I have nginx ingress controller in my EKS cluster along with keycloak i tried to expose it on a subpath (myhost.com/keycloak) but it doesn't work so after few researchs i found that i should add this env variable to keycloak deployment : PROXY_ADDRESS_FORWARDING=true and now i can only access it through myhost.com/auth. So is there any way to customize that path to something like myhost.com/keycloak
Here is my Ingress resource :
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: "keycloak-ingress"
annotations:
kubernetes.io/ingress.class: nginx
labels:
app: keycloak-ingress
spec:
rules:
- host: myhost.com
http:
paths:
- path: /auth
backend:
serviceName: keycloak
servicePort: 8080
Manage-subsystem configuration documentations says:
Low-level configuration of Keycloak is done by editing the standalone.xml, standalone-ha.xml, or domain.xml file in your distribution. The location of this file depends on your operating mode.
While there are endless settings you can configure here, this section will focus on configuration of the keycloak-server subsystem. No matter which configuration file you are using, configuration of the keycloak-server subsystem is the same.
The keycloak-server subsystem is typically declared toward the end of the file like this:
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> <web-context>auth</web-context> ... </subsystem>Note that anything changed in this subsystem will not take effect until the server is rebooted.
That results in a fact that the default entrypoint is: http://localhost:8080/auth .
and now i can only access it through myhost.com/auth
You can adjust your configuration in standalone.xmland substitute auth with keycloak . Additionally it'll be needed to adjust path in the ingress.yaml .
Hope that helps.