Kubernetes Deployment

This document provides instructions for deploying the walt.id Enterprise API in a Kubernetes environment. It includes configuration details and deployment steps using deployment.yaml.

Prerequisites

  • Access to a Kubernetes cluster
  • kubectl configured to interact with your cluster
  • Familiarity with Kubernetes concepts such as Deployments, Services, and Ingress

Configuration Overview

The deployment.yaml file is structured into several key sections:

  • ConfigMap: Defines configuration settings for the enterprise API.
  • Deployment: Specifies the deployment settings, including the container image and volume mounts.
  • Service: Exposes the API to the network.
  • Ingress: Manages external access to the services

The Config Map

The ConfigMap defines configurations of the watl.id Enterprise API. Modify the values as needed for your environment. You can learn more about each configuration file in the configurations section here

apiVersion: v1
kind: ConfigMap
metadata:
  name: waltid-enterprise-api-config
data:
  _features.conf: |
    enabledFeatures = [
      admin
      dev-mode
    ]
  auth.conf: |
    requireHttps = false
  database.conf: |
    databaseType = mongodb
    fileStorage = {
      path = "data"
    }
    mongodb = {
      connectionString = "mongodb://root:password@localhost:27017/"
    }
  enterprise.conf: |
    baseDomain = "enterprise-demo.waltid.dev"
  web.conf: |
    webHost = "0.0.0.0"
    webPort = 3000

Deployment

kind: Deployment
apiVersion: apps/v1
metadata:
  name: waltid-enterprise-api
spec:
  replicas: 1
  selector:
    matchLabels:
      app: waltid-enterprise-api
  template:
    metadata:
      labels:
        app: waltid-enterprise-api
      annotations:
        deployment/id: "_DEFAULT_DEPLOYMENT_"
    spec:
      imagePullSecrets:
        - name: waltid-regcred
      containers:
        - name: waltid-enterprise-api
          image: waltid/waltid-enterprise-api
          ports:
            - containerPort: 3000
              name: http-api
          volumeMounts:
              - name: waltid-enterprise-api-config
                mountPath: /config/_features.conf
                readOnly: true
                subPath: _features.conf
              - name: waltid-enterprise-api-config
                mountPath: /config/auth.conf
                readOnly: true
                subPath: auth.conf
              - name: waltid-enterprise-api-config
                mountPath: /config/database.conf
                readOnly: true
                subPath: database.conf
              - name: waltid-enterprise-api-config
                mountPath: /config/enterprise.conf
                readOnly: true
                subPath: enterprise.conf
              - name: waltid-enterprise-api-config
                mountPath: /config/web.conf
                readOnly: true
                subPath: web.conf
      volumes:
        - name: waltid-enterprise-api-config
          configMap:
            name: waltid-enterprise-api-config

Service

kind: Service
apiVersion: v1
metadata:
  name: waltid-enterprise-api
spec:
  ports:
    - name: http
      port: 80
      targetPort: http-api
      protocol: TCP
  selector:
    app: waltid-enterprise-api

Ingress

Please ensure that all openid/* endpoints of the Enterprise Stack API are publicly accessible. This is necessary for successful credential exchanges with external systems.


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: waltid-enterprise-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: "traefik"
  tls:
    - hosts:
        - enterprise-demo.waltid.dev
      secretName: enterprise-demo-tls-secret
    - hosts:
        - waltid.enterprise-demo.waltid.dev
      secretName: waltid-enterprise-demo-tls-secret
  rules:
    - host: enterprise-demo.waltid.dev
      http:
        paths:
          - path: /auth/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /v1/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /.well-known/vct/v1/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /swagger
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /api.json
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /livez
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /features/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /debug/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
    - host: waltid.enterprise-demo.waltid.dev
      http:
        paths:
          - path: /auth/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /v1/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /.well-known/vct/v1/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /swagger
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /api.json
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /livez
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /features/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /debug/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http

Complete deployment.yml

apiVersion: v1
kind: ConfigMap
metadata:
  name: waltid-enterprise-api-config
data:
  _features.conf: |
    enabledFeatures = [
      admin
      dev-mode
    ]
  auth.conf: |
    requireHttps = false
  database.conf: |
    databaseType = mongodb
    fileStorage = {
      path = "data"
    }
    mongodb = {
      connectionString = "mongodb://root:password@localhost:27017/"
    }
  enterprise.conf: |
    baseDomain = "enterprise-demo.waltid.dev"
  web.conf: |
    webHost = "0.0.0.0"
    webPort = 3000
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: waltid-enterprise-api
spec:
  replicas: 1
  selector:
    matchLabels:
      app: waltid-enterprise-api
  template:
    metadata:
      labels:
        app: waltid-enterprise-api
      annotations:
        deployment/id: "_DEFAULT_DEPLOYMENT_"
    spec:
      imagePullSecrets:
        - name: waltid-regcred
      containers:
        - name: waltid-enterprise-api
          image: waltid/waltid-enterprise-api
          ports:
            - containerPort: 3000
              name: http-api
          volumeMounts:
              - name: waltid-enterprise-api-config
                mountPath: /config/_features.conf
                readOnly: true
                subPath: _features.conf
              - name: waltid-enterprise-api-config
                mountPath: /config/auth.conf
                readOnly: true
                subPath: auth.conf
              - name: waltid-enterprise-api-config
                mountPath: /config/database.conf
                readOnly: true
                subPath: database.conf
              - name: waltid-enterprise-api-config
                mountPath: /config/enterprise.conf
                readOnly: true
                subPath: enterprise.conf
              - name: waltid-enterprise-api-config
                mountPath: /config/web.conf
                readOnly: true
                subPath: web.conf
      volumes:
        - name: waltid-enterprise-api-config
          configMap:
            name: waltid-enterprise-api-config
---
kind: Service
apiVersion: v1
metadata:
  name: waltid-enterprise-api
spec:
  ports:
    - name: http
      port: 80
      targetPort: http-api
      protocol: TCP
  selector:
    app: waltid-enterprise-api
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: waltid-enterprise-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: "traefik"
  tls:
    - hosts:
        - enterprise-demo.waltid.dev
      secretName: enterprise-demo-tls-secret
    - hosts:
        - waltid.enterprise-demo.waltid.dev
      secretName: waltid-enterprise-demo-tls-secret
  rules:
    - host: enterprise-demo.waltid.dev
      http:
        paths:
          - path: /auth/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /v1/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /.well-known/vct/v1/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /swagger
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /api.json
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /livez
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /features/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /debug/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
    - host: waltid.enterprise-demo.waltid.dev
      http:
        paths:
          - path: /auth/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /v1/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /.well-known/vct/v1/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /swagger
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /api.json
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /livez
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /features/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http
          - path: /debug/
            pathType: Prefix
            backend:
              service:
                name: waltid-enterprise-api
                port:
                  name: http