Keycloak in Istio #8864
-
|
I have set up a local minikube in the hopes of replicating this set up in a production environment. I was able to use keycloak operator to set up a running pod with the istio-proxy sidecar container. However, 2 things came up.
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Beta Was this translation helpful? Give feedback.
-
|
This is great info, thank you. I will resign to using standalone on a vm. It would be great to have keycloak work in a service mesh like istio where the TLS is terminated at the istio-proxy sidecar container. Will there be such a possibility with keycloak-x? |
Beta Was this translation helpful? Give feedback.
-
|
Is it possible for the Operator to have an option for the Service to expose port 8080? Then you would have the open port and could possibly put it behind the istio proxy with mtls? |
Beta Was this translation helpful? Give feedback.
-
|
@vmuzikar I am not sure if there is an implementation with istio example out there, but in the new service mesh/microservices world (behind a reverse proxy set up), I could imagine this requirement growing in popularity. @mmosttler I couldn't see a way that port 8080 (straight http) could be set up with keycloak operator because it auto generated self signed certs, if you didn't explicitly set certs for it to create a keystore for you. I am interested in whether this kind of set up would be possible with keycloak-x. |
Beta Was this translation helpful? Give feedback.
sso-x509-https-secretsecret is found but that's normally created only on OpenShift which I assume is not your case).