End-user authentication with Istio and KeyCloak on the AWS EKS environment
When evaluating Istio to use in our AWS EKS clusters environment, I found it is a little bit confusing with end-user authentication which cost me a couple days to set up a running scenario. Moreover, most of the blog posts and online documents only mention end-user authentication with Auth0 (a proprietary authentication solution) or very limited to other software such as KeyCloak. This article describes how I did the configuration to make it work with KeyCloak as well as briefly explaining the authentication flow of Istio. As you may know, Istio introduces two types of authentication which are Transport Authentication and Origin Authentication [0]. Transport Authentication is used for the service to service authentication while Origin Authentication is used for end-user authentication. But, when it comes to real configuration, it looks like I have to apply both types if I want to set up the scenario as follows: Figure 1: Expected scenario What I expected to have are: End-user