pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

feat(dispatch) add support for authentication plugins. Starting with auth header and doing the ground work for PKCE and basic auth.

Browse source
This commit is contained in:
Tommy 2023-12-16 20:33:01 +01:00
parent dde1030afa
commit efcafb9ccb
No known key found for this signature in database
6 changed files with 50 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/dispatch/Chart.yaml
View file

@ -1,4 +1,4 @@
apiVersion: v2 apiVersion: v2
name: dispatch name: dispatch
description: Netflix Dispatch incident management system description: Netflix Dispatch incident management system
version: 0.3.0 version: 0.3.1

8
charts/dispatch/templates/core-deployment.yaml
View file

@ -26,6 +26,8 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
env: env:
- name: MJML_PATH
value: /node_modules/.bin
- name: DISPATCH_UI_URL - name: DISPATCH_UI_URL
value: "{{ .Values.url }}" value: "{{ .Values.url }}"
- name: DATABASE_HOSTNAME - name: DATABASE_HOSTNAME
@ -34,6 +36,12 @@ spec:
value: "{{ .Values.postgres.port }}" value: "{{ .Values.postgres.port }}"
- name: DATABASE_NAME - name: DATABASE_NAME
value: "{{ .Values.postgres.database_name }}" value: "{{ .Values.postgres.database_name }}"
{{ if eq .Values.authentication.provider_slug "dispatch-auth-provider-header" }}
- name: DISPATCH_AUTHENTICATION_PROVIDER_SLUG
value: "{{ .Values.authentication.provider_slug }}"
- name: DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME
value: "{{ .Values.authentication.header.header_name }}"
{{ end }}
envFrom: envFrom:
- secretRef: - secretRef:
name: {{ .Values.envFromSecret }} name: {{ .Values.envFromSecret }}

8
charts/dispatch/templates/dispatch-db-init.yaml
View file

@ -21,6 +21,8 @@ spec:
image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}" image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}"
command: ["dispatch", "database", "init"] command: ["dispatch", "database", "init"]
env: &dispatchEnv env: &dispatchEnv
- name: MJML_PATH
value: /node_modules/.bin
- name: DISPATCH_UI_URL - name: DISPATCH_UI_URL
value: "{{ .Values.url }}" value: "{{ .Values.url }}"
- name: DATABASE_HOSTNAME - name: DATABASE_HOSTNAME
@ -29,6 +31,12 @@ spec:
value: "{{ .Values.postgres.port }}" value: "{{ .Values.postgres.port }}"
- name: DATABASE_NAME - name: DATABASE_NAME
value: "{{ .Values.postgres.database_name }}" value: "{{ .Values.postgres.database_name }}"
{{ if eq .Values.authentication.provider_slug "dispatch-auth-provider-header" }}
- name: DISPATCH_AUTHENTICATION_PROVIDER_SLUG
value: "{{ .Values.authentication.provider_slug }}"
- name: DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME
value: "{{ .Values.authentication.header.header_name }}"
{{ end }}
envFrom: envFrom:
- secretRef: - secretRef:
name: {{ .Values.envFromSecret }} name: {{ .Values.envFromSecret }}

12
charts/dispatch/templates/scheduler-deployment.yaml
View file

@ -21,6 +21,12 @@ spec:
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["dispatch", "scheduler", "start"] command: ["dispatch", "scheduler", "start"]
env: env:
- name: MJML_PATH
value: /node_modules/.bin
- name: DISPATCH_AUTHENTICATION_PROVIDER_SLUG
value: "{{ .Values.authentication.provider_slug }}"
- name: DISPATCH_AUTHENTICATION_DEFAULT_USER
value: dispatch@
- name: DISPATCH_UI_URL - name: DISPATCH_UI_URL
value: "{{ .Values.url }}" value: "{{ .Values.url }}"
- name: DATABASE_HOSTNAME - name: DATABASE_HOSTNAME
@ -29,6 +35,12 @@ spec:
value: "{{ .Values.postgres.port }}" value: "{{ .Values.postgres.port }}"
- name: DATABASE_NAME - name: DATABASE_NAME
value: "{{ .Values.postgres.database_name }}" value: "{{ .Values.postgres.database_name }}"
{{ if eq .Values.authentication.provider_slug "dispatch-auth-provider-header" }}
- name: DISPATCH_AUTHENTICATION_PROVIDER_SLUG
value: "{{ .Values.authentication.provider_slug }}"
- name: DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME
value: "{{ .Values.authentication.header.header_name }}"
{{ end }}
envFrom: envFrom:
- secretRef: - secretRef:
name: {{ .Values.envFromSecret }} name: {{ .Values.envFromSecret }}

8
charts/dispatch/templates/web-deployment.yaml
View file

@ -20,6 +20,8 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
command: ["dispatch", "database", "upgrade"] command: ["dispatch", "database", "upgrade"]
env: &dispatchEnv env: &dispatchEnv
- name: MJML_PATH
value: /node_modules/.bin
- name: DISPATCH_UI_URL - name: DISPATCH_UI_URL
value: "{{ .Values.url }}" value: "{{ .Values.url }}"
- name: DATABASE_HOSTNAME - name: DATABASE_HOSTNAME
@ -28,6 +30,12 @@ spec:
value: "{{ .Values.postgres.port }}" value: "{{ .Values.postgres.port }}"
- name: DATABASE_NAME - name: DATABASE_NAME
value: "{{ .Values.postgres.database_name }}" value: "{{ .Values.postgres.database_name }}"
{{ if eq .Values.authentication.provider_slug "dispatch-auth-provider-header" }}
- name: DISPATCH_AUTHENTICATION_PROVIDER_SLUG
value: "{{ .Values.authentication.provider_slug }}"
- name: DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME
value: "{{ .Values.authentication.header.header_name }}"
{{ end }}
envFrom: &envFrom envFrom: &envFrom
- secretRef: - secretRef:
name: {{ .Values.envFromSecret }} name: {{ .Values.envFromSecret }}

13
charts/dispatch/values.yaml
View file

@ -16,6 +16,19 @@ initContainers:
url: http://localhost:80 url: http://localhost:80
authentication:
#provider_slug: dispatch-auth-provider-basic
# provider_slug: dispatch-auth-provider-pkce
pkce:
dont_verify_at_hash: false
openid_connect_url:
client_id:
use_id_token:
provider_slug: dispatch-auth-provider-header
header:
header_name: Tailscale-User-Login
core: core:
enabled: true enabled: true