apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: kcgateway spec: selector: istio: ingressgateway # use istio default ingress gateway servers: - port: number: 443 name: https protocol: HTTPS tls: mode: PASSTHROUGH hosts: - keycloak.est.tech - port: number: 80 name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: keycloak-tls-vs spec: hosts: - keycloak.est.tech gateways: - kcgateway tls: - match: - port: 443 sniHosts: - keycloak.est.tech route: - destination: host: keycloak.default.svc.cluster.local port: number: 8443 --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: keycloak-vs spec: hosts: - "*" gateways: - kcgateway http: - name: "keycloak-routes" match: - uri: prefix: "/auth" route: - destination: port: number: 8080 host: keycloak.default.svc.cluster.local ---