Hi @samurous,
yes my problem was I had an external SSL LB in front of my K8s cluster, then I’ve configured keycloak as any other workload, getting its plain port 8080 traffic through the k8s ingress.
So from keycloak’s point of view, any browser request was passing through 2 LB’s, and that’s just not supported, even in version 10.x!
In my tests, removing each of the two LB made keycloak happy with just the usual PROXY_ADDRESS_FORWARDING=true env. var., so in the end I’ve just removed the k8s LB (which isn’t a proper LB, anyway…), mapping keycloak’s 8080 port to a k8s nodeport 30080, and then providing another separate external SSL LB pointing to all k8s cluster’s workers on port 30080.
Hope this helps!
1 Like