This repository's primary purpose is to enable you to rapidly stand up Cloudentity Authorization Control Plane in your local development environment. It takes advantage of a Kind a tool for running local Kubernetes clusters using Docker container nodes as well as ACP helm charts.
- kind 0.16.x
- helm 3.x.x
- kubectl 1.24.x
- Credentials to access Cloudentity Private Docker Repo - if you are our client, you can find it in your Support Portal; if you are not and you want to check out our product, feel free to request access via our website.
- For
kindtool please follow the instructions below to install globally. For the rest tools please follow the official instructions linked above.
On Linux:
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.16.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
On macOS:
brew install kind
- Add environment variables
DOCKER_USERandDOCKER_PWDfor Cloudentity Private Docker Repo:
export DOCKER_USER=<user>
export DOCKER_PWD=<password>
- Add local domain to
/etc/hosts:
127.0.0.1 acp.acp-system- Run
make all. - Next go to
https://acp.acp-system:8443/and log in withadmin:admin
- Check out ACP documentation
- Install Istio
make install-istioand experiment with the MicroPerimeter Authorizer for Istio - Integrate your SPA app using our Auth JS Lib
- Explore strong service mTLS based authentication using Sample Go mTLS OAuth app
make all- Create a new local Kubernetes cluster and install all ACP components. Runscreate-cluster,prepare-helm,prepare-clusterandinstall-acp-stackmake create-cluster- Creates a new local Kubernetes cluster using configuration stored in./config/kind-cluster-config.yamlmake prepare-helm- Adds necessary helm chart repositoriesmake prepare-cluster- Creates required namespaces and initializes the docker credentials stored in .env file (please make sure you haveDOCKER_USERandDOCKER_PWDcorrectly configured in the .env file)make install-acp-stack- Installs the acp stack using the ACP helm charts and theacprelease namemake install-istio- Installs Istio 1.9.3 on the Kubernetes clustermake watch- Checks the status of the deploymentmake uninstall-acp- Uninstalls theacpreleasemake delete-cluster- Deletes Kind based Kubernetes clustermake deploy-cmd-pod- Deploys the CMD pod in the default namespace; this pod is helpful with the Istio authorization testing.make install-countries- Deploys the countries GraphQL API in the default namespace; this pod is helpful for testing GraphQL authorization. The Coutries API is publicly available https://countries.trevorblades.com/
If you would like to test your modifications of the ACP helm charts, point ACP_CHARTS_PATH to your clone:
make ACP_CHARTS_PATH=../acp-helm-charts/charts all
This is also a handy way to spin up older releases of ACP.
- Run
make deploy-cmd-pod - Export CMD_POD name:
export CMD_POD=$(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) - Run the requested operation in te context of a Kubernetes cluster:
kubectl exec -it $CMD_POD -c sleep -- curl https://acp.acp-system:8443/alive --insecure
- Add to
values/kube-acp-stack.yamlfollowing feature flags to ACP:
integration_endpoints: true
system_openbanking_consents_management: true
openbanking_domestic_payment_consents: true
system_clients_management: true
- Run
make install-openbanking
Instruction ow to run a GraphQL service and be able to play around.
Prerequisites: make sure you use ACP version that supports GraphQL - 2.0.0 or latest.
make graphql-demo- installs ACP and all components- Add local domain to
/etc/hosts:
127.0.0.1 countries.ingress.k8s
- Go to
https://acp.acp-system:8443/system/admin/app, log in withadminand default system password, switch to system workspace. GraphQL service should be discovered. - Go to GraphQL UI service
http://countries.ingress.k8s:9080, change - Change API URL to
http://countries.ingress.k8s:9080/gqlapi - Run queries, example:
{
country(code:"PL") {
name
code
}
}