Skip to content

Latest commit

 

History

History
172 lines (131 loc) · 6.25 KB

README.md

File metadata and controls

172 lines (131 loc) · 6.25 KB

ARA Records Ansible Helm Chart

ARA full logo

ARA is a Python and Django based visualization for Ansible Playbook runs. An Ansible callback plugin records the playbook results to an ARA instance via http(s). This work is a publicly hosted Open Source Helm Chart of ARA.

Overview of ARA Records Ansible.

TL;DR

helm repo add spreitzer https://registry.spreitzer.ch/chartrepo/helm
helm install my-release spreitzer/ara

Introduction

This Helm Chart deploys an ARA api instance. ARA api is the server component of the ARA software. It will serve Ansible playbook run reports and hosts in a user friendly web interface, as well as the api which the client part uses to submit reports.

The ARA api is neither secured or open for submitting reports. You will have to configure the ARA api for authentication. Please see the ARA documentation. The ARA api may be secured by disabling authentication in ARA api and providing authentication over HTTPS via ingress annotations.

ARA api supports a multitude of database backends configurable via the aforementioned environment variables. This Helm Chart may in future support high availability and incorporate an easy configuration. However at the moment you will have to configure high availability and scalability via replicas, deployment strategy, persistence and the deployment environment variables by yourself.

Contributing

Please contribute here:

Under the conditions of merit:

  • You create it (eg. features), you lead it
  • You break it, you fix it
  • Be kind and benevolent, but prefer contribution over harmony

With your contribution you agree that your work is published under the MIT license of this project. See LICENSE.

Prerequisites

  • Kubernetes
  • Helm
  • Storage in Kubernetes

Parameters

Common Parameters

Name Description Value
replicas Amount of deployment replias 1
extraEnv Extra environment variables {}
deploymentStrategy.type Deployment type "RollingUpdate"
deploymentStrategy.rollingUpdate RollingUpdate parameters {}
image.repo Image repository "recordsansible/ara-api"
image.tag Image tag "latest"
service.type Type of kubernetes service "ClusterIP"

Please find ARA api environment variables and behavior documented here.

Example

replicas: 1
deploymentStrategy:
  type: Recreate
extraEnv:
  ARA_ALLOWED_HOSTS: "['localhost', '::1', '127.0.0.1', 'ara.example.com', 'ara-web.example.com']"
  ARA_EXTERNAL_AUTH: 'True'
  ARA_READ_LOGIN_REQUIRED: 'False'
  ARA_WRITE_LOGIN_REQUIRED: 'False'

Ingress Parameters

Name Description Value
ingress.enabled Switch to enable/disable an ingress false
ingress.annotations Ingress annotations map {}
ingress.tls Switch to enable/disable TLS/SSL false
ingress.tlsSecret Name of secret of tls certificate "ara-tls"
ingress.hosts List of FQDN for the ingress ["ara.example.com"]

Example

ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-realm: "ARA Records Ansible"
    nginx.ingress.kubernetes.io/auth-secret: ara-htpasswd
  enabled: true
  tls: true
  hosts:
    - ara.example.com

Persistence Parameters

Name Description Value
persistence.enabled Switch to enable/disable persistence false
persistence.accessModes Volume access modes ["ReadWriteOnce"]
persistence.size Size of volume "8Gi"
persistence.storageClass StorageClass of volume ""

Example

persistence:
  enabled: true
  accessModes:
    - ReadWriteOnce
  storageClass: default

OAuth2 Proxy Parameters

Refer to:

Example

oauth2proxy:
  enabled: true
  redis:
    enabled: true
  sessionStorage:
    type: redis
  config:
    clientID: xxx
    clientSecret: xxx
    cookieSecret: xxx
  extraArgs:
    upstream: http://ara-ara:8000
    provider: keycloak-oidc
    redirect-url: https://ara-web.example.com/oauth2/callback
    oidc-issuer-url: https://<keycloak host>/auth/realms/<keycloak realm>
    allowed-group: ara
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt
    hosts:
      - ara-web.example.com
    tls:
      - secretName: oauth2-proxy-tls
        hosts:
        - ara-web.example.com

Configuration and Installation Details

tbd.

Persistence

tbd.

Upgrading

tbd.

License

Free and Open Source, MIT license, See LICENSE.

Credits

Authors