+ if [ $USE_ISTIO -eq 1 ]; then
+ echo -e $RED"#########################################"$ERED
+ echo -e $RED"# Work around istio jwks cache"$ERED
+ echo -e $RED"# Cycle istiod down and up to clear cache"$ERED
+ echo ""
+ __kube_scale deployment istiod istio-system 0
+ __kube_scale deployment istiod istio-system 1
+ echo -e $RED"# Cycle istiod done"
+ echo -e $RED"#########################################"$ERED
+
+ istio_enable_istio_namespace $KUBE_SIM_NAMESPACE
+ istio_enable_istio_namespace $KUBE_NONRTRIC_NAMESPACE
+ istio_enable_istio_namespace $KUBE_A1SIM_NAMESPACE
+ fi
+
+
+ start_kube_proxy
+
+ if [ $USE_ISTIO -eq 1 ]; then
+ start_keycloak
+
+ keycloak_api_obtain_admin_token
+
+ keycloak_api_create_realm nrtrealm true 60
+ keycloak_api_create_confidential_client nrtrealm a1pmsc
+ keycloak_api_generate_client_secret nrtrealm a1pmsc
+ keycloak_api_get_client_secret nrtrealm a1pmsc
+ keycloak_api_create_client_roles nrtrealm a1pmsc nrtrole
+ keycloak_api_map_client_roles nrtrealm a1pmsc nrtrole
+
+ keycloak_api_get_client_token nrtrealm a1pmsc
+
+ CLIENT_TOKEN=$(keycloak_api_read_client_token nrtrealm a1pmsc)
+ echo "CLIENT_TOKEN: "$CLIENT_TOKEN
+
+ A1PMS_SEC=$(keycloak_api_read_client_secret nrtrealm a1pmsc)
+ echo "A1PMS_SEC: "$A1PMS_SEC
+
+ # Protect ricsim-g3
+ istio_req_auth_by_jwks ricsim-g1 $KUBE_A1SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer ricsim-g1 $KUBE_A1SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri ricsim-g1 $KUBE_A1SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm ricsim-g1 $KUBE_A1SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ # Protect ricsim-g2
+ istio_req_auth_by_jwks ricsim-g2 $KUBE_A1SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer ricsim-g2 $KUBE_A1SIM_NAMESPACE KUBEPROXY