CHART NAME: {{ .Chart.Name }} CHART VERSION: {{ .Chart.Version }} APP VERSION: {{ .Chart.AppVersion }} ⚠ WARNING: Since August 28th, 2025, only a limited subset of images/charts are available for free. Subscribe to Bitnami Secure Images to receive continued support and security updates. More info at https://bitnami.com and https://github.com/bitnami/containers/issues/83267 ** Please be patient while the chart is being deployed ** Keycloak can be accessed through the following DNS name from within your cluster: {{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ coalesce .Values.service.ports.http .Values.service.port }}) To access Keycloak from outside the cluster execute the following commands: {{- if .Values.ingress.enabled }} 1. Get the Keycloak URL and associate its hostname to your cluster external IP: export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters echo "Keycloak URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ (tpl .Values.ingress.hostname .) }}/" echo "$CLUSTER_IP {{ (tpl .Values.ingress.hostname .) }}" | sudo tee -a /etc/hosts {{- if .Values.adminIngress.enabled }} The admin area of Keycloak has been configured to point to a different domain ({{ .Values.adminIngress.hostname }}). Please remember to update the `frontendUrl` property of the `{{ .Values.adminRealm | default "master" }}` (or any other) realm for it to work properly (see README for an example) : echo "Keycloak admin URL: http{{ if .Values.adminIngress.tls }}s{{ end }}://{{ (tpl .Values.adminIngress.hostname .) }}/" echo "$CLUSTER_IP {{ (tpl .Values.adminIngress.hostname .) }}" | sudo tee -a /etc/hosts {{- end }} {{- else }} 1. Get the Keycloak URL by running these commands: {{- if contains "NodePort" .Values.service.type }} export HTTP_NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='http')].nodePort}" services {{ include "common.names.fullname" . }}) {{- if .Values.tls.enabled }} export HTTPS_NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='https')].nodePort}" services {{ include "common.names.fullname" . }}) {{- end }} export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo "http://${NODE_IP}:${HTTP_NODE_PORT}/" {{- if .Values.tls.enabled }} echo "https://${NODE_IP}:${HTTPS_NODE_PORT}/" {{- end }} {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch its status by running 'kubectl get --namespace {{ include "common.names.namespace" . }} svc -w {{ include "common.names.fullname" . }}' export HTTP_SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='http')].port}" services {{ include "common.names.fullname" . }}) {{- if .Values.tls.enabled }} export HTTPS_SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='https')].port}" services {{ include "common.names.fullname" . }}) {{- end }} export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo "http://${SERVICE_IP}:${HTTP_SERVICE_PORT}/" {{- if .Values.tls.enabled }} echo "https://${SERVICE_IP}:${HTTPS_SERVICE_PORT}/" {{- end }} {{- else if contains "ClusterIP" .Values.service.type }} export HTTP_SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='http')].port}" services {{ include "common.names.fullname" . }}) {{- if .Values.tls.enabled }} export HTTPS_SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='https')].port}" services {{ include "common.names.fullname" . }}) kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} ${HTTP_SERVICE_PORT}:${HTTP_SERVICE_PORT} ${HTTPS_SERVICE_PORT}:${HTTPS_SERVICE_PORT} & {{- else }} kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} ${HTTP_SERVICE_PORT}:${HTTP_SERVICE_PORT} & {{- end }} echo "http://127.0.0.1:${HTTP_SERVICE_PORT}/" {{- if .Values.tls.enabled }} echo "https://127.0.0.1:${HTTPS_SERVICE_PORT}/" {{- end }} {{- end }} {{- end }} 2. Access Keycloak using the obtained URL. {{- if and .Values.auth.adminUser .Values.auth.adminPassword }} 3. Access the Administration Console using the following credentials: echo Username: {{ .Values.auth.adminUser }} echo Password: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ include "keycloak.secretName" . }} -o jsonpath="{.data.{{ include "keycloak.secretKey" .}}}" | base64 -d) {{- end }} {{- if .Values.metrics.enabled }} You can access the Prometheus metrics following the steps below: 1. Get the Keycloak Prometheus metrics URL by running: {{- $metricsPort := coalesce .Values.metrics.service.ports.metrics .Values.metrics.service.port | toString }} kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ $metricsPort }}:{{ $metricsPort }} & echo "Keycloak Prometheus metrics URL: http://127.0.0.1:{{ $metricsPort }}/metrics" 2. Open a browser and access Keycloak Prometheus metrics using the obtained URL. {{- end }} {{- include "keycloak.validateValues" . }} {{- include "common.warnings.rollingTag" .Values.image }} {{- include "common.warnings.rollingTag" .Values.keycloakConfigCli.image }} {{- include "common.warnings.resources" (dict "sections" (list "keycloakConfigCli" "") "context" $) }} {{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.keycloakConfigCli.image) "context" $) }} {{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.keycloakConfigCli.image) "context" $) }}