diff --git a/src/main/helm/templates/keycloak_crd.yaml b/src/main/helm/templates/keycloak_crd.yaml
index b439bc8a6227a7d42b950618ed3548b0f37afd7b..9d55120f30d540c75bb0430a1e24cca8ffb26228 100644
--- a/src/main/helm/templates/keycloak_crd.yaml
+++ b/src/main/helm/templates/keycloak_crd.yaml
@@ -6,9 +6,14 @@ metadata:
   namespace: {{ include "app.namespace" . }}
 spec:
   keep_after_delete: {{ (.Values.sso).keep_after_delete | default false }}
-  displayName: {{ include "app.ssoRealmDisplayName" . }}
-  {{- with .Values.smtpServer }}
+  displayName: {{ include "app.ssoRealmDisplayName" . }}  
+  {{- with ((.Values.sso).keycloak_realm).roles }}
+  realmRoles: 
+{{ toYaml . | indent 4}}
+  {{- end }}
+  {{- with ((.Values.sso).keycloak_realm).smtpServer }}
   smtpServer:
-{{ toYaml . | indent 4 }}
+{{ toYaml . | indent 4}}
   {{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
+
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 6c2e839f4345272a03c3290f870ed91e72d7f153..0e84c312bbfbcf0e243f8b32f2da91f815f353fe 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -32,6 +32,7 @@ replicaCount: 2 # [default: 2]
 usermanagerName: user-manager
 
 
+
 # env:
 #   overrideSpringProfiles: "oc,prod"
 #   customList: # add name value pair for additional environments
@@ -60,3 +61,5 @@ usermanagerName: user-manager
 #   bundesland: sh
 #   bezeichner: kiel
 #   environment: dev
+
+
diff --git a/src/test/helm/keycloak_crd_test.yaml b/src/test/helm/keycloak_crd_test.yaml
index ffe8329acfa1adf3c622f6e459009a061868d1a2..f3eb4d388fe05c8ca0a4de12eadcd72c621875d2 100644
--- a/src/test/helm/keycloak_crd_test.yaml
+++ b/src/test/helm/keycloak_crd_test.yaml
@@ -80,15 +80,17 @@ tests:
 
   - it: should have smtp server Values 
     set:
-      smtpServer:
-        user: user0
-        from: user0@test.de
-        password: psw
-        fromDisplayName: displayed name
-        starttls: true
-        auth: true
-        port: 587
-        host: host0
+      sso:
+        keycloak_realm:
+          smtpServer:
+            user: user0
+            from: user0@test.de
+            password: psw
+            fromDisplayName: displayed name
+            starttls: true
+            auth: true
+            port: 587
+            host: host0
     asserts:
       - equal:
           path: spec.smtpServer.host
@@ -114,4 +116,24 @@ tests:
       - equal:
           path: spec.smtpServer.fromDisplayName
           value: displayed name
-  
\ No newline at end of file
+  
+  - it: should create realm roles if set
+    set:
+      sso:
+        keycloak_realm:
+          roles:
+            - name: role1
+            - name: role0
+    asserts:
+      - contains:
+          path: spec.realmRoles
+          content: 
+            name: role0
+      - contains:
+          path: spec.realmRoles
+          content: 
+            name: role1
+  - it: should not create realm roles by default
+    asserts:
+      - isNull:
+          path: spec.realmRoles
\ No newline at end of file