I’m trying to configure keycloakx behind an ingress nginx on kubernetes, but I think I’m missing something because Email links are not working correctly. my keycloakx is available at https://sso.funccloud.com, but in emails URLs are http://url8011.funccloud.com/ls/click?upn=
How can I fix this Base URL mismatch?
Here are my k8s configurations
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: keycloak
labels:
service: keycloak
layer: security
spec:
selector:
matchLabels:
service: keycloak
layer: security
template:
metadata:
labels:
service: keycloak
layer: security
spec:
containers:
- image: quay.io/keycloak/keycloak-x:16.1.0
imagePullPolicy: IfNotPresent
args:
- "-Djgroups.dns.query=keycloak-jgroups-ping.keycloak.svc.cluster.local"
- "start"
- "--auto-build"
- "--cache-stack=kubernetes"
- "--db=postgres"
- "--db-url=jdbc:${DATABASE_URL}"
- "--db-username=${DATABASE_USERNAME}"
- "--db-password=${DATABASE_PASSWORD}"
- "--hostname ${HOSTNAME}"
- "--proxy edge"
- "--hostname-strict-https=false"
- "--hostname-strict=false"
- "--metrics-enabled=true"
- "--hostname-strict-backchannel=true"
name: keycloak
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 500m
memory: 512Mi
ports:
- containerPort: 8443
- containerPort: 8080
- containerPort: 4444
- containerPort: 8888
env:
- name: HOSTNAME
value: sso.funccloud.com
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
name: keycloak-creds
key: admin-username
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-creds
key: admin-password
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: keycloak-creds
key: database-url
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: keycloak-creds
key: database-username
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-creds
key: database-password
- name: JAVA_OPTS
value: -Xms128m -Xmx128m -XX:MetaspaceSize=128M -XX:MaxMetaspaceSize=128m -Djava.net.preferIPv4Stack=true -Djava.security.egd=file:/dev/./urandom -Xlog:gc* -Djgroups.dns.query=keycloak-jgroups-ping.keycloak.svc.cluster.local
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: keycloak
labels:
service: keycloak
layer: security
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: sso.funccloud.com
spec:
ingressClassName: nginx
rules:
- host: sso.funccloud.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
number: 8080
tls:
-
hosts:
- sso.funccloud.com
secretName: keycloak-certificate