Versions Compared

Old Version 1

changes.mady.by.user Ritu Sood

Saved on

compared with

New Version 2

changes.mady.by.user Ritu Sood

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languageyml
titleEMCO InstallationGateway
$ kubectl create -n istio-system secret tls emco-credential --key=v2.key --cert=v2.crt

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: emco-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: emco-credential
    hosts:
    - "*"

...

Code Block
languageyml
titleEMCO InstallationVirtual Service
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: orchestrator
  namespace: emco
spec:
  hosts:
  - "*"
  gateways:
  - emco-gateway.istio-system.svc.cluster.local
  http:
  - match:
    - uri:
        prefix: /v2/oauth
    - uri:
        prefix: /v2
    route:
    - destination:
        port:
          number: 9015
        host: orchestrator

...

Code Block
languageyml
titleEMCO InstallationAuthentication Policy
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: "emco-authn-policy"
  namespace: istio-system
spec:
  origins:
    - jwt:
        issuer: "https://<Keycloak IP Address:port>/auth/realms/enterprise1"
        jwksUri: "http://<Keycloak IP Address:port>/auth/realms/enterprise1/protocol/openid-connect/certs"
  principalBinding: USE_ORIGIN

...

Code Block
languageyml
titleEMCO InstallationAuthservice configmap
kind: ConfigMap
apiVersion: v1
metadata:
  name: emco-authservice-configmap
  namespace: istio-system
data:
  config.json: |
    {
      "listen_address": "127.0.0.1",
      "listen_port": "10003",
      "log_level": "trace",
      "threads": 8,
      "chains": [
        {
          "name": "idp_filter_chain",
          "filters": [
          {
            "oidc":
              {
                "authorization_uri": "https://<Keycloak IP Address:port>/auth/realms/enterprise1/protocol/openid-connect/auth",
                "token_uri": "https://<Keycloak IP Address:port>/auth/realms/enterprise1/protocol/openid-connect/token",
                "callback_uri": "https://<Istio Ingress service IP Address:port>/v2/oauth/callback",
                "jwks": "{Escaped Json output of the command --> curl http://<Keycloak IP Address:port>/auth/realms/enterprise1/protocol/openid-connect/certs}",
                "client_id": "emco",
                "client_secret": "Copy secret from keycloak",
                "trusted_certificate_authority": "-----BEGIN CERTIFICATE-----CA Certificate for the keycloak server in escaped format----END CERTIFICATE-----",
                "scopes": [],
                "id_token": {
                  "preamble": "Bearer",
                  "header": "Authorization"
                },
                "access_token": {
                  "preamble": "Bearer",
                  "header": "Authorization"
                }
              }
            }
          ]
        }
      ]
    }

...