Merge branch '36-add-web-and-kratos-paths-in-nginx-configuration' into 'main'

Resolve "Add web and kratos paths in nginx configuration" Closes #36 See merge request stackspin/dashboard!23
2022-04-20 14:23:12 +00:00 · 2022-04-20 14:23:12 +00:00 · 49e6778c54
commit 49e6778c54
parent f1bf0279cb 7b04ef9213
8 changed files with 134 additions and 49 deletions
--- a/deployment/helmchart/Chart.lock
+++ b/deployment/helmchart/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: common
  repository: https://charts.bitnami.com/bitnami
-  version: 1.11.1
-digest: sha256:a000bcd4d4cdd813c67d633b5523b4a4cd478fb95f1cae665d9b0ba5c45b40e2
-generated: "2022-02-10T15:57:46.223230425+01:00"
+  version: 1.13.0
+digest: sha256:e83af41b39942278f8389623671732e624f28c6f1ad6ac2d937e210c5f354a18
+generated: "2022-04-04T14:32:41.194922427+02:00"
--- a/deployment/helmchart/Chart.yaml
+++ b/deployment/helmchart/Chart.yaml
@ -1,7 +1,7 @@
 annotations:
  category: Dashboard
 apiVersion: v2
-appVersion: 0.1.6
+appVersion: 0.2.0
 dependencies:
  - name: common
    # https://artifacthub.io/packages/helm/bitnami/common
@ -23,4 +23,4 @@ name: stackspin-dashboard
 sources:
  - https://open.greenhost.net/stackspin/dashboard/
  - https://open.greenhost.net/stackspin/dashboard-backend/
-version: 0.1.7
+version: 0.2.0
--- a/deployment/helmchart/templates/configmaps.yaml
+++ b/deployment/helmchart/templates/configmaps.yaml
@ -16,8 +16,12 @@ data:
  HYDRA_CLIENT_ID: {{ .Values.backend.oidc.clientId }}
  HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }}
  TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }}
-  HYDRA_URL: {{ .Values.backend.oidc.baseUrl }}
-
+  KRATOS_PUBLIC_URL: {{ .Values.backend.kratos.publicUrl }}
+  KRATOS_ADMIN_URL: {{ .Values.backend.kratos.adminUrl }}
+  HYDRA_PUBLIC_URL: {{ .Values.backend.oidc.baseUrl }}
+  HYDRA_ADMIN_URL: {{ .Values.backend.hydra.adminUrl }}
+  LOGIN_PANEL_URL: {{ .Values.backend.loginPanelUrl }}
+  DATABASE_URL: {{ .Values.backend.databaseUrl }}
  # {{- if .Values.backend.smtp.enabled }}
  # DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }}
  # DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }}
--- a/deployment/helmchart/templates/deployment.yaml
+++ b/deployment/helmchart/templates/deployment.yaml
@ -138,7 +138,7 @@ spec:
                  name: {{ include "backend.secretName" . }}
                  key: oidc-client-secret
            - name: KRATOS_URL
-              value: {{ .Values.backend.kratosUrl }}
+              value: {{ .Values.backend.kratos.adminUrl }}
            {{- if (include "backend.smtp.password.enabled" .) }}
            - name: DASHBOARD_SMTP_PASSWORD
              valueFrom:
--- a/deployment/helmchart/templates/ingress.yaml
+++ b/deployment/helmchart/templates/ingress.yaml
@ -19,6 +19,7 @@ metadata:
    kubernetes.io/tls-acme: "true"
  {{- end }}
  {{- end }}
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
 spec:
  {{- if or .Values.ingress.tls .Values.ingress.extraTls }}
  tls:
@ -36,31 +37,28 @@ spec:
    - host: {{ .Values.ingress.hostname }}
      http:
        paths:
-          - path: {{ .Values.ingress.path }}
+          - path: {{ .Values.ingress.path }}(.*)
            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
            pathType: {{ .Values.ingress.pathType }}
            {{- end }}
            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" .) "servicePort" "dashboard-http" "context" $)  | nindent 14 }}
          # Forward API calls to the back-end container
-          - path: {{ .Values.ingress.path }}api/v1
+          - path: {{ .Values.ingress.path }}(api/v1.*)
            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
            pathType: {{ .Values.ingress.pathType }}
            {{- end }}
            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $)  | nindent 14 }}
-    {{- end }}
-    {{- range .Values.ingress.extraHosts }}
-    - host: {{ .name }}
-      http:
-        paths:
-          - path: {{ default "/" .path }}
-            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
-            pathType: {{ default "ImplementationSpecific" .pathType }}
-            {{- end }}
-            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }}
-          - path: {{ default "/" .path }}api/v1
-            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
-            pathType: {{ default "ImplementationSpecific" .pathType }}
+          - path: {{ .Values.ingress.path }}(web.*)
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.ingress.pathType }}
            {{- end }}
            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $)  | nindent 14 }}
+          - path: {{ .Values.ingress.path }}kratos/(.*)
+            pathType: {{ .Values.ingress.pathType }}
+            backend:
+              service:
+                name: kratos-public
+                port:
+                  number: 80
    {{- end }}
 {{- end }}
--- a/deployment/helmchart/templates/job-initialize-user.yaml
+++ b/deployment/helmchart/templates/job-initialize-user.yaml
@ -0,0 +1,55 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "common.names.fullname" . }}-initialize-user
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    component: dashboard
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": before-hook-creation
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  template:
+    metadata:
+      labels: {{- include "common.labels.standard" . | nindent 8 }}
+        component: dashboard
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: {{ .Chart.Name }}-login-create-admin
+        image: {{ template "backend.image" . }}
+        imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+        envFrom:
+          - configMapRef:
+              name: {{ include "common.names.fullname" . }}
+          {{- if .Values.backend.extraEnvVarsCM }}
+          - configMapRef:
+              name: {{ .Values.backend.extraEnvVarsCM }}
+          {{- end }}
+          {{- if .Values.backend.extraEnvVarsSecret }}
+          - secretRef:
+              name: {{ .Values.backend.extraEnvVarsSecret }}
+          {{- end }}
+        env:
+          - name: SETUP_EMAIL
+            value: {{ .Values.backend.initialUser.email }}
+          - name: SETUP_PASSWORD
+            value: {{ .Values.backend.initialUser.password }}
+          - name: KRATOS_PUBLIC_URL
+            value: http://kratos-public:80
+        command: ["/bin/bash", "-c"]
+        args:
+          - flask db upgrade;
+            {{- if .Release.IsInstall }}
+            flask cli user create $SETUP_EMAIL;
+            flask cli user setpassword $SETUP_EMAIL $SETUP_PASSWORD;
+            flask cli app create dashboard Dashboard;
+            flask cli user setrole $SETUP_EMAIL dashboard admin;
+            {{- end }}
+
--- a/deployment/helmchart/values-local.yaml.example
+++ b/deployment/helmchart/values-local.yaml.example
@ -1,17 +1,38 @@
 # Values you will likely want to override. See values.yaml for their meanings

 dashboard:
-  host: dashboard.oas.example.com
+  host: dashboard.stackspin.example.com

 backend:
  secretKey: My random secret key
+  # OIDC connection details
+  #
+  # oidc:
+  #   clientSecret: ReplaceWithSecret
+  #   baseUrl: https://sso.stackspin.example.org
+  #   authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
+  #   tokenUrl: https://sso.stackspin.example.org/oauth2/token
+
+  # Where to find the Kratos public url
+  kratos:
+    publicUrl: https://sso.stackspin.example.org/kratos
+
+  # Public URL of login panel
+  loginPanelUrl: https://dashboard.stackspin.example.org/web/
+
+  # Database connection
+  # databaseUrl: mysql+pymysql://stackspin:password@single-sign-on-database-mariadb/stackspin
+
+  initialUser:
+    email: admin@example.com
+    # password: Set a pasword for the initial user!

 ingress:
  enabled: true
-  hostname: dashboard.oas.example.com
+  hostname: dashboard.stackspin.example.com
  # Get certificates with cert-manager
  certManager: true
  tls:
    - hosts:
-        - dashboard.oas.example.com
-      secretName: oas-dashboard
+        - dashboard.stackspin.example.com
+      secretName: stackspin-dashboard
--- a/deployment/helmchart/values.yaml
+++ b/deployment/helmchart/values.yaml
@ -39,10 +39,19 @@ commonAnnotations: {}
 ## @section Stackspin parameters

 ## @param imagePullSecrets Specify docker-registry secret names as an array
+## @param imagePullPolicy  Policy on pulling images on container start
 ##
 image:
  imagePullSecrets: []

+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  ## Same policy for all containers is used.
+  ##
+  pullPolicy: IfNotPresent
+
 ## Dashboard configuration parameters
 ## ref: https://open.greenhost.net/stackspin/dashboard
 ##
@ -59,12 +68,7 @@ dashboard:
  image:
    registry: open.greenhost.net:4567
    repository: stackspin/dashboard/dashboard
-    tag: 0-1-6
-    ## Specify a imagePullPolicy
-    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-    ##
-    pullPolicy: IfNotPresent
+    tag: 0-1-7
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
@ -225,19 +229,13 @@ backend:
  ## @param image.registry Stackspin image registry
  ## @param image.repository Stackspin image repository
  ## @param image.tag Stackspin image tag
-  ## @param image.pullPolicy Stackspin image pull policy
  ## @param image.pullSecrets Stackspin image pull secrets
  ## @param image.debug Specify if debug logs should be enabled
  ##
  image:
    registry: open.greenhost.net:4567
    repository: stackspin/dashboard-backend/dashboard-backend
-    tag: 0-1-4
-    ## Specify a imagePullPolicy
-    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-    ##
-    pullPolicy: IfNotPresent
+    tag: 0-2-0
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
@ -247,8 +245,6 @@ backend:
    ##
    pullSecrets: []

-  # URL to the Ory Kratos API
-  kratosUrl: http://127.0.0.1:8000
  oidc:
    clientId: dashboard
    clientSecret: ReplaceWithSecret
@ -256,6 +252,23 @@ backend:
    authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
    tokenUrl: https://sso.stackspin.example.org/oauth2/token

+  # Where to find the Kratos ADMIN and PUBLIC url
+  kratos:
+    publicUrl: https://dashboard.stackspin.example.org/kratos
+    adminUrl: http://kratos-admin:80
+
+  # Where to find the Hydra ADMIN url
+  hydra:
+    adminUrl: http://hydra-admin:4445
+
+  # Public URL of login panel
+  loginPanelUrl: https://dashboard.stackspin.example.org/web/
+  databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin
+
+  initialUser:
+    email: admin@example.com
+    # password: Set a pasword for the initial user!
+
  ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
  ##
  service:
@ -646,7 +659,7 @@ ingress:
  path: /
  ## @param ingress.pathType Ingress path type
  ##
-  pathType: ImplementationSpecific
+  pathType: Prefix
  ## @param ingress.annotations Ingress annotations done as key:value pairs
  ## For a full list of possible ingress annotations, please see
  ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
@ -659,12 +672,6 @@ ingress:
  ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
  ##
  tls: false
-  ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
-  ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
-  ## extraHosts:
-  ## - name: dashboard.local
-  ##   path: /
-  extraHosts: []
  ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  ## extraTls: