{{- if and .Values.keycloak.enabled .Values.keycloak.istio.admin.enabled .Values.keycloak.istio.admin.url }} # Admin endpoint / all URLs allowed apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: {{ template "kubezero-lib.fullname" $ }}-admin namespace: {{ .Release.Namespace }} labels: {{- include "kubezero-lib.labels" $ | nindent 4 }} spec: gateways: - {{ .Values.keycloak.istio.admin.gateway }} hosts: - {{ .Values.keycloak.istio.admin.url }} http: - route: - destination: host: {{ template "kubezero-lib.fullname" $ }}-keycloak {{- end }} --- {{- if and .Values.keycloak.enabled .Values.keycloak.istio.auth.enabled .Values.keycloak.istio.auth.url }} # auth endpoint - only expose minimal URls apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: {{ template "kubezero-lib.fullname" $ }}-auth namespace: {{ .Release.Namespace }} labels: {{- include "kubezero-lib.labels" $ | nindent 4 }} spec: gateways: - {{ .Values.keycloak.istio.auth.gateway }} hosts: - {{ .Values.keycloak.istio.auth.url }} http: - match: - uri: regex: ^/(js/|realms/|resources/|robots.txt).* route: - destination: host: {{ template "kubezero-lib.fullname" $ }}-keycloak {{- end }}