Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Single sign-on
Single sign-on adds an Authentication server to your k8s cluster, that can be used by
applications within your cluster and by external applications to log in your users.
This chart also includes a minimalistic user-panel which can be used
to create new users, assign roles to users and grant users access to applications.
## Prerequisites
* Kubernetes 1.13+ with Beta APIs enabled
* helm 2.14.3+
* ORY helm chart repository installed
* `helm repo add ory https://k8s.ory.sh/helm/charts && helm repo update`
## Configuration
You can configure the chart by changing the default values in the `./values.yaml` file.
The following table lists the configurable parameters of the single sign-on chart and their
default values. Values in **bold** letters need to be changed for Routing and TLS to work.
| Parameter | Description | Default |
| ------------------------------------ | ------------------------------------------------------- | ------------------------- |
| `singleSignOnHost` | **FQDN of the openID Connect / oAuth2 server** | **sso.oas.example.net** |
| `loginProviderImage.repository` | Name of image repository to be used for login provider | open.greenhost.net:4567/openappstack/single-sign-on/login_provider |
| `loginProviderImage.tag` | Release version of login provider image | master |
| `consentProviderImage.repository` | Name of image repository to be used for consent provider| open.greenhost.net:4567/openappstack/single-sign-on/consent_provider |
| `consentProviderImage.tag` | Release version of consent provider image | master |
| `userpanel.ingress.host` | **FQDN of the userpanel** | **admin.oas.example.net** |
| `userpanel.oAuth.client_secret` | oAuth2 client secret | YouReallyNeedToChangeThis |
| `userbackend.username` | Username of the admin user | admin |
| `userbackend.password` | Password of the admin user | YouReallyNeedToChangeThis |
| `userbackend.email` | Email address of the admin user | admin@example.net |
| `userbackend.postgres.password` | Root pw of the psql DB | postgres |
| `hydra.hydra.config.urls.self.issuer`| **Base URI of the oAuth server** | **https://sso.oas.example.net** |
| `hydra.hydra.config.urls.login` | **URI that will be used for the login page** | **https://sso.oas.example.net/login** |
| `hydra.hydra.config.urls.consent` | **URI that will be used for permission checks** | **https://sso.oas.example.net/consent** |
| `hydra.hydra.config.secrets.system` | Secret that is used to generate secure tokens | YouReallyNeedToChangeThis |
## Installing and uninstalling the Chart
To install the chart with the realease name `single-sign-on` first clone the repository,
and then run helm install.
```
$ git clone https://open.greenhost.net/openappstack/single-sign-on
$ cd single-sign-on/helmchart/single-sign-on/
$ helm install -n single-sign-on .
```
The last command will deploy the single sign-on components on your server and applies a
default configuration. You should change the default configuration before running the command.
The [configuration](#configuration) section lists all configuration parameters.
In case you already ran the install command, you can uninstall the deployment by executing:
```
$ helm list # [OPTIONAL] - Lists all deployed releases
$ helm delete single-sign-on --purge
```
> **WARNING**: Executing the `delete` command with the `purge` flag will delete all data that is related to the applications. Don't run this command in a production environment if you are not absolutely sure that you have a restorable backup of your data.