Showing posts from September, 2019

A sample Flask app that uses Keycloak for user registration and OIDC authentication

I've spent a couple of days exploring Keycloak, Istio, and EKS. The result is a sample Flask app that has these following features: User registration and authentication (OIDC) with Keycloak The app can be running on a local machine, in a Docker container, or inside a service mesh within a Kubernetes cluster and Istio. In that case, Istio and Keycloak were deployed on an EKS cluster following this tutorial [1]. The sample app repository is here [2]. Below are the detail instructions to run the sample app. Prerequisites Have a Keycloak instance up and running and you know the admin user credentials If you want to deploy the app on a Kubernetes cluster with Istio installed, make sure you have admin privileges to the cluster. You also need to install istioctl . Run the application normally 1. Clone the repo, install the requirements git clone cd keycloak_flask virtualenv ~/keycloak_flask source ~/keycloak_flask/bin/activa

How to open a custom port on the istio-ingressgateway

By default, when you deploy istio on a Kubernetes cluster, it will create a load balancer name istio-ingressgateway [1]. That ingress gateway is a Kubernetes's LoadBalancer resource that helps handling incoming traffic into the mesh. You can check by running this command: kubectl -n istio-system get service istio-ingressgateway The istio-ingressgateway load balancer will open a number of ports such as 80, 443, etc. If you want to open a new port on the load balancer, you can do like the following: 1. Export the current configuration of the istio-ingressgateway kubectl -n istio-system get service istio-ingressgateway -o yaml > istio_ingressgateway.yaml 2. Edit the istio_ingressgateway.yaml, add the new port you want, for example nano istio_ingressgateway.yaml ...   - name: myport     nodePort: 31410     port: 5000     protocol: TCP     targetPort: 5000 ... 3. Apply the new configuration kubectl apply -f istio_ingressgateway.yaml 4. Check if the new port