Skip to main content
Version: 8.4

Using existing Keycloak

Camunda 8 Self-Managed has two different types of applications: Camunda applications (Operate, Optimize, Tasklist, etc.) and non-Camunda applications (such as Keycloak and Elasticsearch). For more details, review the architecture documentation for more information on the different types of applications.

This guide steps through using an existing Keycloak instance, which is part of Camunda Identity. By default, Helm chart deployment creates a new Keycloak instance, but it's possible to use an existing Keycloak instance either inside the same Kubernetes cluster or outside of it.

Preparation

Configure your existing Keycloak realm according to the following guide: Connect to an existing Keycloak instance.

Values file

The only change required to use the existing Keycloak is configuring the following values in the Camunda 8 Self-Managed Helm chart:

# File: existing-keycloak-values.yaml
global:
identity:
keycloak:
url:
# This will produce the following URL "https://keycloak.stage.svc.cluster.local:8443".
# Also the host could be outside the Kubernetes cluster like "keycloak.stage.example.com".
protocol: "https"
host: "keycloak.stage.svc.cluster.local"
port: "8443"
auth:
adminUser: "admin"
existingSecret: "stage-keycloak"
existingSecretKey: "admin-password"

identity:
keycloak:
enabled: false

Then, use the custom values file to deploy Camunda 8 as usual.

helm install camunda camunda/camunda-platform -f existing-keycloak-values.yaml