Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

helm chart for a3s server #24

Closed
wants to merge 8 commits into from
Closed

helm chart for a3s server #24

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
3d0c623
add: helm chart for a3s server
t00f Jan 11, 2022
6f70ce6
fix: add missing values
t00f Jan 22, 2022
d09c57a
Merge branch 'master' into helm
t00f Jan 22, 2022
bcf7495
fix: naming and tls
t00f Jan 24, 2022
2994fa1
fix: more configuration options
t00f Jan 24, 2022
d6e7d04
fix: service configuration
t00f Jan 26, 2022
2005ce0
Merge branch 'master' into helm
t00f Jan 26, 2022
fb2be7b
fix: typo
t00f Jan 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions helm/a3s/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
description: Authentication As A Service
name: a3s
version: 0.0.0-dev
141 changes: 141 additions & 0 deletions helm/a3s/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: a3s
spec:
replicas: 1
t00f marked this conversation as resolved.
Show resolved Hide resolved
strategy:
type: RollingUpdate
t00f marked this conversation as resolved.
Show resolved Hide resolved
selector:
matchLabels:
app: a3s
type: core
t00f marked this conversation as resolved.
Show resolved Hide resolved
template:
metadata:
labels:
app: a3s
type: core
spec:
terminationGracePeriodSeconds: 60
t00f marked this conversation as resolved.
Show resolved Hide resolved
containers:
- name: a3s
image: {{ required "global.imageRegistry is required" .Values.global.imageRegistry }}/a3s:test
t00f marked this conversation as resolved.
Show resolved Hide resolved
imagePullPolicy: "Always"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be configured from values

env:
# General
- name: A3S_LISTEN
value: ":1443"
- name: A3S_ENCODING
value: "msgpack"
t00f marked this conversation as resolved.
Show resolved Hide resolved
# - name: A3S_CORS_DEFAULT_ORIGIN
# value: "https://127.0.0.1:44443"
# - name: A3S_CORS_ADDITIONAL_ORIGINS
# value: "http://localhost:8080"

# Log
- name: A3S_LOG_FORMAT
value: {{ .Values.log.format | default .Values.global.log.format | quote }}
- name: A3S_LOG_LEVEL
value: {{ .Values.log.level | default .Values.global.log.level | quote }}

# Health
- name: A3S_HEALTH_LISTEN
value: ":1080"
t00f marked this conversation as resolved.
Show resolved Hide resolved
- name: A3S_HEALTH_ENABLED
value: "true"

# Profiling
{{- if .Values.global.profiling.enabled }}
- name: A3S_PROFILING_ENABLED
value: "true"
- name: A3S_PROFILING_LISTEN
value: {{ required "global.profiling.listen is required" .Values.global.profiling.listen | quote }}
{{- end }}

# TLS
- name: A3S_TLS_CERT
value: /certs/a3s-tls-cert.pem
- name: A3S_TLS_KEY
value: /certs/a3s-tls-key.pem
- name: A3S_TLS_KEY_PASS
value: file:///certs/a3s-tls-key.pass

# JWT
- name: A3S_JWT_CERT
value: /certs/jwt-cert.pem
- name: A3S_JWT_KEY
value: /certs/jwt-key.pem
- name: A3S_JWT_KEY_PASS
value: file:///certs/jwt-key.pass
- name: A3S_JWT_ISSUER
value: {{ required "global.issuer is required" .Values.global.issuer }}
- name: A3S_JWT_AUDIENCE
value: {{ required "global.audience is required" .Values.global.audience }}

# Mongo
- name: A3S_MONGO_URL
{{- if .Values.global.mongo.sharded }}
value: mongodb://{{ required "global.mongo.host is required" .Values.global.mongo.host }}?authMechanism=MONGODB-X509
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should simply let the full mongodb url come from values

{{- else }}
value: mongodb://{{ required "global.mongo.host is required" .Values.global.mongo.host }}?replicaSet=rs0&authMechanism=MONGODB-X509
{{- end }}
- name: A3S_MONGO_AUTH_DB
value: "$external"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be configured from values

- name: A3S_MONGO_USER
value: "CN=mongodb-admin,OU=users,O=mongodb"
t00f marked this conversation as resolved.
Show resolved Hide resolved
# - name: A3S_MONGO_PASS
# value: "a3s"
- name: A3S_MONGO_ENCRYPTION_KEY
value: file:///certs/attribute-encryption-key.pass
- name: A3S_MONGO_TLS_DISABLE
value: "true"
t00f marked this conversation as resolved.
Show resolved Hide resolved
- name: A3S_MONGO_TLS_CERT
t00f marked this conversation as resolved.
Show resolved Hide resolved
value: ""
- name: A3S_MONGO_TLS_KEY
value: ""
- name: A3S_MONGO_TLS_KEY_PASS
value: ""

# Nats
- name: A3S_NATS_URL
value: "nats://nats:4222"
t00f marked this conversation as resolved.
Show resolved Hide resolved
- name: A3S_NATS_USER
value: file:///certs/nats.user
- name: A3S_NATS_PASS
value: file:///certs/nats.user
- name: A3S_NATS_TLS_DISABLE
value: "true"
t00f marked this conversation as resolved.
Show resolved Hide resolved

volumeMounts:
- name: certs
mountPath: /certs
volumes:
- name: certs
secret:
secretName: a3s-secrets
items:
# TLS
- key: a3s-tls-cert.pem
path: a3s-tls-cert.pem
- key: a3s-tls-key.pem
path: a3s-tls-key.pem
- key: a3s-tls-key.pass
path: a3s-tls-key.pass

# JWT
- key: jwt-cert.pem
path: jwt-cert.pem
- key: jwt-key.pem
path: jwt-key.pem
- key: jwt-key.pass
path: jwt-key.pass

# Mongo
- key: attribute-encryption-key.pass
path: attribute-encryption-key.pass

# Nats
- key: nats.user
path: nats.user
- key: nats.pass
path: nats.pass
24 changes: 24 additions & 0 deletions helm/a3s/templates/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: a3s-secrets
data:
# TLS
a3s-tls-cert.pem: {{ required "global.server.cert is required" .Values.global.server.cert | quote }}
a3s-tls-key.pem: {{ required "global.server.key is required" .Values.global.server.key | quote }}
a3s-tls-key.pass: {{ required "global.server.pass is required" .Values.global.server.pass | b64enc | quote }}

# JWT
jwt-cert.pem: {{ required "global.server.cert is required" .Values.global.server.cert | quote }}
jwt-key.pem: {{ required "global.server.key is required" .Values.global.server.key | quote }}
jwt-key.pass: {{ required "global.server.pass is required" .Values.global.server.pass | b64enc | quote }}

# Mongo
attribute-encryption-key.pass: {{ required "global.mongo.attributeEncryptionKey is required" .Values.global.mongo.attributeEncryptionKey | b64enc | quote }}

# Nats
nats.user: {{ required "global.nats.user is required" .Values.global.nats.user | b64enc | quote }}
nats.pass: {{ required "global.nats.pass is required" .Values.global.nats.pass | b64enc | quote }}


30 changes: 30 additions & 0 deletions helm/a3s/templates/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: v1
kind: Service
metadata:
name: a3s
labels:
app: a3s
t00f marked this conversation as resolved.
Show resolved Hide resolved
type: core
spec:
selector:
app: a3s
clusterIP: None
t00f marked this conversation as resolved.
Show resolved Hide resolved
ports:
- port: 1443
t00f marked this conversation as resolved.
Show resolved Hide resolved
name: app
---
apiVersion: v1
kind: Service
metadata:
name: health-a3s
labels:
app: a3s
type: core
spec:
selector:
app: a3s
clusterIP: None
ports:
- port: 1080
name: health
---
39 changes: 39 additions & 0 deletions helm/a3s/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
replicas: 1

log:
level: info
format: console

global:
audience:
issuer:
imageRegistry: gcr.io/aporetodev
log:
t00f marked this conversation as resolved.
Show resolved Hide resolved
level: info
format: stackdriver

server:
cert:
key:
pass:

mongo:
cert:
key:
pass:
host: mongodb-shard-router-0.mongodb-shard-router,mongodb-shard-router-1.mongodb-shard-router,mongodb-shard-router-2.mongodb-shard-router
sharded: true
readConsistency: nearest
attributeEncryptionKey:

nats:
# cert:
# key:
# pass:
user:
pass:

profiling:
enabled: false
listen: ":6060"

39 changes: 39 additions & 0 deletions helm/test/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
replicas: 1

log:
level: info
format: console

global:
audience: "a3s.com"
issuer: https://issuer.a3s.com
imageRegistry: gcr.io/aporetodev
log:
level: info
format: stackdriver

server:
cert: server-cert
key: server-key
pass: server-key-pass

mongo:
cert: mongo-cert
key: mongo-key
pass: mongo-key-pass
host: mongodb-shard-router-0.mongodb-shard-router,mongodb-shard-router-1.mongodb-shard-router,mongodb-shard-router-2.mongodb-shard-router
sharded: true
readConsistency: nearest
attributeEncryptionKey: "abcdefghijkl"

nats:
# cert:
# key:
# pass:
user: username
pass: password

profiling:
enabled: false
listen: ":6060"