Spring Boot, Minikube, Istio and Keycloak: "Invalid parameter: redirect_uri"

Question

I have an application running in Minikube that works with the ingress-gateway as expected. A spring boot app is called, the view is displayed and a protected resource is called via a link. The call is forwarded to Keycloak and is authorized via the login mask and the protected resource is displayed as expected.

With Istio the redirecting fails with the message: "Invalid parameter: redirect_uri".

My Istio Gateway config

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  namespace: istio-system
  name: istio-bomc-app-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"

My virtualservice config

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-bomc-app-hrm-virtualservice
  namespace: bomc-app
spec:
  hosts:
  - "*"
  gateways:
  - istio-bomc-app-gateway.istio-system.svc.cluster.local
  http:
  - match:
    - uri:              
       prefix: /bomc-hrm
    route:
    - destination:
        host: bomc-hrm-service.bomc-app.svc.cluster.local
        port:
          number: 80

After clicking the protected link, I get the following URI in the browser:

http://192.168.99.100:31380/auth/realms/bomc-hrm-realm/protocol/openid-connect/auth?response_type=code&client_id=bomc-hrm-app&redirect_uri=http%3A%2F%2F192.168.99.100%2Fbomc-hrm%2Fui%2Fcustomer%2Fcustomers&state=4739ab56-a8f3-4f78-bd29-c05e7ea7cdbe&login=true&scope=openid

I see the redirect_uri=http%3A%2F%2F192.168.99.100%2F is not complete. The port 31380 is missing.

How does Istio VirtualService need to be configured?

Answer 1

Have you checked the following command into Google Cloud Maybe you will have clues using it

kubectl describe

Check Kube