diff --git a/infra-cluster/keycloak/images/Dockerfile b/infra-cluster/keycloak/images/Dockerfile
index 1534178..70ecd80 100644
--- a/infra-cluster/keycloak/images/Dockerfile
+++ b/infra-cluster/keycloak/images/Dockerfile
@@ -1,5 +1,4 @@
-FROM quay.io/keycloak/keycloak:20.0
+FROM quay.io/keycloak/keycloak:23.0
 WORKDIR /opt/keycloak
 RUN ./bin/kc.sh build \
-    --spi-x509cert-lookup-provider=nginx \
-    --features docker
\ No newline at end of file
+    --spi-x509cert-lookup-provider=nginx
\ No newline at end of file
diff --git a/infra-cluster/keycloak/manifests/deployment.yaml b/infra-cluster/keycloak/manifests/deployment.yaml
index 57b3ef7..7c98c02 100644
--- a/infra-cluster/keycloak/manifests/deployment.yaml
+++ b/infra-cluster/keycloak/manifests/deployment.yaml
@@ -8,6 +8,8 @@ metadata:
     app: keycloak
 spec:
   replicas: 1
+  strategy:
+     type: Recreate
   selector:
     matchLabels:
       app: keycloak
@@ -30,8 +32,12 @@ spec:
             secretKeyRef:
               name: keycloak-db-secret
               key: POSTGRES_PASSWORD
+        lifecycle:
+          preStop:
+            exec:
+              command: ["/usr/local/bin/pg_ctl stop -D /var/lib/postgresql/data -w -t 60 -m fast"]
       - name: keycloak
-        image: harbor.internal.jpace121.net/k8s/jpace-keycloak:20.0.0
+        image: harbor.internal.jpace121.net/k8s/jpace-keycloak:23.0.0
         env:
         - name: KC_LOG_LEVEL
           value: DEBUG
@@ -64,7 +70,6 @@ spec:
         - --spi-truststore-file-password=password
         - --spi-x509cert-lookup-nginx-ssl-client-cert=ssl-client-cert
         - --spi-x509cert-lookup-provider=nginx
-        - --features docker
         - --proxy=edge
       volumes:
       - name: db-storage