Skip to content

A
amundsen_dev
Commit 753933d6 authored by Luke Lowery's avatar Luke Lowery Committed by Tao Feng
Browse files
Options

adding oidc to the helm chart (#216)

parent e888bee2
Hide whitespace changes
Inline Side-by-side
Showing with 98 additions and 13 deletions
amundsen-kube-helm/templates/helm/amundsen/templates/deployment.yaml
View file @ 753933d6
...@@ -64,14 +64,40 @@ spec: ...@@ -64,14 +64,40 @@ spec:
tolerations: tolerations:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}
{{- end }} {{- end }}
volumes:
{{- if .Values.oidcEnabled }}
- name: oidc-config
secret:
secretName: oidc-config
{{- end }}
containers: containers:
- name: {{ .Chart.Name }}-{{ .Values.metadataServiceName }} - name: {{ .Chart.Name }}-{{ .Values.metadataServiceName }}
image: {{- if .Values.metadataServiceImage }} {{.Values.metadataServiceImage}}{{- else }} {{ .Values.dockerhubImagePath }}/{{ .Chart.Name }}-{{ .Values.metadataServiceName }}:{{ .Values.metadataImageVersion }}{{- end }} {{- with .Values.metadataServiceImage }}
image: {{ . }}
{{- else }}
image: {{ .Values.dockerhubImagePath }}/{{ .Chart.Name }}-{{ .Values.metadataServiceName }}{{ if .Values.oidcEnabled }}-oidc{{ end }}:{{ .Values.metadataImageVersion }}
{{- end }}
imagePullPolicy: Never
ports: ports:
- containerPort: 5000 - containerPort: 5000
env: env:
- name: PROXY_HOST - name: PROXY_HOST
value: bolt://neo4j value: bolt://neo4j
{{- if .Values.oidcEnabled }}
- name: FLASK_OIDC_CLIENT_SECRETS
value: /etc/client_secrets.json
- name: FLASK_OIDC_SECRET_KEY
valueFrom:
secretKeyRef:
name: oidc-config
key: OIDC_CLIENT_SECRET
{{- end }}
volumeMounts:
{{- if .Values.oidcEnabled }}
- name: oidc-config
mountPath: /etc/client_secrets.json
subPath: client_secrets.json
{{- end }}
{{- with .Values.metadata.resources }} {{- with .Values.metadata.resources }}
resources: resources:
{{ toYaml . | indent 10 }} {{ toYaml . | indent 10 }}
...@@ -103,16 +129,40 @@ spec: ...@@ -103,16 +129,40 @@ spec:
tolerations: tolerations:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}
{{- end }} {{- end }}
volumes:
{{- if .Values.oidcEnabled }}
- name: oidc-config
secret:
secretName: oidc-config
{{- end }}
containers: containers:
- name: {{ .Chart.Name }}-{{ .Values.frontEndServiceName }} - name: {{ .Chart.Name }}-{{ .Values.frontEndServiceName }}
image: {{- if .Values.frontEndServiceImage }} {{.Values.frontEndServiceImage}}{{- else }} {{ .Values.dockerhubImagePath }}/{{ .Chart.Name }}-{{ .Values.frontEndServiceName }}:{{ .Values.frontEndImageVersion }}{{- end }} {{- with .Values.frontEndServiceImage }}
image: {{ . }}
{{- else }}
image: {{ .Values.dockerhubImagePath }}/{{ .Chart.Name }}-{{ .Values.frontEndServiceName }}{{ if .Values.oidcEnabled }}-oidc{{ end }}:{{ .Values.frontEndImageVersion }}
{{- end }}
ports: ports:
- containerPort: 5000 - containerPort: 5000
env: env:
- name: SEARCHSERVICE_BASE - name: SEARCHSERVICE_BASE
value: http://{{ .Chart.Name }}-{{ .Values.searchServiceName }}:5001 value: http://{{ .Chart.Name }}-{{ .Values.searchServiceName }}:5001
- name: METADATASERVICE_BASE - name: METADATASERVICE_BASE
value: http://{{ .Chart.Name }}-{{ .Values.metadataServiceName }}:5002 value: http://{{ .Chart.Name }}-{{ .Values.metadataServiceName }}:5002
- name: FRONTEND_SVC_CONFIG_MODULE_CLASS - name: LONG_RANDOM_STRING
value: amundsen_application.config.TestConfig value: {{ quote .Values.LONG_RANDOM_STRING }}
--- {{- if .Values.oidcEnabled }}
- name: FLASK_OIDC_CLIENT_SECRETS
value: /etc/client_secrets.json
- name: FLASK_OIDC_SECRET_KEY
valueFrom:
secretKeyRef:
name: oidc-config
key: OIDC_CLIENT_SECRET
{{- end }}
volumeMounts:
{{- if .Values.oidcEnabled }}
- name: oidc-config
mountPath: /etc/client_secrets.json
subPath: client_secrets.json
{{- end }}
amundsen-kube-helm/templates/helm/amundsen/templates/oidc_config.yaml 0 → 100644
View file @ 753933d6
{{- if .Values.createOidcSecret }}
apiVersion: v1
kind: Secret
metadata:
name: oidc-config
namespace: {{ .Release.Namespace }}
stringData:
OIDC_CLIENT_SECRET: {{ .Values.OIDC_CLIENT_SECRET }}
client_secrets.json: |-
{
"web": {
"client_id": "{{ .Values.OIDC_CLIENT_ID }}",
"client_secret": "{{ .Values.OIDC_CLIENT_SECRET }}",
"auth_uri": "{{ .Values.OIDC_ORG_URL }}/oauth2/{{ .Values.OIDC_AUTH_SERVER_ID }}/v1/authorize",
"token_uri": "{{ .Values.OIDC_ORG_URL }}/oauth2/{{ .Values.OIDC_AUTH_SERVER_ID }}/v1/token",
"issuer": "{{ .Values.OIDC_ORG_URL }}/oauth2/{{ .Values.OIDC_AUTH_SERVER_ID }}",
"userinfo_uri": "{{ .Values.OIDC_ORG_URL }}/oauth2/{{ .Values.OIDC_AUTH_SERVER_ID }}/userinfo",
"redirect_uris": [
"http://localhost/oidc_callback"
]
}
}
{{- end }}
amundsen-kube-helm/templates/helm/amundsen/values.yaml
View file @ 753933d6
...@@ -3,6 +3,18 @@ provider: aws ...@@ -3,6 +3,18 @@ provider: aws
dnsZone: teamname.company.com dnsZone: teamname.company.com
dockerhubImagePath: amundsendev dockerhubImagePath: amundsendev
LONG_RANDOM_STRING: 1234
# To enable auth via OIDC, set this to true.
oidcEnabled: false
# OIDC needs some configuration. If you want the chart to make your secrets, set this to true and set the next four values.
# If you don't want to configure your secrets via helm, you can still use the oidc_config.yaml as a template
createOidcSecret: false
# OIDC_CLIENT_ID:
# OIDC_CLIENT_SECRET:
# OIDC_ORG_URL:
# OIDC_AUTH_SERVER_ID:
## Support Node, affinity and tolerations for scheduler pod assignment ## Support Node, affinity and tolerations for scheduler pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
...@@ -27,7 +39,7 @@ search: ...@@ -27,7 +39,7 @@ search:
tolerations: [] tolerations: []
metadataServiceName: metadata metadataServiceName: metadata
metadataImageVersion: 1.1.5 metadataImageVersion: 1.1.6
metadata: metadata:
replicas: 1 replicas: 1
resources: resources:
...@@ -43,7 +55,7 @@ metadata: ...@@ -43,7 +55,7 @@ metadata:
tolerations: [] tolerations: []
frontEndServiceName: frontend frontEndServiceName: frontend
frontEndImageVersion: 1.1.1 frontEndImageVersion: 1.2.0
frontEndServicePort: 80 frontEndServicePort: 80
frontEnd: frontEnd:
replicas: 1 replicas: 1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment