Get started with security for your Java Microservi
  • Introduction
  • Setup the IBM Cloud Environment
    • Overview
    • Access the Cluster
    • Access IBM Cloud Shell and get the code
  • Setup the IBM Cloud application environment
    • Overview
    • Exercise 1: Setup Istio
    • Exercise 2: Expose Istio Ingress gateway
    • Exercise 3: Expose the gateway via DNS with TLS enabled
    • Exercise 4: Setup Keycloak
  • Platform security with mTLS
    • Exercise 1: Deploy microservices to Kubernetes
    • Exercise 2: Secure microservices using Authentication with mTLS
    • (Optional) Exercise 3: Authorization with Istio
  • Authentication and Authorization with Keycloak and Quarkus
    • (Optional) Exercise 1: Setup the web-application and Microservices locally
    • Exercise 2: Authentication in Vue.js fronted application
    • Exercise 3: Authorization in Quarkus application
  • Additional Resources
    • Known issues
    • Blog posts related to security
    • Cloud-Native-Starter project
    • Cloud-Native-Starter project security
    • Cloud-Native-Starter project reactive
Powered by GitBook
On this page
  • Step 1: Verify clustername
  • Step 2: List the DNS subdomains
  • Step 3: Save Ingress secret
  • Step 3: Pull the secret and save it into a file mysecret.yaml
  • Step 4: Edit the mysecret.yaml
  • Step 5: Load and activate the secret with these commands
  • Step 6: Get the $INGRESSURL you obtained in the last exercise and copy or note the value
  • Step 7: Edit the file istio-ingress-tls.yaml
  • Step 8: Apply the change
  • Answering questions you maybe have
  • Question 1: Why can we access our application with TLS https://... ?
  • Answer 1: We prepared this during the setup of the IBM Cloud Application Environment in exercise 3
  • Question 2: We use https in the browser but everything behind the Istio Ingress is http only, unencrypted?
  • Answer 2:
  • Question 3: Is this safe?
  • Answer 3:

Was this helpful?

  1. Setup the IBM Cloud application environment

Exercise 3: Expose the gateway via DNS with TLS enabled

PreviousExercise 2: Expose Istio Ingress gatewayNextExercise 4: Setup Keycloak

Last updated 4 years ago

Was this helpful?