Kubernetes Redirect Issues with Gatekeeper

I’m trying to run keycloak and gatekeeper within the same kubernetes cluster, and I’m a litlle confused as to how to configure the redirects and discovery.

I have the following configuration:

discovery-url: http://keycloak-http.default.svc.cluster.local/auth/realms/myrealm
redirection-url: https://example.com # the actual site? or should this be the sidecar
upstream-url: # sidecar
client-id: myclient-dev
  X-Forwarded-Host: keycloak.example.com
  X-Forwarded-Proto: https

So basically, I’m trying to grab the openid configuration from the internal kubernetes service. What ends up happening, however, is when gatekeeper tries to create a new session, it redirects to that internal service URL. This is why I used the X-Fowarded-* headers in an attempt to resolve to the proper keycloak URL.

Any help would be appreciated!


Are you using this flow so that a user can see the UI to login or for bearer-only?
For loggin in it only worked for me when i put the ingress-URL of keycloak for discovery-url.

Ah ok, thanks for the reply!

For some reason when I try the ingress url for keycloak the request times out and I cant figure out why.

I’m using traefik for ingress.

If you have gatekeeper running as a sidecar container it works for me with the following settings:

redirection-url: http://localhost:3000 # sidecar
upstream-url: # sidecar

Oh the upstream and redirection are gatekeeper?!

from your setup it looks like gatekeeper is listening on port 5000

so that the application your protecting is on port 3000.

In general:

redirection-url: http://localhost:<APPLICATION_PORT>