{"id":22268222,"url":"https://github.com/curityio/curity-idsvr-gke-installation","last_synced_at":"2026-04-28T20:35:37.115Z","repository":{"id":38366416,"uuid":"491110355","full_name":"curityio/curity-idsvr-gke-installation","owner":"curityio","description":"A demo installation of Curity Identity Server, Nginx Ingress controller \u0026 Kong gateway including phantom token plugin in Google Kubernetes Engine for PoC purposes","archived":false,"fork":false,"pushed_at":"2022-06-06T08:32:23.000Z","size":317,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-01-30T13:31:44.684Z","etag":null,"topics":["deployment","gke","google","helm","kubernetes"],"latest_commit_sha":null,"homepage":"https://curity.io/resources/learn/kubernetes-gke-idsvr-kong-phantom/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-05-11T12:53:31.000Z","updated_at":"2024-09-12T11:23:10.000Z","dependencies_parsed_at":"2022-08-25T05:01:39.888Z","dependency_job_id":null,"html_url":"https://github.com/curityio/curity-idsvr-gke-installation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fcurity-idsvr-gke-installation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fcurity-idsvr-gke-installation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fcurity-idsvr-gke-installation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fcurity-idsvr-gke-installation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/curity-idsvr-gke-installation/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245486241,"owners_count":20623239,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deployment","gke","google","helm","kubernetes"],"created_at":"2024-12-03T11:11:57.402Z","updated_at":"2026-04-28T20:35:32.099Z","avatar_url":"https://github.com/curityio.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"#  Curity Identity Server GKE Installation\n\n[![Quality](https://img.shields.io/badge/quality-experiment-red)](https://curity.io/resources/code-examples/status/)\n[![Availability](https://img.shields.io/badge/availability-source-blue)](https://curity.io/resources/code-examples/status/)\n\nThis tutorial will enable any developer or an architect to quickly run the Curity Identity Server and the Phantom Token Pattern in Kubernetes using Kong Ingress controller or Nginx Ingress controller, via the Google Cloud Platform.\n\nThis installation follows the security best practice to host the Identity server and the APIs behind an Ingress controller acting as an Reverse proxy/API gateway. This will ensure that opaque access tokens are issued to internet clients, while APIs receive JWT access tokens.\n\nThis tutorial could be completed by using the Google Cloud Platform free tier option without incurring any cost.\n\n## Prepare the Installation\n\nDeployment on GKE has the following prerequisites:\n* [GCP Account](https://console.cloud.google.com/home) and ensure that GKE API is enabled.\n* [gcloud CLI](https://cloud.google.com/sdk/docs/install) installed and configured.\n* [Helm](https://helm.sh/)\n* [OpenSSL](https://www.openssl.org/)\n* [jq](https://stedolan.github.io/jq/) \n* [kubectl](https://kubernetes.io/docs/tasks/tools/)\n\nMake sure you have above prerequisites installed and then copy a license file to the `idsvr-config/license.json` location.\nIf needed, you can also get a free community edition license from the [Curity Developer Portal](https://developer.curity.io).\n\n\n## Deployment Pattern\n\nAll of the services are running privately in the kubernetes cluster and exposed via a https load balancer.\n\n![deployment pattern](./docs/deployment_IC.png \"deployment pattern\")\n\n## Installation\n\n 1. Clone the repository\n    ```sh\n    git clone git@github.com:curityio/curity-idsvr-gke-installation.git\n    cd curity-idsvr-gke-installation\n    ```\n\n 2. Configuration\n \n    Cluster options could be configured by modifying `cluster-config/gke-cluster-config.json` file.\n\n\n 3. Install the environment  \n     ```sh\n    ./deploy-idsvr-gke.sh --install\n    ```   \n\n    The installation script prompts for input choices, and one of the choices is which Ingress controller to deploy. Once selected, the ingress controller is deployed with a customized docker image containing the required plugins.\n\n\n 4. Shutdown environment  \n     ```sh\n    ./deploy-idsvr-gke.sh --stop\n    ```  \n\n\n 5. Start the environment  \n     ```sh\n    ./deploy-idsvr-gke.sh --start\n    ```  \n\n\n 6. Free up cloud resources\n    ```sh\n     ./deploy-idsvr-gke.sh --delete\n    ```\n\n\n 7. Logs\n    ```sh\n     kubectl -n curity logs -f -l role=curity-idsvr-runtime\n     kubectl -n curity logs -f -l role=curity-idsvr-admin  \n     kubectl -n ingress-nginx logs -f -l app.kubernetes.io/component=controller\n     kubectl -n kong logs -f -l app.kubernetes.io/component=controller\n     kubectl -n api    logs -f -l app=simple-echo-api\n    ```\n\n\n## Environment URLs\n\n| Service             | URL                                                           | Purpose                                                         |\n| --------------------|:------------------------------------------------------------- | ----------------------------------------------------------------|\n| ADMIN UI            | https://admin.example.gke/admin                                | Curity Administration console                                   |\n| OIDC METADATA       | https://login.example.gke/~/.well-known/openid-configuration   | OIDC metadata discovery ednpoint                                |\n| API  PROXY ENDPOINT | https://api.example.gke/echo                            | Upstream API proxy endpoint                                     |\n\n\nFor a detailed step by step installation instructions, please refer to [Installing the Curity Identity Server with Kong/Nginx on GKE](https://curity.io/resources/learn/kubernetes-gke-idsvr-kong-phantom) article.\n\n\n## More Information\n\nPlease visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fcurity-idsvr-gke-installation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Fcurity-idsvr-gke-installation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fcurity-idsvr-gke-installation/lists"}