This repository contains a distributed Pizza Store application using Kubernetes, Dapr and Spring Boot that showcases how Dapr can be used to implement and enforce zero trust development capabilities.
To read about the application architecture and for complete instructions on how to deploy it on Kubernetes, see Conductor Pizza Store. This repository will just discuss the zero trust layer that is implemented on top of the application.
This repository accompanies the Diagrid Dapr Zero Trust blog and was presented at AppDeveloperCon Europe 2024.
-
Follow the instructions to deploy the Pizza Store System on Kubernetes as described here.
-
Instead of the Kubernetes manifests located in Conductor Pizza Store
k8sfolder, apply the manifests located ink8sfolder.kubectl apply -f k8s/
-
To avoid dealing with Ingresses you can access the Pizza Store application by using kubectl port-forward, run to access the application on port 8080:
kubectl port-forward svc/pizza-store 8080:80
-
Similarly, port-forward the Dapr HTTP ports of the pizza, delivery and kitchen pods to access them locally as follows:
kubectl port-forward pizza-store-deployment-<POD_ID> 3500:3500 kubectl port-forward pizza-delivery-deployment-<POD_ID> 3501:3500 kubectl port-forward pizza-kitchen-deployment-<POD_ID> 3502:3500
-
Stream the application and Dapr sidecar logs of Pizza Store and Kitchen Service:
kubectl logs -l app=pizza-store-service -f kubectl logs -l app=pizza-store-service -f -c daprd kubectl logs -l app=pizza-kitchen-service -f kubectl logs -l app=pizza-kitchen-service -f -c daprd
-
Use your browser to navigate to http://localhost:8080 and you should see the Pizza Store UI. Test a few orders in the system., watching their logs accordingly.
-
Use the VS Code REST Client or another HTTP Client to test the zero trust scenarios desribed here.
Read more about additional Dapr Security features to add to your distributed apps here.