[dashboard] Add keycloakInternalUrl for backend-to-backend OIDC requests by sircthulhu · Pull Request #2224 · cozystack/cozystack
…requests When set, oauth2-proxy skips OIDC discovery and routes all backend calls (token exchange, JWKS, userinfo, logout) through the internal cluster URL while keeping browser redirects on the external URL. This avoids external DNS lookups and TLS overhead for pod-to-pod communication with Keycloak. Assisted-By: Claude AI Signed-off-by: Kirill Ilin <stitch14@yandex.ru>
bot reviewed Mar 16, 2026
kvaps
deleted the
feat/keycloak-internal-url
branch
kvaps added a commit to cozystack/website that referenced this pull request
Mar 17, 2026
## What this PR does Documents the new `authentication.oidc.keycloakInternalUrl` platform value across three pages: - **Platform Package Reference**: added to the Authentication values table - **Self-Signed Certificates**: added a section explaining how to configure the internal URL for the dashboard - **Enable OIDC Server**: added an info alert linking to the self-signed certificates page Related: cozystack/cozystack#2224 ### Release note ```release-note [docs] Added documentation for `keycloakInternalUrl` platform value that routes dashboard backend OIDC requests through internal Keycloak service. ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added reference documentation for optional Keycloak internal URL configuration field * Added usage guidance for configuring internal Keycloak URLs in OIDC setups * Added instructions for setting internal Keycloak URLs in self-signed certificate environments <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters