Identity and Access Management (IAM) demo infrastructure.
- 📜 Introduction
- 🐣 Getting started
- Troubleshooting
- TODO
- 📄 License
Use Multipass to start an ansible controller instance, a Kubernetes cluster, and a linux desktop with Xfce Desktop Environment.
./bunch-up -aSee development documentation.
Use any RDP client (like Microsoft Remote Desktop
or FreeRDP) to connect to the linux-desktop virtual machine.
- user: iamadmin
- password: iamadmin
The IP Address is the first entry from ipv4 when running the following command:
./platform/vm-generator/generated/vms-status.sh linux-desktopThe ansible scripts should have installed the self-signed root certificate inside the linux-desktop virtual machine.
To test that the services are running and using the proper DNS and certificates,
open a terminal in the linux-desktop VM and type:
~/bin/check-vm-config.shOpen a terminal and type:
# Configure iam-demo-tech k8s cluster as default
echo 'export KUBECONFIG=~/.kube/config-iam-demo-tech' | sudo tee --append /etc/bash.bashrc
# Add kubectl completion
kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl
# Add kustomize completion
kustomize completion bash | sudo tee /etc/bash_completion.d/kustomize
# Add helm completion
helm completion bash | sudo tee /etc/bash_completion.d/helm
# Open a new shell tab or start a new shell to apply the changes
exec $SHELLOpen a terminal to generate the ssh keys.
ssh-keygen -t ed25519 -C "iamadmin@iam-demo.test"Open a Gitea in a browser and login using the credentials from Connect using linux-desktop browser.
Open a terminal and copy your public ssh key in the clipboard.
cat ~/.ssh/id_ed25519.pub | tee >(xclip -selection clipboard); echo ''Open Manage SSH Keys in Gitea in a browser and paste the public key.
Access ansible-controller shell using:
./platform/vm-generator/generated/vm-shell.sh ansible-controlleror connect to linux-desktop using Remote Desktop
and open a terminal.
You can also access linux-desktop shell using:
./platform/vm-generator/generated/vm-shell.sh linux-desktopTo check the Kubernetes configuration, type:
kubectl config viewThe output should be like the following:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://iam-control-plane.iam-demo.test:6443
name: default
contexts:
- context:
cluster: default
user: default
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTEDThe kubernetes folder is mounted inside the ansible-controller
under /kubernetes.
Connect to linux-desktop using Remote Desktop.
Open Firefox inside the VM, and use the following URLs: (Note: you can find them in Firefox bookmarks)
- Grafana: https://grafana.iam-demo.test
- user: admin
- password: grafana-admin
- Gitea: https://git.iam-demo.test
- user: gitea-admin
- password: giteapw123!
- Prometheus: https://prometheus.iam-demo.test
- Alertmanager: https://alertmanager.iam-demo.test
- Consul: https://consul.iam-demo.test
- Keycloak: https://keycloak.iam-demo.test
To access Traefik or Kubernetes dashboards, follow the instructions in the respective subsections.
Open a terminal and start port forwarding using:
kubectl port-forward \
--namespace kube-system \
$(kubectl get pods \
--namespace kube-system \
--selector "app.kubernetes.io/name=traefik" \
--output=name) \
9000:9000Open http://127.0.0.1:9000/dashboard/ in a browser.
Generate a token, print it and copy it to the clipboard:
kubectl -n kubernetes-dashboard create token admin-user | tee >(xclip -selection clipboard); echo ''Start the proxy:
kubectl proxyAccess the board in a web broser opening:
Distributed under the terms of the Apache License (Version 2.0).
See LICENSE for details.