Keycloak Istio Ingress Gateway

Hello Guys good evening.

Basically I have in minikube already deploy keycloak and now I want to ingress using Istio Ingress Gateway.

However I haven’t been able to do it.

The steps that I follow are next:

Note: I’m working in a namespace called test.

  1. Create a ssl certificate using the next command: openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=auth.localtest.me/O=test"
  2. Create a secret in the cluster: kubectl create secret -n test tls auth-tls-secret --key tls.key --cert tls.crt
  3. Deploy keycloak:
apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
    - name: https
      port: 443
      targetPort: 8443
  selector:
    app: keycloak
  type: ClusterIP
  clusterIP: None
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  replicas: 2
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:20.0.2
          args: ["start", "--cache-stack=kubernetes"]
          volumeMounts:
          - name: certs
            mountPath: "/etc/certs"
            readOnly: true
          env:
            - name: KEYCLOAK_ADMIN
              value: "admin"
            - name: KEYCLOAK_ADMIN_PASSWORD
              value: "admin"
            - name: KC_HTTPS_CERTIFICATE_FILE
              value: "/etc/certs/tls.crt"
            - name: KC_HTTPS_CERTIFICATE_KEY_FILE
              value: "/etc/certs/tls.key"
            - name: KC_HEALTH_ENABLED
              value: "true"
            - name: KC_METRICS_ENABLED
              value: "true"
            - name: KC_HOSTNAME
              value: keycloak.localtest.me
            - name: KC_PROXY
              value: "edge"
            - name: KC_DB
              value: postgres
            - name: KC_DB_URL
              value: "jdbc:postgresql://keycloak-db-postgresql-ha-pgpool/postgres"
            - name: KC_DB_USERNAME
              value: "postgres"
            - name: KC_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-postgresql-ha-postgresql
                  key: password
            - name: jgroups.dns.query
              value: keycloak
          ports:
            - name: jgroups
              containerPort: 7600
            - name: https
              containerPort: 8443
          readinessProbe:
            httpGet:
              scheme: HTTPS
              path: /health/ready
              port: 8443
            initialDelaySeconds: 60
            periodSeconds: 1
      volumes:
      - name: certs
        secret:
          secretName: auth-tls-secret

  1. Create the Istio gateway:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: test-gateway
 
spec:
  selector:
    istio: ingressgateway
  servers:

    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - '*'

    - port:
        number: 443
        name: https
        protocol: HTTPS
      tls: 
        mode: SIMPLE
        credentialName: auth-tls-secret
        
      hosts:
        - '*'
  1. create a virtual service for keycloak
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: keycloak-vs
spec:
  hosts:
    - keycloak.localtest.me
  gateways:
    - test-gateway

  tls:
    - match:
      - port: 443
        sniHosts:
        - keycloak.localtest.me
      route:
        - destination:
            host: keycloak.test.svc.cluster.local
            port:
               number: 443

However when I try to enter to keycloak.localtes.me, the connection is closed and I get the next error in the pod log:

error cache resource:file-cert:/etc/certs/tls.crt~/etc/certs/tls.key failed to generate secret for proxy from file: open /etc/certs/tls.crt: no such file or directory

I understand what is happening but I don’t know exactly what is wrong in my configuration or how to solve it.

I really appreciate if you can help me and if you have any idea how to solve this.