Choose the Right Deployment Mode
Discover how to select the best deployment mode for SecureAuth on Kubernetes through GitOps.
Tags vs. Master
Every release of our software is tagged in the repository, and a Docker image is crafted with the corresponding tag. This practice ensures compatibility across all components. While our repository undergoes daily updates to incorporate the latest features and vital security patches, there can be the occasional instance where the latest update might exhibit reduced stability. Given this, users are strongly advised to stick to the tagged versions for their deployments.
Selecting the Right Deployment Mode
Choosing the right deployment mode is pivotal in ensuring your SecureAuth setup aligns with your goals and infrastructure. Below are detailed descriptions of each mode to guide your decision:
Dev
-
Purpose: This mode is specifically designed for quick setup, primarily for testing and development purposes, and is best suited for local PC environments.
-
Configuration: Operates in a non-HA (High Availability) mode, making it unsuitable for production or critical environments.
Base
-
Purpose: Considered the default mode, this is designed for deployments requiring high availability.
-
Configuration: Functions in HA mode, offering resilience and reliability suitable for most production scenarios.
Full
-
Purpose: This mode offers a comprehensive setup, including additional monitoring and logging tools to provide deep insights into system performance and operations.
-
Configuration: Full SecureAuth deployment including monitoring, logging, and detailed metrics essential for efficient system management and troubleshooting. To prepare your deployment for production scenarios, make sure to follow the Configure SecureAuth for Production Readiness article.
warningFor the
fulldeployment, make sure your machine has at least 8CPU and 32GB RAM.
Component Matrix
| Component | Description | Dev | Base | Full |
|---|---|---|---|---|
| SecureAuth | Main SecureAuth Platform. | ✓ | ✓ | ✓ |
| Fission | Serverless function framework. | ✓ | ✓ | ✓ |
| CockroachDB | Distributed SQL database. | ✓ | ✓ | ✓ |
| Redis | In-memory data structure store. | ✓ | ✓ | ✓ |
| Spicedb | Zonal database. | ✓ | ✓ | ✓ |
| Timescaledb | Time-series SQL database. | ✓ | ✓ | ✓ |
| Nginx | Web server and a reverse proxy server. | ✓ | ✓ | ✓ |
| Cert-manager | Kubernetes-native certificate management. | ✓ | ✓ | ✓ |
| Database tools | Tools for managing and interfacing with databases. | ✓ | ✓ | ✓ |
| Tests | Testing scripts and tools. | ✓ | ✓ | ✓ |
| Kyverno | Kubernetes-native policy management. | ✓ | ✓ | |
| Metrics-server | Collects resource metrics. | ✓ | ✓ | |
| Redisinsight | Redis GUI for browsing data and managing instances. | ✓ | ✓ | |
| Reloader | Auto update deployments on config changes. | ✓ | ✓ | |
| MinIO* | S3 compatible object store. | ✓ | ✓ | |
| Elasticsearch & Kibana | Search engine and visualization tool for logs. | ✓ | ||
| Flagger | Progressive delivery tool. | ✓ | ||
| KEDA | Kubernetes-based event-driven autoscaling. | ✓ | ||
| Prometheus & Grafana | Monitoring and visualization tools. | ✓ | ||
| Opentelemetry | Observability framework for cloud-native software. | ✓ | ||
| Node-local-dns | Local DNS caching. | ✓ | ||
| Node-problem-detector | Node problem detection. | ✓ |
* MinIO is not part of the SecureAuth stack. It serves as an example storage solution for backup presentations.