Skip to content
Snippets Groups Projects
Verified Commit 534a79c8 authored by Mark's avatar Mark
Browse files

Change values file according to best practices

parent 47397c93
No related branches found
No related tags found
1 merge request!7Integration user panel
Pipeline #1459 failed with stage
in 3 minutes and 27 seconds
Showing with 66 additions and 27 deletions
......@@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.1"
description: A Helm chart for OpenAppStacks Signle Sign on components
name: single-sign-on
version: 0.1.1
version: 0.2
......@@ -16,8 +16,8 @@ spec:
spec:
containers:
- name: {{ .Chart.Name }}-consent
image: "open.greenhost.net:4567/openappstack/single-sign-on/consent_provider:integration-user-panel"
imagePullPolicy: Always
image: {{ .Values.image.repository }}/consent_provider:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: HYDRA_ADMIN_URL
value: http://{{ .Release.Name }}-hydra-admin:4445
......
......@@ -16,8 +16,8 @@ spec:
spec:
containers:
- name: {{ .Chart.Name }}-login
image: "open.greenhost.net:4567/openappstack/single-sign-on/login_provider:integration-user-panel"
imagePullPolicy: Always
image: {{ .Values.image.repository }}/login_provider:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: HYDRA_ADMIN_URL
value: http://{{ .Release.Name }}-hydra-admin:4445
......
......@@ -19,21 +19,21 @@ spec:
image: postgres:11
env:
- name: POSTGRES_PASSWORD
value: {{ .Values.userbackend.postgres.password }}
- name: {{ .Chart.Name }}-userbackend
image: "open.greenhost.net:4567/openappstack/user-panel/backend:19-feature-link-to-the-applications-included-in-oas"
imagePullPolicy: Always
value: {{ .Values.userpanel.postgresPassword }}
- name: {{ .Chart.Name }}-userbackend-api
image: {{ .Values.userpanel.image.repository }}/backend:{{ .Values.userpanel.image.tag }}
imagePullPolicy: {{ .Values.userpanel.image.pullPolicy }}
env:
- name: HYDRA_ADMIN_URL
value: http://{{ include "single-sign-on.name" . }}-hydra-admin:4445
- name: DATABASE_USER
value: postgres
value: "postgres"
- name: DATABASE_PASSWORD
value: {{ .Values.userbackend.postgres.password }}
value: {{ default .Values.userpanel.postgresPassword }}
- name: DATABASE_NAME
value: postgres
value: "postgres"
- name: DATABASE_HOST
value: localhost
value: "localhost"
ports:
- name: userbackend
containerPort: 5000
......
......@@ -16,8 +16,8 @@ spec:
spec:
containers:
- name: {{ .Chart.Name }}-userpanel
image: "open.greenhost.net:4567/openappstack/user-panel/frontend:19-feature-link-to-the-applications-included-in-oas"
imagePullPolicy: Always
image: {{ .Values.userpanel.image.repository }}/frontend:{{ .Values.userpanel.image.tag }}
imagePullPolicy: {{ .Values.userpanel.image.pullPolicy }}
env:
- name: HOST
value: 0.0.0.0
......
......@@ -8,7 +8,7 @@ metadata:
kubernetes.io/tls-acme: "true"
spec:
rules:
- host: {{ .Values.hydra.ingress.host }}
- host: {{ .Values.singleSignOnHost }}
http:
paths:
- path: /consent
......
......@@ -19,7 +19,8 @@ spec:
restartPolicy: Never
containers:
- name: create-admin-user
image: "open.greenhost.net:4567/openappstack/user-panel/backend:minimal-frontend"
image: {{ .Values.userpanel.image.repository }}/backend:{{ .Values.userpanel.image.tag }}
imagePullPolicy: {{ .Values.userpanel.image.pullPolicy }}
env:
- name: USERNAME
value: {{ .Values.userbackend.username }}
......
......@@ -19,7 +19,8 @@ spec:
restartPolicy: Never
containers:
- name: user-panel
image: "open.greenhost.net:4567/openappstack/user-panel/backend:minimal-frontend"
image: {{ .Values.userpanel.image.repository }}/backend:{{ .Values.userpanel.image.tag }}
imagePullPolicy: {{ .Values.userpanel.image.pullPolicy }}
env:
- name: CLIENT_ID
valueFrom:
......
......@@ -5,4 +5,4 @@ metadata:
type: Opaque
data:
client_id: {{ "user-panel" | b64enc }}
client_secret: {{ .Values.userpanel.oAuth.client_secret | b64enc }}
client_secret: {{ .Values.userpanel.oAuthClientSecret | b64enc }}
replicaCount: 1
image:
repository: "open.greenhost.net:4567/openappstack/single-sign-on"
tag: "integration-user-panel"
pullPolicy: Always
# singleSignOnHost is the FQDN that will be used by the ingress to make the consent and
# the login provider accessible by user agents. For now it is recommended to set it to the
# same value as hydra.ingress.public.hosts[0].host
singleSignOnHost: sso.oas.alumnicloud.net
userpanel:
image:
repository: "open.greenhost.net:4567/openappstack/user-panel"
tag: "19-feature-link-to-the-applications-included-in-oas"
pullPolicy: Always
ingress:
# userpanel.ingress.host is the FQDN of the userpanel application
host: admin.oas.alumnicloud.net
oAuth:
client_secret: "YouReallyNeedToChangeThis"
# userpanel.oauthClientSecret is the secret the userpanel application will use to make
# oauth requests to the hydra service.
oAuthClientSecret: "alsjdlaskjdlaksjdlaksjdlakjsdlakjs"
userbackend:
# userbackend.username is the username of the admin user that will be create
# after the installation of the user backend.
username: "admin"
password: "YouReallyNeedToChangeThis"
email: "admin@example.net"
postgres:
password: "postgres"
# username.password is the password of the admin user
password: "securepassowrd:)"
# username.email is email address of the admin user
email: "admin@alumnicloud.net"
# root password of the postgress db that is created and used by the userbackend
postgresPassword: "postgres"
hydra:
hydra:
# hydra.hydra.dangerousForceHttp allows access to the hydra admin API over http
dangerousForceHttp: true
config:
dsn: memory
urls:
self:
# hydra.hydra.config.urls.self is the base url of hydra. It needs to match the FQDN
# specified in hydra.ingress.public
issuer: https://sso.oas.alumnicloud.net
# hydra.hydra.config.urls.login is the uri that users are redirect to perform the
# login operation. The FQDN used here needs to match the value of singleSignOnHost
login: https://sso.oas.alumnicloud.net/login
# hydra.hydra.config.urls.consent is the uri that users are redirect to trigger
# the consent/permission check. The FQDN used here needs to match the value of
# singleSignOnHost
consent: https://sso.oas.alumnicloud.net/consent
secrets:
system: "YouReallyNeedToChangeThis"
# hydra.hydra.config.secret is used as a seed whenever cryptographic operations are
# performed by hydra i.e. creation of a token.
system: "alskdjölakjdslaksjdlaksjdlaksjdladpogipsoigdpsodigp"
ingress:
host: sso.oas.alumnicloud.net
public:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
hosts:
# hydra.ingress.public.hosts[0].hosts.host is the FQDN of the single sign-on system
# that will be used by oAuth clients to retrieve userinfo and redirect their users to.
- host: sso.oas.alumnicloud.net
paths: ["/"]
tls:
- hosts:
- sso.oas.alumnicloud.net
secretName: hydra-public.tls
# hydra.ingress.admin is the ingress resource that controls access to the hydra
# admin API server. It can be activated using the same options as in
# hydra.ingress.public with a different FQDN
admin:
enabled: false
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment