EAS redirect set to `eas.myhost.com` instead of `myservice.myhost.com`

Hi there!

We recently rebuilt our Azure Kubernetes cluster and added a VNET and CNI plugin. The this process itself went well, but we are now seeing some oddities with our EAS instance.

When attempting to authenticate our service using a EAS as a Treafik middleware, EAS does not seem to redirect to the service, instead redirecting to eas.myhost.com/?__eas_oauth_handler__=authorization_callback&code=XXXXXXXXXXXXXXX..... The browser shows Cannot GET /.

When digging into the logs, we see that the parsed state redirect URI is set to eas.myhost.com:

{"level":"verbose","message":"parsed state redirect uri: {\"scheme\":\"https\",\"host\":\"eas.myhost.com\",\"path\":\"\",\"reference\":\"absolute\"}","service":"external-auth-server"}

This prompted us to compare with our production cluster that runs the exact same configuration, but without the VNET and CNI plugin. Here, the parsed state redirect URI is set correctly:

{"level":"verbose","message":"parsed state redirect uri: {\"scheme\":\"https\",\"host\":\"myservice.myhost.com\",\"path\":\"/\",\"reference\":\"absolute\"}","service":"external-auth-server"}

Not sure what is going on here. Is the redirect URI modified somewhere in-flight? Where in the code does EAS set the query state?