Deployment

This guide covers deploying Auth in various environments.

Deployment Options

  1. Standalone Server

  2. Docker Container

  3. Kubernetes

  4. Systemd Service

  5. Cloud Platforms (AWS, GCP, Azure)

Standalone Server

Using Gunicorn

pip install gunicorn
gunicorn -w 4 -b 0.0.0.0:5000 --timeout 120 auth.main:app

Production Configuration

# gunicorn_config.py
bind = "0.0.0.0:5000"
workers = 4
worker_class = "sync"
timeout = 120
keepalive = 5
max_requests = 1000
max_requests_jitter = 100

Run with:

gunicorn -c gunicorn_config.py auth.main:app

Docker Deployment

Dockerfile

FROM python:3.11-slim

WORKDIR /app

# Install dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy application
COPY . .

# Create non-root user
RUN useradd -m -u 1000 authuser && chown -R authuser:authuser /app
USER authuser

EXPOSE 5000

CMD ["waitress-serve", "--host=0.0.0.0", "--port=5000", "auth.main:app"]

Build and Run

# Build
docker build -t auth:latest .

# Run
docker run -d \
  --name auth-server \
  -p 5000:5000 \
  -e AUTH_DATABASE_TYPE=postgresql \
  -e AUTH_POSTGRESQL_URL=postgresql://user:pass@db:5432/authdb \
  auth:latest

Docker Compose

version: '3.8'

services:
  postgres:
    image: postgres:15
    environment:
      POSTGRES_DB: authdb
      POSTGRES_USER: authuser
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - auth_network

  auth:
    build: .
    ports:
      - "5000:5000"
    environment:
      AUTH_DATABASE_TYPE: postgresql
      AUTH_POSTGRESQL_URL: postgresql://authuser:${DB_PASSWORD}@postgres:5432/authdb
      AUTH_JWT_SECRET_KEY: ${JWT_SECRET}
      AUTH_ENABLE_ENCRYPTION: "true"
      AUTH_ENCRYPTION_KEY: ${ENCRYPTION_KEY}
    depends_on:
      - postgres
    networks:
      - auth_network

volumes:
  postgres_data:

networks:
  auth_network:

Kubernetes Deployment

ConfigMap

apiVersion: v1
kind: ConfigMap
metadata:
  name: auth-config
data:
  AUTH_DATABASE_TYPE: "postgresql"
  AUTH_SERVER_HOST: "0.0.0.0"
  AUTH_SERVER_PORT: "5000"

Secret

apiVersion: v1
kind: Secret
metadata:
  name: auth-secrets
type: Opaque
stringData:
  jwt-secret: your-jwt-secret-here
  encryption-key: your-encryption-key-here
  db-url: postgresql://user:pass@postgres:5432/authdb

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: auth-server
spec:
  replicas: 3
  selector:
    matchLabels:
      app: auth
  template:
    metadata:
      labels:
        app: auth
    spec:
      containers:
      - name: auth
        image: auth:latest
        ports:
        - containerPort: 5000
        envFrom:
        - configMapRef:
            name: auth-config
        env:
        - name: AUTH_JWT_SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: auth-secrets
              key: jwt-secret
        - name: AUTH_ENCRYPTION_KEY
          valueFrom:
            secretKeyRef:
              name: auth-secrets
              key: encryption-key
        - name: AUTH_POSTGRESQL_URL
          valueFrom:
            secretKeyRef:
              name: auth-secrets
              key: db-url
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"

Service

apiVersion: v1
kind: Service
metadata:
  name: auth-service
spec:
  selector:
    app: auth
  ports:
  - port: 80
    targetPort: 5000
  type: LoadBalancer

Systemd Service

Service File

# /etc/systemd/system/auth.service
[Unit]
Description=Auth Authorization Server
After=network.target postgresql.service

[Service]
Type=simple
User=authuser
WorkingDirectory=/opt/auth
Environment="PATH=/opt/auth/venv/bin"
EnvironmentFile=/opt/auth/.env
ExecStart=/opt/auth/venv/bin/waitress-serve --host=0.0.0.0 --port=5000 auth.main:app
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

Enable and Start

sudo systemctl daemon-reload
sudo systemctl enable auth.service
sudo systemctl start auth.service
sudo systemctl status auth.service

Cloud Platforms

AWS Deployment

Using Elastic Beanstalk:

# Install EB CLI
pip install awsebcli

# Initialize
eb init -p python-3.11 auth-app

# Create environment
eb create auth-production

# Deploy
eb deploy

Using ECS:

{
  "family": "auth-task",
  "containerDefinitions": [{
    "name": "auth",
    "image": "your-ecr-repo/auth:latest",
    "memory": 512,
    "cpu": 256,
    "essential": true,
    "portMappings": [{
      "containerPort": 5000,
      "protocol": "tcp"
    }],
    "environment": [
      {"name": "AUTH_DATABASE_TYPE", "value": "postgresql"}
    ],
    "secrets": [
      {"name": "AUTH_JWT_SECRET_KEY", "valueFrom": "arn:aws:secretsmanager:..."}
    ]
  }]
}

Next Steps