DEV Community: Othmane Sabih The latest articles on DEV Community by Othmane Sabih (@othpwn). https://dev.to/othpwn https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F383205%2F5a51430f-0c7f-4d15-aa03-87ff5328fb2d.png DEV Community: Othmane Sabih https://dev.to/othpwn en Apollo Client Authentication with MSAL Othmane Sabih Tue, 23 Feb 2021 18:29:22 +0000 https://dev.to/othpwn/apollo-client-authentication-with-msal-3nhb https://dev.to/othpwn/apollo-client-authentication-with-msal-3nhb <p>Managing authentication and the overhead that comes with it can be a hassle in terms of maintenance and security. That's why, it is easier to use an identity provider such as Google, Microsoft and others, to allow users to log into your app and navigate to protected routes.</p> <p>In my company, we write frontends in React, and use Apollo Client for state management and to communicate with our GraphQL APIs, so we looked for a way to leverage MSAL (Microsoft Authentication Library) to acquire tokens from the Microsoft Identity Platform.</p> <p>MSAL uses a refresh token to renew the access token that Apollo Client will send with requests. So it has a silent acquire mechanism to try to fetch access token using the cached refresh token, if it fails, it throws an exception, which means you will need user interaction with the Microsoft's login frame to fetch another access token once the user logs in again.</p> <p>Without further ado, let's proceed with the code.<br> We are going to need the following packages in a react project.</p> <p><code>yarn add @apollo/client @azure/msal-browser @azure/msal-react</code></p> <p>src/<br> ┣ app/<br> ┃ ┣ hooks/<br> ┃ ┃ ┗ useQueryUser.js<br> ┃ ┣ services/<br> ┃ ┃ ┣ Apollo/<br> ┃ ┃ ┃ ┗ index.js<br> ┃ ┃ ┗ Auth/<br> ┃ ┃ ┣ auth-config.js<br> ┃ ┃ ┗ index.js<br> ┃ ┣ view/<br> ┃ ┃ ┗ index.js<br> ┃ ┗ index.js<br> ┣ shared/<br> ┃ ┗ helpers/<br> ┃ ┗ Addhocs/<br> ┃ ┃ ┗ index.js<br> ┣ App.test.js<br> ┣ index.css<br> ┣ index.js<br> ┗ setupTests.js</p> <p>I will put a link for the github repo of the project, but for now let's take a look at the function that will acquire the token.</p> <p>After instantiating MSAL and loading the configuration required, we can use hooks to call the library's functions.</p> <p>First, the <code>AsyncTokenLookup</code> function will check if there are any cached users, if it finds one, it will try to acquire the token silently using <code>acquireTokenSilent</code> from MSAL.<br> If the process fails, we can prompt the user's interaction by initiating a redirect to Microsoft's login endpoint using <code>acquireTokenRedirect</code> or opening a popup using <code>acquireTokenPopup</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">AsyncTokenLookup</span> <span class="o">=</span> <span class="k">async</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">accounts</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">instance</span><span class="p">.</span><span class="nx">getAllAccounts</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">account</span> <span class="o">=</span> <span class="kd">get</span><span class="p">(</span><span class="nx">accounts</span><span class="p">,</span> <span class="dl">"</span><span class="s2">[0]</span><span class="dl">"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">account</span> <span class="o">&amp;&amp;</span> <span class="nx">inProgress</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">none</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">instance</span><span class="p">.</span><span class="nx">acquireTokenSilent</span><span class="p">({</span> <span class="p">...</span><span class="nx">loginSilentRequest</span><span class="p">,</span> <span class="nx">account</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">result</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nx">InteractionRequiredAuthError</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// fallback to interaction when silent call fails</span> <span class="k">return</span> <span class="nx">instance</span><span class="p">.</span><span class="nx">acquireTokenRedirect</span><span class="p">(</span><span class="nx">loginRequest</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">account</span> <span class="o">&amp;&amp;</span> <span class="nx">inProgress</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">none</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">instance</span><span class="p">.</span><span class="nx">acquireTokenRedirect</span><span class="p">(</span><span class="nx">loginRequest</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>Otherwise, if the silent acquiring succeeds, we return the access token to be sent by Apollo in the authorization header.</p> <p>For that, we use the <code>setContext</code> function present in the <code>@apollo/client</code> package in order to inject the token in the Authorization header.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">withToken</span> <span class="o">=</span> <span class="nx">setContext</span><span class="p">(</span><span class="k">async</span> <span class="p">(</span><span class="nx">_</span><span class="p">,</span> <span class="p">{</span> <span class="nx">headers</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">AsyncTokenLookup</span><span class="p">();</span> <span class="k">return</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">headers</span><span class="p">,</span> <span class="na">Authorization</span><span class="p">:</span> <span class="nx">token</span> <span class="p">?</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> <span class="p">});</span> </code></pre> </div> <p>Then, we will create a new Apollo client chaining httpLink and withToken.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">httpLink</span> <span class="o">=</span> <span class="nx">createHttpLink</span><span class="p">({</span> <span class="na">uri</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_BACKEND_URI</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">ApolloClient</span><span class="p">({</span> <span class="na">link</span><span class="p">:</span> <span class="k">from</span><span class="p">([</span><span class="nx">withToken</span><span class="p">,</span> <span class="nx">httpLink</span><span class="p">]),</span> <span class="na">cache</span><span class="p">:</span> <span class="k">new</span> <span class="nx">InMemoryCache</span><span class="p">(),</span> <span class="p">});</span> </code></pre> </div> <p>Note that in this example, we are only enabling accounts in one organizational directory only, and not personal Microsoft accounts. </p> <p>Here is a link to the github repo:<br> </p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--i3JOwpme--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev.to/assets/github-logo-ba8488d21cd8ee1fee097b8410db9deaa41d0ca30b004c0c63de0a479114156f.svg" alt="GitHub logo"> <a href="https://github.com/othpwn"> othpwn </a> / <a href="https://github.com/othpwn/apollo-client-msal-boilerplate"> apollo-client-msal-boilerplate </a> </h2> <h3> Boilerplate to get you started with Apollo Client authentication using MSAL </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <h1> apollo-client-msal-boilerplate</h1> <p>Boilerplate to get you started with Apollo Client authentication using MSAL</p> </div> </div> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/othpwn/apollo-client-msal-boilerplate">View on GitHub</a></div> </div> apollo msal authentication react How to deploy an API to a Kubernetes Cluster with a Github Actions CI/CD Workflow Othmane Sabih Thu, 18 Feb 2021 14:00:25 +0000 https://dev.to/othpwn/how-to-deploy-an-api-to-a-kubernetes-cluster-with-a-github-actions-ci-cd-workflow-km https://dev.to/othpwn/how-to-deploy-an-api-to-a-kubernetes-cluster-with-a-github-actions-ci-cd-workflow-km <p>With single page applications becoming the standard of web development, many of us write APIs with which they communicate to display information for the end user.</p> <p>One can either manually push the API code to a server, build it and serve it, or automate these steps using modern tools like Github Actions.<br> Moreover, it is easier to build a Docker image of the project and deploy it to an orchestration system like Kubernetes, something that will allow the API to scale and be more resilient.</p> <p>In this article we will see how you can navigate all these tools to automate your deployment to a Kubernetes Cluster using Github Actions, and we will assume that your project has a <strong>Dockerfile</strong> in the root directory that expose the API to Port 8080, here is an example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:12</span> <span class="c"># Create app directory</span> <span class="k">WORKDIR</span><span class="s"> /usr/src/app</span> <span class="c"># Install app dependencies</span> <span class="c"># A wildcard is used to ensure both package.json AND package-lock.json are copied</span> <span class="c"># where available (npm@5+)</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="c"># If you are building your code for production</span> <span class="c"># RUN npm ci --only=production</span> <span class="c"># Bundle app source</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">EXPOSE</span><span class="s"> 8080</span> <span class="k">CMD</span><span class="s"> [ "node", "server.js" ]</span> </code></pre> </div> <h1> Kubernetes Deployment File </h1> <p>For this article, let's imagine we have a nodejs API called <strong>tutorial-api</strong>, this API needs a couple of environment variables to run, like <em>PORT</em>, <em>DB_NAME</em>, etc.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">tutorial-api</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ClusterIP</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">tutorial-api</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">tutorial-api</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">tutorial-api</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">tutorial-api</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">tutorial-api</span> <span class="na">image</span><span class="pi">:</span> <span class="s">&lt;IMAGE&gt;</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">256Mi"</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">300m"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">512Mi"</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">500m"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">NODE_ENV</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">production"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">PORT</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">$PORT"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_NAME</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">$DB_NAME"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_USERNAME</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">$DB_USERNAME"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_PASSWORD</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">$DB_PASSWORD"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_HOST</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">$DB_HOST"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_PORT</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">$DB_PORT"</span> </code></pre> </div> <p>This file should be located in the root of the project too.</p> <h1> Github Actions </h1> <p>Github Actions allows you to execute a list of actions, once a GitHub event is triggered. <br> For example, you may want to create a workflow for greeting a new contributor to your repository, or building a Docker image and pushing it to your favorite Docker container registry once you push code to the master branch, you can find a list of triggers here : <a href="https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows">Events that trigger workflows<br> </a></p> <p>CI/CD happens to be one of many types of workflow that you can create on GitHub Actions, and this is what we're going to do in this section.</p> <p>First, create a new file called <em>ci.yaml</em> inside <strong>.github/workflows</strong></p> <p>For the purpose of this article, we will deploy the Docker container to a Kubernetes Cluster hosted on DigitalOcean, that's why you will find a reference to DigitalOcean's CLI tool <em>doctl</em>, nonetheless, the steps shouldn't change much with other cloud providers.</p> <p>Here is an example of a Github Actions workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">master</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build, push, and deploy</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout master</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@master</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update SHA</span> <span class="na">run</span><span class="pi">:</span> <span class="s">echo $GITHUB_SHA &gt; $GITHUB_WORKSPACE/_meta</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install doctl</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">digitalocean/action-doctl@v2</span> <span class="na">with</span><span class="pi">:</span> <span class="na">token</span><span class="pi">:</span> <span class="s">${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build container image</span> <span class="na">run</span><span class="pi">:</span> <span class="s">docker build -t docker_fake_repo/tutorial-api:$(echo $GITHUB_SHA | head -c7) .</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Docker Login</span> <span class="na">env</span><span class="pi">:</span> <span class="na">DOCKER_USERNAME</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKER_USERNAME }}</span> <span class="na">DOCKER_PASSWORD</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKER_PASSWORD }}</span> <span class="na">run</span><span class="pi">:</span> <span class="s">docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Push image to Docker Hub</span> <span class="na">run</span><span class="pi">:</span> <span class="s">docker push docker_fake_repo/tutorial-api</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update deployment file</span> <span class="na">run</span><span class="pi">:</span> <span class="s">TAG=$(echo $GITHUB_SHA | head -c7) &amp;&amp; sed -i 's|&lt;IMAGE&gt;|docker_fake_repo/tutorial-api:'${TAG}'|' $GITHUB_WORKSPACE/deployment.yml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Replace Environment Variables</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">danielr1996/envsubst-action@1.0.0</span> <span class="na">env</span><span class="pi">:</span> <span class="na">PORT</span><span class="pi">:</span> <span class="s">${{ secrets.PORT }}</span> <span class="na">DB_HOST</span><span class="pi">:</span> <span class="s">${{ secrets.DB_HOST }}</span> <span class="na">DB_USERNAME</span><span class="pi">:</span> <span class="s">${{ secrets.DB_USERNAME }}</span> <span class="na">DB_PORT</span><span class="pi">:</span> <span class="s">${{ secrets.DB_PORT }}</span> <span class="na">DB_PASSWORD</span><span class="pi">:</span> <span class="s">${{ secrets.DB_PASSWORD }}</span> <span class="na">DB_NAME</span><span class="pi">:</span> <span class="s">${{ secrets.DB_NAME }}</span> <span class="na">with</span><span class="pi">:</span> <span class="na">input</span><span class="pi">:</span> <span class="s">deployment.yml</span> <span class="na">output</span><span class="pi">:</span> <span class="s">deploy.yml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Save DigitalOcean kubeconfig</span> <span class="na">run</span><span class="pi">:</span> <span class="s">doctl kubernetes cluster kubeconfig save $CLUSTER_NAME</span> <span class="na">env</span><span class="pi">:</span> <span class="na">CLUSTER_NAME</span><span class="pi">:</span> <span class="s">${{ secrets.CLUSTER_NAME }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to Kubernetes</span> <span class="na">run</span><span class="pi">:</span> <span class="s">kubectl apply -f deploy.yml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Verify deployment</span> <span class="na">run</span><span class="pi">:</span> <span class="s">kubectl rollout status deployment/geerd-drive</span> </code></pre> </div> <p>Let's start with the first block of this file :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>on: push: branches: - master </code></pre> </div> <p>It means that we want to execute the jobs present in this file once code is pushed to the master branch.</p> <p>In our case, we will run only one job, that we will call <strong>build, push, and deploy</strong>, this job will run on ubuntu, and will execute couple of steps, each step either uses actions provided for by the community on GitHub's Marketplace, or you can run commands yourself.</p> <ol> <li><p><strong>Checkout master</strong>: the first action checks-out your repository under $GITHUB_WORKSPACE, so our workflow can access it</p></li> <li><p>*<em>Update SHA</em>: We store the value of the SHA of the commit that triggered the workflow in the variable <em>$GITHUB_SHA</em></p></li> <li><p><strong>Install doctl</strong>: Optional step, because in this example we need to connect to the DigitalOcean API to execute commands on the Kubernetes Cluster</p></li> <li><p><strong>Build container image</strong>: Building the Docker image, the tag name of the image is the first 7 characters of $GITHUB_SHA</p></li> <li><p><strong>Docker Login</strong>: In this example, we will log in to Docker Hub to push our image. The secrets are created under the <em>settings</em> tab of your repository on GitHub, you can add secrets that GitHub will make accessible to the workflow, you should store environment variables and sensitive values there.</p></li> <li><p><strong>Push image to Docker Hub</strong></p></li> <li><p><strong>Update deployment file</strong>: Previously, in the <em>deployment.yml</em> file, the image key <code>image: &lt;IMAGE&gt;</code> had the value , we will replace this latter with the tag we just pushed to our container registry.</p></li> <li><p><strong>Replace Environment Variables</strong>: If your <em>deployment.yml</em> has environment variables that you Docker container needs, you can use this step to inject the values stored in the repository secrets, which will output a new file <em>deploy.yml</em></p></li> <li><p><strong>Save DigitalOcean kubeconfig</strong>: Choose the cluster we will deploy to.</p></li> <li><p><strong>Deploy to Kubernetes</strong></p></li> <li><p><strong>Verify Deployment</strong></p></li> </ol> <p>Now that you deployed your project, you need to add an ingress to Kubernetes, NGINX for example, then set up a let's encrypt ssl certificate using cert-manager, so that your API is securely exposed online.</p> kubernetes github docker