Keycloak Backchannel logout to app within K8s Cluster


I would like to know what is preferred solution when trying to implement backchannel logout. The problem is that my Keycloak server is not within K8s cluster where app are deployed.

Registration of nodes works fine. The hostname registered is POD hostname.

Only problem that I face is that when backchannel logout is dispatched. The Keycloak server is not able to directly communicate with node/POD in K8s cluster.

One solution would be to request new token with each request but I would like to avoid that.

Other solution could be to override hostname that pod provides. Which was successful. So Keycloak could make request to some interface where Traefik would redirect that request to correct pod. But Traefik needs cookie for that. Is it possible to somehow provide cookie with Keycloak backchannel request that is made to specific node?

Thanks in advance for all the ideas!

I will provide more detail if needed.