Exercise 1: Deploy microservices to Kubernetes
In this exercise we will run the application in your Kubernetes cluster using precompiled container images for our sample application: articles-secure, web-api-secure, and web-app. These container images have been uploaded to Docker Hub.
When running locally, you will set the Keycloak URL as OpenID Connect (OIDC) provider in application.properties. When running on a Kubernetes cluster we cannot set the OIDC provider (keycloak) in application.properties without recompiling the code, building a new image, and loading this image in a Image repository that is accessible to your Kubernetes cluster. So for this example, we specify the Quarkus OIDC property as environment variable during deployment. The environment variable is read from a config map.
STEP 1: Apply configmap
This is our configmap definition:
Our Keycloak service runs in the same namespace as the rest of the application, so all we need is the name of the service (keycloak) and the port numer (8080).
Apply the
configmap.yaml
STEP 2: Now deploy the 3 services
Deploy Articles Microservice
Deploy Web-API Microservice
Deploy Web-App Vue.js frontend application
Verify all pods are running
Example output:
STEP 3: Adjust the redirect, admin, web origins URLs in Keycloak
Try to open the Cloud-Native-Starter application in a browser. Use the
$INGRESSURL
of your cluster, which is the URL to the frontend applicationWeb_APP
you deployed before.
You will see we need to configure the redirect in Keycloak
Open Keycloak in a browser and login to Keycloak with
user: admin
andpassword: admin
. Get the right URL by display the URL with the following terminal command.
Select
Clients
and thenfrontend
in Keycloak.
Ajust the client frontend URIs
https://YOUR-URL:auth
with valid redirect URI you get with the command:
Replace the entries with your value.
STEP 4: Open the Cloud Native Starter application in your browser
Use following URL:
Login in with
user: alice
andpassword: alice
Now you see the entries of the articles
Note: The image shows you in Kiali the running applications. These are the simplified steps you see in the image. This is not a part of your hands-on tasks.
1: The
web-app
will be requested buy our URL to be loaded in a webbrowser.2: The
web-app
in the webbrowser does connect toKeycloak
for Authentication.2: The
web-app
in the webbrowser does connect to theweb-api
to get the Articles information.4: The
web-api
in does validated the authorization withKeyloak
.5: The
web-api
in the webbrowser does connect to thearticles
to get the Articles information.6: The
articles
in does validated the authorization withKeyloak
.
Last updated