# Exercise 1: Deploy microservices to Kubernetes In this exercise we will run the application in your Kubernetes cluster using precompiled container images for our sample application: articles-secure, web-api-secure, and web-app. These container images have been uploaded to [Docker Hub](https://hub.docker.com/u/haraldu). ![](/files/-MIOE9l9qKkRdQDXVPPH) When running locally, you will set the Keycloak URL as OpenID Connect (OIDC) provider in application.properties. When running on a Kubernetes cluster we cannot set the OIDC provider (keycloak) in application.properties without recompiling the code, building a new image, and loading this image in a Image repository that is accessible to your Kubernetes cluster. So for this example, we specify the Quarkus OIDC property as environment variable during deployment. The environment variable is read from a config map. ## STEP 1: Apply configmap This is our configmap definition: ```bash kind: ConfigMap apiVersion: v1 metadata: name: security-url-config data: QUARKUS_OIDC_AUTH_SERVER_URL: "http://keycloak:8080/auth/realms/quarkus" ``` Our Keycloak service runs in the same namespace as the rest of the application, so all we need is the name of the service (keycloak) and the port numer (8080). * Apply the `configmap.yaml` ```bash cd $ROOT_FOLDER/IKS kubectl apply -f configmap.yaml ``` ## STEP 2: Now deploy the 3 services * Deploy Articles Microservice ```bash cd $ROOT_FOLDER/articles-secure/deployment kubectl apply -f articles.yaml ``` * Deploy Web-API Microservice ```bash cd $ROOT_FOLDER/web-api-secure/deployment kubectl apply -f web-api.yaml ``` * Deploy Web-App [Vue.js](https://vuejs.org/) frontend application ```bash cd $ROOT_FOLDER/web-app/deployment kubectl apply -f web-app.yaml ``` * Verify all pods are running ```bash kubectl get pods ``` Example output: ```bash NAME READY STATUS RESTARTS AGE articles-5df77c46b4-v7xcd 2/2 Running 0 3h35m keycloak-77cffb978-vjttk 2/2 Running 0 44h web-api-5c9698b875-kz82k 2/2 Running 0 3h35m web-app-659c4676d9-pw6f8 2/2 Running 0 3h34m ``` ## STEP 3: Adjust the redirect, admin, web origins URLs in Keycloak * Try to open the Cloud-Native-Starter application in a browser. Use the `$INGRESSURL` of your cluster, which is the URL to the frontend application `Web_APP` you deployed before. ```bash echo https://$INGRESSURL ``` * You will see we need to configure the redirect in Keycloak ![](/files/-MFGFdXS0wy89ZVO-Wv6) * Open Keycloak in a browser and login to Keycloak with `user: admin` and `password: admin`. Get the right URL by display the URL with the following terminal command. ```bash echo https://$INGRESSURL/auth/admin/master/console/#/realms/quarkus ``` * Select `Clients` and then `frontend` in Keycloak. ![](/files/-MFGFdXTg-r3kvwHiPC3) * Ajust the client frontend URIs `https://YOUR-URL:auth` with valid redirect URI you get with the command: ```bash echo https://$INGRESSURL ``` Replace the entries with your value. ![](/files/-MFGFdXUsmqC18EzAWXO) ## STEP 4: Open the Cloud Native Starter application in your browser * Use following URL: ```bash echo https://$INGRESSURL ``` * Login in with `user: alice` and `password: alice` ![](/files/-MFGFdXVNSE9woB5ZBIM) * Now you see the entries of the articles ![](/files/-MFGFdXWnMLdI4dQs_Mx) > Note: The image shows you in Kiali the running applications. These are the simplified steps you see in the image. This is not a part of your hands-on tasks. * 1: The `web-app` will be requested buy our URL to be loaded in a webbrowser. * 2: The `web-app` in the webbrowser does connect to `Keycloak` for Authentication. * 2: The `web-app` in the webbrowser does connect to the `web-api` to get the Articles information. * 4: The `web-api` in does validated the authorization with `Keyloak`. * 5: The `web-api` in the webbrowser does connect to the `articles` to get the Articles information. * 6: The `articles` in does validated the authorization with `Keyloak`. ![](/files/-MUrkW6PDbafYXyaipvO) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ibm-developer.gitbook.io/get-started-with-security-for-your-java-microservi/platform-security-with-mtls/p-sec-exercise-01.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.