Install the App Identity and Access Adapter on a free IBM Cloud Kubernetes Cluster

In that blog post I want to highlight that I started to integrate the open source App Identity and Access Adapter for Istio Mixer into our open source Cloud Native Starter sample that uses the free IBM Cloud Kubernetes cluster setup with a manual Istio installation.

The cool thing from my perspective of the App Identity and Access Adapter is “that the adapter can be configured to work with any OIDC compliant identity provider, which enables it to control authentication and authorization policies in all environments including frontend and backend applications. And, it does it all without any change to your code or the need to redeploy your application. I had a short problem with the installation you can find on stackoverflow.

Here are the steps how I did the setup of that App Identity and Access Adapter:

  1. Install Helm https://helm.sh
  2. Create a service account for Istio and ensure you are in your Istio installation directory. For example in the directory ​”…/cloud-native-starter/workshop/istio-1.1.5″
$ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml
  1. Show the given namespaces
$ kubectl get namespace
  1. Set Kubernetes namespace to Istio-System for the App Identity and Access Adapter installation and verify that your are in the right namespace.
$ kubectl config set-context --current --namespace=istio-system
$ kubectl config view --minify | grep namespac
  1. Add appidentityandaccessadapter to the helm repo
$ helm repo add appidentityandaccessadapter https://raw.githubusercontent.com/ibm-cloud-security/app-identity-and-access-adapter/master/helm/appidentityandaccessadapter
  1. Install the appidentityandaccessadapter into the Istio namespace
$ helm delete appidentityandaccessadapter
$ helm install  appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter
  1. Verify the installation
$ kubectl get pods -A
NAMESPACE      NAME                                              READY   STATUS      RESTARTS   AGE

istio-system   dpl-appidentityandaccessadapter-9bf86cc74-246l5   1/1     Running     0          8m2s

In the following image we see the installed adapter on the free IBM Cloud Kubernetes cluster.

appid-adapter-01

I hope this was useful for you and let’s see what’s next?

Greetings,

Thomas

PS and FYI … You can use the IBM Cloud for free just create a IBM Lite Account only a email is requested.

#AppID, #Kubernetes, #CloudNativeStarter, #Istio, #IBMCloud, #IBMDeveloper

One thought on “Install the App Identity and Access Adapter on a free IBM Cloud Kubernetes Cluster

Add yours

  1. Pingback: No code changes needed to secure your application on Kubernetes – Thomas Suedbroecker's Blog

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: