dashboard/backend
2022-11-08 09:52:45 +01:00
..
areas add authentik api get users 2022-11-08 09:52:45 +01:00
cliapp fix: use proper exit codes on failure in CLI 2022-10-13 12:23:02 +02:00
helpers add authentik api get users 2022-11-08 09:52:45 +01:00
migrations add-frames (#1) 2022-11-02 10:25:43 +01:00
proxy move everything to backend folder for migration to dashboard repository 2022-10-12 13:38:51 +02:00
web add authentik api get users 2022-11-08 09:52:45 +01:00
.env.sample add-frames (#1) 2022-11-02 10:25:43 +01:00
.gitignore add-frames (#1) 2022-11-02 10:25:43 +01:00
.pylintrc move everything to backend folder for migration to dashboard repository 2022-10-12 13:38:51 +02:00
app.py move everything to backend folder for migration to dashboard repository 2022-10-12 13:38:51 +02:00
config.py add-frames (#1) 2022-11-02 10:25:43 +01:00
database.py move everything to backend folder for migration to dashboard repository 2022-10-12 13:38:51 +02:00
docker-compose.yml chore(deps): update bitnami/kubectl docker tag to v1.25.3 2022-10-14 02:04:42 +00:00
Dockerfile add-frames (#1) 2022-11-02 10:25:43 +01:00
entrypoint.sh add-frames (#1) 2022-11-02 10:25:43 +01:00
LICENSE move everything to backend folder for migration to dashboard repository 2022-10-12 13:38:51 +02:00
Makefile use tags in makefile 2022-11-02 13:59:57 +01:00
README.md move everything to backend folder for migration to dashboard repository 2022-10-12 13:38:51 +02:00
requirements.txt add authentik api get users 2022-11-08 09:52:45 +01:00
run_app.sh move everything to backend folder for migration to dashboard repository 2022-10-12 13:38:51 +02:00

Stackspin dashboard backend

Backend for the Stackspin dashboard

Login application

Apart from the dashboard backend this repository contains a flask application that functions as the identity provider, login, consent and logout endpoints for the OpenID Connect (OIDC) process. The application relies on the following components:

  • Hydra: Hydra is an open source OIDC server. It means applications can connect to Hydra to start a session with a user. Hydra provides the application with the username and other roles/claims for the application. Hydra is developed by Ory and has security as one of their top priorities.

  • Kratos: This is Identity Manager and contains all the user profiles and secrets (passwords). Kratos is designed to work mostly between UI (browser) and kratos directly, over a public API endpoint. Authentication, form-validation, etc. are all handled by Kratos. Kratos only provides an API and not UI itself. Kratos provides an admin API as well, which is only used from the server-side flask app to create/delete users.

  • MariaDB: The login application, as well as Hydra and Kratos, need to store data. This is done in a MariaDB database server. There is one instance with three databases. As all databases are very small we do not foresee resource limitation problems.

If Hydra hits a new session/user, it has to know if this user has access. To do so, the user has to login through a login application. This application is developed by the Stackspin team (Greenhost) and is part of this repository. It is a Python Flask application The application follows flows defined in Kratos, and as such a lot of the interaction is done in the web-browser, rather then server-side. As a result, the login application has a UI component which relies heavily on JavaScript. As this is a relatively small application, it is based on traditional Bootstrap + JQuery.

Development

To develop the Dashboard, you need a Stackspin cluster that is set up as a development environment. Follow the instructions in the dashboard-dev-overrides repository in order to set up a development-capable cluster. The end-points for the Dashboard, as well as Kratos and Hydra, will point to http://stackspin_proxy:8081 in that cluster. As a result, you can run components using the docker-compose file in this repository, and still log into Stackspin applications that run on the cluster.

Setting up the local development environment

After this process is finished, the following will run locally:

The following will be available locally through a proxy and port-forwards:

  • Hydra admin
  • Kratos admin and public
  • The MariaDB database connections

These need to be available locally, because Kratos wants to run on the same domain as the front-end that serves the login interface.

1. Setup hosts file

The application will run on http://stackspin_proxy. Add the following line to /etc/hosts to be able to access that from your browser:

127.0.0.1	stackspin_proxy

2. Kubernetes access

The script needs you to have access to the Kubernetes cluster that runs Stackspin. Point the KUBECONFIG environment variable to a kubectl config. That kubeconfig will be mounted inside docker containers, so also make sure your Docker user can read it.

3. Run it all

Now, run this script that sets a few environment variables based on what is in your cluster secrets, and starts docker-compose to start a reverse proxy as well as the flask application in this repository.

./run_app.sh

4. Front-end developmenet

Start the dashboard front-end app.