Backend

README.md

@@ -14,21 +14,12 @@ This is an example project for the integration of Keycloak in an Angular SPA.
 ## Run
 
 ```sh
+mvn clean deploy (optional)
 docker run --name k3s -d -p6443:6443 -p8080:8080 --privileged  -v`pwd`/kubernetes/:/tmp/kubernetes rancher/k3s:v1.24.12-k3s1 server --disable-cloud-controller --disable-network-policy --disable=metrics-server --disable-helm-controller --disable=local-storage --disable=traefik
-cd keycloak-angular
-yarn install
-yarn build
-cd ..
-docker build keycloak-angular --tag=ghcr.io/kokuwaio/keycloak-angular
-docker save ghcr.io/kokuwaio/keycloak-angular --output kubernetes/keycloak-angular.tar
 sleep 30
 docker exec k3s cat /etc/rancher/k3s/k3s.yaml > ~/.kube/k3s.yaml
 export KUBECONFIG=~/.kube/k3s.yaml
-cat $KUBECONFIG
-kubectl config view
-kubectl get all --all-namespaces
-docker exec k3s ls /tmp/kubernetes
-docker exec k3s ctr image import /tmp/kubernetes/keycloak-angular.tar
-docker exec k3s ctr image ls
 kubectl apply -k kubernetes
 ```
+
+curl http://jwt-verifier.127.0.0.1.nip.io:8080

backend/pom.xml

@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>io.kokuwa.keycloak</groupId>
+		<artifactId>keycloak-angular</artifactId>
+		<version>0.0.1-SNAPSHOT</version>
+	</parent>
+
+	<artifactId>keycloak-angular-backend</artifactId>
+
+	<name>Keycloak Angular :: Backend</name>
+
+	<dependencies>
+
+		<!-- micronaut -->
+		<dependency>
+			<groupId>io.micronaut.security</groupId>
+			<artifactId>micronaut-security-jwt</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>io.micronaut</groupId>
+			<artifactId>micronaut-management</artifactId>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.micronaut</groupId>
+			<artifactId>micronaut-http-server-netty</artifactId>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.micronaut.test</groupId>
+			<artifactId>micronaut-test-junit5</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.kokuwa.micronaut</groupId>
+			<artifactId>micronaut-logging</artifactId>
+			<scope>runtime</scope>
+		</dependency>
+
+	</dependencies>
+
+	<build>
+		<plugins>
+
+			<!-- configure annotation processors -->
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<configuration>
+					<annotationProcessorPaths>
+						<path>
+							<groupId>org.projectlombok</groupId>
+							<artifactId>lombok</artifactId>
+							<version>${version.org.projectlombok}</version>
+						</path>
+						<path>
+							<groupId>io.micronaut</groupId>
+							<artifactId>micronaut-inject-java</artifactId>
+							<version>${version.io.micronaut}</version>
+						</path>
+					</annotationProcessorPaths>
+				</configuration>
+			</plugin>
+
+			<!-- container -->
+			<plugin>
+				<groupId>com.google.cloud.tools</groupId>
+				<artifactId>jib-maven-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>docker</id>
+						<phase>package</phase>
+						<goals>
+							<goal>dockerBuild</goal>
+						</goals>
+					</execution>
+					<execution>
+						<id>deploy</id>
+						<phase>deploy</phase>
+						<goals>
+							<goal>build</goal>
+						</goals>
+					</execution>
+				</executions>
+				<configuration>
+					<container>
+						<jvmFlags>-XX:+ExitOnOutOfMemoryError</jvmFlags>
+					</container>
+					<from>
+						<image>
+							gcr.io/distroless/java${maven.compiler.target}:nonroot</image>
+					</from>
+					<to>
+						<image>${image.repository}/backend:${image.tag}</image>
+					</to>
+				</configuration>
+			</plugin>
+
+		</plugins>
+	</build>
+</project>

backend/src/main/java/io/kokuwa/keycloak/Application.java

@@ -0,0 +1,15 @@
+package io.kokuwa.keycloak;
+
+import io.micronaut.runtime.Micronaut;
+
+/**
+ * Micronaut application.
+ *
+ * @author [email protected]
+ */
+public class Application {
+
+	public static void main(String[] args) {
+		Micronaut.build(args).banner(false).mainClass(Application.class).eagerInitSingletons(true).start();
+	}
+}

backend/src/main/java/io/kokuwa/keycloak/EinheitenController.java

@@ -0,0 +1,27 @@
+package io.kokuwa.keycloak;
+
+import java.security.Principal;
+
+import io.micronaut.http.annotation.Controller;
+import io.micronaut.http.annotation.Get;
+import io.micronaut.security.annotation.Secured;
+import io.micronaut.security.rules.SecurityRule;
+
+/**
+ * Controller.
+ *
+ * @author [email protected]
+ */
+@Controller
+public class EinheitenController {
+
+	@Secured(SecurityRule.IS_AUTHENTICATED)
+	@Get("/protected")
+	Principal getProtected(Principal principal) {
+		return principal;
+	}
+
+	@Secured(SecurityRule.IS_ANONYMOUS)
+	@Get("/public")
+	void getPublic() {}
+}

backend/src/main/resources/application.yaml

@@ -0,0 +1,24 @@
+micronaut:
+  application:
+    name: keycloak-angular
+
+  ## see https://micronaut-projects.github.io/micronaut-security/latest/guide/#interceptUrlMap
+  security:
+    intercept-url-map:
+      - pattern: /endpoints/**
+        access: isAnonymous()
+
+## see https://docs.micronaut.io/latest/guide/index.html#providedEndpoints
+endpoints:
+  all:
+    enabled: false
+    port: 8090
+    path: /endpoints
+    sensitive: false
+  health:
+    enabled: true
+    details-visible: ANONYMOUS
+    disk-space:
+      enabled: false
+    discovery-client:
+      enabled: false

keycloak-angular/pom.xml

@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+	<groupId>io.kokuwa.keycloak</groupId>
+	<artifactId>keycloak-angular</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	</parent>
+
+	<artifactId>keycloak-angular-frontend</artifactId>
+	<packaging>pom</packaging>
+
+	<name>Keycloak Angular :: Frontend</name>
+
+	<build>
+		<plugins>
+
+			<!-- clean -->
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-clean-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>default-clean</id>
+						<configuration>
+							<filesets>
+								<fileset>
+									<directory>${project.basedir}/dist</directory>
+								</fileset>
+							</filesets>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+
+			<!-- run yarn -->
+			<plugin>
+				<groupId>org.codehaus.mojo</groupId>
+				<artifactId>exec-maven-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>yarn-install</id>
+						<phase>validate</phase>
+						<goals>
+							<goal>exec</goal>
+						</goals>
+						<configuration>
+							<executable>yarn</executable>
+							<arguments>install</arguments>
+						</configuration>
+					</execution>
+					<execution>
+						<id>yarn-build</id>
+						<phase>compile</phase>
+						<goals>
+							<goal>exec</goal>
+						</goals>
+						<configuration>
+							<executable>yarn</executable>
+							<arguments>build</arguments>
+						</configuration>
+					</execution>
+					<execution>
+						<id>docker</id>
+						<phase>package</phase>
+						<goals>
+							<goal>exec</goal>
+						</goals>
+						<configuration>
+							<executable>docker</executable>
+							<arguments>
+								<argument>build</argument>
+								<argument>${project.basedir}</argument>
+								<argument>--tag=${image.repository}/frontend:${image.tag}</argument>
+							</arguments>
+						</configuration>
+					</execution>
+					<execution>
+						<id>deploy</id>
+						<phase>deploy</phase>
+						<goals>
+							<goal>exec</goal>
+						</goals>
+						<configuration>
+							<executable>docker</executable>
+							<arguments>
+								<argument>push</argument>
+								<argument>${image.repository}/frontend:${image.tag}</argument>
+							</arguments>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+
+		</plugins>
+	</build>
+</project>

kubernetes/backend/deployment.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: backend
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: backend
+    spec:
+      containers:
+        - name: backend
+          image: ghcr.io/kokuwaio/keycloak-angular/backend:0.0.1-SNAPSHOT
+          ports:
+            - name: http
+              containerPort: 8080
+            - name: management
+              containerPort: 8090
+          env:
+            - name: MICRONAUT_SECURITY_TOKEN_JWT_SIGNATURES_JWKS_KEYCLOAK_URL
+              value: http://keycloak.127.0.0.1.nip.io:8080/realms/kokuwa/protocol/openid-connect/certs
+          startupProbe:
+            httpGet:
+              path: /endpoints/health
+              port: management
+            initialDelaySeconds: 5
+            periodSeconds: 1
+            successThreshold: 1
+            failureThreshold: 25
+          livenessProbe:
+            httpGet:
+              path: /endpoints/health
+              port: management
+            periodSeconds: 60
+            failureThreshold: 1
+          securityContext:
+            runAsUser: 10001
+            runAsGroup: 10001
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+            privileged: false
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: [ALL]
+      enableServiceLinks: false
+      automountServiceAccountToken: false
+      terminationGracePeriodSeconds: 0

kubernetes/jwt-verifier/ingress.yaml → kubernetes/backend/ingress.yaml

@@ -7,7 +7,7 @@ spec:
     - host: jwt-verifier.127.0.0.1.nip.io
       http:
         paths:
-          - path: /metrics
+          - path: /
             pathType: Prefix
             backend:
               service:

kubernetes/jwt-verifier/kustomization.yaml → kubernetes/backend/kustomization.yaml

@@ -1,9 +1,4 @@
-commonLabels:
-  app.kubernetes.io/name: jwt-verifier
-
 resources:
   - deployment.yaml
   - ingress.yaml
   - service.yaml
-
-

kubernetes/backend/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend
+spec:
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+  selector:
+    app.kubernetes.io/name: backend