diff --git a/kubernetes/manifests/keycloak/README.md b/kubernetes/manifests/keycloak/README.md
new file mode 100644
index 0000000..c6ab27e
--- /dev/null
+++ b/kubernetes/manifests/keycloak/README.md
@@ -0,0 +1,12 @@
+# Keycloak
+
+[Keycloak](https://www.keycloak.org/) configuration
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `keycloak-secrets`.
+
+
+| Environment             | Description                        |
+|-------------------------|------------------------------------|
+| KEYCLOAK_ADMIN          | Keycloak Admin Panel Username      |
+| KEYCLOAK_PASSWORD       | Keycloak Admin Panel Password      |
diff --git a/kubernetes/manifests/keycloak/deployment.yaml b/kubernetes/manifests/keycloak/deployment.yaml
new file mode 100644
index 0000000..1aa0b73
--- /dev/null
+++ b/kubernetes/manifests/keycloak/deployment.yaml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: keycloak
+  labels:
+    app: keycloak
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: keycloak
+  template:
+    metadata:
+      labels:
+        app: keycloak
+    spec:
+      containers:
+        - name: keycloak
+          image: quay.io/keycloak/keycloak:22.0
+          args: ["start-dev"]
+          envFrom:
+            - secretRef:
+                name: keycloak-secrets
+          ports:
+            - name: http
+              containerPort: 8080
+          readinessProbe:
+            httpGet:
+              path: /realms/master
+              port: 8080
diff --git a/kubernetes/manifests/keycloak/ingress.yaml b/kubernetes/manifests/keycloak/ingress.yaml
new file mode 100644
index 0000000..ea16ba1
--- /dev/null
+++ b/kubernetes/manifests/keycloak/ingress.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: keycloak
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - keycloak.vipyrsec.com
+  rules:
+    - host: keycloak.vipyrsec.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: keycloak
+                port:
+                  number: 8080
diff --git a/kubernetes/manifests/keycloak/service.yaml b/kubernetes/manifests/keycloak/service.yaml
new file mode 100644
index 0000000..fe784cc
--- /dev/null
+++ b/kubernetes/manifests/keycloak/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak
+  labels:
+    app: keycloak
+spec:
+  ports:
+    - name: http
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: keycloak