Feature/nginx proxy

Chart.yaml

@@ -1,6 +1,6 @@
 name: fadi
-version: 0.1.14
-appVersion: 0.1.14
+version: 0.1.15
+appVersion: 0.1.15
 description: FADI is a Cloud Native platform for Big Data based on mature open source tools. 
 keywords:
  - fadi

README.md

@@ -72,6 +72,7 @@ Each requirement is configured with the options provided by that Chart. Please c
 | `logstash.enabled` | Enable [Logstash](https://github.com/helm/charts/tree/master/stable/logstash) | `false` |
 | `elasticsearch.enabled` | Enable [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch) | `false` |
 | `kibana.enabled` | Enable [Kibana](https://github.com/helm/charts/tree/master/stable/kibana) | `false` |
+| `nginx-ldapauth-proxy.enabled` | Enable [nginx-ldapauth-proxy](https://github.com/helm/charts/tree/master/stable/nginx-ldapauth-proxy) | `false` |
 | `tsaas.enabled` | Enable [Tsimulus-saas](https://github.com/cetic/helm-tsimulus-saas) | `false` |
 | `swaggerui.enabled` | Enable [Swaggerui](https://github.com/cetic/helm-swagger-ui) | `false` |
 
@@ -82,4 +83,4 @@ Feel free to contribute by making a [pull request](https://github.com/cetic/helm
 Please read the official [Contribution Guide](https://github.com/helm/charts/blob/master/CONTRIBUTING.md) from Helm for more information on how you can contribute to this Chart.
 
 ## License
-[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fcetic%2Fhelm-fadi.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fcetic%2Fhelm-fadi?ref=badge_large)
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fcetic%2Fhelm-fadi.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fcetic%2Fhelm-fadi?ref=badge_large)

requirements.yaml

@@ -72,3 +72,7 @@ dependencies:
  version: ^0.1.0
  repository: https://cetic.github.io/helm-charts/
  condition: swaggerui.enabled
+- name: nginx-ldapauth-proxy
+ version: ^0.1.3
+ repository: https://kubernetes-charts.storage.googleapis.com/
+ condition: nginx_ldapauth_proxy.enabled

templates/NOTES.txt

@@ -390,6 +390,33 @@ Kibana can be accessed:
 
 {{- end }}
 
+{{- if .Values.nginx_ldapauth_proxy.enabled }}
+
+##### nginx_ldapauth_proxy - FADI #####
+###################################################
+
+1. Get the application URL by running these commands:
+{{- if .Values.nginx_ldapauth_proxy.ingress.enabled }}
+{{- range .Values.nginx_ldapauth_proxy.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.nginx_ldapauth_proxy.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "nginx-ldapauth-proxy.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.nginx_ldapauth_proxy.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ template "nginx-ldapauth-proxy.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nginx-ldapauth-proxy.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.nginx_ldapauth_proxy.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.nginx_ldapauth_proxy.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "nginx-ldapauth-proxy.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:{{ .Values.nginx_ldapauth_proxy.service.internalPort }}
+{{- end }}
+
+{{- end }}
+
 
 {{- if .Values.tsaas.enabled }}
 
@@ -448,4 +475,6 @@ Kibana can be accessed:
 
 {{- end }}
 
-CONGRATULATIONS! FADI is being installed.
+
+
+CONGRATULATIONS! FADI is being installed.

values.yaml

@@ -26,13 +26,10 @@ superset:
  path: /
  hosts: [superset.fadi.minikube]
  configFile: |-
-
  from flask_appbuilder.security.manager import AUTH_DB,AUTH_LDAP
-
  #---------------------------------------------------------
  # Superset specific config
  #---------------------------------------------------------
-
  ROW_LIMIT = 5000
  SUPERSET_WORKERS = 2
  SUPERSET_WEBSERVER_PORT = 8088
@@ -54,11 +51,9 @@ superset:
  WTF_CSRF_EXEMPT_LIST = []
  # Set this API key to enable Mapbox visualizations
  MAPBOX_API_KEY = ''
-
  DEBUG=True
  LOG_FORMAT = '%(asctime)s:%(levelname)s:%(name)s:%(message)s'
  LOG_LEVEL = 'DEBUG'
-
  AUTH_TYPE = AUTH_LDAP
  AUTH_LDAP_SERVER = "ldap://fadi-openldap:389"
  AUTH_LDAP_USE_TLS = False
@@ -67,7 +62,6 @@ superset:
  AUTH_LDAP_BIND_USER = "cn=admin,dc=ldap,dc=cetic,dc=be"
  AUTH_LDAP_BIND_PASSWORD = "password1"
  AUTH_LDAP_UID_FIELD = "cn"
-
 postgresql:
  enabled: true
  persistence:
@@ -141,7 +135,6 @@ postgresql:
  #!/bin/sh
  psql -c "create role ldap_users;" postgres admin
  psql -c "create role ldap_groups;" postgres admin
-
 minio:
  enabled: true
  persistence:
@@ -200,9 +193,7 @@ grafana:
  # `config` is the content of `ldap.toml` that will be stored in the created secret
  config: |-
  verbose_logging = true
-
  [[servers]]
-
  host = "fadi-openldap"
  port = 389
  use_ssl = false
@@ -212,13 +203,10 @@ grafana:
  ##bind_password = 'password1'
  search_filter = "(cn=%s)"
  search_base_dns = ["DC=ldap,DC=cetic,DC=be"]
-
  [[servers.group_mappings]]
-
  group_dn = "*"
  org_role = "Admin"
  ##grafana_admin = true
-
  # ----- auth -----
 
 jupyterhub:
@@ -311,9 +299,7 @@ openldap:
 
  customLdifFiles:
  1-default-users.ldif: |-
-
  # You can find an example ldif file.
-
 phpldapadmin:
  enabled: true
  service:
@@ -354,6 +340,31 @@ kibana:
  env:
  ELASTICSEARCH_HOSTS: http://{{ .Release.Name }}-elasticsearch-client:9200
 
+nginx_ldapauth_proxy:
+ enabled: false
+ service:
+ type: NodePort
+ externalPort: 5601
+ proxy:
+ port: 443
+ host: "fadi-kibana"
+ authName: "admin"
+ ldapHost: "fadi-openldap"
+ ldapDN: "dc=ldap,dc=cetic,dc=be"
+ ldapFilter: "objectClass=organizationalPerson"
+ ldapBindDN: "cn=admin,dc=ldap,dc=cetic,dc=be"
+ requires:
+ - name: "admin"
+ filter: "cn=admin,dc=ldap,dc=cetic,dc=be"
+ ingress:
+ enabled: false
+ hosts:
+ - "fadikibana.com"
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ secrets:
+ ldapBindPassword: "password1"
+
 logstash:
  enabled: false
  elasticsearch:
@@ -391,8 +402,3 @@ swaggerui:
  path: /
  hosts: [swagger-tsimulus.fadi.minikube]
  tls: []
-
-
-
-
-