From c2bb0a6616a1b9efbe22bc827f4e3e08e4dbf128 Mon Sep 17 00:00:00 2001 From: Amen Ayadi Date: Fri, 8 Nov 2019 15:41:42 +0100 Subject: [PATCH 1/2] Nginx-ldapauth-proxy --- README.md | 3 ++- requirements.yaml | 4 ++++ templates/NOTES.txt | 31 ++++++++++++++++++++++++++++++- values.yaml | 44 +++++++++++++++++++++++++------------------- 4 files changed, 61 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 1460f3b..0a9e390 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,7 @@ Each requirement is configured with the options provided by that Chart. Please c | `logstash.enabled` | Enable [Logstash](https://github.com/helm/charts/tree/master/stable/logstash) | `false` | | `elasticsearch.enabled` | Enable [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch) | `false` | | `kibana.enabled` | Enable [Kibana](https://github.com/helm/charts/tree/master/stable/kibana) | `false` | +| `nginx-ldapauth-proxy.enabled` | Enable [nginx-ldapauth-proxy](https://github.com/helm/charts/tree/master/stable/nginx-ldapauth-proxy) | `false` | | `tsaas.enabled` | Enable [Tsimulus-saas](https://github.com/cetic/helm-tsimulus-saas) | `false` | | `swaggerui.enabled` | Enable [Swaggerui](https://github.com/cetic/helm-swagger-ui) | `false` | @@ -82,4 +83,4 @@ Feel free to contribute by making a [pull request](https://github.com/cetic/helm Please read the official [Contribution Guide](https://github.com/helm/charts/blob/master/CONTRIBUTING.md) from Helm for more information on how you can contribute to this Chart. ## License -[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fcetic%2Fhelm-fadi.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fcetic%2Fhelm-fadi?ref=badge_large) +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fcetic%2Fhelm-fadi.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fcetic%2Fhelm-fadi?ref=badge_large) \ No newline at end of file diff --git a/requirements.yaml b/requirements.yaml index 2dc716a..369e2fa 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -72,3 +72,7 @@ dependencies: version: ^0.1.0 repository: https://cetic.github.io/helm-charts/ condition: swaggerui.enabled +- name: nginx-ldapauth-proxy + version: ^0.1.3 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: nginx_ldapauth_proxy.enabled \ No newline at end of file diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 5267a71..96275bc 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -390,6 +390,33 @@ Kibana can be accessed: {{- end }} +{{- if .Values.nginx_ldapauth_proxy.enabled }} + +##### nginx_ldapauth_proxy - FADI ##### +################################################### + +1. Get the application URL by running these commands: +{{- if .Values.nginx_ldapauth_proxy.ingress.enabled }} +{{- range .Values.nginx_ldapauth_proxy.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.nginx_ldapauth_proxy.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "nginx-ldapauth-proxy.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.nginx_ldapauth_proxy.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "nginx-ldapauth-proxy.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nginx-ldapauth-proxy.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.nginx_ldapauth_proxy.service.externalPort }} +{{- else if contains "ClusterIP" .Values.nginx_ldapauth_proxy.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "nginx-ldapauth-proxy.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.nginx_ldapauth_proxy.service.internalPort }} +{{- end }} + +{{- end }} + {{- if .Values.tsaas.enabled }} @@ -448,4 +475,6 @@ Kibana can be accessed: {{- end }} -CONGRATULATIONS! FADI is being installed. + + +CONGRATULATIONS! FADI is being installed. \ No newline at end of file diff --git a/values.yaml b/values.yaml index ecbdf5f..5ae2de6 100644 --- a/values.yaml +++ b/values.yaml @@ -26,13 +26,10 @@ superset: path: / hosts: [superset.fadi.minikube] configFile: |- - from flask_appbuilder.security.manager import AUTH_DB,AUTH_LDAP - #--------------------------------------------------------- # Superset specific config #--------------------------------------------------------- - ROW_LIMIT = 5000 SUPERSET_WORKERS = 2 SUPERSET_WEBSERVER_PORT = 8088 @@ -54,11 +51,9 @@ superset: WTF_CSRF_EXEMPT_LIST = [] # Set this API key to enable Mapbox visualizations MAPBOX_API_KEY = '' - DEBUG=True LOG_FORMAT = '%(asctime)s:%(levelname)s:%(name)s:%(message)s' LOG_LEVEL = 'DEBUG' - AUTH_TYPE = AUTH_LDAP AUTH_LDAP_SERVER = "ldap://fadi-openldap:389" AUTH_LDAP_USE_TLS = False @@ -67,7 +62,6 @@ superset: AUTH_LDAP_BIND_USER = "cn=admin,dc=ldap,dc=cetic,dc=be" AUTH_LDAP_BIND_PASSWORD = "password1" AUTH_LDAP_UID_FIELD = "cn" - postgresql: enabled: true persistence: @@ -141,7 +135,6 @@ postgresql: #!/bin/sh psql -c "create role ldap_users;" postgres admin psql -c "create role ldap_groups;" postgres admin - minio: enabled: true persistence: @@ -200,9 +193,7 @@ grafana: # `config` is the content of `ldap.toml` that will be stored in the created secret config: |- verbose_logging = true - [[servers]] - host = "fadi-openldap" port = 389 use_ssl = false @@ -212,13 +203,10 @@ grafana: ##bind_password = 'password1' search_filter = "(cn=%s)" search_base_dns = ["DC=ldap,DC=cetic,DC=be"] - [[servers.group_mappings]] - group_dn = "*" org_role = "Admin" ##grafana_admin = true - # ----- auth ----- jupyterhub: @@ -311,9 +299,7 @@ openldap: customLdifFiles: 1-default-users.ldif: |- - # You can find an example ldif file. - phpldapadmin: enabled: true service: @@ -354,6 +340,31 @@ kibana: env: ELASTICSEARCH_HOSTS: http://{{ .Release.Name }}-elasticsearch-client:9200 +nginx_ldapauth_proxy: + enabled: false + service: + type: NodePort + externalPort: 5601 + proxy: + port: 443 + host: "fadi-kibana" + authName: "admin" + ldapHost: "fadi-openldap" + ldapDN: "dc=ldap,dc=cetic,dc=be" + ldapFilter: "objectClass=organizationalPerson" + ldapBindDN: "cn=admin,dc=ldap,dc=cetic,dc=be" + requires: + - name: "admin" + filter: "cn=admin,dc=ldap,dc=cetic,dc=be" + ingress: + enabled: false + hosts: + - "fadikibana.com" + annotations: + kubernetes.io/ingress.class: nginx + secrets: + ldapBindPassword: "password1" + logstash: enabled: false elasticsearch: @@ -391,8 +402,3 @@ swaggerui: path: / hosts: [swagger-tsimulus.fadi.minikube] tls: [] - - - - - From ac88c1b74fc16b5dde3069cd9bd97cf3124479dd Mon Sep 17 00:00:00 2001 From: Amen Ayadi Date: Fri, 8 Nov 2019 15:43:06 +0100 Subject: [PATCH 2/2] Nginx-ldapauth-proxy --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 98d7da0..0e0e258 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,6 @@ name: fadi -version: 0.1.14 -appVersion: 0.1.14 +version: 0.1.15 +appVersion: 0.1.15 description: FADI is a Cloud Native platform for Big Data based on mature open source tools. keywords: - fadi