{"id":17888095,"url":"https://github.com/fireflycons/oauth.cloudnative.deployment","last_synced_at":"2025-04-03T02:42:28.676Z","repository":{"id":96974383,"uuid":"461218713","full_name":"fireflycons/oauth.cloudnative.deployment","owner":"fireflycons","description":"End-to-end Kubernetes deployment on a development computer","archived":false,"fork":false,"pushed_at":"2022-09-30T05:25:24.000Z","size":780,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-08T16:44:08.633Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fireflycons.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-19T14:39:54.000Z","updated_at":"2023-03-30T09:08:46.000Z","dependencies_parsed_at":"2024-05-01T20:03:05.716Z","dependency_job_id":null,"html_url":"https://github.com/fireflycons/oauth.cloudnative.deployment","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fireflycons%2Foauth.cloudnative.deployment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fireflycons%2Foauth.cloudnative.deployment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fireflycons%2Foauth.cloudnative.deployment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fireflycons%2Foauth.cloudnative.deployment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fireflycons","download_url":"https://codeload.github.com/fireflycons/oauth.cloudnative.deployment/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246927809,"owners_count":20856193,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-28T13:36:32.590Z","updated_at":"2025-04-03T02:42:28.659Z","avatar_url":"https://github.com/fireflycons.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OAuth Cloud Native Local\n\nThe second repository in the following set, focused on productive development setups:\n\n| Repository | Role |\n| ---------- | ---- |\n| [oauth.cloudnative.base](https://github.com/gary-archer/oauth.cloudnative.base) | An initial infrastructure setup on a development computer |\n| oauth.cloudnative.local | An end-to-end infrastructure and application setup on a development computer |\n| [oauth.cloudnative.aws](https://github.com/gary-archer/oauth.cloudnative.aws) | An end-to-end infrastructure and application setup in the AWS cloud |\n\nThis repo extends the base deployment to cover deployment of applications and to use SSL for all URLs.\\\nIt also covers some advanced behaviour, such as running Kong plugins during ingress.\n\n## Architecture\n\nMy code samples and best of breed third party components are deployed, and accessed over these URLs:\n\n| Component | URL | Description |\n| --------- | --- | ----------- |\n| Web Host | https://web.mycluster.com | A content delivery network that serves web static content |\n| APIs | https://api.mycluster.com | The entry point for APIs called by native apps |\n| Token Handler | https://tokenhandler.mycluster.com | The backend for frontend used by the SPA |\n| Logs | https://logs.mycluster.com | A URL for querying backend logs |\n\n## Prerequisites\n\nInstall these tools:\n\n- A Docker Engine such as [Docker Desktop](https://www.docker.com/products/docker-desktop)\n- [Kubernetes in Docker (KIND)](https://kind.sigs.k8s.io/docs/user/quick-start/)\n- [Helm](https://helm.sh/docs/intro/install/)\n- [openssl](https://www.openssl.org/)\n- [envsubst](https://github.com/a8m/envsubst)\n\nOn a Windows host, ensure that Google's DNS server is configured against the internet connection.\\\nThis prevents problems resolving AWS URLs from inside the cluster once the installation is complete.\n\n![Windows DNS](./images/dns.png)\n\n## Deploy the System\n\nFirst create the cluster's base infrastructure:\n\n```bash\n./1-create-cluster.sh\n```\n\nThen build apps into Docker containers:\n\n```bash\n./2-build.sh\n```\n\nThen deploy apps to the Kubernetes cluster:\n\n```bash\n./3-deploy.sh\n```\n\nOptionally deploy Elastic Stack components in order to use end-to-end API logging:\n\n```bash\n./4-deploy-elasticstack.sh\n```\n\nLater you can free all resources when required via this script:\n\n```bash\n./5-teardown.sh\n```\n\n## Enable Development URLs\n\nLook for this line in logs after step 1 above.\\\nThis will be the loopack URL on macOS and Windows, or a load balancer assigned IP address on Linux:\n\n```text\nThe cluster's external IP address is 127.0.0.1 ...\n```\n\nAdd it to the hosts file on the local computer, mapped to these external URLs:\n\n```text\n127.0.0.1 web.mycluster.com api.mycluster.com tokenhandler.mycluster.com logs.mycluster.com dashboard.mycluster.com\n```\n\nThen trust the root certificate at `certs/mycluster.ca.pem` on the local computer.\\\nThis is done by adding it to the host's certificate store as explained in [Configuring SSL Trust](https://authguidance.com/developer-ssl-setup#os-ssl-trust).\n\n## Use the System\n\nThen sign in to the Single Page Application with these details:\n\n| Field | Value |\n| ----- | ----- |\n| SPA URL | https://web.mycluster.com/spa |\n| User Name | guestuser@mycompany.com |\n| User Password | GuestPassword1 |\n\nTo [Query API Logs](https://authguidance.com/2019/08/02/intelligent-api-platform-analysis/), sign into Kibana with these details:\n\n| Field | Value |\n| ---------- | ----- |\n| Kibana URL | https://logs.mycluster.com/app/dev_tools#/console |\n| User Name | elastic |\n| User Password | Password1 |\n\n## View Kubernetes Resources\n\nThe deployment provides multiple worker nodes for hosting applications:\n\n```text\nkubectl get nodes -o wide\n\nNAME                  STATUS   ROLES                  AGE   VERSION   INTERNAL-IP\noauth-control-plane   Ready    control-plane,master   15m   v1.24.0   172.29.0.4\noauth-worker          Ready    \u003cnone\u003e                 15m   v1.24.0   172.29.0.2\noauth-worker2         Ready    \u003cnone\u003e                 15m   v1.24.0   172.29.0.3\n```\n\nThe worker nodes host application containers within an `applications` namespace:\n\n```text\nkubectl get pods -o wide -n applications\n\nNAME                           READY   STATUS    RESTARTS   AGE   IP           NODE\nfinalapi-77b44bf64-gh646       1/1     Running   0          86s   10.244.1.6   oauth-worker\nfinalapi-77b44bf64-kqnql       1/1     Running   0          86s   10.244.2.7   oauth-worker2\noauthagent-9fc86d5cc-lhqrs     1/1     Running   0          84s   10.244.1.7   oauth-worker\noauthagent-9fc86d5cc-s8wws     1/1     Running   0          84s   10.244.2.8   oauth-worker2\nwebhost-5f76fdcf46-lwsdb       1/1     Running   0          87s   10.244.2.6   oauth-worker2\nwebhost-5f76fdcf46-zsxr9       1/1     Running   0          87s   10.244.1.5   oauth-worker\n```\n\nThe worker nodes also host Elastic Stack containers within an `elasticstack` namespace:\n\n```text\nkubectl get pods -o wide -n elasticstack\n\nNAME                             READY   STATUS              RESTARTS   AGE     IP            NODE\nelasticsearch-67f7d45c6f-khbmp   1/1     Running             0          2m43s   10.244.2.16   oauth-worker\nes-initdata-job-lbnqv            0/1     Completed           0          2m42s   10.244.1.12   oauth-worker2\nfilebeat-q5xw8                   1/1     Running             0          2m41s   172.29.0.2    oauth-worker\nfilebeat-skwbs                   1/1     Running             0          2m41s   172.29.0.3    oauth-worker2\nkibana-67fb658898-t2jdb          1/1     Running             0          2m42s   10.244.2.17   oauth-worker\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffireflycons%2Foauth.cloudnative.deployment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffireflycons%2Foauth.cloudnative.deployment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffireflycons%2Foauth.cloudnative.deployment/lists"}