Exercise 2 - Change code, build, save and deploy the Authors Microservice

Step 1: Open the `server.xml` file

echo $keycloakurl
cd $ROOT_FOLDER/authors-java-jee-cloud/liberty
nano server.xml

Step 2: Change following source code

Replace the [keycloakurl] with the value, you got before for in and save the file.

<mpJwt
     id="myMpJwt"
     jwksUri="[keycloakurl]/auth/realms/cloudnativestarter/protocol/openid-connect/certs"
     issuer="[keycloakurl]/auth/realms/cloudnativestarter"
     userNameAttribute="preferred_username"
     audiences="account">
</mpJwt>

Step 3: Open the `microprofile-config.properties` file

cd $ROOT_FOLDER/authors-java-jee-cloud/src/webapp/META-INF
nano microprofile-config.properties

Step 4: Change following source code

Replace the [keycloakurl] with the value, you got before for in Step 1 and save the file.

mp.jwt.verify.publickey.location=/META-INF/keycloak-cloudnativestarter-key.pem
mp.jwt.verify.issuer=[keycloakurl]/auth/realms/cloudnativestarter

Step 5: Insert the RS256 JWT key in the file `keycloak-public-key.pem`

The file is saved in that folder src/main/webapp/META-INF/keycloak-public-key.pem.

cd $ROOT_FOLDER/authors-java-jee-cloud/src/main/webapp/META-INF
nano keycloak-public-key.pem

-----BEGIN PUBLIC KEY-----
YOUR_KEY
-----END PUBLIC KEY-----

Get the key using the URL http://[keycloakurl]/auth/admin/master/console/#/realms/cloudnativestarter/keysand then press public key. The following image shows the invocation.

Step 6: Build and save the "Authors" container image in the IBM Cloud Container Registry

cd $ROOT_FOLDER/authors-java-jee-cloud
ibmcloud cr build -f Dockerfile --tag $REGISTRY/$REGISTRY_NAMESPACE/authors:1 .

Step 7: List the container images to verify the upload.

ibmcloud cr images

Step 8: Apply the deployment of the Authors service

Ensure you are in the $ROOT_FOLDER/web-app-cloud/deployment

cd $ROOT_FOLDER/authors-java-jee-cloud/deployment
nano kubernetes.yaml

Open the ../authors-java-jee-cloud/deployment/kubernetes.yaml file with a editor and replace the value for the container image location with the path we got from the IBM Container Registry and just replace the authors:1 text, and add following statement imagePullPolicy: Always and save the file.

Note: With the specification imagePullPolicy: Always we force that the image is pulled from the IBM Cloud Container Registry and not cashed image in Kubernetes is possible used, when we change our container image IBM Cloud Container Registry.

Before:

    image: authors:1

Example for the change:

   spec:
      containers:
      - name: authors
        image: de.icr.io/cloud-native-tsuedbro/authors:1 
        ports:
        - containerPort: 80
      restartPolicy: Always

Now we apply the yaml to create the Authors Pod.
```
 kubectl apply -f kubernetes.yaml
```

Insert this command and verify the output.

  kubectl get pods

Sample output:

  NAME                      READY   STATUS    RESTARTS   AGE
  authors-7b6dd98db-wl9wc   1/1     Running   0          6m9s

Cluster/Workernode IP

  export workernodeip=$(ibmcloud ks workers --cluster cloud-native | awk '/Ready/ {print $2;exit;}')

authors NodePort

  export authorsnodeport=$(kubectl get svc authors --ignore-not-found --output 'jsonpath={.spec.ports[*].nodePort}')

Open the service in a browser

  export authorsurl=http://${workernodeip}:${authorsnodeport}
  echo $authorsurl

PreviousExercise 1 - Setup Keycloak on Kubernetes NextExercise 3 - Change code, build, save and deploy the Web-App

Last updated 5 years ago

hashtagStep 1: Open the server.xml file

hashtagStep 2: Change following source code

hashtagStep 3: Open the microprofile-config.properties file

hashtagStep 4: Change following source code

hashtagStep 5: Insert the RS256 JWT key in the file keycloak-public-key.pem

hashtagStep 6: Build and save the "Authors" container image in the IBM Cloud Container Registry

hashtagStep 7: List the container images to verify the upload.

hashtagStep 8: Apply the deployment of the Authors service