Versions Compared

Old Version 20

changes.mady.by.user Lathishbabu Ganesan

Saved on

compared with

New Version 21

changes.mady.by.user Lathishbabu Ganesan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
themeMidnight
titleget pods
kubectl -n nonrtric get pod

NAME                               READY   STATUS    RESTARTS   AGE
a1-sim-osc-0                       2/2     Running   0          2d16h
controlpanel-5f866754f4-8lqqz      1/1     Running   0          24d
enrichmentservice-0                2/2     Running   0          24d
nonrtricgateway-675f4c8b66-g5vm4   2/2     Running   0          2d16h
policymanagementservice-0          2/2     Running   33         2d16h

// Add pods output pic


Open the Istio console to view the traffic flow between services in nonrtric namespace. 

Image Added


As you can see from the above image, there is a network traffic between Policy Management Service, A1 Simulator & DMaaP. The unknown here represents the postman request to the Enrichment Service.// Add istio network traffic pic

Configure Istio & Keycloak

We use Keycloak as the identity & access management system and Istio connects to Keycloak over OIDC (OpenID Connect). 

For the analysis purpose, the Enrichment Service is configured with JWT token so that the envoy proxy will detect the incoming request and validates the JWT token with Keycloak. If the token is invalid or not present in the request, the access is denied.

Both the Policy Management Service & Enrichment Service endpoint is configured in the Kong gateway. Here Kong gateway acts as the R1 Interface, which means all these services can only be accessed through Kong gateway.