{{- if and .Values.keycloak.enabled .Values.keycloak.istio.admin.enabled .Values.keycloak.istio.admin.url }}
# Admin endpoint / all URLs allowed
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: {{ template "kubezero-lib.fullname" $ }}-admin
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "kubezero-lib.labels" $ | nindent 4 }}
spec:
  gateways:
  - {{ .Values.keycloak.istio.admin.gateway }}
  hosts:
  - {{ .Values.keycloak.istio.admin.url }}
  http:
  - route:
    - destination:
        host: {{ template "kubezero-lib.fullname" $ }}-keycloak
{{- end }}

---

{{- if and .Values.keycloak.enabled .Values.keycloak.istio.auth.enabled .Values.keycloak.istio.auth.url }}
# auth endpoint - only expose minimal URls
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: {{ template "kubezero-lib.fullname" $ }}-auth
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "kubezero-lib.labels" $ | nindent 4 }}
spec:
  gateways:
  - {{ .Values.keycloak.istio.auth.gateway }}
  hosts:
  - {{ .Values.keycloak.istio.auth.url }}
  http:
  - match:
    - uri:
        regex: ^/(js/|realms/|resources/|robots.txt).*
    route:
    - destination:
        host: {{ template "kubezero-lib.fullname" $ }}-keycloak
{{- end }}