...
Code Block | ||||
---|---|---|---|---|
| ||||
$ kubectl create -n istio-system secret tls emco-credential --key=v2.key --cert=v2.crt apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: emco-gateway namespace: istio-system spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" - port: number: 443 name: https protocol: HTTPS tls: mode: SIMPLE credentialName: emco-credential hosts: - "*" |
...
Code Block | ||||
---|---|---|---|---|
| ||||
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: orchestrator namespace: emco spec: hosts: - "*" gateways: - emco-gateway.istio-system.svc.cluster.local http: - match: - uri: prefix: /v2/oauth - uri: prefix: /v2 route: - destination: port: number: 9015 host: orchestrator |
...
Code Block | ||||
---|---|---|---|---|
| ||||
apiVersion: "authentication.istio.io/v1alpha1" kind: "Policy" metadata: name: "emco-authn-policy" namespace: istio-system spec: origins: - jwt: issuer: "https://<Keycloak IP Address:port>/auth/realms/enterprise1" jwksUri: "http://<Keycloak IP Address:port>/auth/realms/enterprise1/protocol/openid-connect/certs" principalBinding: USE_ORIGIN |
...
Code Block | ||||
---|---|---|---|---|
| ||||
kind: ConfigMap apiVersion: v1 metadata: name: emco-authservice-configmap namespace: istio-system data: config.json: | { "listen_address": "127.0.0.1", "listen_port": "10003", "log_level": "trace", "threads": 8, "chains": [ { "name": "idp_filter_chain", "filters": [ { "oidc": { "authorization_uri": "https://<Keycloak IP Address:port>/auth/realms/enterprise1/protocol/openid-connect/auth", "token_uri": "https://<Keycloak IP Address:port>/auth/realms/enterprise1/protocol/openid-connect/token", "callback_uri": "https://<Istio Ingress service IP Address:port>/v2/oauth/callback", "jwks": "{Escaped Json output of the command --> curl http://<Keycloak IP Address:port>/auth/realms/enterprise1/protocol/openid-connect/certs}", "client_id": "emco", "client_secret": "Copy secret from keycloak", "trusted_certificate_authority": "-----BEGIN CERTIFICATE-----CA Certificate for the keycloak server in escaped format----END CERTIFICATE-----", "scopes": [], "id_token": { "preamble": "Bearer", "header": "Authorization" }, "access_token": { "preamble": "Bearer", "header": "Authorization" } } } ] } ] } |
...