Create a Hyper Protect secure Swift application using Kitura
In this code pattern, you will create a server-side application using Kitura in Swift and Hyper Protect Services. Hyper Protect Services bring continuous security to IBM Cloud, so all data is encrypted in flight, at rest, and in use.
When you have completed this code pattern, you will understand how to:
- Provision and integrate Hyper Protect Services.
- Generate an application with files for deploying to Kubernetes, Cloud Foundry or a DevOps Pipeline.
- Generate an application with files for monitoring and distributed trace using App Metrics.
- Connect to additional provisioned services.
As an alternative to the deployment options documented below, you can create this project as a starter kit on IBM Cloud, which injects service credentials into a custom fork of this pattern after you have provisioned the database with your specifications. Use this method to deploy to IBM Cloud with the click of a button.
You will need to provision the Hyper Protect DBaaS service yourself, providing parameters like password. Make sure to select a service plan for MongoDB, as this sample does not yet work with its PostgreSQL offering.
This application has been generated with the following capabilities and services, which are described in full in their respective sections below:
- Static web file serving
- OpenAPI / Swagger endpoint
- Example endpoints
- Embedded metrics dashboard
- Docker files
- Iterative Development
- IBM Cloud deployment
To build and run the application:
A description of the files related to Docker can be found in the Docker files setion. To build the two docker images, run the following commands from the root directory of the project:
docker build -t myapp-run .
docker build -t myapp-build -f Dockerfile-tools .You may customize the names of these images by specifying a different value after the
To compile the application using the tools docker image, run:
docker run -v $PWD:/swift-project -w /swift-project myapp-build /swift-utils/tools-utils.sh build release
To run the application:
docker run -it -p 8080:8080 -v $PWD:/swift-project -w /swift-project myapp-run sh -c .build-ubuntu/release/swiftkiturahyperprotectdbaas
To deploy your application to your Kubernetes cluster, run
helm install --name myapp . in the
/chart/swiftkiturahyperprotectbaas directory. You need to make sure you change the
repository variable in your
chart/swiftkiturahyperprotectdbaas/values.yaml file points to the docker image containing your runnable application.
Your application configuration information for any services is stored in the
localdev-config.json file in the
config directory. This file is in the
.gitignore to prevent sensitive information from being stored in git. The connection information for any configured services that you would like to access when running locally, such as username, password and hostname, is stored in this file.
The application uses the CloudEnvironment package to read the connection and configuration information from the environment and this file. It uses
mappings.json, found in the
config directory, to communicate where the credentials can be found for each service.
If the application is running locally, it can connect to IBM Cloud services using unbound credentials read from this file. If you need to create unbound credentials you can do so from the IBM Cloud web console (example), or using the Cloud Foundry CLI
cf create-service-key command.
When you push your application to IBM Cloud, these values are no longer used, instead the application automatically connects to bound services using environment variables.
iterative-dev.sh script is included in the root of the generated Swift project and allows for fast and easy iterations for the developer. Instead of stopping the running Kitura server to see new code changes, while the script is running, it will automatically detect changes in the project's .swift files and recompile the app accordingly.
To use iterative development:
- For native OS, execute the
./iterative-dev.shscript from the root of the project.
- With docker, shell into the tools container mentioned above, and run the
./swift-project/iterative-dev.shscript. File system changes are detected using a low-tech infinitely looping poll mechanism, which works in both local OS/filesystem and across host OS->Docker container volume scenarios.
Deploy to IBM Cloud
You can deploy your application to IBM Cloud using the Cloud Foundry CLI.
You can deploy the application to IBM Cloud using the Cloud Foundry command-line:
- Install the Cloud Foundry command-line
- Ensure all configured services have been provisioned
cf pushfrom the project root directory
The Cloud Foundry CLI will not provision the configured services for you, so you will need to do this manually using the IBM Cloud web console (example) or the CloudFoundry CLI (
cf create-service command)[http://cli.cloudfoundry.org/en-US/cf/create-service.html]. The service names and types will need to match your configuration.
Static web file serving
This application includes a
public directory in the root of the project. The contents of this directory will be served as static content using the built-in Kitura StaticFileServer module.
OpenAPI / Swagger endpoint
This application hosts an endpoint for serving the OpenAPI Swagger definition for this application. It expects the definition file to be located in
This application includes an OpenAPI Swagger definition and routes for a Product example resource. The OpenAPI Swagger definition is located in the
The specification of this interface is made available through an embedded Swagger UI hosted on
/explorer. For example, if the application is hosted at https://localhost:8080, go to https://localhost:8080/explorer.
The Swagger UI will document the paths and http methods that are supported by the application.
Embedded metrics dashboard
This application uses the SwiftMetrics package to gather application and system metrics.
These metrics can be viewed in an embedded dashboard on
/swiftmetrics-dash. The dashboard displays various system and application metrics, including CPU, memory usage, HTTP response metrics and more.
The application includes the following files for Docker support:
.dockerignore file contains the files/directories that should not be included in the built docker image. By default, this file contains the
Dockerfile-tools. It can be modified as required.
Dockerfile defines the specification of the default docker image for running the application. This image can be used to run the application.
Dockerfile-tools is a docker specification file similar to the
Dockerfile, except it includes the tools required for compiling the application. This image can be used to compile the application.
Details on how to build the docker images, compile and run the application within the docker image can be found in the Run section.
IBM Cloud deployment
Your application has a set of cloud deployment configuration files defined to support deploying your application to IBM Cloud:
manifest.yml defines options which are passed to the Cloud Foundry
cf push command during application deployment.
Leverage the IBM Cloud DevOps service, which provides toolchains as a set of tool integrations that support development, deployment, and operations tasks inside IBM Cloud, for both Cloud Foundry and Kubernetes applications.
This code pattern is licensed under the Apache License, Version 2. Separate third-party code objects invoked within this code pattern are licensed by their respective providers pursuant to their own separate licenses. Contributions are subject to the Developer Certificate of Origin, Version 1.1 and the Apache License, Version 2.