Overview
1 - Setup the work environment
2 - Setup Istio
3 - Istio Ingress gateway via HTTPS/TLS
4 - Setup Keycloak
5 - Deploy the microservices to K8s
6 - Strict mTLS
7 - Istio Authorization
8 - Authentication in the Vue.js fronted
9 - Authorization in Quarkus app
Setup locally

1 - Setup the work environment with Minikube

The instructions will work on Linux and macOS, they have not been tested on Windows but should work, too.

The Minikube Getting Started has detailled instructions on how to install Minikube for the different platforms. This workshop has been tested with Minikube version 1.32.0.

Step 1: Download the code from this repository

git clone https://github.com/Harald-U/security-and-microservices.git
cd security-and-microservices/deployments/

Step 2: Start a Minikube “cluster”

In this workshop we will use Minikube in a somewhat minimal configuration with 2 CPUs and 4 GB of memory.

The Docker driver allows you to install Kubernetes into an existing Docker install. On Linux, this does not require any virtualization at all, on macOS this is using the virtualization of Docker Desktop (HyperKit).

minikube start --cpus 2 --memory 4096 --driver=docker

Step 2: Start a Minikube “cluster” on bwLehrpool

bwLehrpool has sufficient RAM to increase memory for Minikube, you can use this command instead:

minikube start --cpus 2 --memory 6144 --driver docker

which will assign 6 GB of RAM.

Continue with 2 - Setup Istio

Security and Microservices

Content:

1 - Setup the work environment with Minikube

Step 1: Download the code from this repository

Step 2: Start a Minikube “cluster”

Step 2: Start a Minikube “cluster” on bwLehrpool