diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
index e3a9ce64ad..968bfcac98 100644
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.2.29
+version: 0.2.30
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index 94e705b817..c9e8d0f908 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -14,9 +14,9 @@ limitations under the License.
 
 {{- define "apiProbeTemplate" }}
 httpGet:
-  scheme: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+  scheme: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
   path: /v3/
-  port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+  port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{- end }}
 
 {{- if .Values.manifests.deployment_api }}
@@ -80,7 +80,7 @@ spec:
                   - stop
           ports:
             - name: ks-pub
-              containerPort: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+              containerPort: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{ dict "envAll" $envAll "component" "api" "container" "api" "type" "readiness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
 {{ dict "envAll" $envAll "component" "api" "container" "api" "type" "liveness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
           volumeMounts:
diff --git a/keystone/templates/service-api.yaml b/keystone/templates/service-api.yaml
index 5fb0112354..21f9f3c441 100644
--- a/keystone/templates/service-api.yaml
+++ b/keystone/templates/service-api.yaml
@@ -21,9 +21,8 @@ metadata:
   name: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
   ports:
-  {{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
     - name: ks-pub
-      port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+      port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
       {{ if .Values.network.api.node_port.enabled }}
       nodePort: {{ .Values.network.api.node_port.port }}
       {{ end }}
diff --git a/keystone/values.yaml b/keystone/values.yaml
index d5c5bc7631..69546b56b8 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -772,7 +772,7 @@ conf:
       ThreadLimit         720
     </IfModule>
   wsgi_keystone: |
-    {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    {{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 
     Listen 0.0.0.0:{{ $portInt }}
 
@@ -972,12 +972,14 @@ endpoints:
       default: /v3
     scheme:
       default: http
+      service: http
     port:
       api:
         default: 80
         # NOTE(portdirect): to retain portability across images, and allow
         # running under a unprivileged user simply, we default to a port > 1000.
         internal: 5000
+        service: 5000
   oslo_db:
     namespace: null
     auth:
diff --git a/keystone/values_overrides/internal-reverse-proxy.yaml b/keystone/values_overrides/internal-reverse-proxy.yaml
new file mode 100644
index 0000000000..35a5a539b6
--- /dev/null
+++ b/keystone/values_overrides/internal-reverse-proxy.yaml
@@ -0,0 +1,16 @@
+---
+endpoints:
+  identity:
+    host_fqdn_override:
+      public: example.com
+    scheme:
+      default: https
+      public: https
+      internal: https
+      service: http
+    port:
+      api:
+        default: 443
+        internal: 443
+        service: 5000
+...
diff --git a/keystone/values_overrides/tls.yaml b/keystone/values_overrides/tls.yaml
index a9f2fe722c..416194ab9b 100644
--- a/keystone/values_overrides/tls.yaml
+++ b/keystone/values_overrides/tls.yaml
@@ -26,8 +26,7 @@ conf:
       ssl_cert_file: /etc/rabbitmq/certs/tls.crt
       ssl_key_file: /etc/rabbitmq/certs/tls.key
   wsgi_keystone: |
-    {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-    {{- $vh := tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+    {{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 
     Listen 0.0.0.0:{{ $portInt }}
 
@@ -38,7 +37,7 @@ conf:
     CustomLog /dev/stdout combined env=!forwarded
     CustomLog /dev/stdout proxy env=forwarded
 
-    <VirtualHost *:{{ tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+    <VirtualHost *:{{ tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
       ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
       WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
       WSGIProcessGroup keystone-public
@@ -78,6 +77,7 @@ endpoints:
     scheme:
       default: https
       public: https
+      service: https
     port:
       api:
         default: 443
diff --git a/releasenotes/notes/keystone.yaml b/releasenotes/notes/keystone.yaml
index d5699f3160..72b46af8eb 100644
--- a/releasenotes/notes/keystone.yaml
+++ b/releasenotes/notes/keystone.yaml
@@ -45,4 +45,5 @@ keystone:
   - 0.2.27 Use LOG.warning instead of deprecated LOG.warn
   - 0.2.28 Added OCI registry authentication
   - 0.2.29 Support TLS endpoints
+  - 0.2.30 Distinguish between port number of internal endpoint and binding port number
 ...