New Authservice setup breaks istio HTTP > HTTPS redirect when applied at the ingressgateway level
When the protect: keycloak
label is placed on the ingressgateway pods, the 80>443 redirect performed by istio gateways is broken because every request through the IGW is passed through authservice and the HTTP requests don't contain a JWT.
Ensure the following resource is present in the istio-controlplane package and once merged into BigBang this issue can be closed:
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: redirect-authz
namespace: istio-system
spec:
action: ALLOW
rules:
- to:
- operation:
ports: ["8080"]
selector:
matchLabels:
protect: keycloak