Proof of Concept for WirePact (Distributed Authentication Mesh). Please find the project report at https://buehler.github.io/mse-project-thesis-1/.
The case study to WirePact consists of:
- The WirePact POC operator
- An application with three parts ("Frontend", "Modern Backend", "Legacy Backend")
To install the case study, perform the following steps:
- Get a Kubernetes instance (Docker Desktop with Kubernetes / minikube)
- Install
kustomizeandkubectlexecutable - Set your Kubernetes context to the correct cluster / namespace combination
- Install Ambassador in the Kubernetes cluster with
./Kubernetes/case-study/install-ambassador.sh - Execute in bash:
cd Kubernetes kustomize build | kubectl apply -f -
- Access the frontend via "https://localhost" (or "https://kubernetes.docker.internal", "https://kubernetes.local depeding on your configuration) when everything is done.
To login into the case study application, you may use any account on ZITADEL. If you don't have one, you may create one. It does not matter, if the account is within an organization or a global account.
To install the case study, you'll need a Kubernetes cluster. Under the assumption, that this will be tested on a local machine, please install the appropriate Kubernetes engine for your machine. In case of Windows and MacOS, this can be achieved via Docker Desktop and then enable Kubernetes. On Linux, a local Kubernetes instance can be created with minikube. Furthermore, Kustomize is needed for the installation.
If you want to install the whole application (operator and case study)
in one go, you can do so with the kustomization.yaml in the
Kubernetes folder. Be aware, that you'll need to install Ambassador
as well with the provided ./Kubernetes/case-study/install-ambassador.sh
script. The further sections describe the effective
installation of the operator and the demo application separatly.
The operator is located in the poc-operator repository.
It watches for Deployments and Services. If such a resource is created, the
operator does check for the specific annotations that WirePac (POC quality) uses.
Afterwards, the needed sidecars are injected.
To install the operator, install it with the corresponding
kustomization.yaml file in ./Kubernetes/operator.
cd Kubernetes/operator
kustomize build | kubectl apply -f -After the stated command, the following log messages should be visible:
namespace/wirepact-poc-operator created
clusterrole.rbac.authorization.k8s.io/wirepact-poc-operator-operator-role created
clusterrolebinding.rbac.authorization.k8s.io/wirepact-poc-operator-operator-role-binding created
deployment.apps/wirepact-poc-operator-operator createdYou now have the operator installed.
The demo application is located in the poc-showcase-app repository. It uses three Deployments. The first contains a simple frontend application, the second is a "modern" service with OpenID Connect (OIDC) authentication and the last one is a legacy service which is only capable of authenticating users via Basic Authentication.
The case study installs the following parts:
- Ambassador API Gateway (to access the Frontend)
- Frontend application (with OIDC support)
- Modern API application (with OIDC support)
- Legacy API application (with Basic Auth support)
- The config for the modern API
- A Basic Authentication secret where the credentials are stored
To install the case study, first install Ambassador
with the shell script in ./Kubernetes/case-study/install-ambassador.sh.
Afterward, use kustomize to install the application in the Kubernetes/case-study
folder:
cd Kubernetes/case-study
kustomize build | kubectl apply -f -