Solution for backchannel logout when Keycloak is outside of K8s cluster

9/20/2021

We have Keycloak server deployed outside of K8s cluster. Everything works fine, except when user requests logout, Keycloak server is unable to perform backchannel logout due to fact that K8s pods are not accessible directly outside of cluster.

Admin URL is set to https://${application.session.host}/<app-context>.

Registration of nodes within cluster works fine. One specific thing about these registered nodes is that hostname can be dynamic cause pod hostname contains one static part and one dynamic part which changes every time app is deployed and new pod is allocated.

This would not be a problem if Keycloak was inside K8s cluster where pods are accessible but that is not solution for us.

I would like to ask if anyone encountered such problem and what solution was used to fix it.

Thanks a lot.

-- M.Puk
keycloak
kubernetes

0 Answers