A sample Flask app that uses Keycloak for user registration and OIDC authentication
I've spent a couple of days exploring Keycloak, Istio, and EKS. The result is a sample Flask app that has these following features:
cd keycloak_flask
virtualenv ~/keycloak_flask
source ~/keycloak_flask/bin/activate
pip install -r requirements.txt
export FLASK_DEBUG=1
export KEYCLOAK_FLASK_SETTINGS=local_settings.py
flask run
kubectl -n istio-system get service istio-ingressgateway
References:
[1] https://www.dangtrinh.com/2019/08/end-user-authentication-with-istio-and.html
[2] https://github.com/dangtrinhnt/keycloak_flask
[3] https://www.dangtrinh.com/2019/09/how-to-open-custom-port-on-istio.html
- User registration and authentication (OIDC) with Keycloak
- The app can be running on a local machine, in a Docker container, or inside a service mesh within a Kubernetes cluster and Istio. In that case, Istio and Keycloak were deployed on an EKS cluster following this tutorial [1].
Prerequisites
- Have a Keycloak instance up and running and you know the admin user credentials
- If you want to deploy the app on a Kubernetes cluster with Istio installed, make sure you have admin privileges to the cluster. You also need to install istioctl.
Run the application normally
1. Clone the repo, install the requirements
git clone https://github.com/dangtrinhnt/keycloak_flaskcd keycloak_flask
virtualenv ~/keycloak_flask
source ~/keycloak_flask/bin/activate
pip install -r requirements.txt
2. Copy keycloak_flask/settings.py to keycloak_flask/local_settings.py and modify the variables with your own values
3. While in the root directory of this repository, run the application
export FLASK_APP=keycloak_flask.userexport FLASK_DEBUG=1
export KEYCLOAK_FLASK_SETTINGS=local_settings.py
flask run
Run the application in a Docker container on your local machine
1. Copy keycloak_flask/settings.py to keycloak_flask/local_settings.py and modify the variables with your own values
2. Build the Docker image
docker image build -t keycloak_flask .3. Run the Docker container
docker run -p 5000:5000 -d keycloak_flaskRun the application in a Kubernetes cluster with Istio
1. Deploy the application into the cluster
kubectl apply -f <(istioctl kube-inject -f k8s_app_deploy.yaml)2. Because our application will be exposed on port 5000 of the Istio gateway which is not opened by default, we need to open it following this tutorial [3]
3. Create a new Istio gateway to route traffic to the application
kubectl apply -f k8s_istio_gw.yaml4. Access the application through the Istio ingress gateway on port 5000
Find the ingress address:kubectl -n istio-system get service istio-ingressgateway
References:
[1] https://www.dangtrinh.com/2019/08/end-user-authentication-with-istio-and.html
[2] https://github.com/dangtrinhnt/keycloak_flask
[3] https://www.dangtrinh.com/2019/09/how-to-open-custom-port-on-istio.html
Comments
Post a Comment