- Keycloak and backend both uses Postgres database.
- Keycloak realm is imported from file keycloak/realm.json
- Postgres databases are created at startup.
Modify absolute paths of volumes in files kubernetes/postgres-deployement.yml and kubernetes/keycloak-deployment.yml to match your system.
("/home/naoufal/bank-operations/pg-init-scripts/" and "/home/naoufal/bank-operations/keycloak/realm.json").
From root folder:
0- If you need to build the backend image (skip to step 1 if you want to use the image from docker hub)
$ ./gradlew assemble
$ mkdir -p build/dependency && (cd build/dependency; jar -xf ../libs/*.jar)
$ docker-compose build
$ eval $(minikube docker-env) # Do this If you are using minikube to use images from local docker daemon
1-
$ kubectl apply -f kubernetes
2- Check when all pods are running:
$ kubectl get pods
3- Get keycloak service URL (Using minikube in this example) :
$ echo $(minikube service keycloak --url)/auth
4- Modify keycloak.auth-server-url
env variable in kubernetes/app-deployment.yml
with the URL from step 3, it will look like this:
- name: keycloak.auth-server-url
value: "http://<ADDR>:30080/auth"
5- Apply changes:
$ kubectl apply -f kubernetes
6- Use the link above to access keycloak admin console. login with admin/admin.
7- Add a user with ROLE_USER
to keycloak SpringService
realm.
8- You can now get a token of your user by using this command: (You may be prompted to install jq: sudo apt install jq
)
BEARER_TOKEN=$(curl -s --location --request POST $(minikube service keycloak --url)'/auth/realms/springservice/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=bank-service' \
--data-urlencode 'username=user1' \
--data-urlencode 'password=password' \
--data-urlencode 'grant_type=password' | jq -r '.access_token')
9- Use the token from above to query to the backend:
curl --location -s --request GET $(minikube service bank-backend --url)'/api/virements' --header 'Authorization: Bearer '$BEARER_TOKEN