diff --git a/deployment/helmchart/Chart.lock b/deployment/helmchart/Chart.lock index fcd633a..3373868 100644 --- a/deployment/helmchart/Chart.lock +++ b/deployment/helmchart/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.11.1 -digest: sha256:a000bcd4d4cdd813c67d633b5523b4a4cd478fb95f1cae665d9b0ba5c45b40e2 -generated: "2022-02-10T15:57:46.223230425+01:00" + version: 1.13.0 +digest: sha256:e83af41b39942278f8389623671732e624f28c6f1ad6ac2d937e210c5f354a18 +generated: "2022-04-04T14:32:41.194922427+02:00" diff --git a/deployment/helmchart/Chart.yaml b/deployment/helmchart/Chart.yaml index 548dd80..3a551e8 100644 --- a/deployment/helmchart/Chart.yaml +++ b/deployment/helmchart/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: Dashboard apiVersion: v2 -appVersion: 0.1.6 +appVersion: 0.2.0 dependencies: - name: common # https://artifacthub.io/packages/helm/bitnami/common @@ -23,4 +23,4 @@ name: stackspin-dashboard sources: - https://open.greenhost.net/stackspin/dashboard/ - https://open.greenhost.net/stackspin/dashboard-backend/ -version: 0.1.7 +version: 0.2.0 diff --git a/deployment/helmchart/templates/configmaps.yaml b/deployment/helmchart/templates/configmaps.yaml index d208e87..6d02f35 100644 --- a/deployment/helmchart/templates/configmaps.yaml +++ b/deployment/helmchart/templates/configmaps.yaml @@ -16,8 +16,12 @@ data: HYDRA_CLIENT_ID: {{ .Values.backend.oidc.clientId }} HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }} TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }} - HYDRA_URL: {{ .Values.backend.oidc.baseUrl }} - + KRATOS_PUBLIC_URL: {{ .Values.backend.kratos.publicUrl }} + KRATOS_ADMIN_URL: {{ .Values.backend.kratos.adminUrl }} + HYDRA_PUBLIC_URL: {{ .Values.backend.oidc.baseUrl }} + HYDRA_ADMIN_URL: {{ .Values.backend.hydra.adminUrl }} + LOGIN_PANEL_URL: {{ .Values.backend.loginPanelUrl }} + DATABASE_URL: {{ .Values.backend.databaseUrl }} # {{- if .Values.backend.smtp.enabled }} # DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }} # DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }} diff --git a/deployment/helmchart/templates/deployment.yaml b/deployment/helmchart/templates/deployment.yaml index e22ce4f..7ddb265 100644 --- a/deployment/helmchart/templates/deployment.yaml +++ b/deployment/helmchart/templates/deployment.yaml @@ -138,7 +138,7 @@ spec: name: {{ include "backend.secretName" . }} key: oidc-client-secret - name: KRATOS_URL - value: {{ .Values.backend.kratosUrl }} + value: {{ .Values.backend.kratos.adminUrl }} {{- if (include "backend.smtp.password.enabled" .) }} - name: DASHBOARD_SMTP_PASSWORD valueFrom: diff --git a/deployment/helmchart/templates/ingress.yaml b/deployment/helmchart/templates/ingress.yaml index 11cbbc1..3e90576 100644 --- a/deployment/helmchart/templates/ingress.yaml +++ b/deployment/helmchart/templates/ingress.yaml @@ -19,6 +19,7 @@ metadata: kubernetes.io/tls-acme: "true" {{- end }} {{- end }} + nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: {{- if or .Values.ingress.tls .Values.ingress.extraTls }} tls: @@ -36,31 +37,28 @@ spec: - host: {{ .Values.ingress.hostname }} http: paths: - - path: {{ .Values.ingress.path }} + - path: {{ .Values.ingress.path }}(.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" .) "servicePort" "dashboard-http" "context" $) | nindent 14 }} # Forward API calls to the back-end container - - path: {{ .Values.ingress.path }}api/v1 + - path: {{ .Values.ingress.path }}(api/v1.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }} - - path: {{ default "/" .path }}api/v1 - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} + - path: {{ .Values.ingress.path }}(web.*) + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} + - path: {{ .Values.ingress.path }}kratos/(.*) + pathType: {{ .Values.ingress.pathType }} + backend: + service: + name: kratos-public + port: + number: 80 {{- end }} {{- end }} diff --git a/deployment/helmchart/templates/job-initialize-user.yaml b/deployment/helmchart/templates/job-initialize-user.yaml new file mode 100644 index 0000000..33f863d --- /dev/null +++ b/deployment/helmchart/templates/job-initialize-user.yaml @@ -0,0 +1,55 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "common.names.fullname" . }}-initialize-user + labels: {{- include "common.labels.standard" . | nindent 4 }} + component: dashboard + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + component: dashboard + spec: + restartPolicy: Never + containers: + - name: {{ .Chart.Name }}-login-create-admin + image: {{ template "backend.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + envFrom: + - configMapRef: + name: {{ include "common.names.fullname" . }} + {{- if .Values.backend.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.backend.extraEnvVarsCM }} + {{- end }} + {{- if .Values.backend.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.backend.extraEnvVarsSecret }} + {{- end }} + env: + - name: SETUP_EMAIL + value: {{ .Values.backend.initialUser.email }} + - name: SETUP_PASSWORD + value: {{ .Values.backend.initialUser.password }} + - name: KRATOS_PUBLIC_URL + value: http://kratos-public:80 + command: ["/bin/bash", "-c"] + args: + - flask db upgrade; + {{- if .Release.IsInstall }} + flask cli user create $SETUP_EMAIL; + flask cli user setpassword $SETUP_EMAIL $SETUP_PASSWORD; + flask cli app create dashboard Dashboard; + flask cli user setrole $SETUP_EMAIL dashboard admin; + {{- end }} + diff --git a/deployment/helmchart/values-local.yaml.example b/deployment/helmchart/values-local.yaml.example index 86a80a3..2ab9d69 100644 --- a/deployment/helmchart/values-local.yaml.example +++ b/deployment/helmchart/values-local.yaml.example @@ -1,17 +1,38 @@ # Values you will likely want to override. See values.yaml for their meanings dashboard: - host: dashboard.oas.example.com + host: dashboard.stackspin.example.com backend: secretKey: My random secret key + # OIDC connection details + # + # oidc: + # clientSecret: ReplaceWithSecret + # baseUrl: https://sso.stackspin.example.org + # authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth + # tokenUrl: https://sso.stackspin.example.org/oauth2/token + + # Where to find the Kratos public url + kratos: + publicUrl: https://sso.stackspin.example.org/kratos + + # Public URL of login panel + loginPanelUrl: https://dashboard.stackspin.example.org/web/ + + # Database connection + # databaseUrl: mysql+pymysql://stackspin:password@single-sign-on-database-mariadb/stackspin + + initialUser: + email: admin@example.com + # password: Set a pasword for the initial user! ingress: enabled: true - hostname: dashboard.oas.example.com + hostname: dashboard.stackspin.example.com # Get certificates with cert-manager certManager: true tls: - hosts: - - dashboard.oas.example.com - secretName: oas-dashboard + - dashboard.stackspin.example.com + secretName: stackspin-dashboard diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index 0b43e62..7735049 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -39,10 +39,19 @@ commonAnnotations: {} ## @section Stackspin parameters ## @param imagePullSecrets Specify docker-registry secret names as an array +## @param imagePullPolicy Policy on pulling images on container start ## image: imagePullSecrets: [] + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + ## Same policy for all containers is used. + ## + pullPolicy: IfNotPresent + ## Dashboard configuration parameters ## ref: https://open.greenhost.net/stackspin/dashboard ## @@ -59,12 +68,7 @@ dashboard: image: registry: open.greenhost.net:4567 repository: stackspin/dashboard/dashboard - tag: 0-1-6 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent + tag: 0-1-7 ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -225,19 +229,13 @@ backend: ## @param image.registry Stackspin image registry ## @param image.repository Stackspin image repository ## @param image.tag Stackspin image tag - ## @param image.pullPolicy Stackspin image pull policy ## @param image.pullSecrets Stackspin image pull secrets ## @param image.debug Specify if debug logs should be enabled ## image: registry: open.greenhost.net:4567 repository: stackspin/dashboard-backend/dashboard-backend - tag: 0-1-4 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent + tag: 0-2-0 ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -247,8 +245,6 @@ backend: ## pullSecrets: [] - # URL to the Ory Kratos API - kratosUrl: http://127.0.0.1:8000 oidc: clientId: dashboard clientSecret: ReplaceWithSecret @@ -256,6 +252,23 @@ backend: authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth tokenUrl: https://sso.stackspin.example.org/oauth2/token + # Where to find the Kratos ADMIN and PUBLIC url + kratos: + publicUrl: https://dashboard.stackspin.example.org/kratos + adminUrl: http://kratos-admin:80 + + # Where to find the Hydra ADMIN url + hydra: + adminUrl: http://hydra-admin:4445 + + # Public URL of login panel + loginPanelUrl: https://dashboard.stackspin.example.org/web/ + databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin + + initialUser: + email: admin@example.com + # password: Set a pasword for the initial user! + ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP ## service: @@ -646,7 +659,7 @@ ingress: path: / ## @param ingress.pathType Ingress path type ## - pathType: ImplementationSpecific + pathType: Prefix ## @param ingress.annotations Ingress annotations done as key:value pairs ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md @@ -659,12 +672,6 @@ ingress: ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: dashboard.local - ## path: / - extraHosts: [] ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: