Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents

Multi-tenancy needs authentication and authorization. Keycloack serves these two features.
In order to provide multi-tenancy of A&AI, A&AI can leverage Springboot security feature to interact with Keycloak. This document explains how to set up Keycloak and A&AI to provide essential authentication and authorization services for multi-tenancy

...

If you run Keycloak on your laptop instead of running on Kubernetes, 

docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:11.0.2

For more information, please visit https://www.keycloak.org/getting-started/getting-started-docker

...

kubectl create -f https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes-examples/keycloak.yaml


You can use kubernetes Kubernetes manifest file below.

https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes-examples/keycloak.yaml

...


Tips. For development purposes, you can use port-forwarding feature of Kubernetes to connect the Keycloak instance. 

kubectl port-forward keycloak-pod-name source-port:target-port e.g kubectl port-forward keycloak-54b8bd56b9-tqsgb 8080:8080

...

You can set up a new realm through the admin console or simply import realm json file.
Here's a sample realm file

...

file realm-keycloak.json



2. Create a client

The client is an entity requesting a credential from a Keycloak. Click the Clients menu

...

We assume you have Kubernetes cluster with helm server running. If you like to run aai-resource on your laptop,  Run AAI -Resources Resource on your laptop 

Clone OOM repository from ONAP gerrit.

...

You can find onap-core-sdc.yaml here.

...

 onap-core-sdc.yaml

Run the command below.

helm deploy dev local/onap --namespace onap -f onap-core-sdc.yaml --timeout 900

...

kubectl rollout restart deployments/dev-aai-resources -n onap


Anchor
run aai local
run aai local
Run AAI-Resource on your laptop

In order to run aai-resource as a single instance on your laptop, you need two repositories, aai-common, and aai-resource.

...