diff --git a/defaults/main.yml b/defaults/main.yml
index 63f6e30..d4fd7df 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,6 +9,10 @@ hiera_data_file: ''
 
 clouds_config: 'clouds-secret'
 
+keystone_hostname: "keystone"
+keystone_address: "{{keystone_hostname}}"
+keystone_use_service_ip: true
+
 mariadb_config:
   host: mariadb
   root_password: weakpassword
@@ -25,5 +29,5 @@ keystone_config:
   admin_role_name: 'admin'
   admin_project_name: 'admin'
   admin_service_name: 'keystone'
-  admin_domain_name: 'default'
+  admin_domain_name: 'Default'
   admin_password: 'weakpassword'
diff --git a/tasks/provision.yml b/tasks/provision.yml
index c4bde9c..fa88863 100644
--- a/tasks/provision.yml
+++ b/tasks/provision.yml
@@ -175,6 +175,27 @@
           claimName: keystone-fernet
     state: present
 
+- name: Create keystone service
+  k8s_v1_service:
+    host: "{{coe_host}}"
+    context: "{{coe_config_context}}"
+    kubeconfig: "{{coe_config_file}}"
+    name: "{{keystone_hostname}}"
+    namespace: "{{namespace}}"
+    state: present
+    ports:
+      - port: 5000
+        name: keystone-api-public
+      - port: 35357
+        name: keystone-api-admin
+    selector:
+      app: keystone-api
+  register: keystone_service
+
+- set_fact:
+    keystone_address: "{{keystone_service.service.spec.cluster_ip}}"
+  when: keystone_use_service_ip
+
 - name: Keystone bootstrap
   k8s_v1_job:
     host: "{{coe_host}}"
@@ -204,11 +225,11 @@
           - --bootstrap-service-name
           - '{{keystone_config.admin_service_name}}'
           - --bootstrap-admin-url
-          - http://keystone:35357/v3
+          - "http://{{keystone_address}}:35357/v3"
           - --bootstrap-internal-url
-          - http://keystone:5000/v3
+          - "http://{{keystone_address}}:5000/v3"
           - --bootstrap-public-url
-          - http://keystone:5000/v3
+          - "http://{{keystone_address}}:5000/v3"
           - --bootstrap-region-id
           - RegionOne
         env:
@@ -230,24 +251,6 @@
           claimName: keystone-fernet
     state: present
 
-
-- name: Create keystone service
-  k8s_v1_service:
-    host: "{{coe_host}}"
-    context: "{{coe_config_context}}"
-    kubeconfig: "{{coe_config_file}}"
-    name: keystone
-    namespace: "{{namespace}}"
-    state: present
-    ports:
-      - port: 5000
-        name: keystone-api-public
-      - port: 35357
-        name: keystone-api-admin
-    selector:
-      app: keystone-api
-  register: create_service
-
 - name: Create keystone deployment
   k8s_apps_v1beta1_deployment:
     host: "{{coe_host}}"
diff --git a/tests/templates/tempest.conf b/tests/templates/tempest.conf
new file mode 100644
index 0000000..6add9f4
--- /dev/null
+++ b/tests/templates/tempest.conf
@@ -0,0 +1,38 @@
+[DEFAULT]
+debug = true
+
+[auth]
+# Roles to assign to all users created by tempest (list value)
+tempest_roles = _member_
+
+use_dynamic_credentials = true
+
+# Roles to assign to all users created by tempest (list value)
+#tempest_roles =
+default_credentials_domain_name = Default
+
+admin_username = admin
+admin_project_name = admin
+admin_password = weakpassword
+admin_domain_name = Default
+
+[identity]
+admin_username = admin
+admin_tenant_name = admin
+admin_domain_name = Default
+disable_ssl_certificate_validation = true
+catalog_type = identity
+uri = http://{{keystone_ip}}:5000/v3
+uri_v3 = http://{{keystone_ip}}:5000/v3
+auth_version = v3
+region = RegionOne
+admin_role = admin
+default_domain_id = default
+admin_password = weakpassword
+
+[service_available]
+cinder = false
+neutron = false
+glance = false
+swift = false
+nova = false
\ No newline at end of file
diff --git a/tests/tests.yml b/tests/tests.yml
index ae4e41a..bd5be55 100644
--- a/tests/tests.yml
+++ b/tests/tests.yml
@@ -6,24 +6,54 @@
     executable: /bin/bash
   register: keystone_ip
 
+- set_fact:
+    keystone_ip: "{{keystone_ip.stdout}}"
+
 - name: Wait for keystone to become available
   wait_for:
-    host={{keystone_ip.stdout}}
-    port=35357
-    delay=2
-    timeout=300
+    host: "{{keystone_ip}}"
+    port: "{{item}}"
+    delay: 2
+    timeout: 300
+  with_items:
+    - 35357
+    - 5000
 
-- name: Register Glance in Keystone
-  include_role:
-    name: ansible-role-k8s-tripleo
-    tasks_from: bootstrap-service-endpoints
-  vars:
-    service_name: 'test'
-    service_type: 'image'
-    service_region: 'RegionOne'
-    service_project: 'http://test.com:8080'
-    service_password: 'http://test.com:8080'
-    service_username: 'http://test.com:8080'
-    service_internal_url: 'http://test.com:8080'
-    service_public_url: 'http://test.com:8080'
-    service_admin_url: 'http://test.com:8080'
+- name: Test keystone jobs completion
+  shell:
+    cmd: |
+      set -ex
+
+      rst=$(kubectl --namespace {{namespace}} get jobs {{item}} --template={%raw%}"{{.status.succeeded}}"{%endraw%})
+      if [ "$rst" == "1" ]; then
+          exit 0
+      fi
+      exit 1
+    executable: /bin/bash
+  retries: 6
+  delay: 5
+  register: task_result
+  until: task_result.rc == 0
+  with_items:
+    - keystone-createdb
+    - keystone-db-sync
+    - keystone-fernet
+    - keystone-bootstrap
+
+
+- name: Copy tempests config
+  become: true
+  template:
+    src: templates/tempest.conf
+    dest: /etc/tempest/tempest.conf
+
+- name: Run tempest
+  shell:
+    cmd: |
+      set -x
+      set -e
+      tempest init tempest
+      cd tempest
+      tempest run -r identity
+    executable: /bin/bash
+  register: tempest_output