How do I create a URL frontend to my keycloak instance after connecting it up to istio
As far as I can see, you should fix your Virtual Service.
I prepared small example with helm and keycloak helm chart.
Save this as keycloak.yaml, you can configure your keycloak password here.
keycloak: service: type: ClusterIP password: mykeycloakadminpasswd persistence: deployPostgres: true dbVendor: postgres
Install keycloak with helm and values prepared above.
helm upgrade --install keycloak stable/keycloak -f keycloak.yml
Create gateway and virtual service
apiVersion: networking.istio.io/v1alpha3kind: Gatewaymetadata: name: keycloak-gatewayspec: selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 name: http protocol: HTTP hosts: - "*"---apiVersion: networking.istio.io/v1alpha3kind: VirtualServicemetadata: name: keycloakspec: hosts: - "*" gateways: - keycloak-gateway http: - match: - uri: prefix: /auth - uri: prefix: /keycloak rewrite: uri: /auth route: - destination: host: keycloak-http port: number: 80
virtual service route.host
is name of kubernetes keycloak pod service.
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkeycloak-http ClusterIP 10.0.14.36 <none> 80/TCP 22m
You should be able to connect to keycloak via your ingress_gateway_ip/keycloak or ingress_gateway_ip/auth and login with keycloak credentials, in my example it's login: keycloak
and password: mykeycloakadminpasswd
.
Note that you need to add prefix for /auth as it's default keycloak web to do everything. Keycloak prefix just rewrite to /auth here.