In this short guide we’re going to install one or multiple instances of Keycloak.

  1. Decide on a database provider

    You can install Keycloak with the built-in database or by using an external database. The built-in database is configured by default. When using component instantiation, you can choose the provider individually per instance.

  2. Set up encrypted database connection

    Encrypting the connection to the database adds more security at the cost of some TLS overhead. Supported are self-signed certificates by default, though Let’s Encrypt and other commercial certificates can be used for the external database provider.

  3. Decide on encryption mode between ingress controller and Keycloak

    By default the traffic between ingress controller and Keycloak pods is re-encrypted. You can also choose to passthrough the traffic directly to Keycloak on supported ingress controllers.

  4. Decide whether you need multiple instances

    Since component version 2.x, multiple instances of the component can be installed. For example, keycloak-prod and keycloak-test. They need to be in separate namespaces though.