Production-ready Keycloak images, with our extensions baked in.
Pre-built container images for Kubernetes, Helm, Docker Compose, ECS, and more — Keycloak plus the Phase Two extension suite plus the operational defaults you'd otherwise wire up yourself.
Running Keycloak in production is a lot more than 'docker run keycloak'.
Defaults are dev-mode
Stock Keycloak's defaults assume dev. Production needs JVM tuning, health checks, metrics, TLS, and clustering — none of it on by default.
Extensions live in your build
Want orgs + webhooks + magic link? You build them into a custom image. We've already done that build.
Helm charts are bring-your-own
There's no single official Helm chart that bundles Keycloak with the extensions teams actually want.
An image that's ready for prod the moment you pull it
Phase Two extensions baked in
Orgs, webhooks, magic link, IdP wizard, admin portal, themes — all installed and configured.
Opinionated production defaults
JVM flags, health endpoints, metrics scrape, TLS-ready, clustering hints.
Pinned upstream Keycloak
Locked to a known-good Keycloak version. You can override.
Helm + K8s + Compose + ECS
Same image, runs anywhere. Helm chart covers the common K8s setup.
Where the images fit
Anywhere you'd otherwise be assembling your own Keycloak Dockerfile.
What you get when you pull the image
Extensions installed
Orgs · IdP Wizard · Magic Link · Webhooks · Themes · Admin Portal.
Health + metrics
/health/live, /health/ready, /metrics for Prometheus scraping.
JVM tuned for containers
GC, memory, file descriptors — sized for the container, not the host.
Pinned Keycloak
Locked to a tested upstream version. Override with a build arg.
Helm chart
K8s with sane defaults — replicas, PDBs, ingress, secrets.
TLS-ready
Mount certs, terminate at the pod. Or terminate upstream.