Skip to content

Commit

Permalink
Added support to SSL (#17)
Browse files Browse the repository at this point in the history
* Moving secrets
* Added support to SSL
* Fixed command in slack-app
* Fixed readinessProbe slack-app
  • Loading branch information
petruki authored Jul 4, 2023
1 parent a15a978 commit 3f3452e
Show file tree
Hide file tree
Showing 12 changed files with 137 additions and 25 deletions.
35 changes: 23 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ helm uninstall switcherapi --namespace switcherapi

| Name | Description | Value |
| ----------------------------- | ---------------------------------------------- | ---------------------- |
| `api.env.sslSecretName` | API SSL Secret Name (enable HTTPS) | `` |
| `api.env.resourceSecret` | API Swagger (user: admin) | `admin` |
| `api.env.switcherApiLogger` | API log | true |
| `api.env.historyActivated` | API Change Log record | true |
Expand All @@ -69,12 +70,12 @@ helm uninstall switcherapi --namespace switcherapi
| `api.env.jwtAdminTokenRenewInterval` | User token renew interval | `5m` |
| `api.env.jwtClientTokenExpTime` | Component token renew interval | `5m` |
| `api.env.mongoUri` | API Database URI | < see values.yml > |
| `api.env.bitbucketClientId` | Bitbucket Client Id | '' |
| `api.env.bitbucketClientSecret` | Bitbucket Client Secret | '' |
| `api.env.githubClientId` | GitHub Client Id | '' |
| `api.env.githubClientSecret` | GitHub Client Secret | '' |
| `api.env.googleRecaptchaSecret` | Google ReCaptcha Secret | '' |
| `api.env.switcherSlackJwtSecret`| Switcher Slack Secret | '' |
| `api.env.bitbucketClientId` | Bitbucket Client Id | `` |
| `api.env.bitbucketClientSecret` | Bitbucket Client Secret | `` |
| `api.env.githubClientId` | GitHub Client Id | `` |
| `api.env.githubClientSecret` | GitHub Client Secret | `` |
| `api.env.googleRecaptchaSecret` | Google ReCaptcha Secret | `` |
| `api.env.switcherSlackJwtSecret`| Switcher Slack Secret | `` |

### Management parameters

Expand All @@ -85,12 +86,12 @@ helm uninstall switcherapi --namespace switcherapi

| Name | Description | Value |
| ------------------------------------- | ---------------------------------------------- | ------------------------- |
| `management.env.switcherApiUrl` | Switcher API URI | `http://127.0.0.1:3000` |
| `management.env.switcherManagementUrl`| Management callback URI | `http://127.0.0.1:8080` |
| `management.env.googleRecaptcha` | Google ReCaptcha Public Key | '' |
| `management.env.bitbucketClientId` | Bitbucket Client Id | '' |
| `management.env.githubClientId` | GitHub Client Id | '' |
| `management.env.switcherSlackUrl` | Switcher Slack App URL | '' |
| `management.env.switcherApiUrl` | Switcher API URL | `http://localhost:3000` |
| `management.env.switcherManagementUrl`| Management callback URL | `http://localhost:8080` |
| `management.env.switcherSlackUrl` | Switcher Slack App URL | `http://localhost:5000` |
| `management.env.googleRecaptcha` | Google ReCaptcha Public Key | `` |
| `management.env.bitbucketClientId` | Bitbucket Client Id | `` |
| `management.env.githubClientId` | GitHub Client Id | `` |

## Local

Expand All @@ -100,6 +101,15 @@ helm install -f charts/switcher-api/values.yaml switcherapi ./charts/switcher-ap
--namespace=switcherapi --create-namespace
```

SSL Enabled
```console
helm install -f charts/switcher-api/values.yaml switcherapi ./charts/switcher-api/ \
--namespace=switcherapi --create-namespace \
--set api.env.sslSecretName="[CHANGE_ME]" \
--set management.env.switcherApiUrl="https://localhost:3000" \
--set management.env.switcherManagementUrl="https://localhost:8080"
```

# Switcher Slack App Helm Charts

Deploy Switcher Slack App using `switcherapi/switcher-slack-app` Helm Charts.
Expand Down Expand Up @@ -139,6 +149,7 @@ helm uninstall switcherslackapp --namespace switcherapi
| `app.env.switcherAPIUrl` | Switcher API URL | `` |
| `app.env.slackSigningSecret` | Slack Signing Secret | `` |
| `app.env.slackClientSecret` | Slack Client Secret | `` |
| `app.env.sslSecretName` | App SSL Secret Name (enable HTTPS) | `` |

## Local

Expand Down
2 changes: 1 addition & 1 deletion charts/switcher-api/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ maintainers:
url: https://github.com/petruki

type: application
version: 1.0.9
version: 1.1.0
appVersion: "latest"
14 changes: 11 additions & 3 deletions charts/switcher-api/templates/NOTES.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,19 @@ Looks good! To access Switcher API, follow the 3 steps below:

1. Port-forward UI and API services:

kubectl -n {{ .Release.Namespace }} port-forward svc/switcher-api 3000:{{ .Values.api.service.port }} & \
kubectl -n {{ .Release.Namespace }} port-forward svc/switcher-management 8080:{{ .Values.management.service.port }} &
kubectl -n {{ .Release.Namespace }} port-forward svc/switcher-api {{ .Values.api.port }}:{{ .Values.api.service.port }} & \
{{- if .Values.api.env.sslSecretName }}
kubectl -n {{ .Release.Namespace }} port-forward svc/switcher-management {{ .Values.management.service.port }}:{{ .Values.management.service.portTls }} &
{{- else }}
kubectl -n {{ .Release.Namespace }} port-forward svc/switcher-management {{ .Values.management.service.port }}:{{ .Values.management.service.port }} &
{{- end }}

2. Access UI:

http://localhost:8080
{{- if .Values.api.env.sslSecretName }}
https://localhost:{{ .Values.management.service.port }}
{{- else }}
http://localhost:{{ .Values.management.service.port }}
{{- end }}

3. Happy Switcher!
6 changes: 6 additions & 0 deletions charts/switcher-api/templates/api/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@ metadata:
labels:
{{- include "switcher-api.labels" . | nindent 4 }}
data:
# SSL settings
{{- if .Values.api.env.sslSecretName }}
SSL_CERT: "/etc/certs/tls.crt"
SSL_KEY: "/etc/certs/tls.key"
{{- end -}}

# Global settings
SWITCHER_API_LOGGER: {{ .Values.api.env.switcherApiLogger | quote }}
HISTORY_ACTIVATED: {{ .Values.api.env.historyActivated | quote }}
Expand Down
17 changes: 17 additions & 0 deletions charts/switcher-api/templates/api/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.api.env.sslSecretName }}
volumes:
- name: secret-tls
secret:
secretName: {{ .Values.api.env.sslSecretName }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
Expand All @@ -39,6 +45,11 @@ spec:
httpGet:
path: /check
port: http
{{- if .Values.api.env.sslSecretName }}
scheme: HTTPS
{{- else }}
scheme: HTTP
{{- end }}
resources:
{{- toYaml .Values.api.resources | nindent 12 }}
env:
Expand All @@ -48,6 +59,12 @@ spec:
{{- with .Values.api.envFrom }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.api.env.sslSecretName }}
volumeMounts:
- name: secret-tls
mountPath: /etc/certs
readOnly: true
{{- end }}
{{- with .Values.api.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
26 changes: 26 additions & 0 deletions charts/switcher-api/templates/manager/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ spec:
labels:
{{- include "switcher-management.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.api.env.sslSecretName }}
volumes:
- name: secret-tls
secret:
secretName: {{ .Values.api.env.sslSecretName }}
{{- end }}
{{- with .Values.management.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
Expand All @@ -30,21 +36,41 @@ spec:
securityContext:
{{- toYaml .Values.management.securityContext | nindent 12 }}
image: "{{ .Values.management.image.repository }}:{{ .Values.management.image.tag | default .Chart.AppVersion }}"
{{- if .Values.api.env.sslSecretName }}
command: ["/bin/sh", "-c", "./setup.sh true"]
{{- else }}
command: ["/bin/sh", "-c", "./setup.sh false"]
{{- end }}
imagePullPolicy: {{ .Values.management.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.management.port }}
protocol: TCP
- name: https
containerPort: {{ .Values.management.portTls }}
protocol: TCP
readinessProbe:
httpGet:
path: /
{{- if .Values.api.env.sslSecretName }}
port: https
scheme: HTTPS
{{- else }}
port: http
scheme: HTTP
{{- end }}
resources:
{{- toYaml .Values.management.resources | nindent 12 }}
envFrom:
{{- with .Values.management.envFrom }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.api.env.sslSecretName }}
volumeMounts:
- name: secret-tls
mountPath: /etc/nginx/conf.d
readOnly: true
{{- end }}
{{- with .Values.management.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
8 changes: 6 additions & 2 deletions charts/switcher-api/templates/manager/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,13 @@ metadata:
spec:
type: {{ .Values.management.service.type }}
ports:
- port: {{ .Values.management.service.port }}
- name: http
port: {{ .Values.management.service.port }}
targetPort: http
protocol: TCP
name: http
- name: https
protocol: TCP
port: {{ .Values.management.service.portTls }}
targetPort: {{ .Values.management.service.portTls }}
selector:
{{- include "switcher-management.selectorLabels" . | nindent 4 }}
11 changes: 8 additions & 3 deletions charts/switcher-api/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ api:
metricsActivated: true
googleSkipAuth: true

# Enable SSL (tls.crt and tls.key)
sslSecretName: ""

image:
repository: trackerforce/switcher-api
pullPolicy: IfNotPresent
Expand Down Expand Up @@ -56,11 +59,12 @@ api:
management:
replicaCount: 1
port: 80
portTls: 443

env:
switcherApiUrl: "http://127.0.0.1:3000"
switcherManagementUrl: "http://127.0.0.1:8080"
switcherSlackUrl: "http://127.0.0.1:3000"
switcherApiUrl: "http://localhost:3000"
switcherManagementUrl: "http://localhost:8080"
switcherSlackUrl: "http://localhost:5000"

image:
repository: trackerforce/switcher-management
Expand All @@ -80,6 +84,7 @@ management:
service:
type: ClusterIP
port: 8080
portTls: 443

resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
Expand Down
2 changes: 1 addition & 1 deletion charts/switcher-slack-app/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ maintainers:
url: https://github.com/petruki

type: application
version: 1.0.5
version: 1.0.6
appVersion: "latest"
8 changes: 6 additions & 2 deletions charts/switcher-slack-app/templates/NOTES.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,14 @@ Test the installation with the steps below:

1. Port-forward UI and App service:

kubectl -n {{ .Release.Namespace }} port-forward svc/switcher-slack-app 5000:{{ .Values.app.service.port }} &
kubectl -n {{ .Release.Namespace }} port-forward svc/switcher-slack-app {{ .Values.app.service.port }}:{{ .Values.app.service.port }} &

2. Check pod health:

http://localhost:5000/check
{{- if .Values.app.env.sslSecretName }}
https://localhost:{{ .Values.app.service.port }}/check
{{- else }}
http://localhost:{{ .Values.app.service.port }}/check
{{- end }}

3. Happy Slack with Switcher API!
30 changes: 29 additions & 1 deletion charts/switcher-slack-app/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ spec:
labels:
{{- include "switcher-slack-app.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.app.env.sslSecretName }}
volumes:
- name: secret-tls
secret:
secretName: {{ .Values.app.env.sslSecretName }}
{{- end }}
{{- with .Values.app.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
Expand All @@ -31,7 +37,18 @@ spec:
{{- toYaml .Values.app.securityContext | nindent 12 }}
image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.app.image.pullPolicy }}
command: ["gunicorn", "--bind", "0.0.0.0:{{ .Values.app.port }}", "--chdir", "/home/app", "app:flask_app"]
{{- if .Values.app.env.sslSecretName }}
command: [
"gunicorn",
"--certfile=/etc/certs/tls.crt", "--keyfile=/etc/certs/tls.key",
"--bind", "0.0.0.0:{{ .Values.app.port }}",
"--chdir", "/home/app", "app:flask_app"]
{{- else }}
command: [
"gunicorn",
"--bind", "0.0.0.0:{{ .Values.app.port }}",
"--chdir", "/home/app", "app:flask_app"]
{{- end }}
ports:
- name: http
containerPort: {{ .Values.app.port }}
Expand All @@ -40,12 +57,23 @@ spec:
httpGet:
path: /check
port: http
{{- if .Values.app.env.sslSecretName }}
scheme: HTTPS
{{- else }}
scheme: HTTP
{{- end }}
resources:
{{- toYaml .Values.app.resources | nindent 12 }}
envFrom:
{{- with .Values.app.envFrom }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.app.env.sslSecretName }}
volumeMounts:
- name: secret-tls
mountPath: /etc/certs
readOnly: true
{{- end }}
{{- with .Values.app.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
3 changes: 3 additions & 0 deletions charts/switcher-slack-app/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ app:
switcherManagementUrl: "https://cloud.switcherapi.com"
switcherAPIUrl: "https://switcherapi.com/api"

# Enable SSL (tls.crt and tls.key)
sslSecretName: ""

image:
repository: trackerforce/switcher-slack-app
pullPolicy: IfNotPresent
Expand Down

0 comments on commit 3f3452e

Please sign in to comment.