Posts

Showing posts from September, 2019

A sample Flask app that uses Keycloak for user registration and OIDC authentication

I've spent a couple of days exploring Keycloak, Istio, and EKS. The result is a sample Flask app that has these following features:
User registration and authentication (OIDC) with KeycloakThe app can be running on a local machine, in a Docker container, or inside a service mesh within a Kubernetes cluster and Istio. In that case, Istio and Keycloak were deployed on an EKS cluster following this tutorial [1]. The sample app repository is here [2]. Below are the detail instructions to run the sample app.
PrerequisitesHave a Keycloak instance up and running and you know the admin user credentialsIf you want to deploy the app on a Kubernetes cluster with Istio installed, make sure you have admin privileges to the cluster. You also need to install istioctl. Run the application normally 1. Clone the repo, install the requirementsgit clone https://github.com/dangtrinhnt/keycloak_flask
cd keycloak_flask
virtualenv ~/keycloak_flask
source ~/keycloak_flask/bin/activate
pip install -r requiremen…

How to open a custom port on the istio-ingressgateway

By default, when you deploy istio on a Kubernetes cluster, it will create a load balancer name istio-ingressgateway [1]. That ingress gateway is a Kubernetes's LoadBalancer resource that helps handling incoming traffic into the mesh. You can check by running this command:

kubectl -n istio-system get service istio-ingressgateway

The istio-ingressgateway load balancer will open a number of ports such as 80, 443, etc. If you want to open a new port on the load balancer, you can do like the following:

1. Export the current configuration of the istio-ingressgateway

kubectl -n istio-system get service istio-ingressgateway -o yaml > istio_ingressgateway.yaml

2. Edit the istio_ingressgateway.yaml, add the new port you want, for example

nano istio_ingressgateway.yaml

...
  - name: myport
    nodePort: 31410
    port: 5000
    protocol: TCP
    targetPort: 5000
...

3. Apply the new configuration

kubectl apply -f istio_ingressgateway.yaml

4. Check if the new port running

kubectl describe svc istio-ingres…