Skip to content

Commit

Permalink
Added authentication for webapp.
Browse files Browse the repository at this point in the history
pantierra committed Jan 20, 2025
1 parent 9a929ec commit 3366fcd
Showing 7 changed files with 47 additions and 9 deletions.
1 change: 1 addition & 0 deletions deploy/helm/webapp/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
values.yaml
9 changes: 6 additions & 3 deletions deploy/helm/webapp/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
dependencies:
- name: ingress-nginx
repository: https://kubernetes.github.io/ingress-nginx
version: 4.11.3
version: 4.11.4
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.16.2
digest: sha256:73be99187863fdb965368bf071bb54fca0250b51ca1a6bd28fb8544479055719
generated: "2024-12-09T16:50:07.714014385+01:00"
- name: oauth2-proxy
repository: https://oauth2-proxy.github.io/manifests
version: 7.9.2
digest: sha256:b97c01cb64c980e3c0b829b2750f96441cf806b0bbd46c5b53cc270197e93065
generated: "2025-01-14T20:41:30.130792606+01:00"
4 changes: 4 additions & 0 deletions deploy/helm/webapp/Chart.yaml
Original file line number Diff line number Diff line change
@@ -32,3 +32,7 @@ dependencies:
version: ~v1.16.2
repository: "https://charts.jetstack.io"
condition: certManager.enabled
- name: oauth2-proxy
version: ~7.9.2
repository: "https://oauth2-proxy.github.io/manifests"
condition: oauth2Proxy.enabled
10 changes: 10 additions & 0 deletions deploy/helm/webapp/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Helm chart for GFTS webapp

This helm chart handles the deployment of the GFTS webapp, it's ingress tied to a static IP and an oauth proxy in front of it.

Please make sure you have ssh-vault configured properly and you run the following commands in the helm chart directory before deploying the chart:

```bash
source ../../deploy/tf/secrets/ovh-creds.sh
envsubst < values-template.yaml > values.yaml
```
Original file line number Diff line number Diff line change
@@ -20,11 +20,31 @@ service:
port: 80
targetPort: 9000

oauth2Proxy:
enabled: true

oauth2-proxy:
namespaceOverride: webapp
ingress:
enabled: true
className: webapp-nginx
pathType: Prefix
path: /oauth2
hosts:
- gfts.developmentseed.org
config:
clientID: "gfts-public"
clientSecret: "${OAUTH2_PROXY_CLIENT_SECRET}"
cookieSecret: "${OAUTH2_PROXY_COOKIE_SECRET}"
extraArgs:
provider: oidc
oidc-issuer-url: "https://iam.e2e-2.desp.space/realms/desp"

ingress:
enabled: true
namespace: webapp
installController: true
className: "webapp-nginx"
className: webapp-nginx
annotations:
cert-manager.io/issuer: letsencrypt-webapp
hosts:
@@ -43,7 +63,7 @@ ingress:

ingress-nginx:
controller:
ingressClass: "webapp-nginx"
ingressClass: webapp-nginx
ingressClassResource:
name: webapp-nginx
enabled: true
@@ -56,7 +76,7 @@ ingress-nginx:
loadbalancer.ovhcloud.com/class: "octavia"
loadbalancer.openstack.org/keep-floatingip: "true"
externalTrafficPolicy: Local
fullnameOverride: "webapp-ingress-nginx"
fullnameOverride: webapp-ingress-nginx

livenessProbe:
httpGet:
Binary file modified deploy/tf/secrets/ovh-creds.sh
Binary file not shown.
6 changes: 3 additions & 3 deletions webapp/README.md
Original file line number Diff line number Diff line change
@@ -6,13 +6,13 @@ Here, we will document how to deploy the webapp.

## Container

The webapp can be run in a container. The Dockerfile is in the `webapp/deploy` directory of the repository.
The webapp can be run in a container. The Dockerfile is in the `webapp` directory of the repository.

## Deployment

### Infrastructure

As a requirement for the webapp, we need a kubernetes cluster. Then the webapp consists in two parts to:

- terraform/tofu resources for a static floating IP address in `gfts-track-reconstruction/jupyterhub/tofu`
- helm charts for a configured kubernetes cluster `webapp/deploy/helm`
- terraform/tofu resources for a static floating IP address in `deploy/tf`
- helm charts for a configured kubernetes cluster `deploy/helm/webapp`

0 comments on commit 3366fcd

Please sign in to comment.