Deployment¶
For AI Agents¶
Prompt: "Deploy rust-oauth2-server to Kubernetes using the production overlay with PostgreSQL backend and proper secrets configuration"
Common deployment tasks:
| Task | Prompt Example |
|---|---|
| Local development | "Run the OAuth2 server locally with all dependencies using Docker Compose" |
| Kubernetes dev | "Deploy to Kubernetes dev environment with the dev overlay" |
| Kubernetes production | "Deploy to production Kubernetes with the production overlay, including proper secrets and PostgreSQL" |
| Distributed setup | "Deploy with distributed profile (Redis cache, rate limiting, event bus)" |
| Docker only | "Build and run the OAuth2 server as a Docker container with environment configuration" |
Key files for deployment:
- k8s/overlays/production/ - Production Kubernetes manifests
- k8s/overlays/production-distributed/ - HA distributed setup
- docker-compose.yml - Local multi-service setup
- .env.example - Environment variable reference
This page is intentionally opinionated: start with the smallest thing that works, then scale up only when you need to.
Pick a runtime path¶
| Goal | Recommended path |
|---|---|
| Run locally with the fewest moving parts | cargo run + SQLite |
| Run locally with Postgres and the full app stack | docker compose up -d |
| Run a packaged image without compiling | Docker Hub image |
| Deploy to Kubernetes | k8s/overlays/* with Kustomize |
| Run the clustered profile | k8s/overlays/production-distributed + --features distributed |
Local development¶
Fastest path:
cp .env.example .env
# edit OAUTH2_JWT_SECRET, OAUTH2_SESSION_KEY, and OAUTH2_SEED_PASSWORD
cargo run
That default path uses SQLite. The SQLx storage layer will initialize the required tables at startup.
If you want the full local stack instead:
Useful local URLs:
- app:
http://localhost:8080 - login:
http://localhost:8080/auth/login - admin:
http://localhost:8080/admin - Swagger UI:
http://localhost:8080/swagger-ui - metrics:
http://localhost:8080/metrics
Docker image paths¶
Build locally:
Run locally:
If you want a prebuilt image instead of compiling, use the published image documented in DOCKERHUB.md.
Repo-local deep guide: DOCKERHUB.md
Kubernetes¶
The Kubernetes manifests live under k8s/ and are organized as:
k8s/base/for shared resourcesk8s/components/for optional building blocksk8s/overlays/for environment-specific deployments
Standard overlays:
k8s/overlays/devk8s/overlays/stagingk8s/overlays/productionk8s/overlays/production-distributed
Deploy an overlay:
For the full manifest-level guide, use the Kubernetes README.
Note
This repo ships Kustomize overlays and raw manifests. It does not currently ship Helm charts.
Distributed profile¶
The distributed runtime is opt-in at build time.
Build the binary or image with:
That convenience feature enables:
redis-cacheredis-rate-limitevents-redis
The matching Kustomize profile is k8s/overlays/production-distributed, which layers in:
components/distributed-hacomponents/rediscomponents/pgbouncercomponents/postgres-tuning
Production checklist¶
Before you call a deployment production-ready, confirm:
OAUTH2_JWT_SECRETis strong and not the defaultOAUTH2_SESSION_KEYis set to a persistent 64-byte hex keyOAUTH2_SEED_PASSWORDis notchangemeOAUTH2_SERVER_PUBLIC_BASE_URLmatches the externally visible URLOAUTH2_ALLOWED_ORIGINSis explicitly set if browsers call the server cross-origin- database backups and rollback steps are documented
/health,/ready,/metrics, and/events/healthare monitored- OpenTelemetry export is wired if you care about traces
When to use Flyway¶
- for Postgres and packaged deployments, use
./scripts/migrate.shor the Kubernetes Flyway job - for the default local SQLite path, startup initialization is usually enough to get moving quickly