Open xiangjunhuang opened 6 years ago
nickredmark
commented
6 years ago It should be possible. Are you familiar with docker-compose? Then perhaps you could start from here https://github.com/nmaro/ooth/blob/master/examples/standalone/docker-compose.yml
xiangjunhuang
commented
6 years ago Thanks @nmaro ! I'm not a intensive user on docker-compose, but I see a good tool Kompose(http://kompose.io/) might help bridge the gap, will give a try soon! Thx!
nickredmark
commented
6 years ago Here would be another example (with next.js) I just created yesterday: https://github.com/nmaro/staart/tree/master/examples/staart
xiangjunhuang
commented
6 years ago Thanks @nmaro! I was able to deploy previously mentioned standalone example in my kubernetes cluster, but I haven't figure out the how to get it properly hooked up with my api-gateway: ambassador (https://www.getambassador.io). Feel that I need to update the logic in api part to make it fit ambassador's need. Right?
nickredmark
commented
6 years ago Yes. Question: are you going to run the api on a different domain? Then you will need JWT. Otherwise I'd recommend working with sessions (this is my preferred solution, in the staart example I use a reverse proxy to keep everything together)... If you work with sessions you can just hook all services to the same session storage (e.g. redis, I did this in the staart example). If you work with JWT you will need to extend your API for auth with JWT, e.g. like here: https://github.com/nmaro/ooth/blob/master/examples/standalone/api/index.js#L47
braytonstafford
commented
5 years ago Here are yaml files I created based on the standalone example for the API and ooth. These will create a kubernetes service and deployment for the API and ooth.
Hopefully these can be helpful
api.yaml
apiVersion: v1
kind: Service
metadata:
name: yourapp-api
labels:
app: yourapp-api
spec:
type: NodePort
ports:
- port: 3002
selector:
app: yourapp-api
---
apiVersion: 'extensions/v1beta1'
kind: 'Deployment'
metadata:
name: 'yourapp-api'
spec:
replicas: 1
selector:
matchLabels:
app: 'yourapp-api'
template:
metadata:
labels:
app: 'yourapp-api'
spec:
containers:
- name: 'yourapp-api'
image: 'yourapp-api:latest'
imagePullPolicy: 'Always'
ports:
- containerPort: 3002
name: yourappapi-port
env:
- name: NODE_ENV
value: 'development'
- name: URL
value: 'https://api.EXAMPLE.com'
- name: PORT
value: '3002'
- name: ORIGIN_URL
value: '*'
- name: MONGO_URL
value: 'mongodb://MONGOUSER_USERNAME:MONGOUSER_PASSWORD@MONGOSERVER:27017/MONGOCOLLECTION'
- name: SHARED_SECRET
value: 'A-SUPER-SECRET-SECRET'
- name: SESSION_SECRET
value: 'ANOTHER-SUPER-SECRET-SECRET'ooth.yaml
apiVersion: v1
kind: Service
metadata:
name: yourapp-ooth
labels:
app: yourapp-ooth
spec:
type: NodePort
ports:
- port: 3001
selector:
app: yourapp-ooth
---
apiVersion: 'extensions/v1beta1'
kind: 'Deployment'
metadata:
name: 'yourapp-ooth'
spec:
replicas: 1
selector:
matchLabels:
app: 'yourapp-ooth'
template:
metadata:
labels:
app: 'yourapp-ooth'
spec:
containers:
- name: 'yourapp-ooth'
image: 'yourapp-ooth:latest'
imagePullPolicy: 'Always'
ports:
- containerPort: 3001
name: yourapp-ooth
env:
- name: NODE_ENV
value: 'development'
- name: URL
value: 'https://ooth.EXAMPLE.com'
- name: PORT
value: '3001'
- name: ORIGIN_URL
value: '*'
- name: MONGO_URL
value: 'mongodb://MONGOUSER_USERNAME:MONGOUSER_PASSWORD@MONGOSERVER:27017/MONGOCOLLECTION'
- name: MAIL_FROM
value: 'no-reply@EXAMPLE.com'
- name: MAIL_SITE_NAME
value: 'Your App'
- name: MAIL_URL
value: 'https://mg.EXAMPLE.com'
- name: MAILGUN_API_KEY
value: 'YOUR_MAILGUN_API_KEY'
- name: MAILGUN_DOMAIN
value: 'YOUR_MAILGUN_DOMAIN'
- name: SHARED_SECRET
value: 'A-SUPER-SECRET-SECRET'
- name: SESSION_SECRET
value: 'ANOTHER-SUPER-SECRET-SECRET'
I'm trying to setup a new kubernetes cluster and looking for a proper authentication backend, not sure if ooth can be a good fit for that. Any comments will be welcome! thx!