I’m running a keycloak instance on EKS using the keycloak-operator. I’m exposing this via the Welcome - AWS LoadBalancer Controller (kubernetes-sigs.github.io). This ingress requires that the service type is NodePort or LoadBalancer I created a custom service, as it doesn’t appear to be possible to change the type of service created. I had to leave the existing service as-is, or the operator cannot provision related Keycloak resources.
My frontend application is configure to retrieve the from the frontend URL. My backend application is talking to Keycloak instance via the internal service URL. It’s failing because the URLs in the tokens don’t match. The usual way to fix this is to use the KEYCLOAK_FRONTEND_URL. Unfortunately, there’s no way to set this in the keycloak-operator
It looks like this was already raised as [KEYCLOAK-12397] Set KEYCLOAK_FRONTEND_URL - Red Hat Issue Tracker, but was closed on the back of the PROXY_ADDRESS_FORWARDING change. I can’t see why that would be?