From 307c4ebb242292d262459953b47003de88afec50 Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Tue, 22 Mar 2022 17:51:37 +0800 Subject: [PATCH 01/14] Added web and kratos redirect --- deployment/helmchart/templates/ingress.yaml | 24 +++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/deployment/helmchart/templates/ingress.yaml b/deployment/helmchart/templates/ingress.yaml index 11cbbc1..7cc2b8e 100644 --- a/deployment/helmchart/templates/ingress.yaml +++ b/deployment/helmchart/templates/ingress.yaml @@ -19,6 +19,7 @@ metadata: kubernetes.io/tls-acme: "true" {{- end }} {{- end }} + nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: {{- if or .Values.ingress.tls .Values.ingress.extraTls }} tls: @@ -36,28 +37,43 @@ spec: - host: {{ .Values.ingress.hostname }} http: paths: - - path: {{ .Values.ingress.path }} + - path: ({{ .Values.ingress.path }}.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" .) "servicePort" "dashboard-http" "context" $) | nindent 14 }} # Forward API calls to the back-end container - - path: {{ .Values.ingress.path }}api/v1 + - path: ({{ .Values.ingress.path }}api/v1.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} + - path: ({{ .Values.ingress.path }}web.*) + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} + - path: {{ .Values.ingress.path }}kratos/(.*) + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "single-sign-on.fullname" .)-kratos-public "servicePort" "80" "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ .name }} http: paths: - - path: {{ default "/" .path }} + - path: ({{ default "/" .path }}.*) {{- if eq "true" (include "common.ingress.supportsPathType" $) }} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }} - - path: {{ default "/" .path }}api/v1 + - path: ({{ default "/" .path }}api/v1.*) + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} + - path: ({{ default "/" .path }}web.*) {{- if eq "true" (include "common.ingress.supportsPathType" $) }} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} From b16ed99b71c7962bb7a2ca1594172e223aacedce Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Wed, 30 Mar 2022 08:15:09 +0000 Subject: [PATCH 02/14] Hardcoded service --- deployment/helmchart/templates/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/helmchart/templates/ingress.yaml b/deployment/helmchart/templates/ingress.yaml index 7cc2b8e..bbe8566 100644 --- a/deployment/helmchart/templates/ingress.yaml +++ b/deployment/helmchart/templates/ingress.yaml @@ -57,7 +57,7 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "single-sign-on.fullname" .)-kratos-public "servicePort" "80" "context" $) | nindent 14 }} + backend: {{- include "common.ingress.backend" (dict "serviceName" "single-sign-on-kratos-public" "servicePort" "80" "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ .name }} From bb1aebb706b910d6b9e86fbcae832c7f7d90cac3 Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Thu, 31 Mar 2022 08:18:12 +0000 Subject: [PATCH 03/14] First attempt including login app in dashboard helmchart --- deployment/helmchart/templates/configmaps.yaml | 6 +++++- deployment/helmchart/templates/deployment.yaml | 4 ++-- deployment/helmchart/templates/ingress.yaml | 17 ++++++++++------- deployment/helmchart/values.yaml | 7 ++++--- 4 files changed, 21 insertions(+), 13 deletions(-) diff --git a/deployment/helmchart/templates/configmaps.yaml b/deployment/helmchart/templates/configmaps.yaml index d208e87..2767855 100644 --- a/deployment/helmchart/templates/configmaps.yaml +++ b/deployment/helmchart/templates/configmaps.yaml @@ -17,7 +17,11 @@ data: HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }} TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }} HYDRA_URL: {{ .Values.backend.oidc.baseUrl }} - + KRATOS_PUBLIC_URL: {{ .Values.backend.kratos.publicUrl }} + KRATOS_ADMIN_URL: {{ .Values.backend.kratos.adminUrl }} + HYDRA_ADMIN_URL: {{ .Values.backend.hydra.adminUrl }} + PUBLIC_URL: {{ .Values.backend.publicUrl }} + DATABASE_URL: {{ .Values.backend.databaseUrl }} # {{- if .Values.backend.smtp.enabled }} # DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }} # DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }} diff --git a/deployment/helmchart/templates/deployment.yaml b/deployment/helmchart/templates/deployment.yaml index e22ce4f..5584e03 100644 --- a/deployment/helmchart/templates/deployment.yaml +++ b/deployment/helmchart/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: - name: dashboard securityContext: {{- toYaml .Values.dashboard.containerSecurityContext | nindent 12 }} image: {{ template "dashboard.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.dashboard.image.pullPolicy | quote }} {{- if .Values.dashboard.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.command "context" $) | nindent 12 }} {{- end }} @@ -119,7 +119,7 @@ spec: - name: backend securityContext: {{- toYaml .Values.backend.containerSecurityContext | nindent 12 }} image: {{ template "backend.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.backend.image.pullPolicy | quote }} {{- if .Values.backend.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.backend.command "context" $) | nindent 12 }} {{- end }} diff --git a/deployment/helmchart/templates/ingress.yaml b/deployment/helmchart/templates/ingress.yaml index bbe8566..0b570d3 100644 --- a/deployment/helmchart/templates/ingress.yaml +++ b/deployment/helmchart/templates/ingress.yaml @@ -1,5 +1,6 @@ {{- if .Values.ingress.enabled -}} -apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} +# apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ template "common.names.fullname" . }} @@ -37,27 +38,29 @@ spec: - host: {{ .Values.ingress.hostname }} http: paths: - - path: ({{ .Values.ingress.path }}.*) + - path: {{ .Values.ingress.path }}(.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" .) "servicePort" "dashboard-http" "context" $) | nindent 14 }} # Forward API calls to the back-end container - - path: ({{ .Values.ingress.path }}api/v1.*) + - path: {{ .Values.ingress.path }}(api/v1.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} - - path: ({{ .Values.ingress.path }}web.*) + - path: {{ .Values.ingress.path }}(web.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} - path: {{ .Values.ingress.path }}kratos/(.*) - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" "single-sign-on-kratos-public" "servicePort" "80" "context" $) | nindent 14 }} + backend: + service: + name: single-sign-on-kratos-public + port: + number: 80 {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ .name }} diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index 0b43e62..fbedf74 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -42,6 +42,7 @@ commonAnnotations: {} ## image: imagePullSecrets: [] + pullPolicy: Always ## Dashboard configuration parameters ## ref: https://open.greenhost.net/stackspin/dashboard @@ -232,12 +233,12 @@ backend: image: registry: open.greenhost.net:4567 repository: stackspin/dashboard-backend/dashboard-backend - tag: 0-1-4 + tag: 19-integrate-flask-sso-panel-into-dashboard-flask-backend ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - pullPolicy: IfNotPresent + pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -646,7 +647,7 @@ ingress: path: / ## @param ingress.pathType Ingress path type ## - pathType: ImplementationSpecific + pathType: Prefix ## @param ingress.annotations Ingress annotations done as key:value pairs ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md From 4b8eba9b924ff6dd378224fec05de76b4fccfecd Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Thu, 31 Mar 2022 08:22:03 +0000 Subject: [PATCH 04/14] Add default values --- deployment/helmchart/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index fbedf74..b7dfba1 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -257,6 +257,14 @@ backend: authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth tokenUrl: https://sso.stackspin.example.org/oauth2/token + kratos: + publicUrl: https://sso.stackspin.example.org/kratos + adminUrl: http://single-sign-on-kratos-admin:80 + hydra: + adminUrl: http://single-sign-on-hydra-admin:4445 + publicUrl: https://sso.stackspin.example.org/web/ + databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin + ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP ## service: From e7d3ddb9b09e96a65fdcb0de678995df8eb8344a Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Fri, 1 Apr 2022 14:31:03 +0800 Subject: [PATCH 05/14] Updated documentation --- .../helmchart/templates/deployment.yaml | 4 +-- deployment/helmchart/templates/ingress.yaml | 15 ++++------ deployment/helmchart/values.yaml | 29 +++++++++++-------- 3 files changed, 25 insertions(+), 23 deletions(-) diff --git a/deployment/helmchart/templates/deployment.yaml b/deployment/helmchart/templates/deployment.yaml index 5584e03..e22ce4f 100644 --- a/deployment/helmchart/templates/deployment.yaml +++ b/deployment/helmchart/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: - name: dashboard securityContext: {{- toYaml .Values.dashboard.containerSecurityContext | nindent 12 }} image: {{ template "dashboard.image" . }} - imagePullPolicy: {{ .Values.dashboard.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.dashboard.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.command "context" $) | nindent 12 }} {{- end }} @@ -119,7 +119,7 @@ spec: - name: backend securityContext: {{- toYaml .Values.backend.containerSecurityContext | nindent 12 }} image: {{ template "backend.image" . }} - imagePullPolicy: {{ .Values.backend.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.backend.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.backend.command "context" $) | nindent 12 }} {{- end }} diff --git a/deployment/helmchart/templates/ingress.yaml b/deployment/helmchart/templates/ingress.yaml index 0b570d3..e60b4fa 100644 --- a/deployment/helmchart/templates/ingress.yaml +++ b/deployment/helmchart/templates/ingress.yaml @@ -1,6 +1,5 @@ {{- if .Values.ingress.enabled -}} -# apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} -apiVersion: networking.k8s.io/v1 +apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ template "common.names.fullname" . }} @@ -63,20 +62,18 @@ spec: number: 80 {{- end }} {{- range .Values.ingress.extraHosts }} + # In the event of "extraHosts", kratos is not proxied. Due the redirects, + # and single domain support of kratos/hydra. it is not feasable to support + # multiple hostnames. Same is true for the /web/ login frontend - host: {{ .name }} http: paths: - - path: ({{ default "/" .path }}.*) + - path: {{ default "/" .path }}(.*) {{- if eq "true" (include "common.ingress.supportsPathType" $) }} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }} - - path: ({{ default "/" .path }}api/v1.*) - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} - - path: ({{ default "/" .path }}web.*) + - path: {{ default "/" .path }}(api/v1.*) {{- if eq "true" (include "common.ingress.supportsPathType" $) }} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index b7dfba1..39d683b 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -39,9 +39,20 @@ commonAnnotations: {} ## @section Stackspin parameters ## @param imagePullSecrets Specify docker-registry secret names as an array +## @param imagePullPolicy Policy on pulling images on container start ## image: imagePullSecrets: [] + + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + ## Same policy for all containers is used. + ## + # TODO: Set to Always for developoment purposes, should be reverted to + # 'IfNotPresent' + # pullPolicy: IfNotPresent pullPolicy: Always ## Dashboard configuration parameters @@ -61,11 +72,6 @@ dashboard: registry: open.greenhost.net:4567 repository: stackspin/dashboard/dashboard tag: 0-1-6 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -226,7 +232,6 @@ backend: ## @param image.registry Stackspin image registry ## @param image.repository Stackspin image repository ## @param image.tag Stackspin image tag - ## @param image.pullPolicy Stackspin image pull policy ## @param image.pullSecrets Stackspin image pull secrets ## @param image.debug Specify if debug logs should be enabled ## @@ -234,11 +239,6 @@ backend: registry: open.greenhost.net:4567 repository: stackspin/dashboard-backend/dashboard-backend tag: 19-integrate-flask-sso-panel-into-dashboard-flask-backend - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -257,12 +257,17 @@ backend: authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth tokenUrl: https://sso.stackspin.example.org/oauth2/token + # Where to find the Kratos ADMIN and PUBLIC url kratos: publicUrl: https://sso.stackspin.example.org/kratos adminUrl: http://single-sign-on-kratos-admin:80 + + # Where to find the Hydra ADMIN url hydra: adminUrl: http://single-sign-on-hydra-admin:4445 - publicUrl: https://sso.stackspin.example.org/web/ + + # Public URL of login panel + publicUrl: https://dashboard.stackspin.example.org/web/ databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP From 6ef56651fe267124553980f69f4e79e18f03fdfa Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Fri, 1 Apr 2022 14:34:24 +0800 Subject: [PATCH 06/14] Add comments / TODO about temporary value --- deployment/helmchart/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index 39d683b..9238634 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -238,6 +238,9 @@ backend: image: registry: open.greenhost.net:4567 repository: stackspin/dashboard-backend/dashboard-backend + + ## TODO: Correct tag once merges (used to be 0-1-4, guess will be a new + ## number/tag) tag: 19-integrate-flask-sso-panel-into-dashboard-flask-backend ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 6de627e44a770028573fee96467bd602883e5dde Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Mon, 4 Apr 2022 14:32:58 +0200 Subject: [PATCH 07/14] apply changes from my own review --- deployment/helmchart/templates/configmaps.yaml | 4 ++-- deployment/helmchart/templates/deployment.yaml | 2 +- deployment/helmchart/templates/ingress.yaml | 18 ------------------ deployment/helmchart/values.yaml | 8 +------- 4 files changed, 4 insertions(+), 28 deletions(-) diff --git a/deployment/helmchart/templates/configmaps.yaml b/deployment/helmchart/templates/configmaps.yaml index 2767855..6d02f35 100644 --- a/deployment/helmchart/templates/configmaps.yaml +++ b/deployment/helmchart/templates/configmaps.yaml @@ -16,11 +16,11 @@ data: HYDRA_CLIENT_ID: {{ .Values.backend.oidc.clientId }} HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }} TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }} - HYDRA_URL: {{ .Values.backend.oidc.baseUrl }} KRATOS_PUBLIC_URL: {{ .Values.backend.kratos.publicUrl }} KRATOS_ADMIN_URL: {{ .Values.backend.kratos.adminUrl }} + HYDRA_PUBLIC_URL: {{ .Values.backend.oidc.baseUrl }} HYDRA_ADMIN_URL: {{ .Values.backend.hydra.adminUrl }} - PUBLIC_URL: {{ .Values.backend.publicUrl }} + LOGIN_PANEL_URL: {{ .Values.backend.loginPanelUrl }} DATABASE_URL: {{ .Values.backend.databaseUrl }} # {{- if .Values.backend.smtp.enabled }} # DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }} diff --git a/deployment/helmchart/templates/deployment.yaml b/deployment/helmchart/templates/deployment.yaml index e22ce4f..7ddb265 100644 --- a/deployment/helmchart/templates/deployment.yaml +++ b/deployment/helmchart/templates/deployment.yaml @@ -138,7 +138,7 @@ spec: name: {{ include "backend.secretName" . }} key: oidc-client-secret - name: KRATOS_URL - value: {{ .Values.backend.kratosUrl }} + value: {{ .Values.backend.kratos.adminUrl }} {{- if (include "backend.smtp.password.enabled" .) }} - name: DASHBOARD_SMTP_PASSWORD valueFrom: diff --git a/deployment/helmchart/templates/ingress.yaml b/deployment/helmchart/templates/ingress.yaml index e60b4fa..041f9f7 100644 --- a/deployment/helmchart/templates/ingress.yaml +++ b/deployment/helmchart/templates/ingress.yaml @@ -61,22 +61,4 @@ spec: port: number: 80 {{- end }} - {{- range .Values.ingress.extraHosts }} - # In the event of "extraHosts", kratos is not proxied. Due the redirects, - # and single domain support of kratos/hydra. it is not feasable to support - # multiple hostnames. Same is true for the /web/ login frontend - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }}(.*) - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }} - - path: {{ default "/" .path }}(api/v1.*) - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} - {{- end }} {{- end }} diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index 9238634..952e842 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -270,7 +270,7 @@ backend: adminUrl: http://single-sign-on-hydra-admin:4445 # Public URL of login panel - publicUrl: https://dashboard.stackspin.example.org/web/ + loginPanelUrl: https://dashboard.stackspin.example.org/web/ databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP @@ -676,12 +676,6 @@ ingress: ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: dashboard.local - ## path: / - extraHosts: [] ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: From 3f0d6dc0fd1f99056ce599cfeea44726ea8713ed Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Mon, 4 Apr 2022 16:08:15 +0200 Subject: [PATCH 08/14] update Chart version to 0.2.0 --- deployment/helmchart/Chart.lock | 6 +++--- deployment/helmchart/Chart.yaml | 4 ++-- deployment/helmchart/values.yaml | 2 -- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/deployment/helmchart/Chart.lock b/deployment/helmchart/Chart.lock index fcd633a..3373868 100644 --- a/deployment/helmchart/Chart.lock +++ b/deployment/helmchart/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.11.1 -digest: sha256:a000bcd4d4cdd813c67d633b5523b4a4cd478fb95f1cae665d9b0ba5c45b40e2 -generated: "2022-02-10T15:57:46.223230425+01:00" + version: 1.13.0 +digest: sha256:e83af41b39942278f8389623671732e624f28c6f1ad6ac2d937e210c5f354a18 +generated: "2022-04-04T14:32:41.194922427+02:00" diff --git a/deployment/helmchart/Chart.yaml b/deployment/helmchart/Chart.yaml index 548dd80..3a551e8 100644 --- a/deployment/helmchart/Chart.yaml +++ b/deployment/helmchart/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: Dashboard apiVersion: v2 -appVersion: 0.1.6 +appVersion: 0.2.0 dependencies: - name: common # https://artifacthub.io/packages/helm/bitnami/common @@ -23,4 +23,4 @@ name: stackspin-dashboard sources: - https://open.greenhost.net/stackspin/dashboard/ - https://open.greenhost.net/stackspin/dashboard-backend/ -version: 0.1.7 +version: 0.2.0 diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index 952e842..ba3a83c 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -251,8 +251,6 @@ backend: ## pullSecrets: [] - # URL to the Ory Kratos API - kratosUrl: http://127.0.0.1:8000 oidc: clientId: dashboard clientSecret: ReplaceWithSecret From 8a89f94ec01685f75360de6fa7dd6a716143e5ca Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Mon, 4 Apr 2022 16:56:08 +0200 Subject: [PATCH 09/14] add job-initialize-user --- .../templates/job-initialize-user.yaml | 53 +++++++++++++++++++ .../helmchart/values-local.yaml.example | 29 ++++++++-- deployment/helmchart/values.yaml | 4 ++ 3 files changed, 82 insertions(+), 4 deletions(-) create mode 100644 deployment/helmchart/templates/job-initialize-user.yaml diff --git a/deployment/helmchart/templates/job-initialize-user.yaml b/deployment/helmchart/templates/job-initialize-user.yaml new file mode 100644 index 0000000..6e1c13d --- /dev/null +++ b/deployment/helmchart/templates/job-initialize-user.yaml @@ -0,0 +1,53 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "common.names.fullname" . }}-initialize-user + labels: {{- include "common.labels.standard" . | nindent 4 }} + component: dashboard + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + component: dashboard + spec: + restartPolicy: Never + containers: + - name: {{ .Chart.Name }}-login-create-admin + image: {{ template "backend.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + envFrom: + - configMapRef: + name: {{ include "common.names.fullname" . }} + {{- if .Values.backend.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.backend.extraEnvVarsCM }} + {{- end }} + {{- if .Values.backend.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.backend.extraEnvVarsSecret }} + {{- end }} + env: + - name: SETUP_EMAIL + value: {{ .Values.backend.initialUser.email }} + - name: SETUP_PASSWORD + value: {{ .Values.backend.initialUser.password }} + command: ["/bin/bash", "-c"] + args: + - flask db upgrade; + {{- if .Release.IsInstall }} + flask cli user create $SETUP_EMAIL; + flask cli user setpassword $SETUP_EMAIL $SETUP_PASSWORD; + flask cli app create dashboard Dashboard; + flask cli user setrole $SETUP_EMAIL dashboard admin; + {{- end }} + diff --git a/deployment/helmchart/values-local.yaml.example b/deployment/helmchart/values-local.yaml.example index 86a80a3..2ab9d69 100644 --- a/deployment/helmchart/values-local.yaml.example +++ b/deployment/helmchart/values-local.yaml.example @@ -1,17 +1,38 @@ # Values you will likely want to override. See values.yaml for their meanings dashboard: - host: dashboard.oas.example.com + host: dashboard.stackspin.example.com backend: secretKey: My random secret key + # OIDC connection details + # + # oidc: + # clientSecret: ReplaceWithSecret + # baseUrl: https://sso.stackspin.example.org + # authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth + # tokenUrl: https://sso.stackspin.example.org/oauth2/token + + # Where to find the Kratos public url + kratos: + publicUrl: https://sso.stackspin.example.org/kratos + + # Public URL of login panel + loginPanelUrl: https://dashboard.stackspin.example.org/web/ + + # Database connection + # databaseUrl: mysql+pymysql://stackspin:password@single-sign-on-database-mariadb/stackspin + + initialUser: + email: admin@example.com + # password: Set a pasword for the initial user! ingress: enabled: true - hostname: dashboard.oas.example.com + hostname: dashboard.stackspin.example.com # Get certificates with cert-manager certManager: true tls: - hosts: - - dashboard.oas.example.com - secretName: oas-dashboard + - dashboard.stackspin.example.com + secretName: stackspin-dashboard diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index ba3a83c..ea70829 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -271,6 +271,10 @@ backend: loginPanelUrl: https://dashboard.stackspin.example.org/web/ databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin + initialUser: + email: admin@example.com + # password: Set a pasword for the initial user! + ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP ## service: From a03541e3a6a0b2a03d99536263160658d373824b Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Wed, 6 Apr 2022 16:51:38 +0200 Subject: [PATCH 10/14] set kratos and hydra adminUrl to cohere with stackspin#1217 --- deployment/helmchart/templates/ingress.yaml | 2 +- deployment/helmchart/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/helmchart/templates/ingress.yaml b/deployment/helmchart/templates/ingress.yaml index 041f9f7..3e90576 100644 --- a/deployment/helmchart/templates/ingress.yaml +++ b/deployment/helmchart/templates/ingress.yaml @@ -57,7 +57,7 @@ spec: pathType: {{ .Values.ingress.pathType }} backend: service: - name: single-sign-on-kratos-public + name: kratos-public port: number: 80 {{- end }} diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index ea70829..5c652da 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -260,12 +260,12 @@ backend: # Where to find the Kratos ADMIN and PUBLIC url kratos: - publicUrl: https://sso.stackspin.example.org/kratos - adminUrl: http://single-sign-on-kratos-admin:80 + publicUrl: https://dashboard.stackspin.example.org/kratos + adminUrl: http://kratos-admin:80 # Where to find the Hydra ADMIN url hydra: - adminUrl: http://single-sign-on-hydra-admin:4445 + adminUrl: http://hydra-admin:4445 # Public URL of login panel loginPanelUrl: https://dashboard.stackspin.example.org/web/ From 3f3dd47842abe76875bdfacda49b6767fccca456 Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Thu, 7 Apr 2022 09:24:04 +0200 Subject: [PATCH 11/14] set KRATOS_PUBLIC_URL to internal network URL for initialize user job --- deployment/helmchart/templates/job-initialize-user.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployment/helmchart/templates/job-initialize-user.yaml b/deployment/helmchart/templates/job-initialize-user.yaml index 6e1c13d..33f863d 100644 --- a/deployment/helmchart/templates/job-initialize-user.yaml +++ b/deployment/helmchart/templates/job-initialize-user.yaml @@ -41,6 +41,8 @@ spec: value: {{ .Values.backend.initialUser.email }} - name: SETUP_PASSWORD value: {{ .Values.backend.initialUser.password }} + - name: KRATOS_PUBLIC_URL + value: http://kratos-public:80 command: ["/bin/bash", "-c"] args: - flask db upgrade; From 951f0f7e4aa9086242a0f141724bf2ad62821550 Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Wed, 20 Apr 2022 12:17:15 +0200 Subject: [PATCH 12/14] set temporary tag for dashboard image --- deployment/helmchart/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index 5c652da..cde78ae 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -71,7 +71,9 @@ dashboard: image: registry: open.greenhost.net:4567 repository: stackspin/dashboard/dashboard - tag: 0-1-6 + ## TODO: Correct tag once merges (used to be 0-1-6, guess will be a new + ## number/tag) + tag: feat-user-roles ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ From 7dada945ee0ae02ce3f50fd535f95a751f06fdfb Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Wed, 20 Apr 2022 14:22:09 +0200 Subject: [PATCH 13/14] Set version tags for dashboard and dashboard-backend --- deployment/helmchart/values.yaml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index cde78ae..dc08bd9 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -50,10 +50,7 @@ image: ## ## Same policy for all containers is used. ## - # TODO: Set to Always for developoment purposes, should be reverted to - # 'IfNotPresent' - # pullPolicy: IfNotPresent - pullPolicy: Always + pullPolicy: IfNotPresent ## Dashboard configuration parameters ## ref: https://open.greenhost.net/stackspin/dashboard @@ -71,9 +68,7 @@ dashboard: image: registry: open.greenhost.net:4567 repository: stackspin/dashboard/dashboard - ## TODO: Correct tag once merges (used to be 0-1-6, guess will be a new - ## number/tag) - tag: feat-user-roles + tag: 0.1.7 ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -240,10 +235,7 @@ backend: image: registry: open.greenhost.net:4567 repository: stackspin/dashboard-backend/dashboard-backend - - ## TODO: Correct tag once merges (used to be 0-1-4, guess will be a new - ## number/tag) - tag: 19-integrate-flask-sso-panel-into-dashboard-flask-backend + tag: 0.2.0 ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ From 7b04ef921340d4813dadb4f611b11b2b4dbab450 Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Wed, 20 Apr 2022 15:20:11 +0200 Subject: [PATCH 14/14] use dashes instead of dots in image tags --- deployment/helmchart/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml index dc08bd9..7735049 100644 --- a/deployment/helmchart/values.yaml +++ b/deployment/helmchart/values.yaml @@ -68,7 +68,7 @@ dashboard: image: registry: open.greenhost.net:4567 repository: stackspin/dashboard/dashboard - tag: 0.1.7 + tag: 0-1-7 ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -235,7 +235,7 @@ backend: image: registry: open.greenhost.net:4567 repository: stackspin/dashboard-backend/dashboard-backend - tag: 0.2.0 + tag: 0-2-0 ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/