use newer containers and supply Hydra/OIDC variables to deployment

This commit is contained in:
Maarten de Waard 2022-01-21 11:16:51 +01:00
parent 3991f9ac52
commit a54e26c9c4
No known key found for this signature in database
GPG key ID: 1D3E893A657CC8DA
5 changed files with 22 additions and 8 deletions

View file

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 1.10.0 version: 1.10.4
digest: sha256:d6f283322d34efda54721ddd67aec935f1bea501c7b45dfbe89814aed21ae5dc digest: sha256:e177cdcd71e67a1e64e95260c4b780374e1d66e85be405d5dc58459654e49ffa
generated: "2021-09-30T16:27:06.738339948+02:00" generated: "2022-01-21T11:11:54.359313957+01:00"

View file

@ -13,9 +13,10 @@ data:
SECRET_KEY: {{ .Values.backend.secretKey }} SECRET_KEY: {{ .Values.backend.secretKey }}
FLASK_APP: app.py FLASK_APP: app.py
FLASK_ENV: {{ .Values.backend.flaskEnv }} FLASK_ENV: {{ .Values.backend.flaskEnv }}
# Probably needed in the future: HYDRA_CLIENT_ID: {{ .Values.backend.oidc.clientId }}
# DASHBOARD_BACKEND_USERNAME: {{ .Values.backend.username | quote }} HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }}
# DASHBOARD_BACKEND_EMAIL: {{ .Values.backend.email | quote }} TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }}
# {{- if .Values.backend.smtp.enabled }} # {{- if .Values.backend.smtp.enabled }}
# DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }} # DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }}
# DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }} # DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }}

View file

@ -138,6 +138,11 @@ spec:
secretKeyRef: secretKeyRef:
name: {{ include "backend.smtp.secretName" . }} name: {{ include "backend.smtp.secretName" . }}
key: smtp-password key: smtp-password
- name: HYDRA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "backend.secretName" . }}
key: oidc-client-secret
- name: KRATOS_URL - name: KRATOS_URL
value: {{ .Values.backend.kratosUrl }} value: {{ .Values.backend.kratosUrl }}
{{- end }} {{- end }}

View file

@ -20,4 +20,7 @@ data:
{{- if and (.Values.backend.smtp.password) (.Values.backend.smtp.enabled) (not .Values.backend.smtp.existingSecret) }} {{- if and (.Values.backend.smtp.password) (.Values.backend.smtp.enabled) (not .Values.backend.smtp.existingSecret) }}
smtp-password: {{ .Values.backend.smtp.password | b64enc | quote }} smtp-password: {{ .Values.backend.smtp.password | b64enc | quote }}
{{- end }} {{- end }}
{{- if .Values.backend.oidc.clientSecret }}
oidc-client-secret: {{ .Values.backend.oidc.clientSecret | b64enc | quote }}
{{- end }}
{{- end }} {{- end }}

View file

@ -59,7 +59,7 @@ dashboard:
image: image:
registry: open.greenhost.net:4567 registry: open.greenhost.net:4567
repository: stackspin/dashboard/dashboard repository: stackspin/dashboard/dashboard
tag: 0-1-2 tag: 0-1-3
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@ -232,7 +232,7 @@ backend:
image: image:
registry: open.greenhost.net:4567 registry: open.greenhost.net:4567
repository: stackspin/dashboard-backend/dashboard-backend repository: stackspin/dashboard-backend/dashboard-backend
tag: 0-1-2 tag: 0-1-3
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@ -249,6 +249,11 @@ backend:
# URL to the Ory Kratos API # URL to the Ory Kratos API
kratosUrl: http://127.0.0.1:8000 kratosUrl: http://127.0.0.1:8000
oidc:
clientId: dashboard
clientSecret: ReplaceWithSecret
authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
tokenUrl: https://sso.stackspin.example.org/oauth2/token
## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
## ##