# Overview

We need Keycloak for authentication and authorization. And we need Istio to secure access to our services.

In the following exercises we will:

* Install Istio on the IBM Cloud Kubernetes Service (IKS).
* We will use the Istio Ingress gateway to gain access to our sample application and to Keycloak externally with a DNS entry.
* We will secure the Istio Ingress gateway with HTTPS using a certificate that is automatically generated.
* Install Keycloak within the Istio Service Mesh.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ibm-developer.gitbook.io/get-started-with-security-for-your-java-microservi/setup-the-ibm-cloud-application-environment/app-env-exercise-01.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.