Hello,
I need to create routes via istio-proxy to my keycloak service running in one pod A in my k8s cluster. I need a route from my browser along a route from another pod B running another service. Keycloak has some limitations with its tokens mandating URL used to access service from browser should be same with the one used to route from inside the pod. I use ckeysecure.io hostname to route from the browser via ingress gateway using a virtual service to route to correct k8s service name of keycloak(umsecure-ckey.istiorock.svc.cluster.local).This is working perfectly.
Then i apply virtual service routing to both gateway and mesh to create also routes from pod B to podA. Since ckeysecure.io is not resolvable from inside the pod, i create a dummy /etc/hosts entry to 1.1.1.1 letting istio routes to route request http(s)://ckeysecure.io from inside pod B to pod A. Using a curl command,request is routed with http://ckeysecure.io but not with https://ckeysecure.io. Checking routes configuration with istioctl proxy-config routes, i can see routes for ckeysecure.io:80 but not for ckeysecure.io:443. Keep in mind that i need to access keycloak via https since i need to use same URL with browser.
My virtual service configuration:
Name: umsecure-ckey-vs
Namespace: istiorock
Labels: app=umsecure-ckey
chart=ckey-8.10.12
heritage=Tiller
release=umsecure
Annotations:
API Version: networking.istio.io/v1beta1
Kind: VirtualService
Metadata:
Creation Timestamp: 2020-10-20T15:58:03Z
Generation: 8
Resource Version: 38881036
Self Link: /apis/networking.istio.io/v1beta1/namespaces/istiorock/virtualservices/umsecure-ckey-vs
UID: a50f18ab-e79a-4861-832f-50003e80f447
Spec:
Gateways:
umsecure-ckey-gw
mesh
Hosts:
ckeysecure.io
Http:
Route:
Destination:
Host: umsecure-ckey.istiorock.svc.cluster.local
Port:
Number: 8080