add job-initialize-user

deployment/helmchart/templates/job-initialize-user.yaml

@@ -0,0 +1,53 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "common.names.fullname" . }}-initialize-user
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    component: dashboard
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": before-hook-creation
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  template:
+    metadata:
+      labels: {{- include "common.labels.standard" . | nindent 8 }}
+        component: dashboard
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: {{ .Chart.Name }}-login-create-admin
+        image: {{ template "backend.image" . }}
+        imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+        envFrom:
+          - configMapRef:
+              name: {{ include "common.names.fullname" . }}
+          {{- if .Values.backend.extraEnvVarsCM }}
+          - configMapRef:
+              name: {{ .Values.backend.extraEnvVarsCM }}
+          {{- end }}
+          {{- if .Values.backend.extraEnvVarsSecret }}
+          - secretRef:
+              name: {{ .Values.backend.extraEnvVarsSecret }}
+          {{- end }}
+        env:
+          - name: SETUP_EMAIL
+            value: {{ .Values.backend.initialUser.email }}
+          - name: SETUP_PASSWORD
+            value: {{ .Values.backend.initialUser.password }}
+        command: ["/bin/bash", "-c"]
+        args:
+          - flask db upgrade;
+            {{- if .Release.IsInstall }}
+            flask cli user create $SETUP_EMAIL;
+            flask cli user setpassword $SETUP_EMAIL $SETUP_PASSWORD;
+            flask cli app create dashboard Dashboard;
+            flask cli user setrole $SETUP_EMAIL dashboard admin;
+            {{- end }}
+

deployment/helmchart/values-local.yaml.example

@@ -1,17 +1,38 @@
 # Values you will likely want to override. See values.yaml for their meanings
 
 dashboard:
-  host: dashboard.oas.example.com
+  host: dashboard.stackspin.example.com
 
 backend:
   secretKey: My random secret key
+  # OIDC connection details
+  #
+  # oidc:
+  #   clientSecret: ReplaceWithSecret
+  #   baseUrl: https://sso.stackspin.example.org
+  #   authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
+  #   tokenUrl: https://sso.stackspin.example.org/oauth2/token
+
+  # Where to find the Kratos public url
+  kratos:
+    publicUrl: https://sso.stackspin.example.org/kratos
+
+  # Public URL of login panel
+  loginPanelUrl: https://dashboard.stackspin.example.org/web/
+
+  # Database connection
+  # databaseUrl: mysql+pymysql://stackspin:password@single-sign-on-database-mariadb/stackspin
+
+  initialUser:
+    email: admin@example.com
+    # password: Set a pasword for the initial user!
 
 ingress:
   enabled: true
-  hostname: dashboard.oas.example.com
+  hostname: dashboard.stackspin.example.com
   # Get certificates with cert-manager
   certManager: true
   tls:
     - hosts:
-        - dashboard.oas.example.com
-      secretName: oas-dashboard
+        - dashboard.stackspin.example.com
+      secretName: stackspin-dashboard

deployment/helmchart/values.yaml

@@ -271,6 +271,10 @@ backend:
   loginPanelUrl: https://dashboard.stackspin.example.org/web/
   databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin
 
+  initialUser:
+    email: admin@example.com
+    # password: Set a pasword for the initial user!
+
   ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
   ##
   service: