In this exercise we will run the application in your Kubernetes cluster using precompiled container images for our sample application: articles-secure, web-api-secure, and web-app. These container images have been uploaded to Docker Hub.
When running locally, you will set the Keycloak URL as OpenID Connect (OIDC) provider in application.properties. When running on a Kubernetes cluster we cannot set the OIDC provider (keycloak) in application.properties without recompiling the code, building a new image, and loading this image in a Image repository that is accessible to your Kubernetes cluster. So for this example, we specify the Quarkus OIDC property as environment variable during deployment. The environment variable is read from a config map.
This is our configmap definition:
kind: ConfigMapapiVersion: v1metadata:name: security-url-configdata:QUARKUS_OIDC_AUTH_SERVER_URL: "http://keycloak:8080/auth/realms/quarkus"
Our Keycloak service runs in the same namespace as the rest of the application, so all we need is the name of the service (keycloak) and the port numer (8080).
Apply the configmap.yaml
kubectl apply -f configmap.yaml
Deploy Articles Microservice
cd $ROOT_FOLDER/articles-secure/deploymentkubectl apply -f articles.yaml
Deploy Web-API Microservice
cd $ROOT_FOLDER/web-api-secure/deploymentkubectl apply -f web-api.yaml
Deploy Web-App Vue.js frontend application
cd $ROOT_FOLDER/web-app/deploymentkubectl apply -f web-app.yaml
Verify all pods are running
kubectl get pods
Example output:
NAME READY STATUS RESTARTS AGEarticles-5df77c46b4-v7xcd 2/2 Running 0 3h35mkeycloak-77cffb978-vjttk 2/2 Running 0 44hweb-api-5c9698b875-kz82k 2/2 Running 0 3h35mweb-app-659c4676d9-pw6f8 2/2 Running 0 3h34m
Try to open the Cloud-Native-Starter application in a browser. Use the $INGRESSURL
of your cluster, which is the URL to the frontend application Web_APP
you deployed before.
echo https://$INGRESSURL
You will see we need to configure the redirect in Keycloak
Open Keycloak in a browser and login to Keycloak with user: admin
and password: admin
. Get the right URL by display the URL with the following terminal command.
echo https://$INGRESSURL/auth/admin/master/console/#/realms/quarkus
Select Clients
and then frontend
in Keycloak.
Ajust the client frontend URIs https://YOUR-URL:auth
with valid redirect URI you get with the command:
echo https://$INGRESSURL
Replace the entries with your value.
Use following URL:
echo https://$INGRESSURL
Login in with user: alice
and password: alice
Now you see the entries of the articles