Keycloak and Istio
What is Istio ?
The end of the adapters ?
The Envoy Sidecar
The JWT-Auth Filter
The Keycloak-Istio Demo
- A Keycloak Pod : a pod containing a Keycloak Server.
- A Web App Pod (Cars Web): this pod contains the Web App that will perform the authentification through the Keycloak login in order to obtain a JWT token
- Then we have the Istio related components :
- The Pilot to configure the Envoy proxies
- The Mixer to handle the attributes returned by Envoy
- The API Service (Cars API) : this pod will have two containers :
- The API service itself, in this case a simple Spring Boot Application
- The Envoy Side-Car container
- We indicate what needs to be configured, the kind of policy and implicitly the correct filter (in our case the jwt-auth filter) will be configured.
- It needs to know where to retrieve Keycloak's Public key in order to verify the JWT signature.
- The issuer : who has generated the token ? In this case it's also the Keycloak Server.