak configuration
+## NOTE: When it's set the configuration parameter is ignored
+##
+existingConfigmap: ""
+## @param extraStartupArgs Extra default startup args
+##
+extraStartupArgs: ""
+## @param enableDefaultInitContainers Deploy default init containers
+## Disable this parameter could be helpful for 3rd party images e.g native Keycloak image.
+##
+enableDefaultInitContainers: true
+## @param initdbScripts Dictionary of initdb scripts
+## Specify dictionary of scripts to be run at first boot
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/keycloak#initializing-a-new-instance
+## Example:
+## initdbScripts:
+##   my_init_script.sh: |
+##      #!/bin/bash
+##      echo "Do something."
+##
+initdbScripts: {}
+## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`)
+##
+initdbScriptsConfigMap: ""
+## @param command Override default container command (useful when using custom images)
+##
+command: []
+## @param args Override default container args (useful when using custom images)
+##
+args: []
+## @param extraEnvVars Extra environment variables to be set on Keycloak container
+## Example:
+## extraEnvVars:
+##   - name: FOO
+##     value: "bar"
+##
+extraEnvVars: []
+## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
+##
+extraEnvVarsCM: ""
+## @param extraEnvVarsSecret Name of existing Secret containing extra env vars
+##
+extraEnvVarsSecret: ""
+## @section Keycloak statefulset parameters
+
+## @param replicaCount Number of Keycloak replicas to deploy
+##
+replicaCount: 1
+## @param revisionHistoryLimitCount Number of controller revisions to keep
+##
+revisionHistoryLimitCount: 10
+## @param containerPorts.http Keycloak HTTP container port
+## @param containerPorts.https Keycloak HTTPS container port
+## @param containerPorts.metrics Keycloak metrics container port
+##
+containerPorts:
+  http: 8080
+  https: 8443
+  metrics: 9000
+## @param extraContainerPorts Optionally specify extra list of additional port-mappings for Keycloak container
+##
+extraContainerPorts: []
+## @param statefulsetAnnotations Optionally add extra annotations on the statefulset resource
+statefulsetAnnotations: {}
+##
+## Keycloak pods' SecurityContext
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+## @param podSecurityContext.enabled Enabled Keycloak pods' Security Context
+## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
+## @param podSecurityContext.supplementalGroups Set filesystem extra groups
+## @param podSecurityContext.fsGroup Set Keycloak pod's Security Context fsGroup
+##
+podSecurityContext:
+  enabled: true
+  fsGroupChangePolicy: Always
+  sysctls: []
+  supplementalGroups: []
+  fsGroup: 1001
+## Keycloak containers' Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## @param containerSecurityContext.enabled Enabled containers' Security Context
+## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
+## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
+## @param containerSecurityContext.privileged Set container's Security Context privileged
+## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
+## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
+## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+##
+containerSecurityContext:
+  enabled: true
+  seLinuxOptions: {}
+  runAsUser: 1001
+  runAsGroup: 1001
+  runAsNonRoot: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop: ["ALL"]
+  seccompProfile:
+    type: "RuntimeDefault"
+## Keycloak resource requests and limits
+## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+##
+resourcesPreset: "small"
+## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+## Example:
+## resources:
+##   requests:
+##     cpu: 2
+##     memory: 512Mi
+##   limits:
+##     cpu: 3
+##     memory: 1024Mi
+##
+resources: {}
+## Configure extra options for Keycloak containers' liveness, readiness and startup probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
+## @param livenessProbe.enabled Enable livenessProbe on Keycloak containers
+## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+## @param livenessProbe.periodSeconds Period seconds for livenessProbe
+## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
+## @param livenessProbe.successThreshold Success threshold for livenessProbe
+##
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 300
+  periodSeconds: 1
+  timeoutSeconds: 5
+  failureThreshold: 3
+  successThreshold: 1
+## @param readinessProbe.enabled Enable readinessProbe on Keycloak containers
+## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+## @param readinessProbe.periodSeconds Period seconds for readinessProbe
+## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
+## @param readinessProbe.successThreshold Success threshold for readinessProbe
+##
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  timeoutSeconds: 1
+  failureThreshold: 3
+  successThreshold: 1
+## When enabling this, make sure to set initialDelaySeconds to 0 for livenessProbe and readinessProbe
+## @param startupProbe.enabled Enable startupProbe on Keycloak containers
+## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+## @param startupProbe.periodSeconds Period seconds for startupProbe
+## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
+## @param startupProbe.failureThreshold Failure threshold for startupProbe
+## @param startupProbe.successThreshold Success threshold for startupProbe
+##
+startupProbe:
+  enabled: false
+  initialDelaySeconds: 30
+  periodSeconds: 5
+  timeoutSeconds: 1
+  failureThreshold: 60
+  successThreshold: 1
+## @param customLivenessProbe Custom Liveness probes for Keycloak
+##
+customLivenessProbe: {}
+## @param customReadinessProbe Custom Rediness probes Keycloak
+##
+customReadinessProbe: {}
+## @param customStartupProbe Custom Startup probes for Keycloak
+##
+customStartupProbe: {}
+## @param lifecycleHooks LifecycleHooks to set additional configuration at startup
+##
+lifecycleHooks: {}
+## @param automountServiceAccountToken Mount Service Account token in pod
+##
+automountServiceAccountToken: true
+## @param hostAliases Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+## @param podLabels Extra labels for Keycloak pods
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+## @param podAnnotations Annotations for Keycloak pods
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+##
+podAffinityPreset: ""
+## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+##
+podAntiAffinityPreset: soft
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+##
+nodeAffinityPreset:
+  ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+  ##
+  type: ""
+  ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
+  ## E.g.
+  ## key: "kubernetes.io/e2e-az-name"
+  ##
+  key: ""
+  ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
+  ## E.g.
+  ## values:
+  ##   - e2e-az1
+  ##   - e2e-az2
+  ##
+  values: []
+## @param affinity Affinity for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## @param nodeSelector Node labels for pod assignment
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+##
+nodeSelector: {}
+## @param tolerations Tolerations for pod assignment
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
+## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+##
+topologySpreadConstraints: []
+## @param podManagementPolicy Pod management policy for the Keycloak statefulset
+##
+podManagementPolicy: Parallel
+## @param priorityClassName Keycloak pods' Priority Class Name
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+priorityClassName: ""
+## @param schedulerName Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+schedulerName: ""
+## @param terminationGracePeriodSeconds Seconds Keycloak pod needs to terminate gracefully
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+##
+terminationGracePeriodSeconds: ""
+## @param updateStrategy.type Keycloak statefulset strategy type
+## @param updateStrategy.rollingUpdate Keycloak statefulset rolling update configuration parameters
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+  type: RollingUpdate
+  rollingUpdate: {}
+## @param minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
+##
+minReadySeconds: 0
+## @param extraVolumes Optionally specify extra list of additional volumes for Keycloak pods
+##
+extraVolumes: []
+## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Keycloak container(s)
+##
+extraVolumeMounts: []
+## @param initContainers Add additional init containers to the Keycloak pods
+## Example:
+## initContainers:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+initContainers: []
+## @param sidecars Add additional sidecar containers to the Keycloak pods
+## Example:
+## sidecars:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+sidecars: []
+## @section Exposure parameters
+##
+
+## Service configuration
+##
+service:
+  ## @param service.type Kubernetes service type
+  ##
+  type: ClusterIP
+  ## @param service.http.enabled Enable http port on service
+  ##
+  http:
+    enabled: true
+  ## @param service.ports.http Keycloak service HTTP port
+  ## @param service.ports.https Keycloak service HTTPS port
+  ##
+  ports:
+    http: 80
+    https: 443
+  ## @param service.nodePorts [object] Specify the nodePort values for the LoadBalancer and NodePort service types.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+  ##
+  nodePorts:
+    http: ""
+    https: ""
+  ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
+  ## Values: ClientIP or None
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+  ##
+  sessionAffinity: None
+  ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
+  ## sessionAffinityConfig:
+  ##   clientIP:
+  ##     timeoutSeconds: 300
+  ##
+  sessionAffinityConfig: {}
+  ## @param service.clusterIP Keycloak service clusterIP IP
+  ## e.g:
+  ## clusterIP: None
+  ##
+  clusterIP: ""
+  ## @param service.loadBalancerIP loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+  ##
+  loadBalancerIP: ""
+  ## @param service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
+  ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+  ## Example:
+  ## loadBalancerSourceRanges:
+  ##   - 10.10.10.0/24
+  ##
+  loadBalancerSourceRanges: []
+  ## @param service.externalTrafficPolicy Enable client source IP preservation
+  ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  ##
+  externalTrafficPolicy: Cluster
+  ## @param service.annotations Additional custom annotations for Keycloak service
+  ##
+  annotations: {}
+  ## @param service.extraPorts Extra port to expose on Keycloak service
+  ##
+  extraPorts: []
+  # DEPRECATED service.extraHeadlessPorts will be removed in a future release, please use service.headless.extraPorts instead
+  ## @param service.extraHeadlessPorts Extra ports to expose on Keycloak headless service
+  ##
+  extraHeadlessPorts: []
+  ## Headless service properties
+  ##
+  headless:
+    ## @param service.headless.annotations Annotations for the headless service.
+    ##
+    annotations: {}
+    ## @param service.headless.extraPorts Extra ports to expose on Keycloak headless service
+    ##
+    extraPorts: []
+## Keycloak ingress parameters
+## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
+##
+ingress:
+  ## @param ingress.enabled Enable ingress record generation for Keycloak
+  ##
+  enabled: false
+  ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (evaluated as template) (Kubernetes 1.18+)
+  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+  ##
+  ingressClassName: ""
+  ## @param ingress.pathType Ingress path type
+  ##
+  pathType: ImplementationSpecific
+  ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
+  ##
+  apiVersion: ""
+  ## @param ingress.controller The ingress controller type. Currently supports `default` and `gce`
+  ## leave as `default` for most ingress controllers.
+  ## set to `gce` if using the GCE ingress controller
+  ##
+  controller: default
+  ## @param ingress.hostname Default host for the ingress record (evaluated as template)
+  ##
+  hostname: keycloak.local
+  ## @param ingress.hostnameStrict Disables dynamically resolving the hostname from request headers.
+  ## Should always be set to true in production, unless your reverse proxy overwrites the Host header.
+  ## If enabled, the hostname option needs to be specified.
+  ##
+  hostnameStrict: false
+  ## @param ingress.path [string] Default path for the ingress record (evaluated as template)
+  ##
+  path: "{{ .Values.httpRelativePath }}"
+  ## @param ingress.servicePort Backend service port to use
+  ## Default is http. Alternative is https.
+  ##
+  servicePort: http
+  ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+  ## Use this parameter to set the required annotations for cert-manager, see
+  ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+  ## e.g:
+  ## annotations:
+  ##   kubernetes.io/ingress.class: nginx
+  ##   cert-manager.io/cluster-issuer: cluster-issuer-name
+  ##
+  annotations: {}
+  ## @param ingress.labels Additional labels for the Ingress resource.
+  ## e.g:
+  ## labels:
+  ##   app: keycloak
+  ##
+  labels: {}
+  ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
+  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" (tpl .Values.ingress.hostname .) }}`
+  ## You can:
+  ##   - Use the `ingress.secrets` parameter to create this TLS secret
+  ##   - Rely on cert-manager to create it by setting the corresponding annotations
+  ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
+  ##
+  tls: false
+  ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+  ##
+  selfSigned: false
+  ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+  ## e.g:
+  ## extraHosts:
+  ##   - name: keycloak.local
+  ##     path: /
+  ##
+  extraHosts: []
+  ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
+  ## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
+  ## extraPaths:
+  ## - path: /*
+  ##   backend:
+  ##     serviceName: ssl-redirect
+  ##     servicePort: use-annotation
+  ##
+  extraPaths: []
+  ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
+  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+  ## extraTls:
+  ## - hosts:
+  ##     - keycloak.local
+  ##   secretName: keycloak.local-tls
+  ##
+  extraTls: []
+  ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
+  ## key and certificate should start with -----BEGIN CERTIFICATE----- or
+  ## -----BEGIN RSA PRIVATE KEY-----
+  ##
+  ## name should line up with a tlsSecret set further up
+  ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
+  ##
+  ## It is also possible to create and manage the certificates outside of this helm chart
+  ## Please see README.md for more information
+  ## e.g:
+  ## - name: keycloak.local-tls
+  ##   key:
+  ##   certificate:
+  ##
+  secrets: []
+  ## @param ingress.extraRules Additional rules to be covered with this ingress record
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+  ## e.g:
+  ## extraRules:
+  ## - host: keycloak.local
+  ##     http:
+  ##       path: /
+  ##       backend:
+  ##         service:
+  ##           name: keycloak
+  ##           port:
+  ##             name: http
+  ##
+  extraRules: []
+## Keycloak admin ingress parameters
+## ref: https://kubernetes.io/docs/user-guide/ingress/
+##
+adminIngress:
+  ## @param adminIngress.enabled Enable admin ingress record generation for Keycloak
+  ##
+  enabled: false
+  ## @param adminIngress.ingressClassName IngressClass that will be be used to implement the Ingress (evaluated as template) (Kubernetes 1.18+)
+  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+  ##
+  ingressClassName: ""
+  ## @param adminIngress.pathType Ingress path type
+  ##
+  pathType: ImplementationSpecific
+  ## @param adminIngress.apiVersion Force Ingress API version (automatically detected if not set)
+  ##
+  apiVersion: ""
+  ## @param adminIngress.controller The ingress controller type. Currently supports `default` and `gce`
+  ## leave as `default` for most ingress controllers.
+  ## set to `gce` if using the GCE ingress controller
+  ##
+  controller: default
+  ## @param adminIngress.hostname Default host for the admin ingress record (evaluated as template)
+  ##
+  hostname: keycloak.local
+  ## @param adminIngress.path [string] Default path for the admin ingress record (evaluated as template)
+  ##
+  path: "{{ .Values.httpRelativePath }}"
+  ## @param adminIngress.servicePort Backend service port to use
+  ## Default is http. Alternative is https.
+  ##
+  servicePort: http
+  ## @param adminIngress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+  ## Use this parameter to set the required annotations for cert-manager, see
+  ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+  ## e.g:
+  ## annotations:
+  ##   kubernetes.io/ingress.class: nginx
+  ##   cert-manager.io/cluster-issuer: cluster-issuer-name
+  ##
+  annotations: {}
+  ## @param adminIngress.labels Additional labels for the Ingress resource.
+  ## e.g:
+  ## labels:
+  ##   app: keycloak
+  ##
+  labels: {}
+  ## @param adminIngress.tls Enable TLS configuration for the host defined at `adminIngress.hostname` parameter
+  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" (tpl .Values.adminIngress.hostname .) }}`
+  ## You can:
+  ##   - Use the `adminIngress.secrets` parameter to create this TLS secret
+  ##   - Rely on cert-manager to create it by setting the corresponding annotations
+  ##   - Rely on Helm to create self-signed certificates by setting `adminIngress.selfSigned=true`
+  ##
+  tls: false
+  ## @param adminIngress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+  ##
+  selfSigned: false
+  ## @param adminIngress.extraHosts An array with additional hostname(s) to be covered with the admin ingress record
+  ## e.g:
+  ## extraHosts:
+  ##   - name: keycloak.local
+  ##     path: /
+  ##
+  extraHosts: []
+  ## @param adminIngress.extraPaths Any additional arbitrary paths that may need to be added to the admin ingress under the main host.
+  ## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
+  ## extraPaths:
+  ## - path: /*
+  ##   backend:
+  ##     serviceName: ssl-redirect
+  ##     servicePort: use-annotation
+  ##
+  extraPaths: []
+  ## @param adminIngress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
+  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+  ## extraTls:
+  ## - hosts:
+  ##     - keycloak.local
+  ##   secretName: keycloak.local-tls
+  ##
+  extraTls: []
+  ## @param adminIngress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
+  ## key and certificate should start with -----BEGIN CERTIFICATE----- or
+  ## -----BEGIN RSA PRIVATE KEY-----
+  ##
+  ## name should line up with a tlsSecret set further up
+  ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
+  ##
+  ## It is also possible to create and manage the certificates outside of this helm chart
+  ## Please see README.md for more information
+  ## e.g:
+  ## - name: keycloak.local-tls
+  ##   key:
+  ##   certificate:
+  ##
+  secrets: []
+  ## @param adminIngress.extraRules Additional rules to be covered with this ingress record
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+  ## e.g:
+  ## extraRules:
+  ## - host: keycloak.local
+  ##     http:
+  ##       path: /
+  ##       backend:
+  ##         service:
+  ##           name: keycloak
+  ##           port:
+  ##             name: http
+  ##
+  extraRules: []
+## Network Policy configuration
+## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+##
+networkPolicy:
+  ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
+  ##
+  enabled: true
+  ## @param networkPolicy.allowExternal Don't require server label for connections
+  ## The Policy model to apply. When set to false, only pods with the correct
+  ## server label will have network access to the ports server is listening
+  ## on. When true, server will accept connections from any source
+  ## (with the correct destination port).
+  ##
+  allowExternal: true
+  ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
+  ##
+  allowExternalEgress: true
+  ## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
+  ##
+  kubeAPIServerPorts: [443, 6443, 8443]
+  ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
+  ## e.g:
+  ## extraIngress:
+  ##   - ports:
+  ##       - port: 1234
+  ##     from:
+  ##       - podSelector:
+  ##           - matchLabels:
+  ##               - role: frontend
+  ##       - podSelector:
+  ##           - matchExpressions:
+  ##               - key: role
+  ##                 operator: In
+  ##                 values:
+  ##                   - frontend
+  extraIngress: []
+  ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
+  ## e.g:
+  ## extraEgress:
+  ##   - ports:
+  ##       - port: 1234
+  ##     to:
+  ##       - podSelector:
+  ##           - matchLabels:
+  ##               - role: frontend
+  ##       - podSelector:
+  ##           - matchExpressions:
+  ##               - key: role
+  ##                 operator: In
+  ##                 values:
+  ##                   - frontend
+  ##
+  extraEgress: []
+  ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
+  ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
+  ##
+  ingressNSMatchLabels: {}
+  ingressNSPodMatchLabels: {}
+## @section RBAC parameter
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+  ## @param serviceAccount.create Enable the creation of a ServiceAccount for Keycloak pods
+  ##
+  create: true
+  ## @param serviceAccount.name Name of the created ServiceAccount
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  name: ""
+  ## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod
+  ##
+  automountServiceAccountToken: false
+  ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
+  ##
+  annotations: {}
+  ## @param serviceAccount.extraLabels Additional labels for the ServiceAccount
+  ##
+  extraLabels: {}
+## Specifies whether RBAC resources should be created
+##
+rbac:
+  ## @param rbac.create Whether to create and use RBAC resources or not
+  ##
+  create: false
+  ## @param rbac.rules Custom RBAC rules
+  ## Example:
+  ## rules:
+  ##   - apiGroups:
+  ##       - ""
+  ##     resources:
+  ##       - pods
+  ##     verbs:
+  ##       - get
+  ##       - list
+  ##
+  rules: []
+## @section Other parameters
+##
+
+## Keycloak Pod Disruption Budget configuration
+## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+##
+pdb:
+  ## @param pdb.create Enable/disable a Pod Disruption Budget creation
+  ##
+  create: true
+  ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
+  ##
+  minAvailable: ""
+  ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
+  ##
+  maxUnavailable: ""
+## Keycloak Autoscaling configuration
+## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+## @param autoscaling.enabled Enable autoscaling for Keycloak
+## @param autoscaling.minReplicas Minimum number of Keycloak replicas
+## @param autoscaling.maxReplicas Maximum number of Keycloak replicas
+## @param autoscaling.targetCPU Target CPU utilization percentage
+## @param autoscaling.targetMemory Target Memory utilization percentage
+##
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 11
+  targetCPU: ""
+  targetMemory: ""
+  ## HPA Scaling Behavior
+  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configurable-scaling-behavior
+  ##
+  behavior:
+    ## HPA behavior when scaling up
+    ## @param autoscaling.behavior.scaleUp.stabilizationWindowSeconds The number of seconds for which past recommendations should be considered while scaling up
+    ## @param autoscaling.behavior.scaleUp.selectPolicy The priority of policies that the autoscaler will apply when scaling up
+    ## @param autoscaling.behavior.scaleUp.policies [array] HPA scaling policies when scaling up
+    ## e.g:
+    ## Policy to scale 20% of the pod in 60s
+    ## - type: Percent
+    ##   value: 20
+    ##   periodSeconds: 60
+    ##
+    scaleUp:
+      stabilizationWindowSeconds: 120
+      selectPolicy: Max
+      policies: []
+    ## HPA behavior when scaling down
+    ## @param autoscaling.behavior.scaleDown.stabilizationWindowSeconds The number of seconds for which past recommendations should be considered while scaling down
+    ## @param autoscaling.behavior.scaleDown.selectPolicy The priority of policies that the autoscaler will apply when scaling down
+    ## @param autoscaling.behavior.scaleDown.policies [array] HPA scaling policies when scaling down
+    ## e.g:
+    ## Policy to scale one pod in 300s
+    ## - type: Pods
+    ##   value: 1
+    ##   periodSeconds: 300
+    ##
+    scaleDown:
+      stabilizationWindowSeconds: 300
+      selectPolicy: Max
+      policies:
+        - type: Pods
+          value: 1
+          periodSeconds: 300
+## @section Metrics parameters
+##
+
+## Metrics configuration
+##
+metrics:
+  ## @param metrics.enabled Enable exposing Keycloak statistics
+  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/keycloak#enabling-statistics
+  ##
+  enabled: false
+  ## Keycloak metrics service parameters
+  ##
+  service:
+    ports:
+      ## @param metrics.service.ports.http Metrics service HTTP port
+      ##
+      http: 8080
+      ## @param metrics.service.ports.https Metrics service HTTPS port
+      ##
+      https: 8443
+      ## @param metrics.service.ports.metrics Metrics service Metrics port
+      ##
+      metrics: 9000
+    ## @param metrics.service.annotations [object] Annotations for enabling prometheus to access the metrics endpoints
+    ##
+    annotations:
+      prometheus.io/scrape: "true"
+      prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
+    ## @param metrics.service.extraPorts [array] Add additional ports to the keycloak metrics service (i.e. admin port 9000)
+    ##
+    extraPorts: []
+  ## Prometheus Operator ServiceMonitor configuration
+  ##
+  serviceMonitor:
+    ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
+    ##
+    enabled: false
+    ## @param metrics.serviceMonitor.port Metrics service HTTP port
+    ##
+    port: metrics
+    ## @param metrics.serviceMonitor.scheme Metrics service scheme
+    ##
+    scheme: http
+    ## @param metrics.serviceMonitor.tlsConfig Metrics service TLS configuration
+    ##
+    tlsConfig: {}
+    ## @param metrics.serviceMonitor.endpoints [array] The endpoint configuration of the ServiceMonitor. Path is mandatory. Port, scheme, tlsConfig, interval, timeout and labellings can be overwritten.
+    ##
+    endpoints:
+      - path: '{{ include "keycloak.httpPath" . }}metrics'
+      - path: '{{ include "keycloak.httpPath" . }}realms/{{ .Values.adminRealm }}/metrics'
+        port: http
+    ## @param metrics.serviceMonitor.path Metrics service HTTP path. Deprecated: Use @param metrics.serviceMonitor.endpoints instead
+    ##
+    path: ""
+    ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in
+    ##
+    namespace: ""
+    ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
+    ##
+    interval: 30s
+    ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
+    ## e.g:
+    ##   scrapeTimeout: 30s
+    ##
+    scrapeTimeout: ""
+    ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus
+    ##
+    labels: {}
+    ## @param metrics.serviceMonitor.selector Prometheus instance selector labels
+    ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
+    ##
+    selector: {}
+    ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
+    ##
+    relabelings: []
+    ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
+    ##
+    metricRelabelings: []
+    ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
+    ##
+    honorLabels: false
+    ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
+    ##
+    jobLabel: ""
+  ## Prometheus Operator alert rules configuration
+  ##
+  prometheusRule:
+    ## @param metrics.prometheusRule.enabled Create PrometheusRule Resource for scraping metrics using PrometheusOperator
+    ##
+    enabled: false
+    ## @param metrics.prometheusRule.namespace Namespace which Prometheus is running in
+    ##
+    namespace: ""
+    ## @param metrics.prometheusRule.labels Additional labels that can be used so PrometheusRule will be discovered by Prometheus
+    ##
+    labels: {}
+    ## @param metrics.prometheusRule.groups Groups, containing the alert rules.
+    ## Example:
+    ##   groups:
+    ##     - name: Keycloak
+    ##       rules:
+    ##         - alert: KeycloakInstanceNotAvailable
+    ##           annotations:
+    ##             message: "Keycloak instance in namespace {{ `{{` }} $labels.namespace {{ `}}` }} has not been available for the last 5 minutes."
+    ##           expr: |
+    ##             absent(kube_pod_status_ready{namespace="{{ include "common.names.namespace" . }}", condition="true"} * on (pod) kube_pod_labels{pod=~"{{ include "common.names.fullname" . }}-\\d+", namespace="{{ include "common.names.namespace" . }}"}) != 0
+    ##           for: 5m
+    ##           labels:
+    ##             severity: critical
+    groups: []
+## @section keycloak-config-cli parameters
+
+## Configuration for keycloak-config-cli
+## ref: https://github.com/adorsys/keycloak-config-cli
+##
+keycloakConfigCli:
+  ## @param keycloakConfigCli.enabled Whether to enable keycloak-config-cli job
+  ##
+  enabled: false
+  ## Bitnami keycloak-config-cli image
+  ## ref: https://hub.docker.com/r/bitnami/keycloak-config-cli/tags/
+  ## @param keycloakConfigCli.image.registry [default: REGISTRY_NAME] keycloak-config-cli container image registry
+  ## @param keycloakConfigCli.image.repository [default: REPOSITORY_NAME/keycloak-config-cli] keycloak-config-cli container image repository
+  ## @skip keycloakConfigCli.image.tag keycloak-config-cli container image tag
+  ## @param keycloakConfigCli.image.digest keycloak-config-cli container image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+  ## @param keycloakConfigCli.image.pullPolicy keycloak-config-cli container image pull policy
+  ## @param keycloakConfigCli.image.pullSecrets keycloak-config-cli container image pull secrets
+  ##
+  image:
+    registry: docker.io
+    repository: bitnami/keycloak-config-cli
+    tag: 6.4.0-debian-12-r11
+    digest: ""
+    ## Specify a imagePullPolicy
+    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ##
+    pullPolicy: IfNotPresent
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ## e.g:
+    ## pullSecrets:
+    ##   - myRegistryKeySecretName
+    ##
+    pullSecrets: []
+  ## @param keycloakConfigCli.annotations [object] Annotations for keycloak-config-cli job
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  annotations:
+    helm.sh/hook: "post-install,post-upgrade,post-rollback"
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "5"
+  ## @param keycloakConfigCli.command Command for running the container (set to default if not set). Use array form
+  ##
+  command: []
+  ## @param keycloakConfigCli.args Args for running the container (set to default if not set). Use array form
+  ##
+  args: []
+  ## @param keycloakConfigCli.automountServiceAccountToken Mount Service Account token in pod
+  ##
+  automountServiceAccountToken: true
+  ## @param keycloakConfigCli.hostAliases Job pod host aliases
+  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  ##
+  hostAliases: []
+  ## Keycloak config CLI resource requests and limits
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param keycloakConfigCli.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if keycloakConfigCli.resources is set (keycloakConfigCli.resources is recommended for production).
+  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ##
+  resourcesPreset: "small"
+  ## @param keycloakConfigCli.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## Example:
+  ## resources:
+  ##   requests:
+  ##     cpu: 2
+  ##     memory: 512Mi
+  ##   limits:
+  ##     cpu: 3
+  ##     memory: 1024Mi
+  ##
+  resources: {}
+  ## keycloak-config-cli containers' Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param keycloakConfigCli.containerSecurityContext.enabled Enabled keycloak-config-cli Security Context
+  ## @param keycloakConfigCli.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+  ## @param keycloakConfigCli.containerSecurityContext.runAsUser Set keycloak-config-cli Security Context runAsUser
+  ## @param keycloakConfigCli.containerSecurityContext.runAsGroup Set keycloak-config-cli Security Context runAsGroup
+  ## @param keycloakConfigCli.containerSecurityContext.runAsNonRoot Set keycloak-config-cli Security Context runAsNonRoot
+  ## @param keycloakConfigCli.containerSecurityContext.privileged Set keycloak-config-cli Security Context privileged
+  ## @param keycloakConfigCli.containerSecurityContext.readOnlyRootFilesystem Set keycloak-config-cli Security Context readOnlyRootFilesystem
+  ## @param keycloakConfigCli.containerSecurityContext.allowPrivilegeEscalation Set keycloak-config-cli Security Context allowPrivilegeEscalation
+  ## @param keycloakConfigCli.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param keycloakConfigCli.containerSecurityContext.seccompProfile.type Set keycloak-config-cli Security Context seccomp profile
+  ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 1001
+    runAsGroup: 1001
+    runAsNonRoot: true
+    privileged: false
+    readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+  ## keycloak-config-cli pods' Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param keycloakConfigCli.podSecurityContext.enabled Enabled keycloak-config-cli pods' Security Context
+  ## @param keycloakConfigCli.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+  ## @param keycloakConfigCli.podSecurityContext.sysctls Set kernel settings using the sysctl interface
+  ## @param keycloakConfigCli.podSecurityContext.supplementalGroups Set filesystem extra groups
+  ## @param keycloakConfigCli.podSecurityContext.fsGroup Set keycloak-config-cli pod's Security Context fsGroup
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
+    fsGroup: 1001
+  ## @param keycloakConfigCli.backoffLimit Number of retries before considering a Job as failed
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy
+  ##
+  backoffLimit: 1
+  ## @param keycloakConfigCli.podLabels Pod extra labels
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  ##
+  podLabels: {}
+  ## @param keycloakConfigCli.podAnnotations Annotations for job pod
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+  ## @param keycloakConfigCli.nodeSelector Node labels for pod assignment
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ##
+  nodeSelector: {}
+  ##
+  ## @param keycloakConfigCli.podTolerations Tolerations for job pod assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  podTolerations: []
+  ## keycloak-config-cli availability-check configuration
+  ## ref: https://github.com/adorsys/keycloak-config-cli#Configuration
+  ## @param keycloakConfigCli.availabilityCheck.enabled Whether to wait until Keycloak is available
+  ## @param keycloakConfigCli.availabilityCheck.timeout Timeout for the availability check (Default is 120s)
+  ##
+  availabilityCheck:
+    enabled: true
+    timeout: ""
+  ## @param keycloakConfigCli.extraEnvVars Additional environment variables to set
+  ## Example:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+  ## @param keycloakConfigCli.extraEnvVarsCM ConfigMap with extra environment variables
+  ##
+  extraEnvVarsCM: ""
+  ## @param keycloakConfigCli.extraEnvVarsSecret Secret with extra environment variables
+  ##
+  extraEnvVarsSecret: ""
+  ## @param keycloakConfigCli.extraVolumes Extra volumes to add to the job
+  ##
+  extraVolumes: []
+  ## @param keycloakConfigCli.extraVolumeMounts Extra volume mounts to add to the container
+  ##
+  extraVolumeMounts: []
+  ## @param keycloakConfigCli.initContainers Add additional init containers to the Keycloak config cli pod
+  ## Example:
+  ## initContainers:
+  ##   - name: your-image-name
+  ##     image: your-image
+  ##     imagePullPolicy: Always
+  ##     ports:
+  ##       - name: portname
+  ##         containerPort: 1234
+  ##
+  initContainers: []
+  ## @param keycloakConfigCli.sidecars Add additional sidecar containers to the Keycloak config cli pod
+  ## Example:
+  ## sidecars:
+  ##   - name: your-image-name
+  ##     image: your-image
+  ##     imagePullPolicy: Always
+  ##     ports:
+  ##       - name: portname
+  ##         containerPort: 1234
+  ##
+  sidecars: []
+  ## @param keycloakConfigCli.configuration keycloak-config-cli realms configuration
+  ## NOTE: nil keys will be considered files to import locally
+  ## Example:
+  ## configuration:
+  ##   realm1.json: |
+  ##     {
+  ##       "realm": "realm1",
+  ##       "clients": []
+  ##     }
+  ##   realm2.yaml: |
+  ##     realm: realm2
+  ##     clients: []
+  ##
+  configuration: {}
+  ## @param keycloakConfigCli.existingConfigmap ConfigMap with keycloak-config-cli configuration
+  ## NOTE: This will override keycloakConfigCli.configuration
+  ##
+  existingConfigmap: ""
+  ## Automatic Cleanup for Finished Jobs
+  ## @param keycloakConfigCli.cleanupAfterFinished.enabled Enables Cleanup for Finished Jobs
+  ## @param keycloakConfigCli.cleanupAfterFinished.seconds Sets the value of ttlSecondsAfterFinished
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
+  ##
+  cleanupAfterFinished:
+    enabled: false
+    seconds: 600
+## @section Database parameters
+
+## PostgreSQL chart configuration
+## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
+## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
+## @param postgresql.auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided
+## @param postgresql.auth.username Name for a custom user to create
+## @param postgresql.auth.password Password for the custom user to create
+## @param postgresql.auth.database Name for a custom database to create
+## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
+## @param postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
+## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
+##
+postgresql:
+  enabled: true
+  auth:
+    postgresPassword: ""
+    username: bn_keycloak
+    password: ""
+    database: bitnami_keycloak
+    existingSecret: ""
+    secretKeys:
+      userPasswordKey: password
+  architecture: standalone
+## External PostgreSQL configuration
+## All of these values are only used when postgresql.enabled is set to false
+## @param externalDatabase.host Database host
+## @param externalDatabase.port Database port number
+## @param externalDatabase.user Non-root username for Keycloak
+## @param externalDatabase.password Password for the non-root username for Keycloak
+## @param externalDatabase.database Keycloak database name
+## @param externalDatabase.schema Keycloak database schema
+## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
+## @param externalDatabase.existingSecretHostKey Name of an existing secret key containing the database host name
+## @param externalDatabase.existingSecretPortKey Name of an existing secret key containing the database port
+## @param externalDatabase.existingSecretUserKey Name of an existing secret key containing the database user
+## @param externalDatabase.existingSecretDatabaseKey Name of an existing secret key containing the database name
+## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
+## @param externalDatabase.annotations Additional custom annotations for external database secret object
+##
+externalDatabase:
+  host: ""
+  port: 5432
+  user: bn_keycloak
+  database: bitnami_keycloak
+  schema: public
+  password: ""
+  existingSecret: ""
+  existingSecretHostKey: ""
+  existingSecretPortKey: ""
+  existingSecretUserKey: ""
+  existingSecretDatabaseKey: ""
+  existingSecretPasswordKey: ""
+  annotations: {}
+## @section Keycloak Cache parameters
+
+## Keycloak cache configuration
+## ref: https://www.keycloak.org/server/caching
+## @param cache.enabled Switch to enable or disable the keycloak distributed cache for kubernetes.
+## NOTE: Set to false to use 'local' cache (only supported when replicaCount=1).
+## @param cache.stack Set infinispan cache stack to use, sets KC_CACHE_STACK (<https://www.keycloak.org/server/all-config?q=cache-stack>)
+## @param cache.configFile Set infinispan cache stack config filename sets KC_CACHE_CONFIG_FILE (<https://www.keycloak.org/server/all-config?q=cache-config-file>)
+## @param cache.useHeadlessServiceWithAppVersion Set to true to create the headless service used for ispn containing the app version
+##
+cache:
+  enabled: true
+  stack: kubernetes
+  configFile: "cache-ispn.xml"
+  useHeadlessServiceWithAppVersion: false
+## @section Keycloak Logging parameters
+
+## Keycloak logging configuration
+## ref: https://www.keycloak.org/server/logging
+## @param logging.output Alternates between the default log output format or json format
+## @param logging.level Allowed values as documented: FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL, OFF
+##
+logging:
+  output: default
+  level: INFO