[docs] Document keycloakInternalUrl platform value

[sircthulhu]

What this PR does

Documents the new authentication.oidc.keycloakInternalUrl platform value across three pages:

• Platform Package Reference: added to the Authentication values table
• Self-Signed Certificates: added a section explaining how to configure the internal URL for the dashboard
• Enable OIDC Server: added an info alert linking to the self-signed certificates page

Related: cozystack/cozystack#2224

Release note

[docs] Added documentation for `keycloakInternalUrl` platform value that routes dashboard backend OIDC requests through internal Keycloak service.

Summary by CodeRabbit

• Documentation
  • Added reference documentation for optional Keycloak internal URL configuration field
  • Added usage guidance for configuring internal Keycloak URLs in OIDC setups
  • Added instructions for setting internal Keycloak URLs in self-signed certificate environments

[netlify]

✅ Deploy Preview for cozystack ready!

Name	Link
🔨 Latest commit	ffbd20d
🔍 Latest deploy log	https://app.netlify.com/projects/cozystack/deploys/69b79e3f5f0792000869f21d
😎 Deploy Preview	https://deploy-preview-452--cozystack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds documentation for a new OIDC Keycloak configuration field authentication.oidc.keycloakInternalUrl, enabling internal backend-to-backend requests to Keycloak. Documentation covers field reference, usage notes, and configuration examples for self-signed certificate scenarios.

Changes

Cohort / File(s)	Summary
OIDC Keycloak Internal URL Configuration Documentation content/en/docs/v1/operations/configuration/platform-package.md, content/en/docs/v1/operations/oidc/enable_oidc.md, content/en/docs/v1/operations/oidc/self-signed-certificates.md	Added comprehensive documentation for the new authentication.oidc.keycloakInternalUrl configuration field, including platform package reference, usage alert blocks, and step-by-step configuration instructions for environments with self-signed certificates or restricted external access.

Poem

🐰 A secret path for Keycloak to find,
Through inner URLs, backends aligned,
No certificates to fear or fret,
Just pod-to-pod communion, yet,
Documentation hops the way! 🌱

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: documentation for the keycloakInternalUrl platform value across three documentation files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch docs/keycloak-internal-url

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the documentation for OIDC configuration by introducing and explaining the keycloakInternalUrl platform value. This new documentation clarifies how to route dashboard backend OIDC requests through an internal Keycloak service, offering a solution for environments with self-signed certificates or restricted external access and improving the flexibility of OIDC setup within the system.

Highlights

• Platform Package Reference: The authentication.oidc.keycloakInternalUrl platform value has been added to the Authentication values table, detailing its purpose for internal backend-to-backend Keycloak requests.
• Self-Signed Certificates: A new section has been introduced explaining how to configure the internal Keycloak URL for the dashboard, particularly useful in environments with self-signed certificates or restricted external access.
• Enable OIDC Server: An informational alert has been added, linking to the self-signed certificates page and highlighting the optional keycloakInternalUrl setting for internal cluster network access to Keycloak.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• content/en/docs/v1/operations/configuration/platform-package.md
  • Documented the authentication.oidc.keycloakInternalUrl platform value in the Authentication values table, including its description and an example internal URL.
• content/en/docs/v1/operations/oidc/enable_oidc.md
  • Added an info alert box that explains the optional keycloakInternalUrl setting for internal Keycloak access and links to the self-signed certificates documentation.
• content/en/docs/v1/operations/oidc/self-signed-certificates.md
  • Created a new section titled 'Optional: Configure Internal Keycloak URL for Dashboard' to explain how to use an internal Keycloak URL for backend requests.
  • Provided a kubectl patch command example for setting the keycloakInternalUrl.
  • Included an alert clarifying that this configuration only affects the dashboard's oauth2-proxy and not the Kubernetes API server's Keycloak access.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds documentation for the new keycloakInternalUrl platform value. The changes are well-written and provide clear explanations across the platform package reference, a new section in the self-signed certificates guide, and an informational alert in the OIDC setup guide. I have one suggestion to improve navigation by adding a direct link to the new section.

[gemini-code-assist]

For a better user experience, it's good practice to link directly to the relevant section of a document. The current link takes the user to the top of the 'Self-Signed Certificates' page, but the relevant information is in a new section. Please add an anchor to the link to navigate the user directly to the 'Optional: Configure Internal Keycloak URL for Dashboard' section.

Suggested change

	**Optional**: If you want the dashboard to reach Keycloak via the internal cluster network instead of the external ingress, set `keycloakInternalUrl`. This is useful in environments with self-signed certificates or restricted external access. See [Self-Signed Certificates](../self-signed-certificates/) for details.
	**Optional**: If you want the dashboard to reach Keycloak via the internal cluster network instead of the external ingress, set `keycloakInternalUrl`. This is useful in environments with self-signed certificates or restricted external access. See [Self-Signed Certificates](../self-signed-certificates/#optional-configure-internal-keycloak-url-for-dashboard) for details.

[coderabbitai]

🧹 Nitpick comments (1)

content/en/docs/v1/operations/oidc/enable_oidc.md (1)

85-85: Use the full config path for precision.

At Line 85, consider using authentication.oidc.keycloakInternalUrl instead of keycloakInternalUrl to match the reference docs and reduce ambiguity.

✏️ Suggested wording tweak

-**Optional**: If you want the dashboard to reach Keycloak via the internal cluster network instead of the external ingress, set `keycloakInternalUrl`. This is useful in environments with self-signed certificates or restricted external access. See [Self-Signed Certificates](../self-signed-certificates/) for details.
+**Optional**: If you want the dashboard to reach Keycloak via the internal cluster network instead of the external ingress, set `authentication.oidc.keycloakInternalUrl`. This is useful in environments with self-signed certificates or restricted external access. See [Self-Signed Certificates](../self-signed-certificates/) for details.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@content/en/docs/v1/operations/oidc/enable_oidc.md` at line 85, Replace the
ambiguous key name `keycloakInternalUrl` with the fully-qualified config path
`authentication.oidc.keycloakInternalUrl` in the documentation text so it
matches the reference docs and removes ambiguity when users set the value;
locate the occurrence of `keycloakInternalUrl` in the enable_oidc.md content and
update the phrasing to reference `authentication.oidc.keycloakInternalUrl`
instead.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@content/en/docs/v1/operations/oidc/enable_oidc.md`:
- Line 85: Replace the ambiguous key name `keycloakInternalUrl` with the
fully-qualified config path `authentication.oidc.keycloakInternalUrl` in the
documentation text so it matches the reference docs and removes ambiguity when
users set the value; locate the occurrence of `keycloakInternalUrl` in the
enable_oidc.md content and update the phrasing to reference
`authentication.oidc.keycloakInternalUrl` instead.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5d644b85-057c-444d-9203-884fc9b64404

📥 Commits

Reviewing files that changed from the base of the PR and between 7abc47b and ffbd20d.

📒 Files selected for processing (3)

• content/en/docs/v1/operations/configuration/platform-package.md
• content/en/docs/v1/operations/oidc/enable_oidc.md
• content/en/docs/v1/operations/oidc/self-signed-certificates.md