From d8d8ede903bbf956ef1e49c065dd8921b0693594 Mon Sep 17 00:00:00 2001 From: Benjamin Cogrel Date: Thu, 20 Jun 2024 11:57:01 +0200 Subject: [PATCH] README improved. --- .gitignore | 4 +++- README.md | 56 +++++++++++++++++++++++++++++++++++++-------- values.example.yaml | 11 +-------- 3 files changed, 51 insertions(+), 20 deletions(-) diff --git a/.gitignore b/.gitignore index f6e1422..5e9f67a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -secrets \ No newline at end of file +secrets +user-license +values.yaml diff --git a/README.md b/README.md index 36b3327..9c69320 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,9 @@ Optionally, you can install : Getting started --------------- -### Create a cluster, see k3d example -[k3d cluster example](./k3d-example/k3d-cluster-example.md) +### Create a cluster + +See the [k3d cluster example](./k3d-example/k3d-cluster-example.md) if you want to install it locally. ### Create the namespace @@ -75,11 +76,41 @@ store-server: ``` +### Change the default cookie secret + +By default, the cookie secret is created with a **non-random** value. For providing a custom value: +```sh +docker run ghcr.io/ontopic-vkg/ontopic-helm/identity-service:helm-v2024.1.2 generate cookie > "./secrets/cookie-secret" +kubectl create secret generic custom-cookie \ + --from-file=cookie-secret=./secrets/cookie-secret +``` + +Then edit the `values.yaml` file to replace `cookie-secret` by `custom-cookie`: +```yaml +identity-service: + secrets: + # ... + custom-cookie: /run/secrets/cookie-secret +``` + ### Create a user and set password as secret -Ontopic Studio has a default user _test_ with password _test_. You can skip this section or customize this value, creating a new user and secret using the script _./create-user.sh_ +Ontopic Studio has a default user _test_ with password _test_. If you want to use the default user and didn't create an `identity-service` section in `values.yaml` (e.g. when using a custom cookie), you can skip this section. -Create the secret with the script, a new file with the chosen password will be generated in a new folder _secrets_ +#### Use default user + +To use the default user in an existing `identity-service`section, add the following entry: + +```yaml +identity-service: + secrets: + # ... + password-file-db: /run/secrets/password-file-db +``` + +#### Create new user + +To create a new user and secret use the script _./create-user.sh_. A new file with the chosen password will be generated in a new folder _secrets_: ```bash @@ -105,19 +136,26 @@ kubectl create secret generic identity-password-db \ --from-file=password-file-db=./secrets/password-file-db ``` -And then you customize your values file with the secrets (all necessary secrets need to be passed not only the edited one) : +And then you need to add the created secret in your values file: ```yaml identity-service: secrets: + # ... identity-password-db: /run/secrets/password-file-db - client-secret: /run/secrets/client-secret +``` + +If you didn't specify a custom cookie secret, please also include the following entry: + +```yaml +identity-service: + secrets: + # ... cookie-secret: /run/secrets/cookie-secret - azure-api-client-secret: /run/secrets/azure-api-client-secret - okta-ssws-token: /run/secrets/okta-ssws-token - keycloak-admin-password-file: /run/secrets/keycloak-admin-password-file ``` + + ### Add the license as secret Add the provided ontopic-studio license as secret. diff --git a/values.example.yaml b/values.example.yaml index 79d5afa..cea9d17 100644 --- a/values.example.yaml +++ b/values.example.yaml @@ -25,13 +25,4 @@ store-server: web: env: ONTOP_ENDPOINT_SERVICE_HOST: ontop-endpoint.ontopic.svc.cluster.local - # virtual_host: ontopicosse.local - -# identity-service: -# secrets: -# client-secret: /run/secrets/client-secret -# cookie-secret: /run/secrets/cookie-secret -# azure-api-client-secret: /run/secrets/azure-api-client-secret -# okta-ssws-token: /run/secrets/okta-ssws-token -# keycloak-admin-password-file: /run/secrets/keycloak-admin-password-file -# identity-password-db: /run/secrets/password-file-db \ No newline at end of file + # virtual_host: ontopicosse.local \ No newline at end of file