Merge pull request #22 from kerberos-io/feature/turn-on-off-ingress-add-workflows

Add possibility to turn on/off ingress

Author: cedricve

.github/workflows/kind-cloud.yaml

@@ -0,0 +1,42 @@
+name: Deploy on Kind
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        kind: [v0.21.0, v0.22.0, v0.23.0, v0.24.0]
+    steps:
+      - name: Create k8s Kind Cluster
+        uses: helm/kind-action@v1
+        with:
+          version: ${{ matrix.kind }}
+      - name: Print Kubernetes Version
+        run: |
+          kubectl version
+      - name: Test Kubernetes Cluster
+        run: |
+          kubectl get no
+          kubectl get pods -A -o wide
+          kubectl get sc
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install Prometheus operator
+        id: install-prometheus-operator
+        run: |
+          kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.1/bundle.yaml
+          echo "Sleeping for 30 seconds, give time for the operator to create the CRDs" && sleep 30
+          kubectl get crd
+          kubectl get po -A -o wide
+      - name: Install Kerberos Hub helm chart
+        id: install-kerberos-hub
+        run: |
+          kubectl create namespace kerberos-hub
+          helm install hub ./charts/hub --values charts/hub/values.yaml -n kerberos-hub --create-namespace
+          echo "Sleeping for 300 seconds, give time for the helm chart to create the pods" && sleep 300
+          kubectl get pods -A -o wide
+          kubectl get pods -A -o wide | grep hub-frontend | awk '{print $3}' | grep -q '1/1' && echo "hub-frontend pod is running with status 1/1" || (echo "kerberos-hub pod is not running with status 1/1" && exit 1)

.github/workflows/microk8s.yaml

@@ -0,0 +1,43 @@
+name: Deploy on Microk8s
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  deploy:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-20.04, ubuntu-22.04, ubuntu-24.04]
+    name: MicroK8s
+    steps:
+      - uses: balchua/[email protected]
+        with:
+          channel: "1.30/stable"
+          addons: '["dns", "dashboard", "hostpath-storage", "nvidia"]'
+      - name: Set permissions
+        run: |
+          sudo chown -f -R $USER $HOME/.kube $HOME/.config
+      - name: Test MicroK8s
+        id: list-pods
+        run: |
+          kubectl get no
+          kubectl get pods -A -o wide
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install Prometheus operator
+        id: install-prometheus-operator
+        run: |
+          kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.1/bundle.yaml
+          echo "Sleeping for 30 seconds, give time for the operator to create the CRDs" && sleep 30
+          kubectl get crd
+          kubectl get po -A -o wide
+      - name: Install Kerberos Hub helm chart
+        id: install-kerberos-hub
+        run: |
+          kubectl create namespace kerberos-hub
+          helm install hub ./charts/hub --values charts/hub/values.yaml -n kerberos-hub --create-namespace
+          echo "Sleeping for 300 seconds, give time for the helm chart to create the pods" && sleep 300
+          kubectl get pods -A -o wide
+          kubectl get pods -A -o wide | grep hub-frontend | awk '{print $3}' | grep -q '1/1' && echo "hub-frontend pod is running with status 1/1" || (echo "kerberos-hub pod is not running with status 1/1" && exit 1)

charts/hub/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.73.0
+version: 0.74.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/hub/templates/kerberos-hub/hub-api.yaml

@@ -16,6 +16,7 @@ spec:
       protocol: TCP
   selector:
     app: hub-api
+{{ if ne .Values.ingress "" }}
 ---
 {{ if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
 apiVersion: networking.k8s.io/v1
@@ -92,6 +93,7 @@ spec:
               servicePort: 8081
     {{- end }}
   {{ end }}
+{{- end }}
 ---
 apiVersion: apps/v1
 kind: Deployment

charts/hub/templates/kerberos-hub/hub-frontend-demo.yaml

@@ -12,6 +12,7 @@ spec:
     name: http
   selector:
     app: hub-frontend-demo
+{{ if ne .Values.ingress "" }}
 ---
 {{ if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
 apiVersion: networking.k8s.io/v1
@@ -55,6 +56,7 @@ spec:
               serviceName: hub-frontend-demo-svc
               servicePort: 80
   {{ end }}
+{{ end }}
 ---
 apiVersion: apps/v1
 kind: Deployment

charts/hub/templates/kerberos-hub/hub-frontend.yaml

@@ -12,6 +12,7 @@ spec:
     name: http
   selector:
     app: hub-frontend
+{{ if ne .Values.ingress "" }}
 ---
 {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
 apiVersion: networking.k8s.io/v1
@@ -103,6 +104,7 @@ spec:
               servicePort: 80
     {{- end }}
   {{- end }}
+{{- end }}
 {{- if eq .Values.kerberoshub.oauth2Proxy.enabled true  }}
 ---
 apiVersion: networking.k8s.io/v1

charts/hub/values.yaml

@@ -62,16 +62,16 @@ queueName: "kcloud-event-queue" # This is the topic to which all events are send
 # RabbitMQ can be installed in the same cluster using a helm chart, or you can
 # use a service on  cloud provider like AWS, GCP, Azure, etc.
 rabbitmq:
-  host: "<rabbitmq.rabbitmq:5672>" # can be internal dns name or external
+  host: "rabbitmq.rabbitmq:5672" # can be internal dns name or external
   #host: "amqps://b-xxx-xxx-xxx-xxx-xxx.mq.eu-central-1.amazonaws.com:5671"
-  username: "<yourusername>"
-  password: "<yourpassword>"
+  username: "yourusername"
+  password: "yourpassword"
   exchange: ""
 # If you already have a Kafka cluster you might use this instead of RabbitMQ.
 kafka:
-  broker: "<kafka1.yourdomain.com:9094>" # can be internal dns name or external
-  username: "<yourusername>"
-  password: "<yourpassword>"
+  broker: "kafka1.yourdomain.com:9094" # can be internal dns name or external
+  username: "yourusername"
+  password: "yourpassword"
   mechanism: "PLAIN"
   security: "SASL_PLAINTEXT"
 # For allowing WEBRTC a STUN and TURN server is required.
@@ -166,35 +166,35 @@ kerberoshub:
     #legacyUrl: "api.legacy.yourdomain.com"
 
     # MFA issuer name
-    mfaIssuer: "<yourdomain.com>"
+    mfaIssuer: "yourdomain.com"
     # Admin API's are made available for automation of Kerberos Hub.
     # To access those API's (e.g. creation of owner users), an API key needs to be provided.
-    apiKey: "<a-random-admin-api-key>"
+    apiKey: "a-random-admin-api-key"
     ## Certificates
     tls:
       - hosts:
-          - "<api.yourdomain.com>"
+          - "api.yourdomain.com"
         secretName: kerberoshub-api
       #- hosts:
       #    - "api.legacy.yourdomain.com"
       #  secretName: kerberoshub-api-legacy
       - hosts:
-          - "<admin.api.yourdomain.com>"
+          - "admin.api.yourdomain.com"
         secretName: kerberoshub-admin
     language: "english"
     fallbackLanguage: "english"
     # Legacy (reseller) it is possible to link to AWS S3 and IAM (however Kerberos Vault is now the recommended option).
     # This is primarily used for creation of subscriptions, and not needed if you are using mainly Kerberos Vault.
     aws:
-      region: "<xxx>"
-      bucket: "<xxx>"
-      accessKey: "<xxx>"
-      secretKey: "<xxx>"
+      region: "xxx"
+      bucket: "xxx"
+      accessKey: "xxx"
+      secretKey: "xxx"
     stripe: # We use stripe for billing, so it's possible to resell Kerberos Hub if agreed.
-      privateKey: "<xxx>"
+      privateKey: "xxx"
     slack: # Slack is used in the api, to send logs to a specific Slack channel.
       enabled: "true"
-      hook: "<yourslackhook>" # https://hooks.slack.com/services/T08Q2Q9V5/xxKT/JALxxAk26bHtuqTfZ
+      hook: "yourslackhook" # https://hooks.slack.com/services/T08Q2Q9V5/xxKT/JALxxAk26bHtuqTfZ
       username: "Kerberos Hub" # The slack username
     elasticsearch: # Logs of the kerberos hub will be send to an elastic search cluster.
       enabled: "false"
@@ -331,11 +331,11 @@ kerberoshub:
   oauth2Proxy:
     enabled: false
     github:
-      clientId: "<github-client-id>"
-      clientSecret: "<github-client-secret>"
-      cookieSecret: "<generate-a-random-cookie-secret>"
-      organization: "<github-organization>"
-      team: "<github-team>"
+      clientId: "github-client-id"
+      clientSecret: "github-client-secret"
+      cookieSecret: "generate-a-random-cookie-secret"
+      organization: "github-organization"
+      team: "github-team"
   cleanup:
     repository: kerberos/hub-cleanup
     pullPolicy: IfNotPresent