Keycloak-operator and Istio

Hello everybody!

I’ve been trying to make the Keycloak-operator to work in a K8s cluster with the Istio service mesh installed, but no success so far.
Basically, I’m able to deploy the operator itself and even create a Keycloak custom resource through it. Then, whenever the operator needs to create another custom resource, like a Realm or user on Keycloak, the operator fails to do so.
The operator logs shows the following:

https://keycloak.wph-hc.svc:8443 is not a valid keycloak url : Get https://keycloak.wph-hc.svc:8443: http: server gave HTTP response to HTTPS client”

As far as I understood, Istio is responding HTTP, when it should be HTTPS.
One test I did was to rename the Keycloak service port (created by the operator) to “https-keycloak”, as Istio detects the protocol from the port name, which made the request to work, but briefly, as the operator changed the service port name back to the original.
I’ve been trying to work my way around this with Istio itself, using Virtual services, Destination Rules, but no success so far.

Does anyone tried doing this before or have any way around this?

you need to set a custom header on your virtual service like this:

            X-Forwarded-Proto: "https"