The Authentication Support Service is a generic service that provides support to offload a service from authentication and fetching/refreshing of an authorization token.
A POD running a Service can include this running in a sidecar container. This Authentication Support Service will then make sure that a valid token is available to the service by means of a local file (in the POD).
...
The Authentication Support Service is available as a docker image (example path to staging repo)
nexus3.o-ran-sc.org:10004/o-ran-sc_nonrtric-auth-token-fetch
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
......
containers:
- name: informationservice
image: nexus3.o-ran-sc.org:10004/o-ran-sc_nonrtric-information-coordinator-service:1.3.0
imagePullPolicy: Always
ports:
- name: http
containerPort: 8083
- name: https
containerPort: 8434
volumeMounts:
- mountPath: /token-cache
name: token-cache-volume
- name: authsidecar
image: nexus3.o-ran-sc.org:10004/o-ran-sc_/nonrtric-auth-token-fetch:1.0.0
imagePullPolicy: Always
env:
- name: CREDS_GRANT_TYPE
value: client_credentials
- name: CREDS_CLIENT_SECRET
value: XXXXXXX
- name: CREDS_CLIENT_ID
value: icsc
- name: OUTPUT_FILE
value: /token-cache/jwt.txt
- name: AUTH_SERVICE_URL
value: http://keycloak.keycloak:80/realms/nrtrealm/protocol/openid-connect/token
volumeMounts:
- mountPath: /token-cache
name: token-cache-volume
volumes:
- name: token-cache-volume
emptyDir: {}
|
...