update Security

- Add readmes for the setup of the example to OpenShift
- Add helm charts for the setup of the example application
- Using container images from quay.io/tsuedbroecker for the deployment (http)
- Add additional log information to web-app
   - main.js
   - Home.vue
- Add additional information to Dockerfile.os4 for the web-app
- Add comment to the ArticlesDataAccess.java
   class for future configurations

security/helm/articles-secure/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

security/helm/articles-secure/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+appVersion: "2.0"
+description: A Helm chart for OpenShift
+name: articles-secure
+version: 1.1.4
+icon: https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.svg
+

security/helm/articles-secure/templates/configmap.yaml

@@ -0,0 +1,7 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: security-url-config
+data:
+  QUARKUS_OIDC_AUTH_SERVER_URL: {{ .Values.QUARKUS_OIDC_AUTH_SERVER_URL }}
+

security/helm/articles-secure/templates/deployment.yaml

@@ -0,0 +1,43 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  {{- if .Values.name }}
+  name: {{ .Values.name }}
+  {{- end}}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- if .Values.name }}
+    app: {{ .Values.name }}
+    {{- end}}
+spec:
+  selector:
+    matchLabels:
+      {{- if .Values.name }}
+      app: {{ .Values.name }}
+      {{- end}}
+  replicas: 1
+  template:
+    metadata:
+      annotations: 
+        sidecar.istio.io/inject: "true"    
+      labels:
+        {{- if .Values.name }}
+        app: {{ .Values.name }}
+        {{- end}}
+        {{- if .Values.version }}
+        version: {{ .Values.version }}
+        {{- end}}
+    spec:
+      containers:
+      - name: {{ .Values.name }}
+        image: {{ .Values.image }}
+        imagePullPolicy: Always  
+        ports:
+        - containerPort: {{ .Values.ports.containerPort }}
+        env:
+        - name: QUARKUS_OIDC_AUTH_SERVER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: security-url-config
+              key: QUARKUS_OIDC_AUTH_SERVER_URL
+

security/helm/articles-secure/templates/service.yaml

@@ -0,0 +1,14 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ .Values.name }}
+spec:
+  selector:
+    app: {{ .Values.name }}
+  ports:
+    - port: {{ .Values.service.port }}
+      name: http
+  type: NodePort

security/helm/articles-secure/values.yaml

@@ -0,0 +1,43 @@
+# Default values for template-node-typescript.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+############################################
+# Deployment.metadata.name
+# Deployment.metadata.lables.app
+# Deployment.spec.selector.matchLabels.app
+# Deployment.template.metadata.labels.app
+# Deployment.spec.containers.name
+# ++++++++++++++++++++++++++++++++++++++++++
+# Service.metatdata.name
+# Service.metadata.lables.app
+# Service.spec.selector.app
+name: articles
+
+############################################
+# Deployment.metadata.namespace
+# Service.metadata.namespace
+namespace: cloud-native-starter
+
+############################################
+# Deployment.template.metadata.version
+version: v1
+
+############################################
+# Deployment.spec.template.spec.containers.image
+image: quay.io/tsuedbroecker/articles-secure:v1
+
+############################################
+# Deployment.spec.template.spec.containers.ports.containerPort
+ports:
+  containerPort: 8082
+
+############################################
+# Service.spec.ports.port
+service:
+  port: 8082
+
+
+############################################
+# ConfigMap.data.QUARKUS_OIDC_AUTH_SERVER_URL
+QUARKUS_OIDC_AUTH_SERVER_URL: "http://keycloak:8080/auth/realms/quarkus"

security/helm/keycloak/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

security/helm/keycloak/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+appVersion: "2.0"
+description: A Helm chart for OpenShift
+name: web-api-secure
+version: 1.1.4
+icon: https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.svg
+

security/helm/keycloak/templates/deployment.yaml

@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ .Values.name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.name }}
+  template:
+    metadata:
+      annotations: 
+        sidecar.istio.io/inject: "true"    
+      labels:
+        app: {{ .Values.name }}
+        version: {{ .Values.version }}
+    spec:
+      containers:
+      - name: {{ .Values.name }}
+        image: {{ .Values.image }}
+        env:
+        - name: KEYCLOAK_USER
+          value: "admin"
+        - name: KEYCLOAK_PASSWORD
+          value: "admin"
+        - name: PROXY_ADDRESS_FORWARDING
+          value: "true"
+        ports:
+        - name: http
+          containerPort: 8080
+        - name: https
+          containerPort: 8443
+        readinessProbe:
+          httpGet:
+            path: /auth/realms/master
+            port: 8080

security/helm/keycloak/templates/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ .Values.name }}
+spec:
+  ports:
+  - name: http
+    port: 8080
+    targetPort: 8080
+  - name: https
+    port: 8443
+    targetPort: 8443
+  type: NodePort
+  selector:
+    app: {{ .Values.name }}

security/helm/keycloak/values.yaml

@@ -0,0 +1,48 @@
+# Default values for template-node-typescript.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+############################################
+# Deployment.metadata.name
+# Deployment.metadata.lables.app
+# Deployment.spec.selector.matchLabels.app
+# Deployment.template.metadata.labels.app
+# Deployment.spec.containers.name
+# ++++++++++++++++++++++++++++++++++++++++++
+# Service.metatdata.name
+# Service.metadata.lables.app
+# Service.spec.selector.app
+name: keycloak
+
+############################################
+# Deployment.metadata.namespace
+# Service.metadata.namespace
+namespace: cloud-native-starter
+
+############################################
+# Deployment.template.metadata.version
+version: v1
+
+############################################
+# Deployment.spec.template.spec.containers.image
+image: "quay.io/keycloak/keycloak:10.0.2"
+
+############################################
+# Deployment.spec.template.spec.containers.ports.containerPort
+ports:
+  containerPortHTTP: "8080"
+  containerPortHTTPS: "8443"
+
+############################################
+# Service.spec.ports.port
+# Service.spec.ports.targetPort
+service:
+  portHttp: "8080"
+  portHttps: "8443"
+
+############################################
+# Deployment.spec.template.spec.containers.env.name:
+env:
+  KEYCLOAK_USER: "admin"
+  KEYCLOAK_PASSWORD: "admin"
+  PROXY_ADDRESS_FORWARDING: "true"