You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/10/24 09:04:35 UTC
[incubator-dlab] branch DLAB-1158 updated: added certs for dlab ui
and keycloak
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new 3e276ba added certs for dlab ui and keycloak
3e276ba is described below
commit 3e276bab5a537d086f5f438305872f7edce4ee9e
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Thu Oct 24 12:04:20 2019 +0300
added certs for dlab ui and keycloak
---
.../templates/cert.yaml} | 52 +++++++++++-----------
.../ssn-helm-charts/main/dlab-ui-chart/values.yaml | 9 ++--
.../terraform/aws/ssn-helm-charts/main/dlab-ui.tf | 9 +++-
.../main/files/keycloak_values.yaml | 4 ++
.../terraform/aws/ssn-helm-charts/main/keycloak.tf | 5 ++-
5 files changed, 46 insertions(+), 33 deletions(-)
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/cert.yaml
similarity index 50%
copy from infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
copy to infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/cert.yaml
index f1036ba..2bd1727 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/cert.yaml
@@ -19,29 +19,29 @@
#
# ******************************************************************************
-data "template_file" "dlab_ui_values" {
- template = file("./dlab-ui-chart/values.yaml")
- vars = {
- mongo_db_name = var.mongo_dbname
- mongo_user = var.mongo_db_username
- mongo_port = var.mongo_service_port
- mongo_service_name = var.mongo_service_name
- ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
- ssn_bucket_name = var.ssn_bucket_name
- provision_service_host = var.endpoint_eip_address
- service_base_name = var.service_base_name
- os = var.env_os
- }
-}
-
-resource "helm_release" "dlab_ui" {
- name = "dlab-ui"
- chart = "./dlab-ui-chart"
- namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
- depends_on = [helm_release.mongodb, kubernetes_secret.mongo_db_password_secret]
- wait = true
-
- values = [
- data.template_file.dlab_ui_values.rendered
- ]
-}
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+ name: dlab-ui
+ namespace: {{ .Values.namespace }}
+spec:
+ # The secret name to store the signed certificate
+ secretName: dlab-ui-tls
+ # Common Name
+ commonName: {{ .Values.ui.ingress.host }}
+ # DNS SAN
+ dnsNames:
+ - localhost
+ - {{ .Values.ui.ingress.host }}
+ # IP Address SAN
+ ipAddresses:
+ - "127.0.0.1"
+ # Duration of the certificate
+ duration: 365d
+ # Renew 8 hours before the certificate expiration
+ renewBefore: 8h
+ # The reference to the step issuer
+ issuerRef:
+ group: certmanager.step.sm
+ kind: Issuer
+ name: step-issuer
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
index f385f01..ed488e0 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
@@ -25,6 +25,7 @@
replicaCount: 1
labels: {}
+namespace: ${namespace}
ui:
service_base_name: ${service_base_name}
@@ -46,10 +47,10 @@ ui:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
- tls: []
- # - secretName: chart-example-tls
- # hosts:
- # - chart-example.local
+ tls:
+ - secretName: dlab-ui-tls
+ hosts:
+ - ${ssn_k8s_alb_dns_name}
mongo:
host: ${mongo_service_name}
port: ${mongo_port}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
index f1036ba..ed74844 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
@@ -26,11 +26,12 @@ data "template_file" "dlab_ui_values" {
mongo_user = var.mongo_db_username
mongo_port = var.mongo_service_port
mongo_service_name = var.mongo_service_name
- ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
+ ssn_k8s_alb_dns_name = data.kubernetes_service.nginx-service.load_balancer_ingress.0.ip
ssn_bucket_name = var.ssn_bucket_name
provision_service_host = var.endpoint_eip_address
service_base_name = var.service_base_name
os = var.env_os
+ namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
}
}
@@ -45,3 +46,9 @@ resource "helm_release" "dlab_ui" {
data.template_file.dlab_ui_values.rendered
]
}
+
+data "kubernetes_service" "nginx-service" {
+ metadata {
+ name = "${helm_release.nginx.name}-controller"
+ }
+}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
index 2232784..42a2c6e 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
@@ -46,6 +46,10 @@ keycloak:
path: /auth
hosts:
- ${ssn_k8s_alb_dns_name}
+ tls:
+ - hosts:
+ - ${ssn_k8s_alb_dns_name}
+ secretName: dlab-ui-tls
startupScripts:
mystartup.sh: |
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
index 3fcd996..ffa3ed0 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
@@ -42,7 +42,7 @@ data "template_file" "keycloak_values" {
vars = {
keycloak_user = var.keycloak_user
keycloak_password = random_string.keycloak_password.result
- ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
+ ssn_k8s_alb_dns_name = data.kubernetes_service.nginx-service.load_balancer_ingress.0.ip # var.ssn_k8s_alb_dns_name
configure_keycloak_file = data.template_file.configure_keycloak.rendered
mysql_db_name = var.mysql_keycloak_db_name
mysql_user = var.mysql_keycloak_user
@@ -67,5 +67,6 @@ resource "helm_release" "keycloak" {
values = [
data.template_file.keycloak_values.rendered
]
- depends_on = [helm_release.keycloak-mysql, kubernetes_secret.keycloak_password_secret, helm_release.nginx]
+ depends_on = [helm_release.keycloak-mysql, kubernetes_secret.keycloak_password_secret, helm_release.nginx,
+ helm_release.dlab_ui]
}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org