This is an example application accompanying the blog post Deploy Secure Spring Boot Microservices on Azure AKS Using Terraform and Kubernetes on the Auth0 developer blog.
Prerequisites
- Java OpenJDK 21
- Auth0 account
- Auth0 CLI 1.4.0
- Docker 26.1.2
- Azure account
- Azure CLI 2.60.0
- JHipster 8.4.0
- kubectl 1.30.1
- Terraform 1.8.3
- jq 1.6
To deploy the stack to Azure Kubernetes Service (AKS), we need to create a cluster. So let's begin by creating a cluster using Terraform.
Ensure you have configured your Azure CLI. If not, run the following command:
# Visit https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli-interactively
az loginEdit the file terraform/auth0.tf and update the auth0 provider with your Auth0 domain URI:
# terraform/auth0.tf
provider "auth0" {
domain = "https://<your-auth0-domain>"
debug = false
}Now before we can run the scripts we need to create a machine to machine application in Auth0 so that Terraform can communicate with the Auth0 management API. This can be done using the Auth0 CLI. Please note that you also need to have jq installed to run the below commands. Run the following commands to create an application after logging into the CLI with the auth0 login command:
# Create a machine to machine application on Auth0
export AUTH0_M2M_APP=$(auth0 apps create \
--name "Auth0 Terraform Provider" \
--description "Auth0 Terraform Provider M2M" \
--type m2m \
--reveal-secrets \
--json | jq -r '. | {client_id: .client_id, client_secret: .client_secret}')
# Extract the client ID and client secret from the output.
export AUTH0_CLIENT_ID=$(echo $AUTH0_M2M_APP | jq -r '.client_id')
export AUTH0_CLIENT_SECRET=$(echo $AUTH0_M2M_APP | jq -r '.client_secret')This will create the application and set environment variables for client ID and secret. This application needs to be authorized to use the Auth0 management API. This can be done using the below commands.
# Get the ID and IDENTIFIER fields of the Auth0 Management API
export AUTH0_MANAGEMENT_API_ID=$(auth0 apis list --json | jq -r 'map(select(.name == "Auth0 Management API"))[0].id')
export AUTH0_MANAGEMENT_API_IDENTIFIER=$(auth0 apis list --json | jq -r 'map(select(.name == "Auth0 Management API"))[0].identifier')
# Get the SCOPES to be authorized
export AUTH0_MANAGEMENT_API_SCOPES=$(auth0 apis scopes list $AUTH0_MANAGEMENT_API_ID --json | jq -r '.[].value' | jq -ncR '[inputs]')
# Authorize the Auth0 Terraform Provider application to use the Auth0 Management API
auth0 api post "client-grants" --data='{"client_id": "'$AUTH0_CLIENT_ID'", "audience": "'$AUTH0_MANAGEMENT_API_IDENTIFIER'", "scope":'$AUTH0_MANAGEMENT_API_SCOPES'}'Initialize, plan and apply the following Terraform configuration:
cd terraform
# download modules and providers. Initialize state.
terraform init
# see a preview of what will be done
terraform plan -out main.tfplan
# apply the changes
terraform apply main.tfplanThe complete provisioning of all resources will take while. Once the AKS cluster is ready, you will see the output variables printed on the console. Get the cluter credentials with the following command:
az aks get-credentials --resource-group rg-spokes-<resource_group_location> --name <kubernetes_cluster_name> --adminThen check the cluster details with kdash or kubectl get nodes.
First get the client ID and secret for the Auth0 application created by Terraform.
# Client ID
terraform output auth0_webapp_client_id
# Client Secret
terraform output auth0_webapp_client_secretUpdate kubernetes/registry-k8s/application-configmap.yml with the OIDC configuration from above.
apiVersion: v1
kind: ConfigMap
metadata:
name: application-config
namespace: jhipster
#common configuration shared between all applications
data:
application.yml: |-
configserver:
...
jhipster:
security:
...
oauth2:
audience:
- https://<your-auth0-domain>/api/v2/
spring:
security:
oauth2:
client:
provider:
oidc:
# make sure to include the trailing slash
issuer-uri: https://<your-auth0-domain>/
registration:
oidc:
client-id: <client-id>
client-secret: <client-secret>
# app specific configurationYou need to build Docker images for each app. This is specific to the JHipster application used in this tutorial. Navigate to each app folder (store, invoice, product) and run the following command:
./gradlew bootJar -Pprod jib -Djib.to.image=<docker-repo-uri-or-name>/<image-name>Image names would be store, invoice, and product.
Once the images are pushed to the Docker registry, we can deploy the stack using the handy script provided by JHipster. Navigate to the kubernetes folder created by JHipster and run the following command.
cd kubernetes
./kubectl-apply.sh -fOnce the deployments are done, we must wait for the pods to be in RUNNING status.
As the Azure Application Gateway requires the inbound traffic to be for the host store.example.com, you can test the store service by adding an entry in your /etc/hosts file that maps to the gateway public IP. Get the public IP of the Azure Application Gateway with:
terraform output spoke_pipEdit the /etc/hosts file and add the following line:
<spoke_pip> store.example.com
Then navigate to http://store.example.com and sign in at Auth0 with the test user/password [email protected]/passpass$12$12.
Once you are done with the tutorial, you can delete the cluster and all the resources created using Terraform by running the following commands:
cd terraform
terraform destroy -auto-approveThis example uses the following open source projects:
Please post any questions as comments on the blog post, or visit our Auth0 Developer Forums.
Apache 2.0, see LICENSE.