diff --git a/404.html b/404.html index b502c823b6..1b6b16f3dd 100644 --- a/404.html +++ b/404.html @@ -12,7 +12,7 @@ - +
diff --git a/assets/js/29637022.71e75b97.js b/assets/js/29637022.71e75b97.js deleted file mode 100644 index bf0a99b01c..0000000000 --- a/assets/js/29637022.71e75b97.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkchaos_mesh_website=self.webpackChunkchaos_mesh_website||[]).push([[2018],{9477:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>r,contentTitle:()=>a,default:()=>d,frontMatter:()=>i,metadata:()=>c,toc:()=>h});var o=n(11527),s=n(7463);const i={title:"GCP OAuth Authentication"},a=void 0,c={id:"gcp-authentication",title:"GCP OAuth Authentication",description:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function.",source:"@site/docs/gcp-authentication.md",sourceDirName:".",slug:"/gcp-authentication",permalink:"/docs/next/gcp-authentication",draft:!1,unlisted:!1,editUrl:"https://github.com/chaos-mesh/website/edit/master/docs/gcp-authentication.md",tags:[],version:"current",frontMatter:{title:"GCP OAuth Authentication"},sidebar:"docs",previous:{title:"Search and Recover Experiments of Chaosd",permalink:"/docs/next/chaosd-search-recover"},next:{title:"Integrate Chaos Mesh to GitHub Actions",permalink:"/docs/next/integrate-chaos-mesh-into-github-actions"}},r={},h=[{value:"Create OAuth Client",id:"create-oauth-client",level:2},{value:"Configure and start Chaos Mesh",id:"configure-and-start-chaos-mesh",level:2},{value:"Use the function",id:"use-the-function",level:2}];function l(e){const t={a:"a",code:"code",h2:"h2",img:"img",li:"li",ol:"ol",p:"p",pre:"pre",...(0,s.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(t.p,{children:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function."}),"\n",(0,o.jsx)(t.h2,{id:"create-oauth-client",children:"Create OAuth Client"}),"\n",(0,o.jsxs)(t.p,{children:["Create GCP OAuth client and get the Client ID and Client Secret according to ",(0,o.jsx)(t.a,{href:"https://support.google.com/cloud/answer/6158849?hl=en",children:"Setting up OAuth 2.0"}),"."]}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Go to the ",(0,o.jsx)(t.a,{href:"https://console.cloud.google.com/",children:"Google Cloud Platform Console"}),"."]}),"\n",(0,o.jsx)(t.li,{children:"From the projects list, select a project or create a new one."}),"\n",(0,o.jsx)(t.li,{children:'If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Credentials" on the left.'}),"\n",(0,o.jsx)(t.li,{children:'Click "New Credentials", then select "OAuth client ID".'}),"\n",(0,o.jsxs)(t.li,{children:['Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is ',(0,o.jsx)(t.code,{children:"ROOT_URL/api/auth/gcp/callback"}),". In this part, ",(0,o.jsx)(t.code,{children:"ROOT_URL"}),' is the root URL of Chaos dashboard, like "',(0,o.jsx)(t.a,{href:"http://localhost:2333",children:"http://localhost:2333"}),'". This URL can be set through the configuration item ',(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," by",(0,o.jsx)(t.code,{children:"helm"}),"."]}),"\n",(0,o.jsx)(t.li,{children:'Click "Create Client ID".'}),"\n"]}),"\n",(0,o.jsx)(t.p,{children:"After creating the client, remember to save the Client ID and Client Secret for the following steps."}),"\n",(0,o.jsx)(t.h2,{id:"configure-and-start-chaos-mesh",children:"Configure and start Chaos Mesh"}),"\n",(0,o.jsx)(t.p,{children:"To enable the function, you need to set the configuration items in helm charts as follows:"}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpSecurityMode"})," to ",(0,o.jsx)(t.code,{children:"true"}),"."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientId"})," to the Client ID from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientSecret"})," to the Client Secret from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," to the root address of Chaos Dashboard."]}),"\n"]}),"\n",(0,o.jsxs)(t.p,{children:["If Chaos Mesh has been installed, you can update the configuration items through ",(0,o.jsx)(t.code,{children:"helm upgrade"}),". If not, you can install Chaos Mesh through ",(0,o.jsx)(t.code,{children:"helm install"}),"."]}),"\n",(0,o.jsx)(t.h2,{id:"use-the-function",children:"Use the function"}),"\n",(0,o.jsx)(t.p,{children:"Open Chaos Dashboard, and click the google icon under the authentication window."}),"\n",(0,o.jsx)(t.p,{children:(0,o.jsx)(t.img,{alt:"img",src:n(96406).Z+"",width:"640",height:"855"})}),"\n",(0,o.jsx)(t.p,{children:"After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: chaos-mesh-cluster-manager\nrules:\n - apiGroups:\n - chaos-mesh.org\n resources: ['*']\n verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: cluster-manager-binding\n namespace: chaos-mesh\nsubjects:\n - kind: User\n name: example@gmail.com\nroleRef:\n kind: ClusterRole\n name: chaos-mesh-cluster-manager\n apiGroup: rbac.authorization.k8s.io\n"})}),"\n",(0,o.jsxs)(t.p,{children:["By setting this configuration, the user ",(0,o.jsx)(t.code,{children:"example@gmail.com"})," is enabled to see or create any chaos experiments."]})]})}function d(e={}){const{wrapper:t}={...(0,s.a)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},96406:(e,t,n)=>{n.d(t,{Z:()=>o});const o=n.p+"assets/images/google-auth-44ea9b662b5a11c6e148a1f5f6983c69.png"},7463:(e,t,n)=>{n.d(t,{Z:()=>c,a:()=>a});var o=n(50959);const s={},i=o.createContext(s);function a(e){const t=o.useContext(i);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:a(e.components),o.createElement(i.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/29637022.be7b9386.js b/assets/js/29637022.be7b9386.js new file mode 100644 index 0000000000..586466b2f8 --- /dev/null +++ b/assets/js/29637022.be7b9386.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkchaos_mesh_website=self.webpackChunkchaos_mesh_website||[]).push([[2018],{9477:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>r,contentTitle:()=>a,default:()=>d,frontMatter:()=>s,metadata:()=>c,toc:()=>h});var o=n(11527),i=n(7463);const s={title:"GCP OAuth Authentication"},a=void 0,c={id:"gcp-authentication",title:"GCP OAuth Authentication",description:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function.",source:"@site/docs/gcp-authentication.md",sourceDirName:".",slug:"/gcp-authentication",permalink:"/docs/next/gcp-authentication",draft:!1,unlisted:!1,editUrl:"https://github.com/chaos-mesh/website/edit/master/docs/gcp-authentication.md",tags:[],version:"current",frontMatter:{title:"GCP OAuth Authentication"},sidebar:"docs",previous:{title:"Search and Recover Experiments of Chaosd",permalink:"/docs/next/chaosd-search-recover"},next:{title:"Integrate Chaos Mesh to GitHub Actions",permalink:"/docs/next/integrate-chaos-mesh-into-github-actions"}},r={},h=[{value:"Create OAuth Client",id:"create-oauth-client",level:2},{value:"Configure and Start Chaos Mesh",id:"configure-and-start-chaos-mesh",level:2},{value:"Login with Google",id:"login-with-google",level:2}];function l(e){const t={a:"a",admonition:"admonition",code:"code",h2:"h2",img:"img",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",...(0,i.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(t.p,{children:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function."}),"\n",(0,o.jsx)(t.h2,{id:"create-oauth-client",children:"Create OAuth Client"}),"\n",(0,o.jsxs)(t.p,{children:["Create GCP OAuth client and get the Client ID and Client Secret according to ",(0,o.jsx)(t.a,{href:"https://support.google.com/cloud/answer/6158849?hl=en",children:"Setting up OAuth 2.0"}),"."]}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Go to the ",(0,o.jsx)(t.a,{href:"https://console.cloud.google.com/",children:"Google Cloud Platform Console"}),"."]}),"\n",(0,o.jsx)(t.li,{children:"From the projects list, select a project or create a new one."}),"\n",(0,o.jsx)(t.li,{children:'If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Credentials" on the left.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Create Credentials", then select "OAuth client ID".'}),"\n",(0,o.jsxs)(t.li,{children:['Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is ',(0,o.jsx)(t.code,{children:"ROOT_URL/api/auth/gcp/callback"}),". In this part, ",(0,o.jsx)(t.code,{children:"ROOT_URL"})," is the root URL of Chaos dashboard, like ",(0,o.jsx)(t.code,{children:"http://localhost:2333"}),". This URL can be set through the configuration item ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," by ",(0,o.jsx)(t.code,{children:"helm"}),"."]}),"\n",(0,o.jsx)(t.li,{children:'Click "Create".'}),"\n"]}),"\n",(0,o.jsx)(t.p,{children:"After creating the client, remember to save the Client ID and Client Secret for the following steps."}),"\n",(0,o.jsx)(t.h2,{id:"configure-and-start-chaos-mesh",children:"Configure and Start Chaos Mesh"}),"\n",(0,o.jsxs)(t.admonition,{type:"info",children:[(0,o.jsxs)(t.p,{children:["Update: Since ",(0,o.jsx)(t.code,{children:"v2.7.0"}),", you can provide a ",(0,o.jsx)(t.strong,{children:"Secret"})," to store the Client ID and Client Secret. ",(0,o.jsx)(t.strong,{children:"We recommend you to use this method"}),"."]}),(0,o.jsx)(t.p,{children:"This change is to avoid exposing the Client ID and Client Secret to the public. In the previous versions, the Client ID and Client Secret are specified in the values directly, which is not safe in general."}),(0,o.jsxs)(t.p,{children:["For more information, see ",(0,o.jsx)(t.a,{href:"https://github.com/chaos-mesh/chaos-mesh/issues/4206",children:"https://github.com/chaos-mesh/chaos-mesh/issues/4206"}),"."]})]}),"\n",(0,o.jsx)(t.p,{children:"To enable the function, you need to set the configuration items in helm charts as follows:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"dashboard:\n rootUrl: http://localhost:2333\n gcpSecurityMode:\n enabled: true\n # Old configuration items for compatibility.\n clientId: ''\n clientSecret: ''\n # References existing Kubernetes secret containing `GCP_CLIENT_ID` and `GCP_CLIENT_SECRET`.\n existingSecret: ''\n"})}),"\n",(0,o.jsxs)(t.p,{children:["If Chaos Mesh has been installed, you can update the configuration items through ",(0,o.jsx)(t.code,{children:"helm upgrade"}),". If not, you can install Chaos Mesh through ",(0,o.jsx)(t.code,{children:"helm install"}),"."]}),"\n",(0,o.jsx)(t.h2,{id:"login-with-google",children:"Login with Google"}),"\n",(0,o.jsx)(t.p,{children:"Open Chaos Dashboard, and click the Google icon under the authentication window."}),"\n",(0,o.jsx)(t.p,{children:(0,o.jsx)(t.img,{alt:"img",src:n(96406).Z+"",width:"640",height:"855"})}),"\n",(0,o.jsx)(t.p,{children:"After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: chaos-mesh-cluster-manager\nrules:\n - apiGroups:\n - chaos-mesh.org\n resources: ['*']\n verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: cluster-manager-binding\n namespace: chaos-mesh\nsubjects:\n - kind: User\n name: example@gmail.com\nroleRef:\n kind: ClusterRole\n name: chaos-mesh-cluster-manager\n apiGroup: rbac.authorization.k8s.io\n"})}),"\n",(0,o.jsxs)(t.p,{children:["By setting this configuration, the user ",(0,o.jsx)(t.code,{children:"example@gmail.com"})," is enabled to see or create any chaos experiments."]})]})}function d(e={}){const{wrapper:t}={...(0,i.a)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},96406:(e,t,n)=>{n.d(t,{Z:()=>o});const o=n.p+"assets/images/google-auth-44ea9b662b5a11c6e148a1f5f6983c69.png"},7463:(e,t,n)=>{n.d(t,{Z:()=>c,a:()=>a});var o=n(50959);const i={},s=o.createContext(i);function a(e){const t=o.useContext(s);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:a(e.components),o.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/6d00fcd7.186fec77.js b/assets/js/6d00fcd7.186fec77.js new file mode 100644 index 0000000000..c1883a173f --- /dev/null +++ b/assets/js/6d00fcd7.186fec77.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkchaos_mesh_website=self.webpackChunkchaos_mesh_website||[]).push([[7779],{10212:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>a,default:()=>d,frontMatter:()=>s,metadata:()=>r,toc:()=>h});var o=n(11527),i=n(7463);const s={title:"GCP OAuth Authentication"},a=void 0,r={id:"gcp-authentication",title:"GCP OAuth Authentication",description:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function.",source:"@site/versioned_docs/version-2.6.2/gcp-authentication.md",sourceDirName:".",slug:"/gcp-authentication",permalink:"/docs/gcp-authentication",draft:!1,unlisted:!1,editUrl:"https://github.com/chaos-mesh/website/edit/master/versioned_docs/version-2.6.2/gcp-authentication.md",tags:[],version:"2.6.2",frontMatter:{title:"GCP OAuth Authentication"},sidebar:"docs",previous:{title:"Search and Recover Experiments of Chaosd",permalink:"/docs/chaosd-search-recover"},next:{title:"Integrate Chaos Mesh to GitHub Actions",permalink:"/docs/integrate-chaos-mesh-into-github-actions"}},c={},h=[{value:"Create OAuth Client",id:"create-oauth-client",level:2},{value:"Configure and Start Chaos Mesh",id:"configure-and-start-chaos-mesh",level:2},{value:"Login with Google",id:"login-with-google",level:2}];function l(e){const t={a:"a",code:"code",h2:"h2",img:"img",li:"li",ol:"ol",p:"p",pre:"pre",...(0,i.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(t.p,{children:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function."}),"\n",(0,o.jsx)(t.h2,{id:"create-oauth-client",children:"Create OAuth Client"}),"\n",(0,o.jsxs)(t.p,{children:["Create GCP OAuth client and get the Client ID and Client Secret according to ",(0,o.jsx)(t.a,{href:"https://support.google.com/cloud/answer/6158849?hl=en",children:"Setting up OAuth 2.0"}),"."]}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Go to the ",(0,o.jsx)(t.a,{href:"https://console.cloud.google.com/",children:"Google Cloud Platform Console"}),"."]}),"\n",(0,o.jsx)(t.li,{children:"From the projects list, select a project or create a new one."}),"\n",(0,o.jsx)(t.li,{children:'If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Credentials" on the left.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Create Credentials", then select "OAuth client ID".'}),"\n",(0,o.jsxs)(t.li,{children:['Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is ',(0,o.jsx)(t.code,{children:"ROOT_URL/api/auth/gcp/callback"}),". In this part, ",(0,o.jsx)(t.code,{children:"ROOT_URL"})," is the root URL of Chaos dashboard, like ",(0,o.jsx)(t.code,{children:"http://localhost:2333"}),". This URL can be set through the configuration item ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," by ",(0,o.jsx)(t.code,{children:"helm"}),"."]}),"\n",(0,o.jsx)(t.li,{children:'Click "Create".'}),"\n"]}),"\n",(0,o.jsx)(t.p,{children:"After creating the client, remember to save the Client ID and Client Secret for the following steps."}),"\n",(0,o.jsx)(t.h2,{id:"configure-and-start-chaos-mesh",children:"Configure and Start Chaos Mesh"}),"\n",(0,o.jsx)(t.p,{children:"To enable the function, you need to set the configuration items in helm charts as follows:"}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpSecurityMode"})," to ",(0,o.jsx)(t.code,{children:"true"}),"."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientId"})," to the Client ID from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientSecret"})," to the Client Secret from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," to the root address of Chaos Dashboard."]}),"\n"]}),"\n",(0,o.jsxs)(t.p,{children:["If Chaos Mesh has been installed, you can update the configuration items through ",(0,o.jsx)(t.code,{children:"helm upgrade"}),". If not, you can install Chaos Mesh through ",(0,o.jsx)(t.code,{children:"helm install"}),"."]}),"\n",(0,o.jsx)(t.h2,{id:"login-with-google",children:"Login with Google"}),"\n",(0,o.jsx)(t.p,{children:"Open Chaos Dashboard, and click the Google icon under the authentication window."}),"\n",(0,o.jsx)(t.p,{children:(0,o.jsx)(t.img,{alt:"img",src:n(41158).Z+"",width:"640",height:"855"})}),"\n",(0,o.jsx)(t.p,{children:"After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: chaos-mesh-cluster-manager\nrules:\n - apiGroups:\n - chaos-mesh.org\n resources: ['*']\n verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: cluster-manager-binding\n namespace: chaos-mesh\nsubjects:\n - kind: User\n name: example@gmail.com\nroleRef:\n kind: ClusterRole\n name: chaos-mesh-cluster-manager\n apiGroup: rbac.authorization.k8s.io\n"})}),"\n",(0,o.jsxs)(t.p,{children:["By setting this configuration, the user ",(0,o.jsx)(t.code,{children:"example@gmail.com"})," is enabled to see or create any chaos experiments."]})]})}function d(e={}){const{wrapper:t}={...(0,i.a)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},41158:(e,t,n)=>{n.d(t,{Z:()=>o});const o=n.p+"assets/images/google-auth-44ea9b662b5a11c6e148a1f5f6983c69.png"},7463:(e,t,n)=>{n.d(t,{Z:()=>r,a:()=>a});var o=n(50959);const i={},s=o.createContext(i);function a(e){const t=o.useContext(s);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:a(e.components),o.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/6d00fcd7.50b05241.js b/assets/js/6d00fcd7.50b05241.js deleted file mode 100644 index f4d77966c5..0000000000 --- a/assets/js/6d00fcd7.50b05241.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkchaos_mesh_website=self.webpackChunkchaos_mesh_website||[]).push([[7779],{10212:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>r,contentTitle:()=>a,default:()=>d,frontMatter:()=>i,metadata:()=>c,toc:()=>h});var o=n(11527),s=n(7463);const i={title:"GCP OAuth Authentication"},a=void 0,c={id:"gcp-authentication",title:"GCP OAuth Authentication",description:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function.",source:"@site/versioned_docs/version-2.6.2/gcp-authentication.md",sourceDirName:".",slug:"/gcp-authentication",permalink:"/docs/gcp-authentication",draft:!1,unlisted:!1,editUrl:"https://github.com/chaos-mesh/website/edit/master/versioned_docs/version-2.6.2/gcp-authentication.md",tags:[],version:"2.6.2",frontMatter:{title:"GCP OAuth Authentication"},sidebar:"docs",previous:{title:"Search and Recover Experiments of Chaosd",permalink:"/docs/chaosd-search-recover"},next:{title:"Integrate Chaos Mesh to GitHub Actions",permalink:"/docs/integrate-chaos-mesh-into-github-actions"}},r={},h=[{value:"Create OAuth Client",id:"create-oauth-client",level:2},{value:"Configure and start Chaos Mesh",id:"configure-and-start-chaos-mesh",level:2},{value:"Use the function",id:"use-the-function",level:2}];function l(e){const t={a:"a",code:"code",h2:"h2",img:"img",li:"li",ol:"ol",p:"p",pre:"pre",...(0,s.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(t.p,{children:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function."}),"\n",(0,o.jsx)(t.h2,{id:"create-oauth-client",children:"Create OAuth Client"}),"\n",(0,o.jsxs)(t.p,{children:["Create GCP OAuth client and get the Client ID and Client Secret according to ",(0,o.jsx)(t.a,{href:"https://support.google.com/cloud/answer/6158849?hl=en",children:"Setting up OAuth 2.0"}),"."]}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Go to the ",(0,o.jsx)(t.a,{href:"https://console.cloud.google.com/",children:"Google Cloud Platform Console"}),"."]}),"\n",(0,o.jsx)(t.li,{children:"From the projects list, select a project or create a new one."}),"\n",(0,o.jsx)(t.li,{children:'If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Credentials" on the left.'}),"\n",(0,o.jsx)(t.li,{children:'Click "New Credentials", then select "OAuth client ID".'}),"\n",(0,o.jsxs)(t.li,{children:['Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is ',(0,o.jsx)(t.code,{children:"ROOT_URL/api/auth/gcp/callback"}),". In this part, ",(0,o.jsx)(t.code,{children:"ROOT_URL"}),' is the root URL of Chaos dashboard, like "',(0,o.jsx)(t.a,{href:"http://localhost:2333",children:"http://localhost:2333"}),'". This URL can be set through the configuration item ',(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," by",(0,o.jsx)(t.code,{children:"helm"}),"."]}),"\n",(0,o.jsx)(t.li,{children:'Click "Create Client ID".'}),"\n"]}),"\n",(0,o.jsx)(t.p,{children:"After creating the client, remember to save the Client ID and Client Secret for the following steps."}),"\n",(0,o.jsx)(t.h2,{id:"configure-and-start-chaos-mesh",children:"Configure and start Chaos Mesh"}),"\n",(0,o.jsx)(t.p,{children:"To enable the function, you need to set the configuration items in helm charts as follows:"}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpSecurityMode"})," to ",(0,o.jsx)(t.code,{children:"true"}),"."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientId"})," to the Client ID from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientSecret"})," to the Client Secret from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," to the root address of Chaos Dashboard."]}),"\n"]}),"\n",(0,o.jsxs)(t.p,{children:["If Chaos Mesh has been installed, you can update the configuration items through ",(0,o.jsx)(t.code,{children:"helm upgrade"}),". If not, you can install Chaos Mesh through ",(0,o.jsx)(t.code,{children:"helm install"}),"."]}),"\n",(0,o.jsx)(t.h2,{id:"use-the-function",children:"Use the function"}),"\n",(0,o.jsx)(t.p,{children:"Open Chaos Dashboard, and click the google icon under the authentication window."}),"\n",(0,o.jsx)(t.p,{children:(0,o.jsx)(t.img,{alt:"img",src:n(41158).Z+"",width:"640",height:"855"})}),"\n",(0,o.jsx)(t.p,{children:"After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: chaos-mesh-cluster-manager\nrules:\n - apiGroups:\n - chaos-mesh.org\n resources: ['*']\n verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: cluster-manager-binding\n namespace: chaos-mesh\nsubjects:\n - kind: User\n name: example@gmail.com\nroleRef:\n kind: ClusterRole\n name: chaos-mesh-cluster-manager\n apiGroup: rbac.authorization.k8s.io\n"})}),"\n",(0,o.jsxs)(t.p,{children:["By setting this configuration, the user ",(0,o.jsx)(t.code,{children:"example@gmail.com"})," is enabled to see or create any chaos experiments."]})]})}function d(e={}){const{wrapper:t}={...(0,s.a)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},41158:(e,t,n)=>{n.d(t,{Z:()=>o});const o=n.p+"assets/images/google-auth-44ea9b662b5a11c6e148a1f5f6983c69.png"},7463:(e,t,n)=>{n.d(t,{Z:()=>c,a:()=>a});var o=n(50959);const s={},i=o.createContext(s);function a(e){const t=o.useContext(i);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:a(e.components),o.createElement(i.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/94b8fb96.569b6c7c.js b/assets/js/94b8fb96.569b6c7c.js deleted file mode 100644 index 9a4cea6165..0000000000 --- a/assets/js/94b8fb96.569b6c7c.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkchaos_mesh_website=self.webpackChunkchaos_mesh_website||[]).push([[2558],{7935:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>r,contentTitle:()=>a,default:()=>d,frontMatter:()=>i,metadata:()=>c,toc:()=>h});var o=n(11527),s=n(7463);const i={title:"GCP OAuth Authentication"},a=void 0,c={id:"gcp-authentication",title:"GCP OAuth Authentication",description:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function.",source:"@site/versioned_docs/version-2.4.3/gcp-authentication.md",sourceDirName:".",slug:"/gcp-authentication",permalink:"/docs/2.4.3/gcp-authentication",draft:!1,unlisted:!1,editUrl:"https://github.com/chaos-mesh/website/edit/master/versioned_docs/version-2.4.3/gcp-authentication.md",tags:[],version:"2.4.3",frontMatter:{title:"GCP OAuth Authentication"},sidebar:"docs",previous:{title:"Search and Recover Experiments of Chaosd",permalink:"/docs/2.4.3/chaosd-search-recover"},next:{title:"Integrate Chaos Mesh to GitHub Actions",permalink:"/docs/2.4.3/integrate-chaos-mesh-into-github-actions"}},r={},h=[{value:"Create OAuth Client",id:"create-oauth-client",level:2},{value:"Configure and start Chaos Mesh",id:"configure-and-start-chaos-mesh",level:2},{value:"Use the function",id:"use-the-function",level:2}];function l(e){const t={a:"a",code:"code",h2:"h2",img:"img",li:"li",ol:"ol",p:"p",pre:"pre",...(0,s.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(t.p,{children:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function."}),"\n",(0,o.jsx)(t.h2,{id:"create-oauth-client",children:"Create OAuth Client"}),"\n",(0,o.jsxs)(t.p,{children:["Create GCP OAuth client and get the Client ID and Client Secret according to ",(0,o.jsx)(t.a,{href:"https://support.google.com/cloud/answer/6158849?hl=en",children:"Setting up OAuth 2.0"}),"."]}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Go to the ",(0,o.jsx)(t.a,{href:"https://console.cloud.google.com/",children:"Google Cloud Platform Console"}),"."]}),"\n",(0,o.jsx)(t.li,{children:"From the projects list, select a project or create a new one."}),"\n",(0,o.jsx)(t.li,{children:'If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Credentials" on the left.'}),"\n",(0,o.jsx)(t.li,{children:'Click "New Credentials", then select "OAuth client ID".'}),"\n",(0,o.jsxs)(t.li,{children:['Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is ',(0,o.jsx)(t.code,{children:"ROOT_URL/api/auth/gcp/callback"}),". In this part, ",(0,o.jsx)(t.code,{children:"ROOT_URL"}),' is the root URL of Chaos dashboard, like "',(0,o.jsx)(t.a,{href:"http://localhost:2333",children:"http://localhost:2333"}),'". This URL can be set through the configuration item ',(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," by",(0,o.jsx)(t.code,{children:"helm"}),"."]}),"\n",(0,o.jsx)(t.li,{children:'Click "Create Client ID".'}),"\n"]}),"\n",(0,o.jsx)(t.p,{children:"After creating the client, remember to save the Client ID and Client Secret for the following steps."}),"\n",(0,o.jsx)(t.h2,{id:"configure-and-start-chaos-mesh",children:"Configure and start Chaos Mesh"}),"\n",(0,o.jsx)(t.p,{children:"To enable the function, you need to set the configuration items in helm charts as follows:"}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpSecurityMode"})," to ",(0,o.jsx)(t.code,{children:"true"}),"."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientId"})," to the Client ID from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientSecret"})," to the Client Secret from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," to the root address of Chaos Dashboard."]}),"\n"]}),"\n",(0,o.jsxs)(t.p,{children:["If Chaos Mesh has been installed, you can update the configuration items through ",(0,o.jsx)(t.code,{children:"helm upgrade"}),". If not, you can install Chaos Mesh through ",(0,o.jsx)(t.code,{children:"helm install"}),"."]}),"\n",(0,o.jsx)(t.h2,{id:"use-the-function",children:"Use the function"}),"\n",(0,o.jsx)(t.p,{children:"Open Chaos Dashboard, and click the google icon under the authentication window."}),"\n",(0,o.jsx)(t.p,{children:(0,o.jsx)(t.img,{alt:"img",src:n(24514).Z+"",width:"640",height:"855"})}),"\n",(0,o.jsx)(t.p,{children:"After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: chaos-mesh-cluster-manager\nrules:\n - apiGroups:\n - chaos-mesh.org\n resources: ['*']\n verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: cluster-manager-binding\n namespace: chaos-mesh\nsubjects:\n - kind: User\n name: example@gmail.com\nroleRef:\n kind: ClusterRole\n name: chaos-mesh-cluster-manager\n apiGroup: rbac.authorization.k8s.io\n"})}),"\n",(0,o.jsxs)(t.p,{children:["By setting this configuration, the user ",(0,o.jsx)(t.code,{children:"example@gmail.com"})," is enabled to see or create any chaos experiments."]})]})}function d(e={}){const{wrapper:t}={...(0,s.a)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},24514:(e,t,n)=>{n.d(t,{Z:()=>o});const o=n.p+"assets/images/google-auth-44ea9b662b5a11c6e148a1f5f6983c69.png"},7463:(e,t,n)=>{n.d(t,{Z:()=>c,a:()=>a});var o=n(50959);const s={},i=o.createContext(s);function a(e){const t=o.useContext(i);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:a(e.components),o.createElement(i.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/94b8fb96.6fa42be5.js b/assets/js/94b8fb96.6fa42be5.js new file mode 100644 index 0000000000..a849672e74 --- /dev/null +++ b/assets/js/94b8fb96.6fa42be5.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkchaos_mesh_website=self.webpackChunkchaos_mesh_website||[]).push([[2558],{7935:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>a,default:()=>d,frontMatter:()=>s,metadata:()=>r,toc:()=>h});var o=n(11527),i=n(7463);const s={title:"GCP OAuth Authentication"},a=void 0,r={id:"gcp-authentication",title:"GCP OAuth Authentication",description:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function.",source:"@site/versioned_docs/version-2.4.3/gcp-authentication.md",sourceDirName:".",slug:"/gcp-authentication",permalink:"/docs/2.4.3/gcp-authentication",draft:!1,unlisted:!1,editUrl:"https://github.com/chaos-mesh/website/edit/master/versioned_docs/version-2.4.3/gcp-authentication.md",tags:[],version:"2.4.3",frontMatter:{title:"GCP OAuth Authentication"},sidebar:"docs",previous:{title:"Search and Recover Experiments of Chaosd",permalink:"/docs/2.4.3/chaosd-search-recover"},next:{title:"Integrate Chaos Mesh to GitHub Actions",permalink:"/docs/2.4.3/integrate-chaos-mesh-into-github-actions"}},c={},h=[{value:"Create OAuth Client",id:"create-oauth-client",level:2},{value:"Configure and Start Chaos Mesh",id:"configure-and-start-chaos-mesh",level:2},{value:"Login with Google",id:"login-with-google",level:2}];function l(e){const t={a:"a",code:"code",h2:"h2",img:"img",li:"li",ol:"ol",p:"p",pre:"pre",...(0,i.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(t.p,{children:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function."}),"\n",(0,o.jsx)(t.h2,{id:"create-oauth-client",children:"Create OAuth Client"}),"\n",(0,o.jsxs)(t.p,{children:["Create GCP OAuth client and get the Client ID and Client Secret according to ",(0,o.jsx)(t.a,{href:"https://support.google.com/cloud/answer/6158849?hl=en",children:"Setting up OAuth 2.0"}),"."]}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Go to the ",(0,o.jsx)(t.a,{href:"https://console.cloud.google.com/",children:"Google Cloud Platform Console"}),"."]}),"\n",(0,o.jsx)(t.li,{children:"From the projects list, select a project or create a new one."}),"\n",(0,o.jsx)(t.li,{children:'If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Credentials" on the left.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Create Credentials", then select "OAuth client ID".'}),"\n",(0,o.jsxs)(t.li,{children:['Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is ',(0,o.jsx)(t.code,{children:"ROOT_URL/api/auth/gcp/callback"}),". In this part, ",(0,o.jsx)(t.code,{children:"ROOT_URL"})," is the root URL of Chaos dashboard, like ",(0,o.jsx)(t.code,{children:"http://localhost:2333"}),". This URL can be set through the configuration item ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," by ",(0,o.jsx)(t.code,{children:"helm"}),"."]}),"\n",(0,o.jsx)(t.li,{children:'Click "Create".'}),"\n"]}),"\n",(0,o.jsx)(t.p,{children:"After creating the client, remember to save the Client ID and Client Secret for the following steps."}),"\n",(0,o.jsx)(t.h2,{id:"configure-and-start-chaos-mesh",children:"Configure and Start Chaos Mesh"}),"\n",(0,o.jsx)(t.p,{children:"To enable the function, you need to set the configuration items in helm charts as follows:"}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpSecurityMode"})," to ",(0,o.jsx)(t.code,{children:"true"}),"."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientId"})," to the Client ID from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientSecret"})," to the Client Secret from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," to the root address of Chaos Dashboard."]}),"\n"]}),"\n",(0,o.jsxs)(t.p,{children:["If Chaos Mesh has been installed, you can update the configuration items through ",(0,o.jsx)(t.code,{children:"helm upgrade"}),". If not, you can install Chaos Mesh through ",(0,o.jsx)(t.code,{children:"helm install"}),"."]}),"\n",(0,o.jsx)(t.h2,{id:"login-with-google",children:"Login with Google"}),"\n",(0,o.jsx)(t.p,{children:"Open Chaos Dashboard, and click the Google icon under the authentication window."}),"\n",(0,o.jsx)(t.p,{children:(0,o.jsx)(t.img,{alt:"img",src:n(24514).Z+"",width:"640",height:"855"})}),"\n",(0,o.jsx)(t.p,{children:"After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: chaos-mesh-cluster-manager\nrules:\n - apiGroups:\n - chaos-mesh.org\n resources: ['*']\n verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: cluster-manager-binding\n namespace: chaos-mesh\nsubjects:\n - kind: User\n name: example@gmail.com\nroleRef:\n kind: ClusterRole\n name: chaos-mesh-cluster-manager\n apiGroup: rbac.authorization.k8s.io\n"})}),"\n",(0,o.jsxs)(t.p,{children:["By setting this configuration, the user ",(0,o.jsx)(t.code,{children:"example@gmail.com"})," is enabled to see or create any chaos experiments."]})]})}function d(e={}){const{wrapper:t}={...(0,i.a)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},24514:(e,t,n)=>{n.d(t,{Z:()=>o});const o=n.p+"assets/images/google-auth-44ea9b662b5a11c6e148a1f5f6983c69.png"},7463:(e,t,n)=>{n.d(t,{Z:()=>r,a:()=>a});var o=n(50959);const i={},s=o.createContext(i);function a(e){const t=o.useContext(s);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:a(e.components),o.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/f1555dde.28415d3b.js b/assets/js/f1555dde.28415d3b.js deleted file mode 100644 index e696363bff..0000000000 --- a/assets/js/f1555dde.28415d3b.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkchaos_mesh_website=self.webpackChunkchaos_mesh_website||[]).push([[7946],{40338:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>r,contentTitle:()=>a,default:()=>d,frontMatter:()=>i,metadata:()=>c,toc:()=>h});var o=n(11527),s=n(7463);const i={title:"GCP OAuth Authentication"},a=void 0,c={id:"gcp-authentication",title:"GCP OAuth Authentication",description:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function.",source:"@site/versioned_docs/version-2.5.2/gcp-authentication.md",sourceDirName:".",slug:"/gcp-authentication",permalink:"/docs/2.5.2/gcp-authentication",draft:!1,unlisted:!1,editUrl:"https://github.com/chaos-mesh/website/edit/master/versioned_docs/version-2.5.2/gcp-authentication.md",tags:[],version:"2.5.2",frontMatter:{title:"GCP OAuth Authentication"},sidebar:"docs",previous:{title:"Search and Recover Experiments of Chaosd",permalink:"/docs/2.5.2/chaosd-search-recover"},next:{title:"Integrate Chaos Mesh to GitHub Actions",permalink:"/docs/2.5.2/integrate-chaos-mesh-into-github-actions"}},r={},h=[{value:"Create OAuth Client",id:"create-oauth-client",level:2},{value:"Configure and start Chaos Mesh",id:"configure-and-start-chaos-mesh",level:2},{value:"Use the function",id:"use-the-function",level:2}];function l(e){const t={a:"a",code:"code",h2:"h2",img:"img",li:"li",ol:"ol",p:"p",pre:"pre",...(0,s.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(t.p,{children:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function."}),"\n",(0,o.jsx)(t.h2,{id:"create-oauth-client",children:"Create OAuth Client"}),"\n",(0,o.jsxs)(t.p,{children:["Create GCP OAuth client and get the Client ID and Client Secret according to ",(0,o.jsx)(t.a,{href:"https://support.google.com/cloud/answer/6158849?hl=en",children:"Setting up OAuth 2.0"}),"."]}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Go to the ",(0,o.jsx)(t.a,{href:"https://console.cloud.google.com/",children:"Google Cloud Platform Console"}),"."]}),"\n",(0,o.jsx)(t.li,{children:"From the projects list, select a project or create a new one."}),"\n",(0,o.jsx)(t.li,{children:'If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Credentials" on the left.'}),"\n",(0,o.jsx)(t.li,{children:'Click "New Credentials", then select "OAuth client ID".'}),"\n",(0,o.jsxs)(t.li,{children:['Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is ',(0,o.jsx)(t.code,{children:"ROOT_URL/api/auth/gcp/callback"}),". In this part, ",(0,o.jsx)(t.code,{children:"ROOT_URL"}),' is the root URL of Chaos dashboard, like "',(0,o.jsx)(t.a,{href:"http://localhost:2333",children:"http://localhost:2333"}),'". This URL can be set through the configuration item ',(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," by",(0,o.jsx)(t.code,{children:"helm"}),"."]}),"\n",(0,o.jsx)(t.li,{children:'Click "Create Client ID".'}),"\n"]}),"\n",(0,o.jsx)(t.p,{children:"After creating the client, remember to save the Client ID and Client Secret for the following steps."}),"\n",(0,o.jsx)(t.h2,{id:"configure-and-start-chaos-mesh",children:"Configure and start Chaos Mesh"}),"\n",(0,o.jsx)(t.p,{children:"To enable the function, you need to set the configuration items in helm charts as follows:"}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpSecurityMode"})," to ",(0,o.jsx)(t.code,{children:"true"}),"."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientId"})," to the Client ID from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientSecret"})," to the Client Secret from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," to the root address of Chaos Dashboard."]}),"\n"]}),"\n",(0,o.jsxs)(t.p,{children:["If Chaos Mesh has been installed, you can update the configuration items through ",(0,o.jsx)(t.code,{children:"helm upgrade"}),". If not, you can install Chaos Mesh through ",(0,o.jsx)(t.code,{children:"helm install"}),"."]}),"\n",(0,o.jsx)(t.h2,{id:"use-the-function",children:"Use the function"}),"\n",(0,o.jsx)(t.p,{children:"Open Chaos Dashboard, and click the google icon under the authentication window."}),"\n",(0,o.jsx)(t.p,{children:(0,o.jsx)(t.img,{alt:"img",src:n(38792).Z+"",width:"640",height:"855"})}),"\n",(0,o.jsx)(t.p,{children:"After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: chaos-mesh-cluster-manager\nrules:\n - apiGroups:\n - chaos-mesh.org\n resources: ['*']\n verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: cluster-manager-binding\n namespace: chaos-mesh\nsubjects:\n - kind: User\n name: example@gmail.com\nroleRef:\n kind: ClusterRole\n name: chaos-mesh-cluster-manager\n apiGroup: rbac.authorization.k8s.io\n"})}),"\n",(0,o.jsxs)(t.p,{children:["By setting this configuration, the user ",(0,o.jsx)(t.code,{children:"example@gmail.com"})," is enabled to see or create any chaos experiments."]})]})}function d(e={}){const{wrapper:t}={...(0,s.a)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},38792:(e,t,n)=>{n.d(t,{Z:()=>o});const o=n.p+"assets/images/google-auth-44ea9b662b5a11c6e148a1f5f6983c69.png"},7463:(e,t,n)=>{n.d(t,{Z:()=>c,a:()=>a});var o=n(50959);const s={},i=o.createContext(s);function a(e){const t=o.useContext(i);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:a(e.components),o.createElement(i.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/f1555dde.d3b36128.js b/assets/js/f1555dde.d3b36128.js new file mode 100644 index 0000000000..35a42003fa --- /dev/null +++ b/assets/js/f1555dde.d3b36128.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkchaos_mesh_website=self.webpackChunkchaos_mesh_website||[]).push([[7946],{40338:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>a,default:()=>d,frontMatter:()=>s,metadata:()=>r,toc:()=>h});var o=n(11527),i=n(7463);const s={title:"GCP OAuth Authentication"},a=void 0,r={id:"gcp-authentication",title:"GCP OAuth Authentication",description:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function.",source:"@site/versioned_docs/version-2.5.2/gcp-authentication.md",sourceDirName:".",slug:"/gcp-authentication",permalink:"/docs/2.5.2/gcp-authentication",draft:!1,unlisted:!1,editUrl:"https://github.com/chaos-mesh/website/edit/master/versioned_docs/version-2.5.2/gcp-authentication.md",tags:[],version:"2.5.2",frontMatter:{title:"GCP OAuth Authentication"},sidebar:"docs",previous:{title:"Search and Recover Experiments of Chaosd",permalink:"/docs/2.5.2/chaosd-search-recover"},next:{title:"Integrate Chaos Mesh to GitHub Actions",permalink:"/docs/2.5.2/integrate-chaos-mesh-into-github-actions"}},c={},h=[{value:"Create OAuth Client",id:"create-oauth-client",level:2},{value:"Configure and Start Chaos Mesh",id:"configure-and-start-chaos-mesh",level:2},{value:"Login with Google",id:"login-with-google",level:2}];function l(e){const t={a:"a",code:"code",h2:"h2",img:"img",li:"li",ol:"ol",p:"p",pre:"pre",...(0,i.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(t.p,{children:"When Chaos Mesh is deployed on the Google Cloud Platform, you can log in to Chaos Dashboard through Google OAuth. This document describes how to enable and configure this function."}),"\n",(0,o.jsx)(t.h2,{id:"create-oauth-client",children:"Create OAuth Client"}),"\n",(0,o.jsxs)(t.p,{children:["Create GCP OAuth client and get the Client ID and Client Secret according to ",(0,o.jsx)(t.a,{href:"https://support.google.com/cloud/answer/6158849?hl=en",children:"Setting up OAuth 2.0"}),"."]}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Go to the ",(0,o.jsx)(t.a,{href:"https://console.cloud.google.com/",children:"Google Cloud Platform Console"}),"."]}),"\n",(0,o.jsx)(t.li,{children:"From the projects list, select a project or create a new one."}),"\n",(0,o.jsx)(t.li,{children:'If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Credentials" on the left.'}),"\n",(0,o.jsx)(t.li,{children:'Click "Create Credentials", then select "OAuth client ID".'}),"\n",(0,o.jsxs)(t.li,{children:['Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is ',(0,o.jsx)(t.code,{children:"ROOT_URL/api/auth/gcp/callback"}),". In this part, ",(0,o.jsx)(t.code,{children:"ROOT_URL"})," is the root URL of Chaos dashboard, like ",(0,o.jsx)(t.code,{children:"http://localhost:2333"}),". This URL can be set through the configuration item ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," by ",(0,o.jsx)(t.code,{children:"helm"}),"."]}),"\n",(0,o.jsx)(t.li,{children:'Click "Create".'}),"\n"]}),"\n",(0,o.jsx)(t.p,{children:"After creating the client, remember to save the Client ID and Client Secret for the following steps."}),"\n",(0,o.jsx)(t.h2,{id:"configure-and-start-chaos-mesh",children:"Configure and Start Chaos Mesh"}),"\n",(0,o.jsx)(t.p,{children:"To enable the function, you need to set the configuration items in helm charts as follows:"}),"\n",(0,o.jsxs)(t.ol,{children:["\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpSecurityMode"})," to ",(0,o.jsx)(t.code,{children:"true"}),"."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientId"})," to the Client ID from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.gcpClientSecret"})," to the Client Secret from the former section."]}),"\n",(0,o.jsxs)(t.li,{children:["Set ",(0,o.jsx)(t.code,{children:"dashboard.rootUrl"})," to the root address of Chaos Dashboard."]}),"\n"]}),"\n",(0,o.jsxs)(t.p,{children:["If Chaos Mesh has been installed, you can update the configuration items through ",(0,o.jsx)(t.code,{children:"helm upgrade"}),". If not, you can install Chaos Mesh through ",(0,o.jsx)(t.code,{children:"helm install"}),"."]}),"\n",(0,o.jsx)(t.h2,{id:"login-with-google",children:"Login with Google"}),"\n",(0,o.jsx)(t.p,{children:"Open Chaos Dashboard, and click the Google icon under the authentication window."}),"\n",(0,o.jsx)(t.p,{children:(0,o.jsx)(t.img,{alt:"img",src:n(38792).Z+"",width:"640",height:"855"})}),"\n",(0,o.jsx)(t.p,{children:"After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:"}),"\n",(0,o.jsx)(t.pre,{children:(0,o.jsx)(t.code,{className:"language-yaml",children:"kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: chaos-mesh-cluster-manager\nrules:\n - apiGroups:\n - chaos-mesh.org\n resources: ['*']\n verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: cluster-manager-binding\n namespace: chaos-mesh\nsubjects:\n - kind: User\n name: example@gmail.com\nroleRef:\n kind: ClusterRole\n name: chaos-mesh-cluster-manager\n apiGroup: rbac.authorization.k8s.io\n"})}),"\n",(0,o.jsxs)(t.p,{children:["By setting this configuration, the user ",(0,o.jsx)(t.code,{children:"example@gmail.com"})," is enabled to see or create any chaos experiments."]})]})}function d(e={}){const{wrapper:t}={...(0,i.a)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},38792:(e,t,n)=>{n.d(t,{Z:()=>o});const o=n.p+"assets/images/google-auth-44ea9b662b5a11c6e148a1f5f6983c69.png"},7463:(e,t,n)=>{n.d(t,{Z:()=>r,a:()=>a});var o=n(50959);const i={},s=o.createContext(i);function a(e){const t=o.useContext(s);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:a(e.components),o.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.05f6cb34.js b/assets/js/runtime~main.bef70f61.js similarity index 98% rename from assets/js/runtime~main.05f6cb34.js rename to assets/js/runtime~main.bef70f61.js index c007ea90a4..7bf3b8239c 100644 --- a/assets/js/runtime~main.05f6cb34.js +++ b/assets/js/runtime~main.bef70f61.js @@ -1 +1 @@ -(()=>{"use strict";var e,c,a,f,b,d={},t={};function r(e){var c=t[e];if(void 0!==c)return c.exports;var a=t[e]={exports:{}};return d[e].call(a.exports,a,a.exports,r),a.exports}r.m=d,e=[],r.O=(c,a,f,b)=>{if(!a){var d=1/0;for(i=0;iROOT_URL/api/auth/gcp/callback
. In this part, ROOT_URL
is the root URL of Chaos dashboard, like "http://localhost:2333". This URL can be set through the configuration item dashboard.rootUrl
byhelm
.ROOT_URL/api/auth/gcp/callback
. In this part, ROOT_URL
is the root URL of Chaos dashboard, like http://localhost:2333
. This URL can be set through the configuration item dashboard.rootUrl
by helm
.After creating the client, remember to save the Client ID and Client Secret for the following steps.
-To enable the function, you need to set the configuration items in helm charts as follows:
dashboard.gcpSecurityMode
to true
.Open Chaos Dashboard, and click the google icon under the authentication window.
+Open Chaos Dashboard, and click the Google icon under the authentication window.
After logging in to the Google account and being granted permission to OAuth Client, the page automatically redirects to Chaos Dashboard with logged-in status. At this time, you have the same permissions as the google account in this cluster. If you need to add other permissions, you can edit the permission through the RBAC (Role-based access control). For example:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: chaos-mesh-cluster-manager
rules:
- apiGroups:
- chaos-mesh.org
resources: ['*']
verbs: ['get', 'list', 'watch', 'create', 'delete', 'patch', 'update']
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cluster-manager-binding
namespace: chaos-mesh
subjects:
- kind: User
name: example@gmail.com
roleRef:
kind: ClusterRole
name: chaos-mesh-cluster-manager
apiGroup: rbac.authorization.k8s.io
By setting this configuration, the user example@gmail.com
is enabled to see or create any chaos experiments.