# Exercise 1: Deploy microservices to Kubernetes

In this exercise we will run the application in your Kubernetes cluster using precompiled container images for our sample application: articles-secure, web-api-secure, and web-app. These container images have been uploaded to [Docker Hub](https://hub.docker.com/u/haraldu).

![](https://1980280846-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFGEw-4BAG72jtDCP4q%2Fsync%2F301ed5e5f6f221c25dc8d0ababd8254331bdd5cf.png?generation=1601372471435747\&alt=media)

When running locally, you will set the Keycloak URL as OpenID Connect (OIDC) provider in application.properties. When running on a Kubernetes cluster we cannot set the OIDC provider (keycloak) in application.properties without recompiling the code, building a new image, and loading this image in a Image repository that is accessible to your Kubernetes cluster. So for this example, we specify the Quarkus OIDC property as environment variable during deployment. The environment variable is read from a config map.

## STEP 1: Apply configmap

This is our configmap definition:

```bash
kind: ConfigMap
apiVersion: v1
metadata:
  name: security-url-config
data:
  QUARKUS_OIDC_AUTH_SERVER_URL: "http://keycloak:8080/auth/realms/quarkus"
```

Our Keycloak service runs in the same namespace as the rest of the application, so all we need is the name of the service (keycloak) and the port numer (8080).

* Apply the `configmap.yaml`

```bash
cd $ROOT_FOLDER/IKS
kubectl apply -f configmap.yaml
```

## STEP 2: Now deploy the 3 services

* Deploy Articles Microservice

```bash
cd $ROOT_FOLDER/articles-secure/deployment
kubectl apply -f articles.yaml
```

* Deploy Web-API Microservice

```bash
cd $ROOT_FOLDER/web-api-secure/deployment
kubectl apply -f web-api.yaml
```

* Deploy Web-App [Vue.js](https://vuejs.org/) frontend application

```bash
cd $ROOT_FOLDER/web-app/deployment
kubectl apply -f web-app.yaml
```

* Verify all pods are running

```bash
kubectl get pods
```

Example output:

```bash
NAME                        READY   STATUS                       RESTARTS   AGE
articles-5df77c46b4-v7xcd   2/2     Running                0          3h35m
keycloak-77cffb978-vjttk    2/2     Running                      0          44h
web-api-5c9698b875-kz82k    2/2     Running                 0          3h35m
web-app-659c4676d9-pw6f8    2/2     Running                      0          3h34m
```

## STEP 3: Adjust the redirect, admin, web origins URLs in Keycloak

* Try to open the Cloud-Native-Starter application in a browser. Use the `$INGRESSURL` of your cluster, which is the URL to the frontend application `Web_APP` you deployed before.

```bash
echo https://$INGRESSURL
```

* You will see we need to configure the redirect in Keycloak

![](https://1980280846-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFGEw-4BAG72jtDCP4q%2Fsync%2F6aaf81683562585ad260717e063892fb78021247.png?generation=1598017427292531\&alt=media)

* Open Keycloak in a browser and login to Keycloak with `user: admin` and `password: admin`. Get the right URL by display the URL with the following terminal command.

```bash
 echo https://$INGRESSURL/auth/admin/master/console/#/realms/quarkus
```

* Select `Clients` and then `frontend` in Keycloak.

![](https://1980280846-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFGEw-4BAG72jtDCP4q%2Fsync%2Faeeac8eb36fef71bbfdd46f0638f91e4dfa41f01.png?generation=1598017429705501\&alt=media)

* Ajust the client frontend URIs `https://YOUR-URL:auth` with valid redirect URI you get with the command:

```bash
 echo https://$INGRESSURL
```

Replace the entries with your value.

![](https://1980280846-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFGEw-4BAG72jtDCP4q%2Fsync%2Fc2bbc4c9ea24b399f6a2ae7cbfe127e494ed907b.png?generation=1598017427519759\&alt=media)

## STEP 4: Open the Cloud Native Starter application in your browser

* Use following URL:

```bash
 echo https://$INGRESSURL
```

* Login in with `user: alice` and `password: alice`

![](https://1980280846-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFGEw-4BAG72jtDCP4q%2Fsync%2Ff447c561c6b4f2e214d3add81e6fcfd0fc2a1123.png?generation=1598017425981308\&alt=media)

* Now you see the entries of the articles

![](https://1980280846-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFGEw-4BAG72jtDCP4q%2Fsync%2F319c6fc1632f0fac32eb414ca51798657afbdeaa.png?generation=1598017428455119\&alt=media)

> Note: The image shows you in Kiali the running applications. These are the simplified steps you see in the image. This is not a part of your hands-on tasks.

* 1: The `web-app` will be requested buy our URL to be loaded in a webbrowser.
* 2: The `web-app` in the webbrowser does connect to `Keycloak` for Authentication.
* 2: The `web-app` in the webbrowser does connect to the `web-api` to get the Articles information.
* 4: The `web-api` in does validated the authorization with `Keyloak`.
* 5: The `web-api` in the webbrowser does connect to the `articles` to get the Articles information.
* 6: The `articles` in does validated the authorization with `Keyloak`.

![](https://1980280846-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFGEw-4BAG72jtDCP4q%2Fsync%2F2ee9741fd677d30eccae2b019b2e95619db00f29.png?generation=1614769428822587\&alt=media)