Giters

amfred / crc-k8s-proxy

Simple proxy to enable JWT auth from keycloak to a single user for dev testing

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Instructions for crc-k8s-proxy usage

NEVER EVER HOOK THIS UP TO A PRODUCTION SYSTEM THIS IS FOR TESTING ONLY

CREATE A SEPARATE SERVICE ACCOUNT WITH THE LIMITED ACCESS YOU REQUIRE AND USE THAT FOR YOUR TOKEN

Checkout namespace (Note this only works if this is your only namespace - if you already have one just run the command and assign the variable manually as you will be asked if you really want another environment)

export NAMESPACE=`bonfire namespace reserve`

Get hostname

export HOSTNAME=`oc get env env-$NAMESPACE -o json | jq -r '.status.hostname'`

Create Env File called envfile. The hostname above will be in the form of <hostname prefix>.<hostname suffix domain>.

For example host-23r09u-20932r.some.other.domain.

Split this like this to get the Keycloak URL.

host-23r09u-20932r-auth.some.other.domain.

Obtain the Kubernetes cluster URL and associated auth token which you want to associate this proxy to.

K8SURL=<full k8s cluster url>
TOKEN=<token for k8s auth>
KEYCLOAK_URL=https://<hostname-prefix>-auth.<hostname suffix domain>/auth/realms/redhat-external
HOSTNAME=<hostname from above>
PROXYSSL=true

Deploy HAC frontend

bonfire deploy hac -n $NAMESPACE --frontends true

OC process and deploy

oc process -f https://raw.githubusercontent.com/RedHatInsights/crc-k8s-proxy/master/deploy.yaml -n $NAMESPACE --param-file=envfile --local | oc apply -f - -n $NAMESPACE

Get creds

oc get secret env-$NAMESPACE-keycloak -n $NAMESPACE -o json | jq '.data | map_values(@base64d)'

Open browser to...

echo https://$HOSTNAME/hac/app-studio

Enter "default" creds in UI

About

Simple proxy to enable JWT auth from keycloak to a single user for dev testing

Languages

Language:Go 95.3%Language:Dockerfile 3.7%Language:Makefile 1.1%