Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
wkoot committed Jun 3, 2024
1 parent dd9a41b commit 6e93418
Show file tree
Hide file tree
Showing 9 changed files with 43 additions and 42 deletions.
19 changes: 18 additions & 1 deletion docs/src/deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ To deploy *Quality-time* locally, follow these steps:
By default, the application listens on port 80. To change this, set the `PROXY_PORT` environment variable to a different port before starting the application. For example: `export PROXY_PORT=1080`.
```

## Kubernetes

The helm chart for deploying on Kubernetes does not support overriding port numbers.
Setting port environment variables in the `values.yaml` will not change the service port mapping, while the app within the pod will listen on the altered port.
Instead, only the ingress should be configured.

## Configuring authentication (mandatory)

You need to either configure an LDAP server to authenticate users with or configure forwarded authentication.
Expand All @@ -31,8 +37,8 @@ You need to either configure an LDAP server to authenticate users with or config

To configure an LDAP server to authenticate users with, set the `LDAP_URL`, `LDAP_ROOT_DN`, `LDAP_LOOKUP_USER_DN`, `LDAP_LOOKUP_USER_PASSWORD`, and `LDAP_SEARCH_FILTER` environment variables.
Note that `LDAP_URL` may be a comma-separated list of LDAP connection URL(s).
Add the LDAP environment variables to the API-server service in the [compose file](https://github.com/ICTU/quality-time/blob/master/docker/docker-compose.yml):

Add the LDAP environment variables to the API-server service in the [compose file](https://github.com/ICTU/quality-time/blob/master/docker/docker-compose.yml):
```yaml
api_server:
environment:
Expand All @@ -43,6 +49,17 @@ Add the LDAP environment variables to the API-server service in the [compose fil
- LDAP_SEARCH_FILTER=(|(uid=$username)(cn=$username))
```
Alternatively, for a Kubernetes deployment, add the LDAP environment variables to the API-server service in the [Helm values.yaml](https://github.com/ICTU/quality-time/blob/master/helm/values.yaml):
```yaml
api_server:
env:
LDAP_URL: "ldap://host.docker.internal:389"
LDAP_ROOT_DN: "dc=example,dc=org"
LDAP_LOOKUP_USER_DN: "cn=admin,dc=example,dc=org"
LDAP_LOOKUP_USER_PASSWORD: "admin"
LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))"
```
When using the `LDAP_SEARCH_FILTER` as shown above, users can use either their LDAP canonical name (`cn`) or their LDAP user id to login. The `$username` variable is filled by *Quality-time* at run time with the username that the user enters in the login dialog box.

```{seealso}
Expand Down
2 changes: 1 addition & 1 deletion helm/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: v2
name: Quality-time
version: 1.0.0
appVersion: "v5.11.0"
appVersion: "v5.13.0"
description: Helm chart for Quality-time, an automated quality system for software development and maintenance
type: application
home: https://github.com/ICTU/Quality-time
Expand Down
18 changes: 7 additions & 11 deletions helm/templates/api_server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,23 +29,19 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "api_server_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
{{- if .Values.ldap }}
- name: DATABASE_HOST
value: "{{ .Release.Name }}-{{ template "database_name" . }}"
- name: LDAP_LOOKUP_USER_DN
value: "{{ .Values.ldap.lookupUserDN }}"
value: "{{ .Values.api_server.env.LDAP_LOOKUP_USER_DN }}"
- name: LDAP_LOOKUP_USER_PASSWORD
value: "{{ .Values.ldap.lookupUserPassword }}"
value: "{{ .Values.api_server.env.LDAP_LOOKUP_USER_PASSWORD }}"
- name: LDAP_ROOT_DN
value: "{{ .Values.ldap.rootDN }}"
value: "{{ .Values.api_server.env.LDAP_ROOT_DN }}"
- name: LDAP_SEARCH_FILTER
value: "{{ .Values.ldap.search }}"
value: "{{ .Values.api_server.env.LDAP_SEARCH_FILTER }}"
- name: LDAP_URL
value: "{{ .Values.ldap.url }}"
{{- end }}
value: "{{ .Values.api_server.env.LDAP_URL }}"
resources: {}
securityContext:
capabilities:
Expand Down
4 changes: 2 additions & 2 deletions helm/templates/collector.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ spec:
- configMapRef:
name: {{ .Release.Name }}-{{ template "collector_name" . }}-env
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
- name: DATABASE_HOST
value: "{{ .Release.Name }}-{{ template "database_name" . }}"
resources: {}
securityContext:
capabilities:
Expand Down
2 changes: 0 additions & 2 deletions helm/templates/frontend.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "frontend_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
resources: {}
securityContext:
capabilities:
Expand Down
4 changes: 2 additions & 2 deletions helm/templates/notifier.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ spec:
- configMapRef:
name: {{ .Release.Name }}-{{ template "notifier_name" . }}-env
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
- name: DATABASE_HOST
value: "{{ .Release.Name }}-{{ template "database_name" . }}"
resources: {}
securityContext:
capabilities:
Expand Down
13 changes: 0 additions & 13 deletions helm/templates/shared.yaml

This file was deleted.

11 changes: 7 additions & 4 deletions helm/templates/www.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "www_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
env:
- name: API_SERVER_HOST
value: "{{ .Release.Name }}-{{ template "api_server_name" . }}"
Expand All @@ -43,6 +41,9 @@ spec:
capabilities:
add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
drop:
- ALL
restartPolicy: Always
Expand All @@ -63,7 +64,7 @@ spec:
app.kubernetes.io/component: {{ template "www_name" . }}
ports:
- protocol: TCP
port: 80
port: 8080
targetPort: 80
sessionAffinity: None
---
Expand All @@ -90,12 +91,14 @@ spec:
service:
name: {{ .Release.Name }}-{{ template "www_name" . }}
port:
number: 80
number: 8080
path: /
pathType: ImplementationSpecific
{{- if .Values.www.ingress.tls }}
tls:
{{ toYaml .Values.www.ingress.tls | indent 4 }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
Expand Down
12 changes: 6 additions & 6 deletions helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@
api_server:
image:
repository: "ictu/quality-time_api_server"
env:
LDAP_URL: "ldap://host.docker.internal:389"
LDAP_ROOT_DN: "dc=example,dc=org"
LDAP_LOOKUP_USER_DN: "cn=admin,dc=example,dc=org"
LDAP_LOOKUP_USER_PASSWORD: "admin"
LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))"

collector:
image:
Expand All @@ -23,12 +29,6 @@ renderer:
image:
repository: "ictu/quality-time_renderer"

shared:
env:
API_SERVER_PORT: "5001"
FRONTEND_PORT: "5000"
PROXY_PORT: "80"

www:
image:
repository: "ictu/quality-time_proxy"

0 comments on commit 6e93418

Please sign in to comment.