Kubernetes Deployment
This document provides instructions for deploying the walt.id Enterprise API in a Kubernetes
environment. It includes configuration details and deployment steps using deployment.yaml
.
Prerequisites
- Access to a Kubernetes cluster
kubectl
configured to interact with your cluster- Familiarity with Kubernetes concepts such as Deployments, Services, and Ingress
Configuration Overview
The deployment.yaml
file is structured into several key sections:
- ConfigMap: Defines configuration settings for the enterprise API.
- Deployment: Specifies the deployment settings, including the container image and volume mounts.
- Service: Exposes the API to the network.
- Ingress: Manages external access to the services
The Config Map
The ConfigMap
defines configurations of the watl.id Enterprise API. Modify the values as needed for
your environment. You can learn more about each configuration file in the configurations section here
apiVersion: v1
kind: ConfigMap
metadata:
name: waltid-enterprise-api-config
data:
_features.conf: |
enabledFeatures = [
admin
dev-mode
]
auth.conf: |
requireHttps = false
database.conf: |
databaseType = mongodb
fileStorage = {
path = "data"
}
mongodb = {
connectionString = "mongodb://root:password@localhost:27017/"
}
enterprise.conf: |
baseDomain = "enterprise-demo.waltid.dev"
web.conf: |
webHost = "0.0.0.0"
webPort = 3000
Deployment
kind: Deployment
apiVersion: apps/v1
metadata:
name: waltid-enterprise-api
spec:
replicas: 1
selector:
matchLabels:
app: waltid-enterprise-api
template:
metadata:
labels:
app: waltid-enterprise-api
annotations:
deployment/id: "_DEFAULT_DEPLOYMENT_"
spec:
imagePullSecrets:
- name: waltid-regcred
containers:
- name: waltid-enterprise-api
image: waltid/waltid-enterprise-api
ports:
- containerPort: 3000
name: http-api
volumeMounts:
- name: waltid-enterprise-api-config
mountPath: /config/_features.conf
readOnly: true
subPath: _features.conf
- name: waltid-enterprise-api-config
mountPath: /config/auth.conf
readOnly: true
subPath: auth.conf
- name: waltid-enterprise-api-config
mountPath: /config/database.conf
readOnly: true
subPath: database.conf
- name: waltid-enterprise-api-config
mountPath: /config/enterprise.conf
readOnly: true
subPath: enterprise.conf
- name: waltid-enterprise-api-config
mountPath: /config/web.conf
readOnly: true
subPath: web.conf
volumes:
- name: waltid-enterprise-api-config
configMap:
name: waltid-enterprise-api-config
Service
kind: Service
apiVersion: v1
metadata:
name: waltid-enterprise-api
spec:
ports:
- name: http
port: 80
targetPort: http-api
protocol: TCP
selector:
app: waltid-enterprise-api
Ingress
Please ensure that all openid/*
endpoints of the Enterprise Stack API are publicly accessible. This is necessary for successful credential
exchanges with external systems.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: waltid-enterprise-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: "traefik"
tls:
- hosts:
- enterprise-demo.waltid.dev
secretName: enterprise-demo-tls-secret
- hosts:
- waltid.enterprise-demo.waltid.dev
secretName: waltid-enterprise-demo-tls-secret
rules:
- host: enterprise-demo.waltid.dev
http:
paths:
- path: /auth/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /v1/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /.well-known/vct/v1/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /swagger
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /api.json
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /livez
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /features/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /debug/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- host: waltid.enterprise-demo.waltid.dev
http:
paths:
- path: /auth/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /v1/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /.well-known/vct/v1/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /swagger
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /api.json
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /livez
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /features/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /debug/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
Complete deployment.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: waltid-enterprise-api-config
data:
_features.conf: |
enabledFeatures = [
admin
dev-mode
]
auth.conf: |
requireHttps = false
database.conf: |
databaseType = mongodb
fileStorage = {
path = "data"
}
mongodb = {
connectionString = "mongodb://root:password@localhost:27017/"
}
enterprise.conf: |
baseDomain = "enterprise-demo.waltid.dev"
web.conf: |
webHost = "0.0.0.0"
webPort = 3000
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: waltid-enterprise-api
spec:
replicas: 1
selector:
matchLabels:
app: waltid-enterprise-api
template:
metadata:
labels:
app: waltid-enterprise-api
annotations:
deployment/id: "_DEFAULT_DEPLOYMENT_"
spec:
imagePullSecrets:
- name: waltid-regcred
containers:
- name: waltid-enterprise-api
image: waltid/waltid-enterprise-api
ports:
- containerPort: 3000
name: http-api
volumeMounts:
- name: waltid-enterprise-api-config
mountPath: /config/_features.conf
readOnly: true
subPath: _features.conf
- name: waltid-enterprise-api-config
mountPath: /config/auth.conf
readOnly: true
subPath: auth.conf
- name: waltid-enterprise-api-config
mountPath: /config/database.conf
readOnly: true
subPath: database.conf
- name: waltid-enterprise-api-config
mountPath: /config/enterprise.conf
readOnly: true
subPath: enterprise.conf
- name: waltid-enterprise-api-config
mountPath: /config/web.conf
readOnly: true
subPath: web.conf
volumes:
- name: waltid-enterprise-api-config
configMap:
name: waltid-enterprise-api-config
---
kind: Service
apiVersion: v1
metadata:
name: waltid-enterprise-api
spec:
ports:
- name: http
port: 80
targetPort: http-api
protocol: TCP
selector:
app: waltid-enterprise-api
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: waltid-enterprise-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: "traefik"
tls:
- hosts:
- enterprise-demo.waltid.dev
secretName: enterprise-demo-tls-secret
- hosts:
- waltid.enterprise-demo.waltid.dev
secretName: waltid-enterprise-demo-tls-secret
rules:
- host: enterprise-demo.waltid.dev
http:
paths:
- path: /auth/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /v1/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /.well-known/vct/v1/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /swagger
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /api.json
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /livez
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /features/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /debug/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- host: waltid.enterprise-demo.waltid.dev
http:
paths:
- path: /auth/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /v1/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /.well-known/vct/v1/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /swagger
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /api.json
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /livez
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /features/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http
- path: /debug/
pathType: Prefix
backend:
service:
name: waltid-enterprise-api
port:
name: http