local-it/dashboard
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch '36-add-web-and-kratos-paths-in-nginx-configuration' into 'main'

Browse source 
Resolve "Add web and kratos paths in nginx configuration"

Closes #36

See merge request stackspin/dashboard!23
This commit is contained in:
Maarten de Waard 2022-04-20 14:23:12 +00:00
commit 49e6778c54
8 changed files with 134 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
deployment/helmchart/Chart.lock
View file

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.11.1
digest: sha256:a000bcd4d4cdd813c67d633b5523b4a4cd478fb95f1cae665d9b0ba5c45b40e2
generated: "2022-02-10T15:57:46.223230425+01:00"
version: 1.13.0
digest: sha256:e83af41b39942278f8389623671732e624f28c6f1ad6ac2d937e210c5f354a18
generated: "2022-04-04T14:32:41.194922427+02:00"

4
deployment/helmchart/Chart.yaml
View file

@ -1,7 +1,7 @@
annotations:
category: Dashboard
apiVersion: v2
appVersion: 0.1.6
appVersion: 0.2.0
dependencies:
- name: common
# https://artifacthub.io/packages/helm/bitnami/common
@ -23,4 +23,4 @@ name: stackspin-dashboard
sources:
- https://open.greenhost.net/stackspin/dashboard/
- https://open.greenhost.net/stackspin/dashboard-backend/
version: 0.1.7
version: 0.2.0

8
deployment/helmchart/templates/configmaps.yaml
View file

@ -16,8 +16,12 @@ data:
HYDRA_CLIENT_ID: {{ .Values.backend.oidc.clientId }}
HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }}
TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }}
HYDRA_URL: {{ .Values.backend.oidc.baseUrl }}
KRATOS_PUBLIC_URL: {{ .Values.backend.kratos.publicUrl }}
KRATOS_ADMIN_URL: {{ .Values.backend.kratos.adminUrl }}
HYDRA_PUBLIC_URL: {{ .Values.backend.oidc.baseUrl }}
HYDRA_ADMIN_URL: {{ .Values.backend.hydra.adminUrl }}
LOGIN_PANEL_URL: {{ .Values.backend.loginPanelUrl }}
DATABASE_URL: {{ .Values.backend.databaseUrl }}
# {{- if .Values.backend.smtp.enabled }}
# DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }}
# DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }}

2
deployment/helmchart/templates/deployment.yaml
View file

@ -138,7 +138,7 @@ spec:
name: {{ include "backend.secretName" . }}
key: oidc-client-secret
- name: KRATOS_URL
value: {{ .Values.backend.kratosUrl }}
value: {{ .Values.backend.kratos.adminUrl }}
{{- if (include "backend.smtp.password.enabled" .) }}
- name: DASHBOARD_SMTP_PASSWORD
valueFrom:

28
deployment/helmchart/templates/ingress.yaml
View file

@ -19,6 +19,7 @@ metadata:
kubernetes.io/tls-acme: "true"
{{- end }}
{{- end }}
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
tls:
@ -36,31 +37,28 @@ spec:
- host: {{ .Values.ingress.hostname }}
http:
paths:
- path: {{ .Values.ingress.path }}
- path: {{ .Values.ingress.path }}(.*)
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" .) "servicePort" "dashboard-http" "context" $) | nindent 14 }}
# Forward API calls to the back-end container
- path: {{ .Values.ingress.path }}api/v1
- path: {{ .Values.ingress.path }}(api/v1.*)
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }}
- path: {{ default "/" .path }}api/v1
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
- path: {{ .Values.ingress.path }}(web.*)
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }}
- path: {{ .Values.ingress.path }}kratos/(.*)
pathType: {{ .Values.ingress.pathType }}
backend:
service:
name: kratos-public
port:
number: 80
{{- end }}
{{- end }}

55
deployment/helmchart/templates/job-initialize-user.yaml Normal file
View file

@ -0,0 +1,55 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "common.names.fullname" . }}-initialize-user
labels: {{- include "common.labels.standard" . | nindent 4 }}
component: dashboard
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
component: dashboard
spec:
restartPolicy: Never
containers:
- name: {{ .Chart.Name }}-login-create-admin
image: {{ template "backend.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
envFrom:
- configMapRef:
name: {{ include "common.names.fullname" . }}
{{- if .Values.backend.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.backend.extraEnvVarsCM }}
{{- end }}
{{- if .Values.backend.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.backend.extraEnvVarsSecret }}
{{- end }}
env:
- name: SETUP_EMAIL
value: {{ .Values.backend.initialUser.email }}
- name: SETUP_PASSWORD
value: {{ .Values.backend.initialUser.password }}
- name: KRATOS_PUBLIC_URL
value: http://kratos-public:80
command: ["/bin/bash", "-c"]
args:
- flask db upgrade;
{{- if .Release.IsInstall }}
flask cli user create $SETUP_EMAIL;
flask cli user setpassword $SETUP_EMAIL $SETUP_PASSWORD;
flask cli app create dashboard Dashboard;
flask cli user setrole $SETUP_EMAIL dashboard admin;
{{- end }}

29
deployment/helmchart/values-local.yaml.example
View file

@ -1,17 +1,38 @@
# Values you will likely want to override. See values.yaml for their meanings
dashboard:
host: dashboard.oas.example.com
host: dashboard.stackspin.example.com
backend:
secretKey: My random secret key
# OIDC connection details
#
# oidc:
# clientSecret: ReplaceWithSecret
# baseUrl: https://sso.stackspin.example.org
# authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
# tokenUrl: https://sso.stackspin.example.org/oauth2/token
# Where to find the Kratos public url
kratos:
publicUrl: https://sso.stackspin.example.org/kratos
# Public URL of login panel
loginPanelUrl: https://dashboard.stackspin.example.org/web/
# Database connection
# databaseUrl: mysql+pymysql://stackspin:password@single-sign-on-database-mariadb/stackspin
initialUser:
email: admin@example.com
# password: Set a pasword for the initial user!
ingress:
enabled: true
hostname: dashboard.oas.example.com
hostname: dashboard.stackspin.example.com
# Get certificates with cert-manager
certManager: true
tls:
- hosts:
- dashboard.oas.example.com
secretName: oas-dashboard
- dashboard.stackspin.example.com
secretName: stackspin-dashboard

51
deployment/helmchart/values.yaml
View file

@ -39,10 +39,19 @@ commonAnnotations: {}
## @section Stackspin parameters
## @param imagePullSecrets Specify docker-registry secret names as an array
## @param imagePullPolicy Policy on pulling images on container start
##
image:
imagePullSecrets: []
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
## Same policy for all containers is used.
##
pullPolicy: IfNotPresent
## Dashboard configuration parameters
## ref: https://open.greenhost.net/stackspin/dashboard
##
@ -59,12 +68,7 @@ dashboard:
image:
registry: open.greenhost.net:4567
repository: stackspin/dashboard/dashboard
tag: 0-1-6
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
tag: 0-1-7
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
@ -225,19 +229,13 @@ backend:
## @param image.registry Stackspin image registry
## @param image.repository Stackspin image repository
## @param image.tag Stackspin image tag
## @param image.pullPolicy Stackspin image pull policy
## @param image.pullSecrets Stackspin image pull secrets
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: open.greenhost.net:4567
repository: stackspin/dashboard-backend/dashboard-backend
tag: 0-1-4
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
tag: 0-2-0
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
@ -247,8 +245,6 @@ backend:
##
pullSecrets: []
# URL to the Ory Kratos API
kratosUrl: http://127.0.0.1:8000
oidc:
clientId: dashboard
clientSecret: ReplaceWithSecret
@ -256,6 +252,23 @@ backend:
authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
tokenUrl: https://sso.stackspin.example.org/oauth2/token
# Where to find the Kratos ADMIN and PUBLIC url
kratos:
publicUrl: https://dashboard.stackspin.example.org/kratos
adminUrl: http://kratos-admin:80
# Where to find the Hydra ADMIN url
hydra:
adminUrl: http://hydra-admin:4445
# Public URL of login panel
loginPanelUrl: https://dashboard.stackspin.example.org/web/
databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin
initialUser:
email: admin@example.com
# password: Set a pasword for the initial user!
## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
##
service:
@ -646,7 +659,7 @@ ingress:
path: /
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
pathType: Prefix
## @param ingress.annotations Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
@ -659,12 +672,6 @@ ingress:
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: dashboard.local
## path: /
extraHosts: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls: