Prerequisites: Istio should be installed on your cluster with the demo profile.
istioctl install --set profile=demo
Please refer to the istio documentation for more information.
+You will also need cfssl installed on your system: sudo apt install golang-cfssl
+Please refer to the K8s documentation: Manage TLS Certificates in a Cluster
The deployments have been implemented and tested using minikube.
If you are not using minikube, references to "minikube ip" should be changed to the appropiate value for you host.
To replicate these tests you will need to setup the various host path referenced in the yaml files on your own machine.
or change them to match your own setup.
-The certs directory contains 2 shell scripts for creating the server and client certs: server_certs.sh and client_certs.sh
+The certs directory contains 3 shell scripts for creating the server, client and webhook certs: server_certs.sh, client_certs.sh and webhook-certs.sh
Certs generated by the server_certs.sh script: rootCA.crt, tls.crt and tls.key go in the "/var/keycloak/certs" directory
Certs generated by the client_certs.sh script: client.crt, client.key, client_pub.key and rootCA.crt go in the "/var/rapps/certs" directory
+The webhook-certs.sh script generates certs for use in the MutatingWebhookConfiguration.yaml and the rapps-webhook.yaml files.
+To configure MutatingWebhookConfiguration.yaml run the following commands:
+1. ca_pem_b64="$(openssl base64 -A <"./certs/ca.pem")"
+2. sed -i 's/${CA_PEM_B64}/'"$ca_pem_b64"'/g' MutatingWebhookConfiguration.yaml
+
+To configure rapps-webhook.yaml append the rapps-webhook-tls.yaml file to the end of it
+1. cat rapps-webhook.yaml ./certs/rapps-webhook-tls.yaml >> rapps-webhook.yaml.tmp
+2. mv rapps-webhook.yaml.tmp rapps-webhook.yaml
Create the istio-nonrtric namespace and enable it for istio injection
Code Review / nonrtric.git / blobdiff