Enable Oauth2 validation into k8s cluster with Nginx Ingress
Install Nginx-Ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml
kubectl get pods -n ingress-nginx
kubectl logs -n ingress-nginx -f ingress-nginx-controller-54d8b558d4-7w87n
Replace all the variables with {} on the files:
- oauth2-proxy.yaml
- keycloak.yaml
kubectl delete -f frontend.yaml
kubectl delete -f keycloak.yaml
kubectl delete -f service-one.yaml
kubectl apply -f frontend.yaml
kubectl apply -f keycloak.yaml
kubectl apply -f service-one.yaml
Cookie secrete is used in oauth2-proxy.yaml with the following command
python -c 'import os,base64; print(base64.b64encode(os.urandom(16)).decode("ascii"))'
kubectl delete -f nginx_ingress_services.yaml
kubectl delete -f oauth2-ingress.yaml
kubectl delete -f oauth2-proxy.yaml
kubectl delete -f nginx_ingress_keycloack.yaml
kubectl apply -f nginx_ingress_keycloack.yaml
kubectl apply -f oauth2-proxy.yaml
kubectl apply -f oauth2-ingress.yaml
kubectl apply -f nginx_ingress_services.yaml
Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'
Create a mapper with Mapper Type 'Audience' and Included Client Audience and Included Custom Audience set to your client name.
Config client on Keycloak
POST: http://{ExposedIP}/auth/realms/master/protocol/openid-connect/token
x-www-form-urlencoded{
client_id:{FromKeycloak}
client_secret:{FromKeycloak}
username:{User}
password:{Password}
grant_type:password
scope:openid
}
http://{ExposedIP}/v1/service/microservicio/ping
Javier Rodríguez
[hazelapd@gmail.com]