diff --git a/automation/dbildungs-iam-keycloak/Chart.yaml b/automation/dbildungs-iam-keycloak/Chart.yaml
index 8c16e8a33..ca565e73c 100644
--- a/automation/dbildungs-iam-keycloak/Chart.yaml
+++ b/automation/dbildungs-iam-keycloak/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: SPSH-1195
+appVersion: SPSH-740
 description: A Helm Chart for the dbildungs-iam-keycloak
 name: dbildungs-iam-keycloak
 type: application
-version: 0.0.0-spsh-1195-20241119-1628
+version: 0.0.0-spsh-740-20241120-0918
diff --git a/automation/dbildungs-iam-keycloak/dev-realm-spsh.json b/automation/dbildungs-iam-keycloak/dev-realm-spsh.json
index 28b788289..b08023929 100644
--- a/automation/dbildungs-iam-keycloak/dev-realm-spsh.json
+++ b/automation/dbildungs-iam-keycloak/dev-realm-spsh.json
@@ -418,7 +418,7 @@
     "requiredCredentials": [
       "password"
     ],
-    "passwordPolicy" : "maxAuthAge(0)",
+    "passwordPolicy": "maxAuthAge(0) and passwordHistory(3) and length(8) and digits(1) and lowerCase(1) and upperCase(1) and specialChars(1)",
     "otpPolicyType": "totp",
     "otpPolicyAlgorithm": "HmacSHA1",
     "otpPolicyInitialCounter": 0,
@@ -929,7 +929,7 @@
         "description": "",
         "rootUrl": "${KC_ROOT_URL}",
         "adminUrl": "",
-        "baseUrl": "",
+        "baseUrl": "${KC_ROOT_URL}",
         "surrogateAuthRequired": false,
         "enabled": true,
         "alwaysDisplayInConsole": false,
@@ -1983,7 +1983,6 @@
     "loginTheme": "schulportal",
     "eventsEnabled": false,
     "eventsListeners": [
-      "metrics-listener",
       "jboss-logging"
     ],
     "enabledEventTypes": [],
diff --git a/automation/dbildungs-iam-keycloak/prod-realm-spsh.json b/automation/dbildungs-iam-keycloak/prod-realm-spsh.json
index 0a875952c..2d5c3fe3c 100644
--- a/automation/dbildungs-iam-keycloak/prod-realm-spsh.json
+++ b/automation/dbildungs-iam-keycloak/prod-realm-spsh.json
@@ -416,7 +416,7 @@
     "requiredCredentials": [
       "password"
     ],
-    "passwordPolicy" : "maxAuthAge(0)",
+    "passwordPolicy": "maxAuthAge(0) and passwordHistory(3) and length(8) and digits(1) and lowerCase(1) and upperCase(1) and specialChars(1)",
     "otpPolicyType": "totp",
     "otpPolicyAlgorithm": "HmacSHA1",
     "otpPolicyInitialCounter": 0,
@@ -927,7 +927,7 @@
         "description": "",
         "rootUrl": "${KC_ROOT_URL}",
         "adminUrl": "",
-        "baseUrl": "",
+        "baseUrl": "${KC_ROOT_URL}",
         "surrogateAuthRequired": false,
         "enabled": true,
         "alwaysDisplayInConsole": false,
@@ -1820,7 +1820,6 @@
     "loginTheme": "schulportal",
     "eventsEnabled": false,
     "eventsListeners": [
-      "metrics-listener",
       "jboss-logging"
     ],
     "enabledEventTypes": [],
diff --git a/automation/dbildungs-iam-keycloak/templates/deployment.yaml b/automation/dbildungs-iam-keycloak/templates/deployment.yaml
index 14d5ad4b2..50d66b5f6 100644
--- a/automation/dbildungs-iam-keycloak/templates/deployment.yaml
+++ b/automation/dbildungs-iam-keycloak/templates/deployment.yaml
@@ -10,7 +10,9 @@ spec:
     matchLabels:
       app.kubernetes.io/name: {{ template "common.names.name" . }}
       app.kubernetes.io/component: keycloak
+  {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
+  {{- end }}
   template:
     metadata:
       labels:
@@ -28,8 +30,9 @@ spec:
             {{- toYaml .command | nindent 16 }}
           {{- end }}
           args:
-            - "--cache"
-            - "local"
+            # - "--cache"
+            # - "local"
+            - "--optimized"
             - "--hostname"
             - "{{ tpl .Values.keycloakHostname . }}" 
             - "--import-realm"
@@ -45,6 +48,8 @@ spec:
           livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }}
           readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }}
           env:
+            - name: JAVA_OPTS_APPEND
+              value: "-Djgroups.dns.query={{ template "common.names.name" . }}-headless.{{ template "common.names.namespace" . }}.svc.cluster.local"
             - name: KEYCLOAK_ADMIN_PASSWORD
               valueFrom:
                 secretKeyRef:
diff --git a/automation/dbildungs-iam-keycloak/templates/headless-service.yaml b/automation/dbildungs-iam-keycloak/templates/headless-service.yaml
new file mode 100644
index 000000000..210a79b71
--- /dev/null
+++ b/automation/dbildungs-iam-keycloak/templates/headless-service.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "common.names.name" . }}-headless
+  namespace: {{ template "common.names.namespace" . }}
+  labels: 
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ template "common.names.name" . }}
+    app.kubernetes.io/component: keycloak
+  type: {{ .Values.service.type }}
+  clusterIP: "None"
+  ports:
+    {{- if .Values.service.http.enabled }}
+    - name: http
+      port: {{  .Values.service.ports.http }}
+      targetPort: web
+    {{- end }}
+    - port: 8090
+      targetPort: 8090
+      protocol: TCP
+      name: mgmt
\ No newline at end of file
diff --git a/automation/dbildungs-iam-keycloak/templates/hpa.yaml b/automation/dbildungs-iam-keycloak/templates/hpa.yaml
new file mode 100644
index 000000000..47d4bb9a3
--- /dev/null
+++ b/automation/dbildungs-iam-keycloak/templates/hpa.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "common.names.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "common.names.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "common.names.name" . }}   
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+{{- end }}
\ No newline at end of file
diff --git a/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml b/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml
deleted file mode 100644
index 85a83f34d..000000000
--- a/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-{{- if .Values.keycloak.serviceMonitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ template "common.names.name" . }}
-  namespace: {{ template "common.names.namespace" . }}
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-    app.kubernetes.io/component: keycloak
-spec:
-  namespaceSelector:
-    matchNames:
-      - {{ include "common.names.namespace" . | quote }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "common.names.name" . }}
-  endpoints:
-    - port: {{ .Values.keycloak.serviceMonitor.port }}
-      path: {{ .Values.keycloak.serviceMonitor.path }}
-      interval: {{ .Values.keycloak.serviceMonitor.interval | default "30s" }}
-{{- end }}
diff --git a/automation/dbildungs-iam-keycloak/values.yaml b/automation/dbildungs-iam-keycloak/values.yaml
index 300c50122..1b3e77196 100644
--- a/automation/dbildungs-iam-keycloak/values.yaml
+++ b/automation/dbildungs-iam-keycloak/values.yaml
@@ -110,9 +110,8 @@ service:
   ports:
     http: 80
 
-keycloak:
-  serviceMonitor:
-    enabled: true
-    path: "/realms/SPSH/metrics"
-    endpoints:
-      - port: 'http'
\ No newline at end of file
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 5
+  targetCPUUtilizationPercentage: 60
\ No newline at end of file