| Table of Contents |
|---|
Multi-tenancy needs authentication and authorization. Keycloack serves these two features.
In order to provide multi-tenancy of A&AI, A&AI can leverage Springboot security feature to interact with Keycloak. This document explains how to set up Keycloak and A&AI to provide essential authentication and authorization services for multi-tenancy
...
If you run Keycloak on your laptop instead of running on Kubernetes,
...
docker
...
run
...
-p
...
8080:8080
...
-e
...
KEYCLOAK_USER=admin
...
-e
...
KEYCLOAK_PASSWORD=admin
...
quay.io/keycloak/keycloak:11.0.2
```
```
For more information, please visit https://www.keycloak.org/getting-started/getting-started-docker
...
kubectl create -f https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes-examples/keycloak.yaml
You can use kubernetes Kubernetes manifest file below.
...
Tips. For development purposes, you can use port-forwarding feature of Kubernetes to connect the Keycloak instance.
kubectl port-forward keycloak-pod-name source-port:target-port e.g kubectl port-forward keycloak-54b8bd56b9-tqsgb 8080:8080
...
You can set up a new realm through the admin console or simply import realm json file.
Here's a sample realm file
...
file realm-keycloak.json
2. Create a client
The client is an entity requesting a credential from a Keycloak. Click the Clients menu
...
We assume you have Kubernetes cluster with helm server running. If you like to run aai-resource on your laptop, Run AAI -Resources Resource on your laptop
Clone OOM repository from ONAP gerrit.
...
You can find onap-core-sdc.yaml here.
...
Run the command below.
helm deploy dev local/onap --namespace onap -f onap-core-sdc.yaml --timeout 900
...
kubectl rollout restart deployments/dev-aai-resources -n onap
| Anchor | ||||
|---|---|---|---|---|
|
In order to run aai-resource as a single instance on your laptop, you need two repositories, aai-common, and aai-resource.
...