In this exercise we will run the application in your Kubernetes cluster using precompiled container images for our sample application: articles-secure, web-api-secure, and web-app. These container images have been uploaded to Docker Hub.
When running locally, you will set the Keycloak URL as OpenID Connect (OIDC) provider in application.properties. When running on a Kubernetes cluster we cannot set the OIDC provider (keycloak) in application.properties without recompiling the code, building a new image, and loading this image in a Image repository that is accessible to your Kubernetes cluster. So for this example, we specify the Quarkus OIDC property as environment variable during deployment. The environment variable is read from a config map.
This is our configmap definition:
kind: ConfigMapapiVersion: v1metadata:name: security-url-configdata:QUARKUS_OIDC_AUTH_SERVER_URL: "http://keycloak:8080/auth/realms/quarkus"
Our Keycloak service runs in the same namespace as the rest of the application, so all we need is the name of the service (keycloak) and the port numer (8080).
cd $ROOT_FOLDER/IKSkubectl apply -f configmap.yaml
Deploy Articles Microservice
cd $ROOT_FOLDER/articles-secure/deploymentkubectl apply -f articles.yaml
Deploy Web-API Microservice
cd $ROOT_FOLDER/web-api-secure/deploymentkubectl apply -f web-api.yaml
Deploy Web-App Vue.js frontend application
cd $ROOT_FOLDER/web-app/deploymentkubectl apply -f web-app.yaml
Verify all pods are running
kubectl get pods
NAME READY STATUS RESTARTS AGEarticles-5df77c46b4-v7xcd 2/2 Running 0 3h35mkeycloak-77cffb978-vjttk 2/2 Running 0 44hweb-api-5c9698b875-kz82k 2/2 Running 0 3h35mweb-app-659c4676d9-pw6f8 2/2 Running 0 3h34m
Try to open the Cloud-Native-Starter application in a browser. Use the
$INGRESSURL of your cluster, which is the URL to the frontend application
Web_APP you deployed before.
You will see we need to configure the redirect in Keycloak
Open Keycloak in a browser and login to Keycloak with
user: admin and
password: admin. Get the right URL by display the URL with the following terminal command.
Clients and then
frontend in Keycloak.
Ajust the client frontend URIs
https://YOUR-URL:auth with valid redirect URI you get with the command:
Replace the entries with your value.
Use following URL:
Login in with
user: alice and
Now you see the entries of the articles
Note: The image shows you in Kiali the running applications. These are the simplified steps you see in the image. This is not a part of your hands-on tasks.
web-app will be requested buy our URL to be loaded in a webbrowser.
web-app in the webbrowser does connect to
Keycloak for Authentication.
web-app in the webbrowser does connect to the
web-api to get the Articles information.
web-api in does validated the authorization with
web-api in the webbrowser does connect to the
articles to get the Articles information.
articles in does validated the authorization with