Under construction
This article contains a working PoC of R1 interface exposure with JWT Authorization.
The PoC is launched as VM in Vagrant/Virtualbox. The VM installs kubernetes and all other needed sw.
Scripts and kubernetes manifests are included.
Prerequisite
Virtualbox - Can be downloaded from this page Download Virtualbox
Vagrant - Can be from this page Download Vagrant
Tested on Mac with X86 HW.
It is also possible to run the PoC without Vagrant/VirtualBox on a Kubernetes cluster (docker-desktop, minikube etc) with Istio installed as well as with support for Network Policies (Cillium or Calico).
Perparations
Create a new dir under your "vagrant home" directory.
Download the Vagrant and demo zip files and put them in the new dir and unzip.
Setup the PoC
Open a shell (denoted shell1) on you host and in the dir where the Vagrant file is located, do:
$ vagrant up
Take note of the following line ip/port may vary):
Keycloak Admin Console: http://10.0.2.15:32131/auth/admin
Setup port forwarding, in the Virtualbox GUI, from a port on the local host (for example 2226) to the ip and port listed in the keycloak url.
Open the keycloak GUI in the browser (user/pwd is admin/admin)
Create a realm, client and user according to: https://www.keycloak.org/getting-started/getting-started-kube
Make sure to set "Temporary" to off when creating the users
- realm: nrtrealm
- client: nrtclient
- user: pmsuser (same pwd)
- user: icsuser (same pwd)
Take note of the "ID" (hexstring) for each user
Continue in shell1
$ vagrant ssh
$ sudo su
$ cd demo
Continue in shell1 and apply Network Policies to shield off the namespace nonrtric from all access from namespaces other than nonrtric and istio-system
$ kubectl apply -f np-nrt.yaml
Open a new shell (shell2) in the same dir and do:
$ vagrant ssh
$ sudo su
$ cd demo