Under construction

This article contains a working PoC of R1 interface exposure with JWT Authorization.

The PoC is launched as VM in Vagrant/Virtualbox. The VM installs kubernetes and all other needed sw.

Scripts and kubernetes manifests are included.

Prerequisite

Virtualbox - Can be downloaded from this page Download Virtualbox

Vagrant - Can be from this page Download Vagrant

Tested on Mac with X86 HW.

It is also possible to run the PoC without Vagrant/VirtualBox on a Kubernetes cluster (docker-desktop, minikube etc) with Istio installed as well as with support for Network Policies (Cillium or Calico).

Perparations

Create a new dir under your "vagrant home" directory.

Download the Vagrant and demo zip files and put them in the new dir and unzip.

zip archive

zip archive

Setup the PoC

Open a shell (denoted shell1) on you host and in the dir where the Vagrant file is located, do:

Take note of the following line ip/port may vary):

Keycloak Admin Console:   http://10.0.2.15:32131/auth/admin

Setup port forwarding, in the Virtualbox GUI, from a port on the local host (for example 2226) to the ip and port listed in the keycloak url.

Open the keycloak GUI in the browser (user/pwd is admin/admin)

Create a realm, client and user according to: https://www.keycloak.org/getting-started/getting-started-kube

Make sure to set "Temporary" to off when creating the users

• realm: nrtrealm
• client: nrtclient
• user: pmsuser (same pwd)
• user: icsuser (same pwd)

Take note of the "ID" (hexstring) for each user

Continue in shell1

Continue in shell1 and apply Network Policies to shield off the namespace nonrtric from all access from namespaces other than nonrtric and istio-system

Open a new shell (shell2) in the same dir and do: