From 681596eda8d12d623680aaed7d7397b66dc243b3 Mon Sep 17 00:00:00 2001 From: Felix Dubrownik Date: Tue, 22 Mar 2022 10:00:41 +0100 Subject: [PATCH] feat: basic kubernetes manifests and quickstart overlay including postgres pod --- README.md | 31 ++++++++++--- deploy/docker-compose/quickstart.yaml | 2 +- deploy/k8s/base/deployment.yaml | 45 +++++++++++++++++++ deploy/k8s/base/kustomization.yaml | 3 ++ deploy/k8s/base/services.yaml | 27 +++++++++++ .../k8s/overlays/quickstart/hanko-config.yaml | 4 ++ deploy/k8s/overlays/quickstart/ingress.yaml | 26 +++++++++++ .../overlays/quickstart/kustomization.yaml | 10 +++++ deploy/k8s/overlays/quickstart/namespace.yaml | 4 ++ deploy/k8s/postgres/deployment.yaml | 40 +++++++++++++++++ deploy/k8s/postgres/initdbscript.sh | 6 +++ deploy/k8s/postgres/kustomization.yaml | 8 ++++ deploy/k8s/postgres/persistent-volume.yaml | 31 +++++++++++++ deploy/k8s/postgres/service.yaml | 10 +++++ 14 files changed, 240 insertions(+), 7 deletions(-) create mode 100644 deploy/k8s/base/deployment.yaml create mode 100644 deploy/k8s/base/kustomization.yaml create mode 100644 deploy/k8s/base/services.yaml create mode 100644 deploy/k8s/overlays/quickstart/hanko-config.yaml create mode 100644 deploy/k8s/overlays/quickstart/ingress.yaml create mode 100644 deploy/k8s/overlays/quickstart/kustomization.yaml create mode 100644 deploy/k8s/overlays/quickstart/namespace.yaml create mode 100644 deploy/k8s/postgres/deployment.yaml create mode 100644 deploy/k8s/postgres/initdbscript.sh create mode 100644 deploy/k8s/postgres/kustomization.yaml create mode 100644 deploy/k8s/postgres/persistent-volume.yaml create mode 100644 deploy/k8s/postgres/service.yaml diff --git a/README.md b/README.md index 77612be62..a62a7da3f 100644 --- a/README.md +++ b/README.md @@ -9,23 +9,42 @@ ## About Hanko Hanko is the open-source alternative for passwordless authentication, powered by a combination of magic links and WebAuthn-based biometrics, aka passkeys. -Passwordless logins have been promised to us for quite some time. But it's only recently that the ecosystem of devices, browsers, and operating systems is finally ready. With most devices now supporting WebAuthn out of the box and shipping with biometric sensors like Touch ID, Face ID, and Windows Hello, it's enabling a truly fascinating login experience that will replace passwords for good. +Passwordless logins have been promised to us for quite some time. But it's only recently that the ecosystem of devices, browsers, and operating systems is finally ready. +With most devices now supporting WebAuthn out of the box and shipping with biometric sensors like Touch ID, Face ID, and Windows Hello, it's enabling a truly fascinating login experience that will replace passwords for good. -That's where Hanko comes in. Hanko enables a polished, end-to-end passwordless user experience on the web. Self-hosted or as a lean SaaS hosted by us (coming soon). API-first, small footprint, for developers. +That's where Hanko comes in. Hanko enables a polished, end-to-end passwordless user experience on the web. Self-hosted or as a lean SaaS hosted by us (coming soon). +API-first, small footprint, for developers. **Try it now and never look back.** Integrate Hanko in your web apps in just 5 minutes – with a single line of code. -With Hanko, your users will be able to login to your web app with biometrics instead of passwords. On devices that do not support WebAuthn, or for the first-time login on a new device, a magic link (we call them passlinks) is automatically sent. If possible, the user is then guided to enroll their biometrics. +With Hanko, your users will be able to login to your web app with biometrics instead of passwords. +On devices that do not support WebAuthn, or for the first-time login on a new device, a magic link (we call them passlinks) is automatically sent. +If possible, the user is then guided to enroll their biometrics. -For us, this project is the sum of six years of experience implementing FIDO and WebAuthn-based authentication in many different applications and platforms. And we are happy to share this with you. +For us, this project is the sum of six years of experience implementing FIDO and WebAuthn-based authentication in many different applications and platforms. +And we are happy to share this with you. ## Community Join our [Slack community](https://www.hanko.io/community) if you have any questions about Hanko or just want to chat about authentication, identity, or life in general. # Quickstart -TODO - +To try out hanko you can use either docker-compose or kubernetes manifests. For either way you have to first clone this repository with: +``` +git clone https://github.com/teamhanko/hanko.git +``` + +## With docker-compose +Just run: +``` +docker-compose -f deploy/docker-compose/quickstart.yaml -p "hanko-quickstart" up --force-recreate +``` +TODO describe setup. +## With kubernetes +``` +kubectl apply -k deploy/k8s/overlays/quickstart +``` +TODO describe setup. # Develop TODO diff --git a/deploy/docker-compose/quickstart.yaml b/deploy/docker-compose/quickstart.yaml index ac9479a9c..f37cf7940 100644 --- a/deploy/docker-compose/quickstart.yaml +++ b/deploy/docker-compose/quickstart.yaml @@ -28,7 +28,7 @@ services: networks: - intranet postgresd: - image: postgres:12 + image: postgres:12-alpine ports: - "5432:5432" environment: diff --git a/deploy/k8s/base/deployment.yaml b/deploy/k8s/base/deployment.yaml new file mode 100644 index 000000000..6c0f12657 --- /dev/null +++ b/deploy/k8s/base/deployment.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hanko + namespace: hanko + labels: + app: hanko +spec: + replicas: 1 + selector: + matchLabels: + app: hanko + template: + metadata: + labels: + app: hanko + spec: + containers: + - name: hanko + image: ghcr.io/teamhanko/hanko:main + imagePullPolicy: IfNotPresent + args: + - serve + ports: + - containerPort: 8000 + name: public + - containerPort: 8001 + name: private + volumeMounts: + - mountPath: /etc/config + name: hanko-config + initContainers: + - name: hanko-migrate + image: ghcr.io/teamhanko/hanko:main + imagePullPolicy: IfNotPresent + args: + - migrate + - up + volumeMounts: + - mountPath: /etc/config + name: hanko-config + volumes: + - name: hanko-config + configMap: + name: hanko-config \ No newline at end of file diff --git a/deploy/k8s/base/kustomization.yaml b/deploy/k8s/base/kustomization.yaml new file mode 100644 index 000000000..20ab97843 --- /dev/null +++ b/deploy/k8s/base/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - deployment.yaml + - services.yaml \ No newline at end of file diff --git a/deploy/k8s/base/services.yaml b/deploy/k8s/base/services.yaml new file mode 100644 index 000000000..8c711d5a3 --- /dev/null +++ b/deploy/k8s/base/services.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + name: hanko + namespace: hanko +spec: + selector: + app: hanko + ports: + - port: 80 + targetPort: public + protocol: TCP + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: hanko-private + namespace: hanko +spec: + selector: + app: hanko + ports: + - port: 80 + targetPort: private + protocol: TCP + name: http \ No newline at end of file diff --git a/deploy/k8s/overlays/quickstart/hanko-config.yaml b/deploy/k8s/overlays/quickstart/hanko-config.yaml new file mode 100644 index 000000000..e711959ab --- /dev/null +++ b/deploy/k8s/overlays/quickstart/hanko-config.yaml @@ -0,0 +1,4 @@ +database: + user: hanko + password: hanko + host: postgres.hanko \ No newline at end of file diff --git a/deploy/k8s/overlays/quickstart/ingress.yaml b/deploy/k8s/overlays/quickstart/ingress.yaml new file mode 100644 index 000000000..7ac019d66 --- /dev/null +++ b/deploy/k8s/overlays/quickstart/ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: hanko + name: hanko + annotations: + kubernetes.io/ingress.class: "nginx" + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" +spec: + tls: + - hosts: + - hanko.test + secretName: hanko-tls + rules: + - host: hanko.test + http: + paths: + - path: /api + pathType: Prefix + backend: + service: + name: hanko + port: + name: http diff --git a/deploy/k8s/overlays/quickstart/kustomization.yaml b/deploy/k8s/overlays/quickstart/kustomization.yaml new file mode 100644 index 000000000..0207eaa35 --- /dev/null +++ b/deploy/k8s/overlays/quickstart/kustomization.yaml @@ -0,0 +1,10 @@ +namespace: hanko +resources: + - namespace.yaml + - ingress.yaml + - ../../base + - ../../postgres +configMapGenerator: + - files: + - hanko-config.yaml + name: hanko-config \ No newline at end of file diff --git a/deploy/k8s/overlays/quickstart/namespace.yaml b/deploy/k8s/overlays/quickstart/namespace.yaml new file mode 100644 index 000000000..632dc5548 --- /dev/null +++ b/deploy/k8s/overlays/quickstart/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: hanko \ No newline at end of file diff --git a/deploy/k8s/postgres/deployment.yaml b/deploy/k8s/postgres/deployment.yaml new file mode 100644 index 000000000..f5a1fcd3c --- /dev/null +++ b/deploy/k8s/postgres/deployment.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres + namespace: hanko +spec: + replicas: 1 + template: + metadata: + labels: + app: postgres + spec: + containers: + - name: postgres + image: postgres:12-alpine + ports: + - containerPort: 5432 + name: postgres-hanko + env: + - name: POSTGRES_DB + value: hanko + - name: POSTGRES_USER + value: hanko + - name: POSTGRES_PASSWORD + value: hanko + volumeMounts: + - mountPath: /docker-entrypoint-initdb.d + name: initdb + - mountPath: /var/lib/postgresql/data + name: postgres-pv-claim + volumes: + - name: initdb + configMap: + name: initdb + - name: postgres-pv-claim + persistentVolumeClaim: + claimName: postgres-pv-claim + selector: + matchLabels: + app: postgres diff --git a/deploy/k8s/postgres/initdbscript.sh b/deploy/k8s/postgres/initdbscript.sh new file mode 100644 index 000000000..57a2184e1 --- /dev/null +++ b/deploy/k8s/postgres/initdbscript.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL +CREATE DATABASE hanko; +GRANT ALL PRIVILEGES ON DATABASE hanko TO $POSTGRES_USER; +EOSQL \ No newline at end of file diff --git a/deploy/k8s/postgres/kustomization.yaml b/deploy/k8s/postgres/kustomization.yaml new file mode 100644 index 000000000..9313123be --- /dev/null +++ b/deploy/k8s/postgres/kustomization.yaml @@ -0,0 +1,8 @@ +resources: + - deployment.yaml + - service.yaml + - persistent-volume.yaml +configMapGenerator: + - name: initdb + files: + - initdbscript.sh diff --git a/deploy/k8s/postgres/persistent-volume.yaml b/deploy/k8s/postgres/persistent-volume.yaml new file mode 100644 index 000000000..9032e351c --- /dev/null +++ b/deploy/k8s/postgres/persistent-volume.yaml @@ -0,0 +1,31 @@ +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: postgres-pv + namespace: hanko + labels: + type: local +spec: + storageClassName: standard + capacity: + storage: 100M + accessModes: + - ReadWriteOnce + hostPath: + path: "/mnt/data" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: postgres + name: postgres-pv-claim + namespace: hanko +spec: + storageClassName: standard + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100M \ No newline at end of file diff --git a/deploy/k8s/postgres/service.yaml b/deploy/k8s/postgres/service.yaml new file mode 100644 index 000000000..d871a2c33 --- /dev/null +++ b/deploy/k8s/postgres/service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: postgres + namespace: hanko +spec: + ports: + - port: 5432 + selector: + app: postgres \ No newline at end of file