This rant has been written from the Signal messaging app and uses a custom Signal 'gateway' (a registered user which is a server in this case) with a PHP api behind it. If this rant appears on devRant, it fucking works!

FUCK this startup mentality of implementing all these external services and APIs for absolutely fucking everything.

I get that your vacuous fresh-mint-tea-soaked hipster brains are all cheering about these "only $10/month/seat" services, because you imbeciles with your nodejs-sticker-plastered macbooks have never done anything but knot the work of other dimwits together.

I don't even care about the subscription costs. That shit is more trouble to maintain than writing it yourself, and there's no guarantee that visualizemyballs.com & lintmycock.io still work tomorrow.

I'm getting so sick of being barraged with 502 bad gateway errors because you halfassed yet another API implementation. Stop advertising your crossfit stats, your meditation-app records and your vegan protein bars for a minute, and maybe start writing some fucking code of your own, something with a higher shelf-life than your iPhone screen...

You know... something which actually fucking adds value to the world.

M: Me
FAC : Fucking annoying colleague
1.
FAC: Hey how did you set up your microservices?
M: I used docke...
FAC: But docker is hard to setup, i want an easier option
2.
FAC: Which services do you have?
M: I have one service for the api, one with redi..
FAC: Redis is not a service
3.
FAC: Do you use AWS API gateway?
M: No, in set up my ow..
FAC: why would you set up your own? I just use the one from AWS.
4.
FAC: How many instances are you have running
M: I have 5 replic...
FAC: 5 replicas? That's why i hate microservices,they are costly
5.
FAC: How did you divide up your app?
M: Since I am starting, its better to run the monolithic and then break it up lat...
FAC: I knew it,you don't actually use microservices
6.
M:(thinking)* Fucker, if you know it well why are you fucking disturbing me?? *

It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.

The following has played out at more than one company:

App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up

*msg service team*

Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."

Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.

Holy fucking dickballs, AWS cloud platform is one of the most UX unfriendly piles of fuckery I have witnessed.

It starts off okay and then you have to use it for many hours a day.
API gateway is assfucked backwards in its layout and how it displays. Why have things go horizontally across the screen rather than flow down so I can scroll. Also when I add a method to a resource why the god damn fuck do I need to select it from the smallest drop down imaginable when you have HALF MY POXY SCREEN TAKEN UP IN LITERAL WHITESPACE NEXT TO IT.

Now I get on to the dynamodb interface whoever designed must have been some form of insane cause it is as clunky as a donkey in clogs.

Finally, Lambda console, look I get it UX is not you strong point. but WHO IS THE SADISTIC FUCKOFF WHO WANTED TO HAVE TWO SCROLLABLE TEXT AREAS THAT CAN NOT BE FUCKING EXPANDED SO I CAN SEE MORE THAN FOUR LINES OF THE FUCKING OUTPUT.

*grumble* 12hrs a day of this bullshit *grumble*

So, I was gonna rant about how it can be difficult to design event-based Microservices.

I was gonna say some shit about gateways APIs and some other stuff about data aggregation and keeping things idempotent.

I was going to do all this but then as I was stretching out the old ranting fingers I decided to draw a diagram to maybe go along with the rant.

Now I’m not here to really rant about all that Jazz...

I’m here to give you all a first class opportunity to tear apart my architecture!

A few things to note:

Using a gateway API (Kong) to separate the mobile from the desktop.

This traffic is directed through to an in intermediate API. This way the same microservices can provide different data, and even functionality for each device.

Most Microservices currently built in golang.

All services are event based, and all data is built on-the-fly by events generated and handled by each Microservices.

RabbitMQ used as a message broker.

And finally, it is hosted in Google Cloud Platform.

The currently hosted form is built with Microservices but this will be the update version of things.

So, feel free to rip it apart or add anything you think should change.

Also, feel free to tell me to fuck right off if that’s your cup of tea as well.

Peace ✌🏼

had an issue where our clients payment gateway would duplicate the charge (at the gateway...not at the application) before sending it to the bank officially - the bank would detect the duplication then void both charges.

the gateway service admitted this was a bug, the bank it was tied to admitted it was a bug - but they wouldnt fix it. so my solution was to send a special uid with the original transaction (put it in a special field) and had the bank track that one as the "known good"

the funny thing? next version of the gateway api included this as a feature, but i got no credit.

That moment when you work the whole day to write a discord bot from scratch. No discord.py and other wrappers. Pure websockets, oauth2, https, json loads here and there. Understanding how the discord API works was a real challenge, but I did it :).
Most of my time was spent on discord's gateway connection and identification system.

The bot can renew its token, get all the guilds it is part of, all the channels and users of these guilds, send message and communicate with the gateway.

Tomorrow I will start connecting it to a voice channel and let it "speak". Thinking of combining text-to-speech with it, but I am not sure how well they are going to harmonize together.

I love and hate at the same time how the dependencies of some projects can turn into projects themselves.

Working on a quite big project right now and need notifications in the form of smartphone notifications/signal messages/emails right now for that which is nearly all working but now I'm realizing that it'd be ten times more useful to write a general messaging gateway/API wich can be called through a url which handles any type of messaging/notifications I need to send out.

Love it because those kinda projects are useful and awesome imo but that'd be YET ANOTHER project 😅😥

Working on a new payment gateway for one of my customers, and it turns out that instead of just specifying the parameters for what to include in the API call they want you to use their drop-in module for it...which is still written in PHP 4 and hasn't been updated since 2011. Also turns out that they only accept data formatted in XML.

Not insurmountable, but more than I feel like dealing with right this moment...

I spent hours trying to enable CORS on AWS Lambda through API gateway (it was supposed to be simple and Amazon had a nice tutorial) but it turns out that there's a known bug that makes Lambda Proxy Integrations not adhere to any setting in the API Gateway, you have to respond with the headers through the Lambda yourself.

Amazon now mentions this in the tutorial, but if you click "Enable CORS" in API Gateway, it'll show you green check marks and tell you that everything went fine, but you'll find that the Lambda does not respond with the CORS headers. They shouldn't even have "Enable CORS" as an option when you use their Lambda Proxy Integration.

It's been a while DevRant!

Straight back into it with a rant that no doubt many of us have experienced.

I've been in my current job for a year and a half & accepted the role on lower pay than I normally would as it's in my home town, and jobs in development are scarce.

My background is in Full Stack Development & have a wealth of AWS experience, secure SaaS stacks etc.

My current role is a PHP Systems Developer, a step down from a senior role I was in, but a much bigger company, closer to home, with seemingly a lot more career progression.

My job role/descriptions states the following as desired:

PHP, T-SQL, MySQL, HTML, CSS, JavaScript, Jquery, XML

I am also well versed in various JS frameworks, PHP Frameworks, JAVA, C# as well as other things such as:

Xamarin, Unity3D, Vue, React, Ionic, S3, Cognito, ECS, EBS, EC2, RDS, DynamoDB etc etc.

A couple of months in, I took on all of the external web sites/apps, which historically sit with our Marketing department.

This was all over the place, and I brought it into some sort of control. The previous marketing developer hadn't left and AWS access key, so our GitLabs instance was buggered... that's one example of many many many that I had to work out and piece together, above and beyond my job role.

Done with a smile.

Did a handover to the new Marketing Dev, who still avoid certain work, meaning it gets put onto me. I have had a many a conversation with my line manager about how this is above and beyond what I was hired for and he agrees.

For the last 9 months, I have been working on a JAVA application with ML on the back end, completely separate from what the colleagues in my team do daily (tickets, reports, BI, MI etc.) and in a multi-threaded languages doing much more complicated work.

This is a prototype, been in development for 2 years before I go my hands on it. I needed to redo the entire UI, as well as add in soo many new features it was untrue (in 2 years there was no proper requirements gathering).

I was tasked initially with optimising the original code which utilised a single model & controller :o then after the first discussion with the product owner, it was clear they wanted a lot more features adding in, and that no requirement gathering had every been done effectively.

Throughout the last 9 month, arbitrary deadlines have been set, and I have pulled out all the stops, often doing work in my own time without compensation to meet deadlines set by our director (who is under the C-Suite, CEO, CTO etc.)

During this time, it became apparent that they want to take this product to market, and make it as a SaaS solution, so, given my experience, I was excited for this, and have developed quite a robust but high level view of the infrastructure we need, the Lambda / serverless functions/services we would want to set up, how we would use an API gateway and Cognito with custom claims etc etc etc.

Tomorrow, I go to London to speak with a major cloud company (one of the big ones) to discuss potential approaches & ways to stream the data we require etc.

I love this type of work, however, it is 100% so far above my current job role, and the current level (junior/mid level PHP dev at best) of pay we are given is no where near suitable for what I am doing, and have been doing for all this time, proven, consistent work.

Every conversation I have had with my line manager he tells me how I'm his best employee and how he doesn't want to lose me, and how I am worth the pay rise, (carrot dangling maybe?).

Generally I do believe him, as I too have lived in the culture of this company and there is ALOT of technical debt. Especially so with our Director who has no technical background at all.

Appraisal/review time comes around, I put in a request for a pay rise, along with market rates, lots of details, rates sources from multiple places.

As well that, I also had a job offer, and I rejected it despite it being on a lot more money for the same role as my job description (I rejected due to certain things that didn't sit well with me during the interview).

I used this in my review, and stated I had already rejected it as this is where I want to be, but wanted to use this offer as part of my research for market rates for the role I am employed to do, not the one I am doing.

My pay rise, which was only a small one really (5k, we bring in millions) to bring me in line with what is more suitable for my skills in the job I was employed to do alone.

This was rejected due to a period of sickness, despite, having made up ALL that time without compensation as mentioned.

I'm now unsure what to do, as this was rejected by my director, after my line manager agreed it, before it got to the COO etc.

Even though he sits behind me, sees all the work I put in, creates the arbitrary deadlines that I do work without compensation for, because I was sick, I'm not allowed a pay rise (doctors notes etc supplied).

What would you do in this situation?

The moment you realize that you have successfully beaten reality with your unit-tests...

There are unit-tests for ...
... the api returning a 408 Http StatusCode when an internal request times out.
... the react app take this status-code and fires an action to display a specific error message for the user.

Every bit of code runs just fine.

Deploy this hell of an app on the server. Dandy Doodle.

Do a smoketest of the new feature.
FAIL!
Chrome starts to crumble during runtime. The api Request freezes.
Firefox takes the 408 api response but fails to interpret it in react app.

So I began to wonder, what the hell is going on.

Actually I recognized that I had the glorious idea to return a clientside error code in a serverside api response.
Glorious stupidity :/

Finally I fixed the whole thingy by returning an 504 (Gateway timeout) instead of 408 (Clientside timeout)

Cheers!

Well i am working as an intern at this startup. Initially it was all simple crons and database. After one month one of the founder asks me to map two tables, create an api, integrate a fucking payment gateway and i am now left with a lot of work and confused state of mind.

PS: i am first year cse student

So I was talking microservices architecture with some lead techs.
And I started asking how did they combine/connect their microservices.

And despite having a lot, they use HTTP as the main transporter.
So the put some API-Gateway, all inside traffic has to go through it, to connect to the final client.

And I said that I do meshing microservices, and we use Nats as man transporter, so our messages go through UDP and not TCP.

And they freaked out. Saying UDP is too low level and not useful...

My question: if you do microservices oriented architecture, and not SOA, do you use HTTP? Did you use it simply because "it works"?

Oh the joys of working with an Enterprise customer.

Background:
Discussion about service architecture with me, development architect (ArchDev) and integration architect (ArchInt). The topic arises of needing to access int. segment systems for a public facing cloud application.

Me: so we'll just need a s2s vpn and then we can just create a route and call the services normally.
ArchDev: sounds good to me, it will take a few months to get that set up
ArchInt: we done need that, we can just use the gateway and then route all the requests through the ESB.
Me: 😕 do you mean the service gateway?
ArchInt: (drops bomb) no, we decide that all API should be implement in ESB, so ESB will handle traffic
Me: *pauses, steps up to the whiteboard, does latency math* setting aside the fact that isn't how ESB's work, that will add at least 700ms latency to each request.
ArchInt: well that is fine for enterprise, things not usually as fast in enterprise you must expect slowdown to be safe
ArchDev: *starts updating resume on the ladders
Me: 💀🔫

I'm creating a messenger app (I know there are many, but it's different)

Any suggestion for API gateway? I was looking for ready made solutions to save time. I heard Kong is good. But I want to know your suggestions.

Facepalm Monday...
My collegue denies to provide breaking changes in our login API in a separate version to the other teams depending on it.

What is the reason for his stubborn rejection?
It's scrum. We haven't planned the effort for realising a versioning concept for our API.
Let's build it in the next sprint as a part of live deployment strategy.

The point he miss is that the ProductOwner wants his API change deployed during the next sprint.
Additionally, it is best practice, having a compatible, deployable product after each sprint, without any risks.
Furthermore, another best practice to provide your API is one URI without a version part holding the current development of the API. And URIs with a version part in it to keep a specific request/response structure and behavior.

What really grind my gears are sayings like 'if the other teams had well programmed their software, modifying our API won't have any effect on them'

C'mon dude. That's far from reality, as anybody knows.

I can't accept, we provide unprofessional API builds, as he is going to do.

So, i have to spend my time and energy to change his mind, together with other software-architects, planning the big thing API-Gateway *sigh*

Given an opportunity to develop an application for R&D. What do we do as a team? Let build it exactly the same way our current stack is built. (This app won't actually be used for anything useful, just an exercise for a fun R&D task)

It still amazes me with the number of developers that literally have the mindset, let's just do what we know & don't want to learn anything new.

Let's showcase new technologies? No. Let's create a serverless application? No. Let's create some microservices? No. Let's wrap the application in a Docker container so we can easily spin it up? No. Let's have multiple services that sit behind an API gateway? No. Let's for fucks sake at try a different design pattern? Why would we do that? Can we do anything differently? No.

No innovation, nothing - it just blows my mind. Everyone seems to think that the way the stack is built is how every application is. Sorry but a huge monolithic application that can't scale isn't how the other half live...

I don't know why the lack of wanting to try something new bothers be so much, but it does.

Had a real opportunity to showcase some cool tech, design patterns, new services in the cloud. Show not only other devs but upper management that there are alternative ways to develop. It's not like anything that I put together was "new or shiny" - I just wanted to do anything... Anything that isn't how currently do things.

Full disclosure, I'm not a great Dev - I'm pretty dam average but I'm always willing to try new techniques or approaches.

Kong API Gateway in Kubernetes is a load of balls. Spent half a day trying to stabilise the deployment after I bumped its pod resource requests.

I hate the elasticsearch backup api.

From beginning to end it's an painful experience.

I try to explain it, but I don't think I will be able to cover it all.

The core concept is:
- repository (storage for snapshots)
- snapshots (actual backup)

The first design flaw is that every backup in an repository is incremental. ES creates an incremental filesystem tree.

Some reasons why this is a bad idea:
- deletion of (older) backups is slow, as newer backups need to be checked for integrity
- you simply have to trust ES that it does the right thing (given the bugs it has... It seems like a very bad idea TM)
- you have no possibility of verification of snapshots

Workaround... Create many repositories as each new repository forces an full backup.........

The second thing: ES scales. Many nodes / es instances form a cluster.

Usually backup APIs incorporate these in their design. ES does not.

If an index spans 12 nodes and u use an network storage, yes: a maximum of 12 nodes will open an eg NFS connection and start backuping.

It might sound not so bad with 12 nodes and one index...

But it get's pretty bad with 100s of indexes and several dozen nodes...

And there is no real limiting in ES. You can plug a few holes, but all in all, when you don't plan carefully your backups, you'll get a pretty f*cked up network congestion.

So traffic shaping must be manually added. Yay...

The last thing is the API itself.

It's a... very fragile thing.

Especially in older ES releases, the documentation is like handing you a flex instead of toilet paper for a wipe.

Documentation != API != Reality.

Especially the fault handling left me more than once speechless...

Eg:
/_snapshot/storage/backup
gives you a state PARTIAL
/_snapshot/storage/backup/_status
gives you a state SUCCESS

Why? The first one is blocking and refers to the backup status itself. The second one shouldn't be blocking and refers to the backup operation.

And yes. The backup operation state is SUCCESS, while the backup state might be PARTIAL (hence no full backup was made, there were errors).

So we have now an additional API that we query that then wraps the API of elasticsearch. With all these shiny scary workarounds like polling, since some APIs are blocking which might lead to a gateway timeout...

Gateway timeout? Yes. Since some operations can run a LONG (multiple hours) time and you don't want to have a ton of open connections hogging resources... You let the loadbalancer kill it. Most operations simply run in ES in the background, while the connection was killed.

So much joy and fun, isn't it?

Now add the latest SMR scandal and a few faulty (as in SMR instead of CMD) hdds in a hundred terabyte ZFS pool and you'll get my frustration level.

PS: The cluster has several dozen terabyte and a lot od nodes. If you have good advice, you're welcome - but please think carefully about this fact.

I might have accidentially vaporized people sending me links with solutions that don't work on large scale TM.

Related to the project in my last rant...

Project got delayed for about a month in total because the API for the payment gateway wasn’t allowing charges against stored cards. Could save, modify, and delete them, but no charges.

After a week of trying to get things working based on the documentation, I get in touch with the vendor (great people) who file a support request with the people running the processor so we can see what’s up. Long story short, that amounted to 3 weeks of getting ignored until the vendor raised hell on my behalf, only to get the following reply back:

“You’ve been using the dev credentials, try it on live transactions instead!”

Thankfully, we’re able to move the customer to another processor under the same vendor, where I already have all the requests figured out...

Expectations: "I will just implement a simple checkout with this payment gateway API, it should be easy to get it working. Probably a day or two at most"
Reality: Spend a week fighting with the SDK, the rest API, and the incomplete documentation just to realize you'll need to fork and fix the fucking official SDK just to make it work.

Question.. architecting a large system. I’ve broken it down to microservices for the DB and rest API / gateway

I want there to be some some processes that run continuously not event driven via rest. Say analytics for example what is the best way todo that? Just another service running on on a server? And said service has its own API? That when the other rest APIs are called could then hop and call the new service?

Or say we had a PDF upload via rest should that service then do the parsing before uploading to DB .. or should the rest api that does the uploading then call another rest api to another service dedicated todo the parsing and uploading to the db?

I think the bigger way to explain the question is the encapsulation between DAL.. data access layer which I have existing.. but then there’s the BLL .. buisness logic layer which I don’t know if it should have its own APIs via own microservices running in the background.

Just fucking hate how expensive and hard to find a cheap SMS gateway

And as in cheap, I mean cheap as send email

I found Cheap Global SMS and it doesn't have a professional website nor a good API but it is way more cheap

Downside? I must pay with a payment gateway made by the same company (coincidence?)

And NO WAY I'm sending my id to a payment gateway that no one uses

I'll try sending some random image to see if they accept it

But, still, no confidence to put my credit card in there

CORS errors on AWS API Gateway just might be the bane of my existence.

A question or more discussion / looking for feedback.

Let's say we have

Application Firewall
- Application Routing
-- API Gateway

Then lots of containers.

Would you use host based routing in the containers?

It seems wrong to me, as in my opinion it breaks the boundary the API gateway provides.

Maybe someone can share his experience, I'd be delighted.

API gateway without network isolation for use of network isolation

Started working with AWS API Gateway and needed to process some data coming in from an it via AWS Lambda.

After much tinkering with the API Gateway, realised that no matter what I do, the response body of the API Gateway will be a string literal and not a JSON.

Why does this have to be this way? Half a day lost banging the head against the wall.

Previous job I worked, we had a system for taking bookings. I may have made a slight miscalculation in implementing the payment api. Which resulted in people being double charged, undercharged etc. Tbh the payment gateway was ancient and we had to grapple with their SOAP API not fun. But just shows we all made mistakes, suppose it's how you deal with them, when they crop up that defines us as devs.

I'm looking for an affordable but highly available SMS Gateway with an API. Any ideas?

Hi Guys if you can share your opinion/experience in what I wrote below it would help me a lot, thanks !

Im a full-stack developer with 4 years of experience, worked with different technologies in backend, frontend, mobile etc.. so I have general knowdgele of how systems works and how they should be built.

So I work as CTO in a startup, Im for almost 2 years here I started here with minimum salary (I decided that, because they said to me we are startup and such things so I wanted to help) 2.2k Euros and it has been almost 2 years without pay rise, so last month I asked for pay rise, but they said to me that they dont have money and sent me +300 euros as gift.

One week ago I wrote to them again (co-founders) that I have a lot of pressure and I dont know if I can handle all of that for much time he told me that I got +300 euro pay rise (which it was gift from them in first place, I refused them to sent this to me), but TODAY CEO and Co-Founder wrote to again me asking if I accept +300 euro pay rise because they can afford to pay me 2.5k or if I dont accept this they can sent me 2.2k again (they think that 2.5k is maximum that they can pay me right now and that this is enough for me).

I want to ask you guys what would you do, would you accepting something like this, considering that right now Im only dev here (yes Im only dev) and Im taking care of these(yes all of these) :

1. Company Website (react js)
2. Web Admin Panel (that clients use to manage their data)(react js)
3. Web Application (that visitors use to see client data)(react js)
4. Widgets (some code that is integrated into clients websites it's same as application, but integrated directly to client website)(react js)
5. Backend of all 3 apps mentioned above (asp.net core)
6. AWS Architecture( some of services : Cognito,Lambda,RDS,API Gateway,CloudFront,S3)
7. DevOps Role

Also consider that I didnt take holidays for 1 year now working on weekends too :)

Weekend 3 trying to configure user pool authentication with aws lambda/API gateway with SAM/cloudformation. What a disaster documentation is around this.

Whenever I post a question on stack overflow I get the views with 0 responses. Does anyone even use this garbage?

Seriously wth aws.

I got sucked into a rabbit hole with this.

Trying to stand up an app using AWS "serverless" and Cognito, but feel like I've shown up to a seminar on time shares by multi-level-marketers. Has anyone really used this?

Which API Gateway do you prefer?

I don't get keycloak. Anyone who has experience with it, please help.

We have what I would think is a common setup: a kubernetes cluster with a Spring boot api-gateway and keycloak as oauth2-provider.

The api-gateway needs an issuer-uri to keycloak for endpoint discovery, i.e. to configure a bunch of endpoints to keykloak for different purposes.

The two main purposes are: 1. to redirect the user to keycloak (must be an url reachable from outside the cluster, i.e. ingress) 2. to authenticate tokens directly with keycloak from within the cluster.

Keycloak can be configured to set some of these discovery endpoints to different values. Specifically it makes a separation between backfacing (system calls in cluster) and frontfacing (user call from browser) urls All seems good.

However, when using this setup, each time spring security authenticates a token against keycloak it says the "issuer" is invalid. This is because the issuer is the host on which the token was generated. This host was the one in the url which the user was redirected to i.e. the ingress.

It feels like there is no way around this except running keycloak outside the Kubernetes cluster, but surely there must be a way to run keycloak in the same cluster. What else is the purpose of keycloak having the concept of back- and frontfacing urls?