From d328d26a1dacbec0300625d835ce52c6cef8ca77 Mon Sep 17 00:00:00 2001 From: David Ragot <35502263+Dav-14@users.noreply.github.com> Date: Tue, 28 Jan 2025 17:05:12 +0100 Subject: [PATCH 1/9] feat(cloudprem): update console-v2, console-v3, membership, portal according to cookie and oauth spec --- .local/build.sh | 1 + charts/cloudprem/Chart.lock | 12 +- charts/cloudprem/Chart.yaml | 18 +-- charts/cloudprem/README.md | 71 +++++---- charts/cloudprem/README.md.gotmpl | 17 +++ charts/cloudprem/values.schema.json | 31 +--- charts/cloudprem/values.yaml | 19 +-- charts/console-v3/Chart.yaml | 16 +- charts/console-v3/README.md | 22 ++- charts/console-v3/templates/_helpers.tpl | 34 +++-- charts/console-v3/values.schema.json | 87 ++++++----- charts/console-v3/values.yaml | 82 +++++----- charts/console/Chart.yaml | 16 +- charts/console/README.md | 20 ++- charts/console/templates/_helpers.tpl | 44 +++--- charts/console/values.schema.json | 73 ++++----- charts/console/values.yaml | 84 +++++------ charts/membership/Chart.yaml | 28 ++-- charts/membership/README.md | 29 ++-- charts/membership/templates/_helpers.tpl | 14 +- charts/membership/templates/configmap.yaml | 29 ++-- charts/membership/values.schema.json | 97 ++++++++---- charts/membership/values.yaml | 166 +++++++++++---------- charts/portal/Chart.yaml | 4 +- charts/portal/README.md | 26 ++-- charts/portal/templates/_helpers.tpl | 44 +++--- charts/portal/values.schema.json | 81 +++++----- charts/portal/values.yaml | 94 +++++------- test/helm/suite/cloudprem_test.go | 2 +- test/helm/suite/console_test.go | 12 +- 30 files changed, 665 insertions(+), 608 deletions(-) diff --git a/.local/build.sh b/.local/build.sh index 80c3eef..c504143 100755 --- a/.local/build.sh +++ b/.local/build.sh @@ -30,6 +30,7 @@ for chart in "$CHARTS_DIR"/*; do if [ -f "$chart/Chart.yaml" ]; then echo " Mise à jour des dépendances..." helm dependencies update "$chart" + helm template "$chart" --values "$chart/values.yaml" else echo " Chart.yaml non trouvé, saut de la mise à jour des dépendances." fi diff --git a/charts/cloudprem/Chart.lock b/charts/cloudprem/Chart.lock index 7b94024..2d7d858 100644 --- a/charts/cloudprem/Chart.lock +++ b/charts/cloudprem/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: membership repository: file://../membership - version: 1.2.0 + version: 2.0.0 - name: portal repository: file://../portal - version: 1.2.0 + version: 2.0.0 - name: console repository: file://../console - version: 1.2.0 + version: 2.0.0 - name: console-v3 repository: file://../console-v3 - version: 1.2.0 -digest: sha256:938db358858258b29e0bde4a8e32b3b35afed6b8d15d38278e9e5f38dac14feb -generated: "2025-01-24T17:11:17.166768+01:00" + version: 2.0.0 +digest: sha256:4e08bb3b7b0682fefa4f6472d42e3d8923b19c89df910ad57853c6192ced6adf +generated: "2025-01-28T15:53:28.978377572Z" diff --git a/charts/cloudprem/Chart.yaml b/charts/cloudprem/Chart.yaml index 060c216..090ad63 100644 --- a/charts/cloudprem/Chart.yaml +++ b/charts/cloudprem/Chart.yaml @@ -32,31 +32,31 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.2.1 +version: 3.0.0-rc.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.36.2" +appVersion: "v1.0.4" kubeVersion: ">=1.14.0-0" sources: [] dependencies: - name: membership - version: 1.X + version: 2.X repository: file://../membership - condition: membership.enabled + condition: global.platform.membership.enabled - name: portal - version: 1.X + version: 2.X repository: file://../portal - condition: portal.enabled + condition: global.platform.portal.enabled - name: console - version: 1.X + version: 2.X repository: file://../console - condition: console.enabled + condition: global.platform.console.enabled - name: console-v3 - version: 1.X + version: 2.X repository: file://../console-v3 condition: global.platform.consoleV3.enabled diff --git a/charts/cloudprem/README.md b/charts/cloudprem/README.md index 14bd9c2..5d3f50d 100644 --- a/charts/cloudprem/README.md +++ b/charts/cloudprem/README.md @@ -1,5 +1,5 @@ [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cloudprem)](https://artifacthub.io/packages/search?repo=cloudprem) -![Version: 2.2.1](https://img.shields.io/badge/Version-2.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.36.2](https://img.shields.io/badge/AppVersion-v0.36.2-informational?style=flat-square) +![Version: 3.0.0-rc.0](https://img.shields.io/badge/Version-3.0.0--rc.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.4](https://img.shields.io/badge/AppVersion-v1.0.4-informational?style=flat-square) # Formance Cloudprem Helm Chart @@ -269,6 +269,22 @@ See [profiles](./profiles) for more examples. ## Migration +### From v2.X.X To v3.0.0 + +> No configuration changes are required for this upgrade. + +Membership service contain a behavior breaking changes within the RBAC module. + +Before, permissions were managed dynamically on the organization and stack with a *fallback* on the organization resource. (default organization accesses and default stack accesses). Which led to a lot of confusion and inconsistency regarding the users permissions + +Now, the fallback has been removed from the RBAC module and is only used when a new user joins the organization. + +Note: `Console-v3` (experimental) and `Portal` have been updated to manage the new RBAC module. + +## Breaking changes + +TODO: Add breaking changes + ### From v1.0.X To v2.0.X A global configuration has been introduced to manage values accross different services. To see the detail of the default values, please refer to the [Global Parameters](#global-configuration) section. @@ -339,8 +355,6 @@ Dex: |-----|------|---------|-------------| | global.aws.elb | bool | `false` | Enable AWS ELB across all services, appropriate .aws.targertGroup must be set | | global.aws.iam | bool | `false` | Enable AWS IAM Authentification | -| console.aws | object | `{"targetGroups":{"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Console target groups | -| console-v3.aws | object | `{"targetGroups":{"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Console target groups | | membership.aws | object | `{"targetGroups":{"grpc":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.grpc.port }}"},"targetGroupARN":"","targetType":"ip"},"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Membership target groups | | membership.dex.aws | object | `{"targetGroups":{"dex-http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"dex.fullname\" .Subcharts.dex }}","port":"{{ .Values.dex.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Target Groups | | portal.aws | object | `{"targetGroups":{"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Portal target groups | @@ -363,26 +377,28 @@ Dex: | global.nats.url | string | `""` | NATS URL: nats://nats:4222 nats://$PUBLISHER_NATS_USERNAME:$PUBLISHER_NATS_PASSWORD@nats:4222 | | global.platform.console.host | string | `"console.{{ .Values.global.serviceHost }}"` | is the host for the console | | global.platform.console.scheme | string | `"https"` | is the scheme for the console | -| global.platform.consoleV3 | object | `{"host":"console.v3.{{ .Values.global.serviceHost }}","scheme":"https"}` | Console V3: EXPERIMENTAL | +| global.platform.consoleV3 | object | `{"host":"console.v3.{{ .Values.global.serviceHost }}","oauth":{"client":{"existingSecret":"","id":"platform","secret":"changeMe1","secretKeys":{"secret":""}}},"scheme":"https"}` | Console V3: EXPERIMENTAL | | global.platform.consoleV3.host | string | `"console.v3.{{ .Values.global.serviceHost }}"` | is the host for the console | +| global.platform.consoleV3.oauth.client.existingSecret | string | `""` | is the name of the secret | +| global.platform.consoleV3.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.consoleV3.oauth.client.scopes | list | `["supertoken","accesses","remember_me","keep_refresh_token"]` | is the name of the secret | +| global.platform.consoleV3.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | +| global.platform.consoleV3.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.consoleV3.scheme | string | `"https"` | is the scheme for the console | -| global.platform.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | -| global.platform.cookie.existingSecret | string | `""` | is the name of the secret | -| global.platform.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | -| global.platform.enabled | bool | `true` | Enable platform oauth2 client | | global.platform.membership.host | string | `"membership.{{ .Values.global.serviceHost }}"` | is the host for the membership | -| global.platform.membership.oauthClient.existingSecret | string | `""` | is the name of the secret | -| global.platform.membership.oauthClient.id | string | `"platform"` | is the id of the client | -| global.platform.membership.oauthClient.secret | string | `"changeMe1"` | is the secret of the client | -| global.platform.membership.oauthClient.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.membership.relyingParty.host | string | `"dex.{{ .Values.global.serviceHost }}"` | is the host for the membership | | global.platform.membership.relyingParty.path | string | `""` | is the path for the relying party issuer | | global.platform.membership.relyingParty.scheme | string | `"https"` | is the scheme for the membership | | global.platform.membership.scheme | string | `"https"` | is the scheme for the membership | -| global.platform.portal.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | -| global.platform.portal.cookie.existingSecret | string | `""` | is the name of the secret | -| global.platform.portal.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | +| global.platform.portal.oauth.client.existingSecret | string | `""` | is the name of the secret | +| global.platform.portal.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.portal.oauth.client.scopes | list | `["supertoken","accesses","remember_me","keep_refresh_token"]` | is the name of the secret | +| global.platform.portal.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | +| global.platform.portal.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | +| global.platform.portal.oauth.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId It is not shared with console-v3 and the domain is only limited to portal app | +| global.platform.portal.oauth.cookie.existingSecret | string | `""` | is the name of the secret | +| global.platform.portal.oauth.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | global.platform.portal.scheme | string | `"https"` | is the scheme for the portal | | global.postgresql.additionalArgs | string | `"sslmode=disable"` | Additional arguments for PostgreSQL Connection URI | | global.postgresql.auth.database | string | `"formance"` | Name for a custom database to create (overrides `auth.database`) | @@ -395,6 +411,9 @@ Dex: | global.postgresql.host | string | `""` | Host for PostgreSQL (overrides included postgreql `host`) | | global.postgresql.service.ports.postgresql | int | `5432` | PostgreSQL service port (overrides `service.ports.postgresql`) | | global.serviceHost | string | `""` | is the base domain for portal and console | +| console-v3.config.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | +| console-v3.config.cookie.existingSecret | string | `""` | is the name of the secret | +| console-v3.config.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | membership.config.migration.postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`). | | membership.config.migration.postgresql.auth.password | string | `""` | Password for the "postgres" admin user (overrides `auth.postgresPassword`) | | membership.config.migration.postgresql.auth.secretKeys.adminPasswordKey | string | `""` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | @@ -408,7 +427,7 @@ Dex: | membership.dex.configOverrides.enablePasswordDB | bool | `true` | enable password db | | membership.dex.configOverrides.oauth2.responseTypes | list | `["code","token","id_token"]` | oauth2 response types | | membership.dex.configOverrides.oauth2.skipApprovalScreen | bool | `true` | oauth2 skip approval screen | -| membership.dex.configOverrides.staticPasswords[0].email | string | `"admin@formance.com"` | static passwords email | +| membership.dex.configOverrides.staticPasswords[0] | object | `{"email":"admin@formance.com","hash":"$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W","userID":"08a8684b-db88-4b73-90a9-3cd1661f5466","username":"admin"}` | static passwords email | | membership.dex.configOverrides.staticPasswords[0].hash | string | `"$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"` | static passwords hash | | membership.dex.configOverrides.staticPasswords[0].userID | string | `"08a8684b-db88-4b73-90a9-3cd1661f5466"` | static passwords user id | | membership.dex.configOverrides.staticPasswords[0].username | string | `"admin"` | static passwords username | @@ -423,8 +442,8 @@ Dex: | membership.dex.ingress.annotations | object | `{}` | Dex ingress annotations | | membership.dex.ingress.className | string | `""` | Dex ingress class name | | membership.dex.ingress.enabled | bool | `true` | Dex ingress enabled | -| membership.dex.ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.membership.relyingParty.host $ }}"` | Dex ingress host | -| membership.dex.ingress.hosts[0].paths[0].path | string | `"/"` | Dex ingress path refer to .Values.global.platform.membership.relyingParty.host.path | +| membership.dex.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.membership.relyingParty.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | Dex ingress host | +| membership.dex.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | Dex ingress path refer to .Values.global.platform.membership.relyingParty.host.path | | membership.dex.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | Dex ingress path type | | membership.dex.ingress.tls | list | `[]` | Dex ingress tls | | membership.dex.resources | object | `{}` | Dex resources | @@ -456,11 +475,11 @@ Dex: | global.nats.auth.secretKeys.username | string | `"username"` | | | global.nats.auth.user | string | `""` | | | global.nats.enabled | bool | `false` | | +| global.platform.console.enabled | bool | `true` | | | global.platform.consoleV3.enabled | bool | `false` | | -| global.platform.cookie | object | `{"encryptionKey":"changeMe00","existingSecret":"","secretKeys":{"encryptionKey":""}}` | Console V2 Cookie Will be deprecated later | | global.platform.membership.oidc.host | string | `"dex.{{ .Values.global.serviceHost }}"` | is the host for the oidc | | global.platform.membership.oidc.scheme | string | `"https"` | is the scheme for the issuer | -| global.platform.portal.cookie | object | `{"encryptionKey":"changeMe00","existingSecret":"","secretKeys":{"encryptionKey":""}}` | EXPERIMENTAL | +| global.platform.portal.enabled | bool | `true` | | | console.affinity | object | `{}` | Console affinity | | console.annotations | object | `{}` | Console annotations | | console.autoscaling.enabled | bool | `false` | | @@ -487,7 +506,7 @@ Dex: | console.ingress.className | string | `""` | ingress class name | | console.ingress.enabled | bool | `true` | ingress enabled | | console.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.console.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | -| console.ingress.hosts[0].paths[0].path | string | `"/"` | ingress path | +| console.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | console.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | console.ingress.tls | list | `[]` | ingress tls | | console.livenessProbe | object | `{}` | Console liveness probe | @@ -537,7 +556,7 @@ Dex: | console-v3.ingress.className | string | `""` | ingress class name | | console-v3.ingress.enabled | bool | `true` | ingress enabled | | console-v3.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.consoleV3.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | -| console-v3.ingress.hosts[0].paths[0].path | string | `"/"` | ingress path | +| console-v3.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | console-v3.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | console-v3.ingress.tls | list | `[]` | ingress tls | | console-v3.livenessProbe | object | `{}` | Console liveness probe | @@ -613,7 +632,7 @@ Dex: | membership.ingress.className | string | `""` | Membership ingress class name | | membership.ingress.enabled | bool | `true` | Membership ingress enabled | | membership.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.membership.host $ }}","paths":[{"path":"/api","pathType":"Prefix"}]}` | Membership ingress host | -| membership.ingress.hosts[0].paths[0].path | string | `"/api"` | Membership ingress path | +| membership.ingress.hosts[0].paths[0] | object | `{"path":"/api","pathType":"Prefix"}` | Membership ingress path | | membership.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | Membership ingress path type | | membership.ingress.tls | list | `[]` | Membership ingress tls | | membership.initContainers | list | `[]` | Membership init containers | @@ -631,7 +650,7 @@ Dex: | membership.securityContext.runAsUser | int | `1000` | Membership security context run as user | | membership.service.annotations | object | `{}` | service annotations | | membership.service.clusterIP | string | `""` | service cluster IP | -| membership.service.ports.grpc | object | `{"port":8082}` | service grpc port | +| membership.service.ports.grpc.port | int | `8082` | | | membership.service.ports.http | object | `{"port":8080}` | service http port | | membership.service.type | string | `"ClusterIP"` | service type | | membership.serviceAccount.annotations | object | `{}` | Service account annotations | @@ -666,7 +685,7 @@ Dex: | portal.ingress.className | string | `""` | ingress class name | | portal.ingress.enabled | bool | `true` | ingress enabled | | portal.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.portal.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | -| portal.ingress.hosts[0].paths[0].path | string | `"/"` | ingress path | +| portal.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | portal.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | portal.ingress.tls | list | `[]` | ingress tls | | portal.livenessProbe | object | `{}` | Portal liveness probe | @@ -687,5 +706,5 @@ Dex: | portal.serviceAccount.create | bool | `true` | Service account creation | | portal.serviceAccount.name | string | `""` | Service account name | | portal.tolerations | list | `[]` | Portal tolerations | -| portal.volumeMounts | list | `[]` | Portal volume mounts | +| portal.volumeMounts | list | `[]` | | | portal.volumes | list | `[]` | Portal volumes | diff --git a/charts/cloudprem/README.md.gotmpl b/charts/cloudprem/README.md.gotmpl index 8ddee80..cedc3c7 100644 --- a/charts/cloudprem/README.md.gotmpl +++ b/charts/cloudprem/README.md.gotmpl @@ -271,6 +271,23 @@ See [profiles](./profiles) for more examples. ## Migration +### From v2.X.X To v3.0.0 + +> No configuration changes are required for this upgrade. + +Membership service contain a behavior breaking changes within the RBAC module. + +Before, permissions were managed dynamically on the organization and stack with a *fallback* on the organization resource. (default organization accesses and default stack accesses). Which led to a lot of confusion and inconsistency regarding the users permissions + +Now, the fallback has been removed from the RBAC module and is only used when a new user joins the organization. + +Note: `Console-v3` (experimental) and `Portal` have been updated to manage the new RBAC module. + +## Breaking changes + +TODO: Add breaking changes + + ### From v1.0.X To v2.0.X A global configuration has been introduced to manage values accross different services. To see the detail of the default values, please refer to the [Global Parameters](#global-configuration) section. diff --git a/charts/cloudprem/values.schema.json b/charts/cloudprem/values.schema.json index acbae8e..c4fc01b 100644 --- a/charts/cloudprem/values.schema.json +++ b/charts/cloudprem/values.schema.json @@ -66,6 +66,9 @@ "properties": { "console": { "properties": { + "enabled": { + "type": "boolean" + }, "host": { "type": "string" }, @@ -89,36 +92,11 @@ }, "type": "object" }, - "enabled": { - "type": "boolean" - }, "membership": { "properties": { "host": { "type": "string" }, - "oauthClient": { - "properties": { - "existingSecret": { - "type": "string" - }, - "id": { - "type": "string" - }, - "secret": { - "type": "string" - }, - "secretKeys": { - "properties": { - "secret": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, "oidc": { "properties": { "host": { @@ -149,6 +127,9 @@ }, "portal": { "properties": { + "enabled": { + "type": "boolean" + }, "host": { "type": "string" }, diff --git a/charts/cloudprem/values.yaml b/charts/cloudprem/values.yaml index b8759fc..4294ca7 100644 --- a/charts/cloudprem/values.yaml +++ b/charts/cloudprem/values.yaml @@ -13,10 +13,8 @@ global: # @section -- Global AWS configuration elb: false platform: - # -- Enable platform oauth2 client - # @section -- Global configuration - enabled: true console: + enabled: true # -- is the scheme for the console # @section -- Global configuration scheme: "https" @@ -32,6 +30,7 @@ global: # @section -- Global configuration host: "console.v3.{{ .Values.global.serviceHost }}" portal: + enabled: true # -- is the scheme for the portal # @section -- Global configuration scheme: "https" @@ -52,20 +51,6 @@ global: # -- is the host for the membership # @section -- Global configuration host: "dex.{{ .Values.global.serviceHost }}" - oauthClient: - # -- is the id of the client - # @section -- Global configuration - id: "platform" - # -- is the secret of the client - # @section -- Global configuration - secret: "changeMe1" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - secret: "" oidc: # -- is the scheme for the issuer scheme: "https" diff --git a/charts/console-v3/Chart.yaml b/charts/console-v3/Chart.yaml index b6a87ef..d5ae3b6 100644 --- a/charts/console-v3/Chart.yaml +++ b/charts/console-v3/Chart.yaml @@ -12,8 +12,8 @@ annotations: home: "https://formance.com" maintainers: - - name: "Formance Team" - email: "support@formance.com" +- name: "Formance Team" + email: "support@formance.com" icon: "https://avatars.githubusercontent.com/u/84325077?s=200&v=4" # A chart can be either an 'application' or a 'library' chart. @@ -29,18 +29,18 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.0 +version: 2.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "368ae6f5bd0a51bd5d9ebc0248a866869df5e326" +appVersion: "fd50377c162c62a1dc4485a41996bb4e4574cf3d" kubeVersion: ">=1.14.0-0" sources: - - https://github.com/formancehq/console +- https://github.com/formancehq/console dependencies: - - name: core - version: "1.X" - repository: file://../core +- name: core + version: "1.X" + repository: file://../core diff --git a/charts/console-v3/README.md b/charts/console-v3/README.md index f5ecf8b..b61c90d 100644 --- a/charts/console-v3/README.md +++ b/charts/console-v3/README.md @@ -1,6 +1,6 @@ # console-v3 -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 368ae6f5bd0a51bd5d9ebc0248a866869df5e326](https://img.shields.io/badge/AppVersion-368ae6f5bd0a51bd5d9ebc0248a866869df5e326-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: fd50377c162c62a1dc4485a41996bb4e4574cf3d](https://img.shields.io/badge/AppVersion-fd50377c162c62a1dc4485a41996bb4e4574cf3d-informational?style=flat-square) Formance Console @@ -31,7 +31,6 @@ Kubernetes: `>=1.14.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| | global.aws.elb | bool | `false` | Enable AWS ELB across all services, appropriate .aws.targertGroup must be set | -| aws | object | `{"targetGroups":{"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Console target groups | ### Global configuration @@ -45,27 +44,26 @@ Kubernetes: `>=1.14.0-0` | global.monitoring.traces.insecure | bool | `true` | Insecure | | global.monitoring.traces.mode | string | `"grpc"` | Mode | | global.monitoring.traces.port | int | `4317` | Port | -| global.platform.consoleV3 | object | `{"host":"console.v3.{{ .Values.global.serviceHost }}","scheme":"https"}` | Console V3: EXPERIMENTAL | +| global.platform.consoleV3 | object | `{"host":"console.v3.{{ .Values.global.serviceHost }}","oauth":{"client":{"existingSecret":"","id":"platform","secret":"changeMe1","secretKeys":{"secret":""}}},"scheme":"https"}` | Console V3: EXPERIMENTAL | | global.platform.consoleV3.host | string | `"console.v3.{{ .Values.global.serviceHost }}"` | is the host for the console | +| global.platform.consoleV3.oauth.client.existingSecret | string | `""` | is the name of the secret | +| global.platform.consoleV3.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.consoleV3.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | +| global.platform.consoleV3.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.consoleV3.scheme | string | `"https"` | is the scheme for the console | | global.platform.membership.host | string | `"membership.{{ .Values.global.serviceHost }}"` | is the host for the membership | -| global.platform.membership.oauthClient.existingSecret | string | `""` | is the name of the secret | -| global.platform.membership.oauthClient.id | string | `"platform"` | is the id of the client | -| global.platform.membership.oauthClient.secret | string | `"changeMe1"` | is the secret of the client | -| global.platform.membership.oauthClient.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.membership.scheme | string | `"https"` | is the scheme for the membership | -| global.platform.portal.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | -| global.platform.portal.cookie.existingSecret | string | `""` | is the name of the secret | -| global.platform.portal.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | | global.platform.portal.scheme | string | `"https"` | is the scheme for the portal | | global.serviceHost | string | `""` | is the base domain for portal and console | +| config.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | +| config.cookie.existingSecret | string | `""` | is the name of the secret | +| config.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | ### Other Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| global.platform.portal.cookie | object | `{"encryptionKey":"changeMe00","existingSecret":"","secretKeys":{"encryptionKey":""}}` | EXPERIMENTAL | | affinity | object | `{}` | Console affinity | | annotations | object | `{}` | Console annotations | | autoscaling.enabled | bool | `false` | | @@ -93,7 +91,7 @@ Kubernetes: `>=1.14.0-0` | ingress.className | string | `""` | ingress class name | | ingress.enabled | bool | `true` | ingress enabled | | ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.consoleV3.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | -| ingress.hosts[0].paths[0].path | string | `"/"` | ingress path | +| ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | ingress.tls | list | `[]` | ingress tls | | livenessProbe | object | `{}` | Console liveness probe | diff --git a/charts/console-v3/templates/_helpers.tpl b/charts/console-v3/templates/_helpers.tpl index a484575..539800e 100644 --- a/charts/console-v3/templates/_helpers.tpl +++ b/charts/console-v3/templates/_helpers.tpl @@ -35,42 +35,48 @@ {{- define "console.v3.cookie" }} - name: COOKIE_SECRET - {{- if or .Values.global.platform.portal.cookie.existingSecret }} + {{- if or .Values.config.cookie.existingSecret }} valueFrom: secretKeyRef: - name: {{ .Values.global.platform.portal.cookie.existingSecret }} - key: {{ .Values.global.platform.portal.cookie.secretKeys.encryptionKey }} + name: {{ .Values.config.cookie.existingSecret }} + key: {{ .Values.config.cookie.secretKeysencryptionKey }} {{- else }} - value: {{ .Values.global.platform.portal.cookie.encryptionKey }} + value: {{ .Values.config.cookie.encryptionKey }} {{- end }} - name: COOKIE_NAME value: __session_platform - name: COOKIE_DOMAIN - value: {{ .Values.global.serviceHost }} + value: {{ tpl .Values.global.platform.consoleV3.host $ }} {{- end -}} - -{{- define "console.v3.env" -}} -- name: NODE_ENV - value: {{ .Values.config.environment }} +{{- define "console.v3.oauth.client" }} +- name: REDIRECT_URI + value: {{ tpl (default (printf "%s://%s" .Values.global.platform.consoleV3.scheme .Values.global.platform.consoleV3.host) .Values.config.redirect_url) $ }} - name: MEMBERSHIP_CLIENT_ID - value: "{{ .Values.global.platform.membership.oauthClient.id }}" + value: "{{ .Values.global.platform.consoleV3.oauth.client.id }}" - name: MEMBERSHIP_CLIENT_SECRET - {{- if gt (len .Values.global.platform.membership.oauthClient.existingSecret) 0 }} + {{- if gt (len .Values.global.platform.consoleV3.oauth.client.existingSecret) 0 }} valueFrom: secretKeyRef: - name: {{ .Values.global.platform.membership.oauthClient.existingSecret }} - key: {{ .Values.global.platform.membership.oauthClient.secretKeys.secret }} + name: {{ .Values.global.platform.consoleV3.oauth.client.existingSecret }} + key: {{ .Values.global.platform.consoleV3.oauth.client.secretKeys.secret }} {{- else }} - value: {{ .Values.global.platform.membership.oauthClient.secret | quote }} + value: {{ .Values.global.platform.consoleV3.oauth.client.secret | quote }} {{- end }} - name: MEMBERSHIP_URL_API value: {{ tpl (printf "%s://%s/api" .Values.global.platform.membership.scheme .Values.global.platform.membership.host) $}} +{{- end }} + + +{{- define "console.v3.env" -}} +- name: NODE_ENV + value: {{ .Values.config.environment }} - name: API_URL value: {{ (default "http://gateway.#{organizationId}-#{stackId}.svc:8080/api" .Values.config.stargate_url) }} - name: PORTAL_UI value: {{ tpl (default (printf "%s://%s" .Values.global.platform.portal.scheme .Values.global.platform.portal.host) .Values.config.platform_url) $ }} {{- include "console.v3.cookie" . }} +{{- include "console.v3.oauth.client" . }} {{- include "core.sentry" . }} {{- include "core.monitoring" . }} {{ with .Values.config.additionalEnv }} diff --git a/charts/console-v3/values.schema.json b/charts/console-v3/values.schema.json index 0213d92..092e8c7 100644 --- a/charts/console-v3/values.schema.json +++ b/charts/console-v3/values.schema.json @@ -66,6 +66,25 @@ "additionalEnv": { "type": "array" }, + "cookie": { + "properties": { + "encryptionKey": { + "type": "string" + }, + "existingSecret": { + "type": "string" + }, + "secretKeys": { + "properties": { + "encryptionKey": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, "environment": { "type": "string" }, @@ -159,32 +178,26 @@ "host": { "type": "string" }, - "scheme": { - "type": "string" - } - }, - "type": "object" - }, - "membership": { - "properties": { - "host": { - "type": "string" - }, - "oauthClient": { + "oauth": { "properties": { - "existingSecret": { - "type": "string" - }, - "id": { - "type": "string" - }, - "secret": { - "type": "string" - }, - "secretKeys": { + "client": { "properties": { + "existingSecret": { + "type": "string" + }, + "id": { + "type": "string" + }, "secret": { "type": "string" + }, + "secretKeys": { + "properties": { + "secret": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" @@ -198,27 +211,19 @@ }, "type": "object" }, - "portal": { + "membership": { "properties": { - "cookie": { - "properties": { - "encryptionKey": { - "type": "string" - }, - "existingSecret": { - "type": "string" - }, - "secretKeys": { - "properties": { - "encryptionKey": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" + "host": { + "type": "string" }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "portal": { + "properties": { "host": { "type": "string" }, diff --git a/charts/console-v3/values.yaml b/charts/console-v3/values.yaml index c6f540c..217badd 100644 --- a/charts/console-v3/values.yaml +++ b/charts/console-v3/values.yaml @@ -44,20 +44,6 @@ global: # @section -- Global configuration host: "portal.{{ .Values.global.serviceHost }}" - # -- Console V3 Cookie - # -- EXPERIMENTAL - cookie: - # -- is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId - # @section -- Global configuration - encryptionKey: "changeMe00" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - encryptionKey: "" - # -- Console V3: EXPERIMENTAL # @section -- Global configuration consoleV3: @@ -67,6 +53,21 @@ global: # -- is the host for the console # @section -- Global configuration host: "console.v3.{{ .Values.global.serviceHost }}" + oauth: + client: + # -- is the id of the client + # @section -- Global configuration + id: "platform" + # -- is the secret of the client + # @section -- Global configuration + secret: "changeMe1" + # -- is the name of the secret + # @section -- Global configuration + existingSecret: "" + # -- is the key contained within the secret + # @section -- Global configuration + secretKeys: + secret: "" membership: # -- is the scheme for the membership @@ -76,21 +77,6 @@ global: # @section -- Global configuration host: "membership.{{ .Values.global.serviceHost }}" - oauthClient: - # -- is the id of the client - # @section -- Global configuration - id: "platform" - # -- is the secret of the client - # @section -- Global configuration - secret: "changeMe1" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - secret: "" - # -- Number of replicas replicas: 1 @@ -135,8 +121,7 @@ image: imagePullSecrets: [] # -- Console resources -resources: - {} +resources: {} # requests: # cpu: 250m # memory: 512Mi @@ -164,8 +149,8 @@ service: # -- service node port # nodePort: -# -- AWS Console target groups -# @section -- Global AWS configuration + # -- AWS Console target groups + # @section -- Global AWS configuration aws: targetGroups: http: @@ -189,16 +174,15 @@ ingress: # -- ingress annotations annotations: {} hosts: - # -- ingress host - - host: "{{ tpl .Values.global.platform.consoleV3.host $ }}" - paths: - - # -- ingress path - path: / - # -- ingress path type - pathType: Prefix + # -- ingress host + - host: "{{ tpl .Values.global.platform.consoleV3.host $ }}" + paths: + # -- ingress path + - path: / + # -- ingress path type + pathType: Prefix # -- ingress tls - tls: - [] + tls: [] # -- ingress tls secret name # - secretName: YOUR_TLS_SECRET_NAME @@ -221,11 +205,21 @@ tolerations: [] affinity: {} config: + cookie: + # -- is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId + # @section -- Global configuration + encryptionKey: "changeMe00" + # -- is the name of the secret + # @section -- Global configuration + existingSecret: "" + # -- is the key contained within the secret + # @section -- Global configuration + secretKeys: + encryptionKey: "" # -- Console environment environment: production # -- Console additional environment variables - additionalEnv: - [] + additionalEnv: [] # -- Console additional environment variables HOST # - name: HOST # value: "0.0.0.0" diff --git a/charts/console/Chart.yaml b/charts/console/Chart.yaml index 7e35c42..ce88be8 100644 --- a/charts/console/Chart.yaml +++ b/charts/console/Chart.yaml @@ -5,8 +5,8 @@ description: Formance Console home: "https://formance.com" maintainers: - - name: "Formance Team" - email: "support@formance.com" +- name: "Formance Team" + email: "support@formance.com" icon: "https://avatars.githubusercontent.com/u/84325077?s=200&v=4" # A chart can be either an 'application' or a 'library' chart. @@ -22,18 +22,18 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.0 +version: 2.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "fccc26c5b568781b86fbd06c651399c0edd67bac" +appVersion: "console-on.v1.0.2" kubeVersion: ">=1.14.0-0" sources: - - https://github.com/formancehq/console +- https://github.com/formancehq/console dependencies: - - name: core - version: "1.X" - repository: file://../core +- name: core + version: "1.X" + repository: file://../core diff --git a/charts/console/README.md b/charts/console/README.md index 12d514c..ed4008e 100644 --- a/charts/console/README.md +++ b/charts/console/README.md @@ -1,6 +1,6 @@ # console -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: fccc26c5b568781b86fbd06c651399c0edd67bac](https://img.shields.io/badge/AppVersion-fccc26c5b568781b86fbd06c651399c0edd67bac-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: console-on.v1.0.2](https://img.shields.io/badge/AppVersion-console--on.v1.0.2-informational?style=flat-square) Formance Console @@ -31,7 +31,6 @@ Kubernetes: `>=1.14.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| | global.aws.elb | bool | `false` | Enable AWS ELB across all services, appropriate .aws.targertGroup must be set | -| aws | object | `{"targetGroups":{"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Console target groups | ### Global configuration @@ -47,16 +46,16 @@ Kubernetes: `>=1.14.0-0` | global.monitoring.traces.port | int | `4317` | Port | | global.platform.console.host | string | `"console.{{ .Values.global.serviceHost }}"` | is the host for the console | | global.platform.console.scheme | string | `"https"` | is the scheme for the console | -| global.platform.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | -| global.platform.cookie.existingSecret | string | `""` | is the name of the secret | -| global.platform.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | global.platform.membership.host | string | `"membership.{{ .Values.global.serviceHost }}"` | is the host for the membership | -| global.platform.membership.oauthClient.existingSecret | string | `""` | is the name of the secret | -| global.platform.membership.oauthClient.id | string | `"platform"` | is the id of the client | -| global.platform.membership.oauthClient.secret | string | `"changeMe1"` | is the secret of the client | -| global.platform.membership.oauthClient.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.membership.scheme | string | `"https"` | is the scheme for the membership | | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | +| global.platform.portal.oauth.client.existingSecret | string | `""` | is the name of the secret | +| global.platform.portal.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.portal.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | +| global.platform.portal.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | +| global.platform.portal.oauth.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId It is not shared with console-v3 and the domain is only limited to portal app | +| global.platform.portal.oauth.cookie.existingSecret | string | `""` | is the name of the secret | +| global.platform.portal.oauth.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | global.platform.portal.scheme | string | `"https"` | is the scheme for the portal | | global.serviceHost | string | `""` | is the base domain for portal and console | @@ -64,7 +63,6 @@ Kubernetes: `>=1.14.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| global.platform.cookie | object | `{"encryptionKey":"changeMe00","existingSecret":"","secretKeys":{"encryptionKey":""}}` | Console V2 Cookie Will be deprecated later | | affinity | object | `{}` | Console affinity | | annotations | object | `{}` | Console annotations | | autoscaling.enabled | bool | `false` | | @@ -91,7 +89,7 @@ Kubernetes: `>=1.14.0-0` | ingress.className | string | `""` | ingress class name | | ingress.enabled | bool | `true` | ingress enabled | | ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.console.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | -| ingress.hosts[0].paths[0].path | string | `"/"` | ingress path | +| ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | ingress.tls | list | `[]` | ingress tls | | livenessProbe | object | `{}` | Console liveness probe | diff --git a/charts/console/templates/_helpers.tpl b/charts/console/templates/_helpers.tpl index c2b3bca..db9004e 100644 --- a/charts/console/templates/_helpers.tpl +++ b/charts/console/templates/_helpers.tpl @@ -33,19 +33,37 @@ # OTEL_RESOURCE_ATTRIBUTES is the attributes to set **/}} + +## This need to match portal oauth client if enabled ! +{{- define "console.oauth.client" }} +- name: REDIRECT_URI + value: {{ tpl (default (printf "%s://%s" .Values.global.platform.console.scheme .Values.global.platform.console.host) .Values.config.redirect_url) $ }} +- name: MEMBERSHIP_CLIENT_ID + value: "{{ .Values.global.platform.portal.oauth.client.id }}" +- name: MEMBERSHIP_CLIENT_SECRET + {{- if gt (len .Values.global.platform.portal.oauth.client.existingSecret) 0 }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.platform.portal.oauth.client.existingSecret }} + key: {{ .Values.global.platform.portal.oauth.client.secretKeys.secret }} + {{- else }} + value: {{ .Values.global.platform.portal.oauth.client.secret | quote }} + {{- end }} +- name: MEMBERSHIP_URL_API + value: {{ tpl (printf "%s://%s/api" .Values.global.platform.membership.scheme .Values.global.platform.membership.host) $}} +{{- end }} + {{- define "console.env" }} - name: NODE_ENV value: {{ .Values.config.environment }} -- name: REDIRECT_URI - value: {{ tpl (default (printf "%s://%s" .Values.global.platform.console.scheme .Values.global.platform.console.host) .Values.config.redirect_url) $ }} - name: ENCRYPTION_KEY - {{- if .Values.global.platform.cookie.existingSecret }} + {{- if .Values.global.platform.portal.oauth.cookie.existingSecret }} valueFrom: secretKeyRef: - name: {{ .Values.global.platform.cookie.existingSecret }} - key: {{ .Values.global.platform.cookie.secretKeys.encryptionKey }} + name: {{ .Values.global.platform.portal.oauth.cookie.existingSecret }} + key: {{ .Values.global.platform.portal.oauth.cookie.secretKeys.encryptionKey }} {{- else }} - value: {{ .Values.global.platform.cookie.encryptionKey | default .Values.config.encryption_key | quote }} + value: {{ .Values.global.platform.portal.oauth.cookie.encryptionKey | default .Values.config.encryption_key | quote }} {{- end }} - name: PLATFORM_URL value: {{ tpl (default (printf "%s://%s" .Values.global.platform.portal.scheme .Values.global.platform.portal.host) .Values.config.platform_url) $ }} @@ -53,21 +71,9 @@ value: "false" - name: COOKIE_DOMAIN value: {{ .Values.global.serviceHost }} -- name: MEMBERSHIP_CLIENT_ID - value: "{{ .Values.global.platform.membership.oauthClient.id }}" -- name: MEMBERSHIP_CLIENT_SECRET - {{- if gt (len .Values.global.platform.membership.oauthClient.existingSecret) 0 }} - valueFrom: - secretKeyRef: - name: {{ .Values.global.platform.membership.oauthClient.existingSecret }} - key: {{ .Values.global.platform.membership.oauthClient.secretKeys.secret }} - {{- else }} - value: {{ .Values.global.platform.membership.oauthClient.secret | quote }} - {{- end }} - name: API_URL value: {{ (default "http://gateway.#{organizationId}-#{stackId}.svc:8080/api" .Values.config.stargate_url) }} -- name: MEMBERSHIP_URL_API - value: {{ tpl (printf "%s://%s/api" .Values.global.platform.membership.scheme .Values.global.platform.membership.host) $}} +{{ include "console.oauth.client" . }} {{ include "core.sentry" . }} {{ include "core.monitoring" . }} {{ include "console.additionalEnv" . }} diff --git a/charts/console/values.schema.json b/charts/console/values.schema.json index 6edaec8..b4a6455 100644 --- a/charts/console/values.schema.json +++ b/charts/console/values.schema.json @@ -165,45 +165,61 @@ }, "type": "object" }, - "cookie": { + "membership": { "properties": { - "encryptionKey": { + "host": { "type": "string" }, - "existingSecret": { + "scheme": { "type": "string" - }, - "secretKeys": { - "properties": { - "encryptionKey": { - "type": "string" - } - }, - "type": "object" } }, "type": "object" }, - "membership": { + "portal": { "properties": { "host": { "type": "string" }, - "oauthClient": { + "oauth": { "properties": { - "existingSecret": { - "type": "string" - }, - "id": { - "type": "string" - }, - "secret": { - "type": "string" - }, - "secretKeys": { + "client": { "properties": { + "existingSecret": { + "type": "string" + }, + "id": { + "type": "string" + }, "secret": { "type": "string" + }, + "secretKeys": { + "properties": { + "secret": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "cookie": { + "properties": { + "encryptionKey": { + "type": "string" + }, + "existingSecret": { + "type": "string" + }, + "secretKeys": { + "properties": { + "encryptionKey": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" @@ -216,17 +232,6 @@ } }, "type": "object" - }, - "portal": { - "properties": { - "host": { - "type": "string" - }, - "scheme": { - "type": "string" - } - }, - "type": "object" } }, "type": "object" diff --git a/charts/console/values.yaml b/charts/console/values.yaml index 6bda359..c449c6b 100644 --- a/charts/console/values.yaml +++ b/charts/console/values.yaml @@ -50,20 +50,33 @@ global: # -- is the host for the portal # @section -- Global configuration host: "portal.{{ .Values.global.serviceHost }}" - - # -- Console V2 Cookie - # Will be deprecated later - cookie: - # -- is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId - # @section -- Global configuration - encryptionKey: "changeMe00" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - encryptionKey: "" + oauth: + client: + # -- is the id of the client + # @section -- Global configuration + id: "platform" + # -- is the secret of the client + # @section -- Global configuration + secret: "changeMe1" + # -- is the name of the secret + # @section -- Global configuration + existingSecret: "" + # -- is the key contained within the secret + # @section -- Global configuration + secretKeys: + secret: "" + cookie: + # -- is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId + # It is not shared with console-v3 and the domain is only limited to portal app + # @section -- Global configuration + encryptionKey: "changeMe00" + # -- is the name of the secret + # @section -- Global configuration + existingSecret: "" + # -- is the key contained within the secret + # @section -- Global configuration + secretKeys: + encryptionKey: "" membership: # -- is the scheme for the membership @@ -73,21 +86,6 @@ global: # @section -- Global configuration host: "membership.{{ .Values.global.serviceHost }}" - oauthClient: - # -- is the id of the client - # @section -- Global configuration - id: "platform" - # -- is the secret of the client - # @section -- Global configuration - secret: "changeMe1" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - secret: "" - # -- Number of replicas replicas: 1 @@ -132,8 +130,7 @@ image: imagePullSecrets: [] # -- Console resources -resources: - {} +resources: {} # requests: # cpu: 250m # memory: 512Mi @@ -161,8 +158,8 @@ service: # -- service node port # nodePort: -# -- AWS Console target groups -# @section -- Global AWS configuration + # -- AWS Console target groups + # @section -- Global AWS configuration aws: targetGroups: http: @@ -186,16 +183,15 @@ ingress: # -- ingress annotations annotations: {} hosts: - # -- ingress host - - host: "{{ tpl .Values.global.platform.console.host $ }}" - paths: - - # -- ingress path - path: / - # -- ingress path type - pathType: Prefix + # -- ingress host + - host: "{{ tpl .Values.global.platform.console.host $ }}" + paths: + # -- ingress path + - path: / + # -- ingress path type + pathType: Prefix # -- ingress tls - tls: - [] + tls: [] # -- ingress tls secret name # - secretName: YOUR_TLS_SECRET_NAME @@ -221,8 +217,7 @@ config: # -- Console environment environment: production # -- Console additional environment variables - additionalEnv: - [] + additionalEnv: [] # -- Console additional environment variables HOST # - name: HOST # value: "0.0.0.0" @@ -245,7 +240,6 @@ config: existingSecret: "" secretKeys: value: "" - # -- Override global configuration # monitoring: # # -- Override otel service name diff --git a/charts/membership/Chart.yaml b/charts/membership/Chart.yaml index c847440..d4b56ec 100644 --- a/charts/membership/Chart.yaml +++ b/charts/membership/Chart.yaml @@ -16,26 +16,26 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.0 +version: 2.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.36.2" +appVersion: "v1.0.4" kubeVersion: ">=1.14.0-0" sources: - - https://github.com/formancehq/membership-api +- https://github.com/formancehq/membership-api dependencies: - - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.X - condition: postgresql.enabled - - name: dex - version: 0.17.X - repository: https://charts.dexidp.io - condition: dex.enabled - - name: core - version: "1.X" - repository: file://../core +- name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 15.5.X + condition: postgresql.enabled +- name: dex + version: 0.17.X + repository: https://charts.dexidp.io + condition: dex.enabled +- name: core + version: "1.X" + repository: file://../core diff --git a/charts/membership/README.md b/charts/membership/README.md index 4d2d1d7..805e2c9 100644 --- a/charts/membership/README.md +++ b/charts/membership/README.md @@ -1,6 +1,6 @@ # membership -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.36.2](https://img.shields.io/badge/AppVersion-v0.36.2-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.4](https://img.shields.io/badge/AppVersion-v1.0.4-informational?style=flat-square) Formance Membership API. Manage stacks, organizations, regions, invitations, users, roles, and permissions. @@ -48,18 +48,21 @@ Kubernetes: `>=1.14.0-0` | global.platform.console.host | string | `"console.{{ .Values.global.serviceHost }}"` | is the host for the console | | global.platform.console.scheme | string | `"https"` | is the scheme for the console | | global.platform.consoleV3.host | string | `"console.v3.{{ .Values.global.serviceHost }}"` | is the host for the console | +| global.platform.consoleV3.oauth.client.id | string | `"console-v3"` | is the id of the client | +| global.platform.consoleV3.oauth.client.scopes | list | `["supertoken","accesses","remember_me","keep_refresh_token"]` | is the name of the secret | +| global.platform.consoleV3.oauth.client.secret | string | `"changeMe2"` | is the secret of the client | +| global.platform.consoleV3.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.consoleV3.scheme | string | `"https"` | is the scheme for the console | -| global.platform.enabled | bool | `true` | Enable platform communication with membership, add specific oauth2 clients, and will rollout membership depending to .membership.oauthClient | | global.platform.membership.host | string | `"membership.{{ .Values.global.serviceHost }}"` | is the host for the membership | -| global.platform.membership.oauthClient.existingSecret | string | `""` | is the name of the secret | -| global.platform.membership.oauthClient.id | string | `"platform"` | is the id of the client | -| global.platform.membership.oauthClient.secret | string | `"changeMe1"` | is the secret of the client | -| global.platform.membership.oauthClient.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.membership.relyingParty.host | string | `"dex.{{ .Values.global.serviceHost }}"` | is the host for the relying party issuer | | global.platform.membership.relyingParty.path | string | `""` | is the path for the relying party issuer | | global.platform.membership.relyingParty.scheme | string | `"https"` | is the scheme the relying party | | global.platform.membership.scheme | string | `"https"` | is the scheme for the membership | | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | +| global.platform.portal.oauth.client.id | string | `"portal"` | is the id of the client | +| global.platform.portal.oauth.client.scopes | list | `["supertoken","accesses","remember_me","keep_refresh_token"]` | is the name of the secret | +| global.platform.portal.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | +| global.platform.portal.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.portal.scheme | string | `"https"` | is the scheme for the portal | | global.postgresql.additionalArgs | string | `"sslmode=disable"` | Additional arguments for PostgreSQL Connection URI | | global.postgresql.auth.database | string | `"formance"` | Name for a custom database to create (overrides `auth.database`) | @@ -85,7 +88,7 @@ Kubernetes: `>=1.14.0-0` | dex.configOverrides.enablePasswordDB | bool | `true` | enable password db | | dex.configOverrides.oauth2.responseTypes | list | `["code","token","id_token"]` | oauth2 response types | | dex.configOverrides.oauth2.skipApprovalScreen | bool | `true` | oauth2 skip approval screen | -| dex.configOverrides.staticPasswords[0].email | string | `"admin@formance.com"` | static passwords email | +| dex.configOverrides.staticPasswords[0] | object | `{"email":"admin@formance.com","hash":"$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W","userID":"08a8684b-db88-4b73-90a9-3cd1661f5466","username":"admin"}` | static passwords email | | dex.configOverrides.staticPasswords[0].hash | string | `"$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"` | static passwords hash | | dex.configOverrides.staticPasswords[0].userID | string | `"08a8684b-db88-4b73-90a9-3cd1661f5466"` | static passwords user id | | dex.configOverrides.staticPasswords[0].username | string | `"admin"` | static passwords username | @@ -100,8 +103,8 @@ Kubernetes: `>=1.14.0-0` | dex.ingress.annotations | object | `{}` | Dex ingress annotations | | dex.ingress.className | string | `""` | Dex ingress class name | | dex.ingress.enabled | bool | `true` | Dex ingress enabled | -| dex.ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.membership.relyingParty.host $ }}"` | Dex ingress host | -| dex.ingress.hosts[0].paths[0].path | string | `"/"` | Dex ingress path refer to .Values.global.platform.membership.relyingParty.host.path | +| dex.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.membership.relyingParty.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | Dex ingress host | +| dex.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | Dex ingress path refer to .Values.global.platform.membership.relyingParty.host.path | | dex.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | Dex ingress path type | | dex.ingress.tls | list | `[]` | Dex ingress tls | | dex.resources | object | `{}` | Dex resources | @@ -133,7 +136,11 @@ Kubernetes: `>=1.14.0-0` | global.nats.auth.secretKeys.username | string | `"username"` | | | global.nats.auth.user | string | `""` | | | global.nats.enabled | bool | `false` | | +| global.platform.console.enabled | bool | `true` | | | global.platform.consoleV3.enabled | bool | `false` | | +| global.platform.consoleV3.oauth.client.existingSecret | string | `""` | | +| global.platform.portal.enabled | bool | `true` | | +| global.platform.portal.oauth.client.existingSecret | string | `""` | | | affinity | object | `{}` | Membership affinity | | annotations | object | `{}` | Membership annotations | | autoscaling | object | `{}` | Membership autoscaling | @@ -187,7 +194,7 @@ Kubernetes: `>=1.14.0-0` | ingress.className | string | `""` | Membership ingress class name | | ingress.enabled | bool | `true` | Membership ingress enabled | | ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.membership.host $ }}","paths":[{"path":"/api","pathType":"Prefix"}]}` | Membership ingress host | -| ingress.hosts[0].paths[0].path | string | `"/api"` | Membership ingress path | +| ingress.hosts[0].paths[0] | object | `{"path":"/api","pathType":"Prefix"}` | Membership ingress path | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | Membership ingress path type | | ingress.tls | list | `[]` | Membership ingress tls | | initContainers | list | `[]` | Membership init containers | @@ -205,7 +212,7 @@ Kubernetes: `>=1.14.0-0` | securityContext.runAsUser | int | `1000` | Membership security context run as user | | service.annotations | object | `{}` | service annotations | | service.clusterIP | string | `""` | service cluster IP | -| service.ports.grpc | object | `{"port":8082}` | service grpc port | +| service.ports.grpc.port | int | `8082` | | | service.ports.http | object | `{"port":8080}` | service http port | | service.type | string | `"ClusterIP"` | service type | | serviceAccount.annotations | object | `{}` | Service account annotations | diff --git a/charts/membership/templates/_helpers.tpl b/charts/membership/templates/_helpers.tpl index f56e361..c17c0af 100644 --- a/charts/membership/templates/_helpers.tpl +++ b/charts/membership/templates/_helpers.tpl @@ -74,15 +74,19 @@ - name: CONSOLE_PUBLIC_BASEURL value: {{ tpl (default (printf "%s://%s" .Values.global.platform.console.scheme .Values.global.platform.console.host) .Values.config.redirect_url) $ }} {{- end }} -- name: PLATFORM_OAUTH_CLIENT_SECRET - {{- if gt (len .Values.global.platform.membership.oauthClient.existingSecret) 0 }} +{{- range $serviceName, $service := .Values.global.platform }} +{{- if and (and (hasKey $service "oauth") (hasKey $service.oauth "client")) $service.enabled }} +- name: {{ printf "%s_OAUTH_CLIENT_SECRET" (upper $serviceName) }} + {{- if gt (len $service.oauth.client.existingSecret) 0 }} valueFrom: secretKeyRef: - name: {{ .Values.global.platform.membership.oauthClient.existingSecret }} - key: {{ .Values.global.platform.membership.oauthClient.secretKeys.secret }} + name: {{ $service.oauth.client.existingSecret }} + key: {{ $service.oauth.client.secretKeys.secret }} {{- else }} - value: {{ .Values.global.platform.membership.oauthClient.secret | quote }} + value: {{ $service.oauth.client.secret | quote }} {{- end }} +{{- end -}} +{{- end -}} {{- include "core.postgres.uri" . }} {{- include "core.monitoring" . }} {{- include "membership.grpc.env" . }} diff --git a/charts/membership/templates/configmap.yaml b/charts/membership/templates/configmap.yaml index edf9cdd..d6d8b4b 100644 --- a/charts/membership/templates/configmap.yaml +++ b/charts/membership/templates/configmap.yaml @@ -12,27 +12,26 @@ data: - id: fctl public: true {{- end }} - {{- if .Values.global.platform.enabled }} - - id: "{{ .Values.global.platform.membership.oauthClient.id }}" + {{- range $serviceName, $service := .Values.global.platform }} + {{- if and (and (hasKey $service "oauth") (hasKey $service.oauth "client")) $service.enabled }} + - id: "{{ $service.oauth.client.id }}" secrets: - - "$PLATFORM_OAUTH_CLIENT_SECRET" + - "{{ printf "$%s_OAUTH_CLIENT_SECRET" (upper $serviceName) }}" redirectUris: - - '{{ tpl (printf "%s://%s" .Values.global.platform.console.scheme .Values.global.platform.console.host) $ }}/auth/login' - - '{{ tpl (printf "%s://%s" .Values.global.platform.portal.scheme .Values.global.platform.portal.host) $ }}/auth/login' - {{- if .Values.global.platform.consoleV3.enabled }} - - '{{ tpl (printf "%s://%s" .Values.global.platform.consoleV3.scheme .Values.global.platform.consoleV3.host) $ }}/auth/login' + - '{{ tpl (printf "%s://%s" $service.scheme $service.host) $ }}/auth/login' + {{- if and (eq "portal" $serviceName) $.Values.global.platform.console.enabled }} + - '{{ tpl (printf "%s://%s" $.Values.global.platform.console.scheme $.Values.global.platform.console.host) $ }}/auth/login' {{- end }} postLogoutRedirectUris: - - '{{ tpl (printf "%s://%s" .Values.global.platform.console.scheme .Values.global.platform.console.host) $ }}/auth/logout' - - '{{ tpl (printf "%s://%s" .Values.global.platform.portal.scheme .Values.global.platform.portal.host) $ }}/auth/logout' - {{- if .Values.global.platform.consoleV3.enabled }} - - '{{ tpl (printf "%s://%s" .Values.global.platform.consoleV3.scheme .Values.global.platform.consoleV3.host) $ }}/auth/logout' + - '{{ tpl (printf "%s://%s" $service.scheme $service.host) $ }}/auth/logout' + {{- if and (eq "portal" $serviceName) $.Values.global.platform.console.enabled }} + - '{{ tpl (printf "%s://%s" $.Values.global.platform.console.scheme $.Values.global.platform.console.host) $ }}/auth/logout' {{- end }} scopes: - - supertoken - - accesses - - remember_me - - keep_refresh_token + {{- range $scope := $service.oauth.client.scopes }} + - {{ $scope }} + {{- end }} + {{- end }} {{- end }} {{- with .Values.config.auth.additionalOAuthClients }} {{- tpl (toYaml .) $ | nindent 6 }} diff --git a/charts/membership/values.schema.json b/charts/membership/values.schema.json index 42db791..86d677d 100644 --- a/charts/membership/values.schema.json +++ b/charts/membership/values.schema.json @@ -647,6 +647,9 @@ "properties": { "console": { "properties": { + "enabled": { + "type": "boolean" + }, "host": { "type": "string" }, @@ -664,35 +667,32 @@ "host": { "type": "string" }, - "scheme": { - "type": "string" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "membership": { - "properties": { - "host": { - "type": "string" - }, - "oauthClient": { + "oauth": { "properties": { - "existingSecret": { - "type": "string" - }, - "id": { - "type": "string" - }, - "secret": { - "type": "string" - }, - "secretKeys": { + "client": { "properties": { + "existingSecret": { + "type": "string" + }, + "id": { + "type": "string" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, "secret": { "type": "string" + }, + "secretKeys": { + "properties": { + "secret": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" @@ -700,6 +700,17 @@ }, "type": "object" }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "membership": { + "properties": { + "host": { + "type": "string" + }, "relyingParty": { "properties": { "host": { @@ -722,9 +733,45 @@ }, "portal": { "properties": { + "enabled": { + "type": "boolean" + }, "host": { "type": "string" }, + "oauth": { + "properties": { + "client": { + "properties": { + "existingSecret": { + "type": "string" + }, + "id": { + "type": "string" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "secret": { + "type": "string" + }, + "secretKeys": { + "properties": { + "secret": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, "scheme": { "type": "string" } diff --git a/charts/membership/values.yaml b/charts/membership/values.yaml index e351763..89d417c 100644 --- a/charts/membership/values.yaml +++ b/charts/membership/values.yaml @@ -16,10 +16,8 @@ global: elb: false platform: - # -- Enable platform communication with membership, add specific oauth2 clients, and will rollout membership depending to .membership.oauthClient - # @section -- Global configuration - enabled: true console: + enabled: true # -- is the scheme for the console # @section -- Global configuration scheme: "https" @@ -34,13 +32,54 @@ global: # -- is the host for the console # @section -- Global configuration host: "console.v3.{{ .Values.global.serviceHost }}" + oauth: + client: + # -- is the id of the client + # @section -- Global configuration + id: "console-v3" + # -- is the secret of the client + # @section -- Global configuration + secret: "changeMe2" + # -- is the name of the secret + # @section -- Global configuration + scopes: + - supertoken + - accesses + - remember_me + - keep_refresh_token + existingSecret: "" + # -- is the key contained within the secret + # @section -- Global configuration + secretKeys: + secret: "" portal: + enabled: true # -- is the scheme for the portal # @section -- Global configuration scheme: "https" # -- is the host for the portal # @section -- Global configuration host: "portal.{{ .Values.global.serviceHost }}" + oauth: + client: + # -- is the id of the client + # @section -- Global configuration + id: "portal" + # -- is the secret of the client + # @section -- Global configuration + secret: "changeMe1" + # -- is the name of the secret + # @section -- Global configuration + scopes: + - supertoken + - accesses + - remember_me + - keep_refresh_token + existingSecret: "" + # -- is the key contained within the secret + # @section -- Global configuration + secretKeys: + secret: "" membership: # -- is the scheme for the membership # @section -- Global configuration @@ -62,20 +101,6 @@ global: # @section -- Global configuration path: "" - oauthClient: - # -- is the id of the client - # @section -- Global configuration - id: "platform" - # -- is the secret of the client - # @section -- Global configuration - secret: "changeMe1" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - secret: "" nats: enabled: false # -- NATS URL: nats://nats:4222 nats://$PUBLISHER_NATS_USERNAME:$PUBLISHER_NATS_PASSWORD@nats:4222 @@ -177,9 +202,7 @@ serviceAccount: # -- Service account name name: "" # -- Service account annotations - annotations: - {} - # eks.amazonaws.com/role-arn: "" + annotations: {} # eks.amazonaws.com/role-arn: "" image: # -- Membership image repository @@ -205,7 +228,7 @@ securityContext: # -- Membership security context capabilities drop capabilities: drop: - - ALL + - ALL # -- Membership security context read only root filesystem readOnlyRootFilesystem: true # -- Membership security context run as non root @@ -214,8 +237,7 @@ securityContext: runAsUser: 1000 # -- Membership resources -resources: - {} +resources: {} # limits: # cpu: 100m # memory: 128Mi @@ -224,8 +246,7 @@ resources: # memory: 128Mi # -- Membership autoscaling -autoscaling: - {} +autoscaling: {} # enabled: false # minReplicas: 1 # maxReplicas: 10 @@ -276,7 +297,7 @@ service: port: 8080 # -- service node port # nodePort: - # -- service grpc port + # -- service grpc port grpc: port: 8082 # -- Membership service node port @@ -290,16 +311,15 @@ ingress: # -- Membership ingress annotations annotations: {} hosts: - # -- Membership ingress host - - host: "{{ tpl .Values.global.platform.membership.host $ }}" - paths: - - # -- Membership ingress path - path: /api - # -- Membership ingress path type - pathType: Prefix + # -- Membership ingress host + - host: "{{ tpl .Values.global.platform.membership.host $ }}" + paths: + # -- Membership ingress path + - path: /api + # -- Membership ingress path type + pathType: Prefix # -- Membership ingress tls - tls: - [] + tls: [] # -- Membership ingress tls secret name # - secretName: YOUR_TLS_SECRET_NAME @@ -358,10 +378,10 @@ config: clientSecret: "changeMe" # -- Membership oidc redirect uri scopes: - - openid - - email - # -- Membership Dex federated id scope - - federated:id + - openid + - email + # -- Membership Dex federated id scope + - federated:id # -- Membership oidc existing secret existingSecret: "" # -- Membership oidc secret key @@ -398,10 +418,10 @@ config: # Modules created by default on a stack minimalStackModules: - - Auth - - Ledger - - Payments - - Gateway + - Auth + - Ledger + - Payments + - Gateway cycle: dryRun: true @@ -494,9 +514,7 @@ config: annotations: {} # -- Membership job migration annotations - annotations: - {} - # Argo CD translate `pre-install,pre-upgrade` to: argocd.argoproj.io/hook: PreSync + annotations: {} # Argo CD translate `pre-install,pre-upgrade` to: argocd.argoproj.io/hook: PreSync ttlSecondsAfterFinished: "" volumes: [] @@ -529,21 +547,20 @@ dex: # @section -- Dex configuration annotations: {} hosts: - - # -- Dex ingress host + # -- Dex ingress host + # @section -- Dex configuration + - host: "{{ tpl .Values.global.platform.membership.relyingParty.host $ }}" + paths: + # -- Dex ingress path + # @section -- Dex configuration + # refer to .Values.global.platform.membership.relyingParty.host.path + - path: "/" + # -- Dex ingress path type # @section -- Dex configuration - host: "{{ tpl .Values.global.platform.membership.relyingParty.host $ }}" - paths: - - # -- Dex ingress path - # @section -- Dex configuration - # refer to .Values.global.platform.membership.relyingParty.host.path - path: "/" - # -- Dex ingress path type - # @section -- Dex configuration - pathType: Prefix + pathType: Prefix # -- Dex ingress tls # @section -- Dex configuration - tls: - [] + tls: [] # -- Dex ingress tls secret name # @section -- Dex configuration # - secretName: YOUR_TLS_SECRET_NAME @@ -562,8 +579,7 @@ dex: # -- Dex resources # @section -- Dex configuration - resources: - {} + resources: {} # limits: # cpu: 100m # memory: 128Mi @@ -622,27 +638,27 @@ dex: # -- oauth2 response types # @section -- Dex configuration responseTypes: - - code - - token - - id_token + - code + - token + - id_token # -- enable password db # @section -- Dex configuration enablePasswordDB: true # Generate password: https://github.com/dexidp/dex/blob/576f990d257d9dd63e283cf379960e50506e8bcc/examples/config-dev.yaml#L145 staticPasswords: - - # -- static passwords email - # @section -- Dex configuration - email: admin@formance.com - # -- static passwords hash - # @section -- Dex configuration - hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" # password - # -- static passwords username - # @section -- Dex configuration - username: admin - # -- static passwords user id - # @section -- Dex configuration - userID: 08a8684b-db88-4b73-90a9-3cd1661f5466 + # -- static passwords email + # @section -- Dex configuration + - email: admin@formance.com + # -- static passwords hash + # @section -- Dex configuration + hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" # password + # -- static passwords username + # @section -- Dex configuration + username: admin + # -- static passwords user id + # @section -- Dex configuration + userID: 08a8684b-db88-4b73-90a9-3cd1661f5466 postgresql: # -- Enable postgresql diff --git a/charts/portal/Chart.yaml b/charts/portal/Chart.yaml index 5c37a86..dd8987f 100644 --- a/charts/portal/Chart.yaml +++ b/charts/portal/Chart.yaml @@ -23,13 +23,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.0 +version: 2.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "191a441519a65dae56a5b2cf56fe64eee03fc059" +appVersion: "fd50377c162c62a1dc4485a41996bb4e4574cf3d" kubeVersion: ">=1.14.0-0" sources: diff --git a/charts/portal/README.md b/charts/portal/README.md index 4b8caf4..0b71a09 100644 --- a/charts/portal/README.md +++ b/charts/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 191a441519a65dae56a5b2cf56fe64eee03fc059](https://img.shields.io/badge/AppVersion-191a441519a65dae56a5b2cf56fe64eee03fc059-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: fd50377c162c62a1dc4485a41996bb4e4574cf3d](https://img.shields.io/badge/AppVersion-fd50377c162c62a1dc4485a41996bb4e4574cf3d-informational?style=flat-square) Formance Portal @@ -47,19 +47,16 @@ Kubernetes: `>=1.14.0-0` | global.monitoring.traces.port | int | `4317` | Port | | global.platform.console.host | string | `"console.{{ .Values.global.serviceHost }}"` | is the host for the console | | global.platform.console.scheme | string | `"https"` | is the scheme for the console | -| global.platform.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | -| global.platform.cookie.existingSecret | string | `""` | is the name of the secret | -| global.platform.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | global.platform.membership.host | string | `"membership.{{ .Values.global.serviceHost }}"` | is the host for the membership | -| global.platform.membership.oauthClient.existingSecret | string | `""` | is the name of the secret | -| global.platform.membership.oauthClient.id | string | `"platform"` | is the id of the client | -| global.platform.membership.oauthClient.secret | string | `"changeMe1"` | is the secret of the client | -| global.platform.membership.oauthClient.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.membership.scheme | string | `"https"` | is the scheme for the membership | -| global.platform.portal.cookie.encryptionKey | string | `"changeMe1"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | -| global.platform.portal.cookie.existingSecret | string | `""` | is the name of the secret | -| global.platform.portal.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | +| global.platform.portal.oauth.client.existingSecret | string | `""` | is the name of the secret | +| global.platform.portal.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.portal.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | +| global.platform.portal.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | +| global.platform.portal.oauth.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that store authentication between console-v2 and portal | +| global.platform.portal.oauth.cookie.existingSecret | string | `""` | is the name of the secret | +| global.platform.portal.oauth.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | global.platform.portal.scheme | string | `"https"` | is the scheme for the portal | | global.serviceHost | string | `""` | is the base domain for portal and console | @@ -67,8 +64,7 @@ Kubernetes: `>=1.14.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| global.platform.cookie | object | `{"encryptionKey":"changeMe00","existingSecret":"","secretKeys":{"encryptionKey":""}}` | Console V2 Cookie | -| global.platform.portal.cookie | object | `{"encryptionKey":"changeMe1","existingSecret":"","secretKeys":{"encryptionKey":""}}` | Console V3: EXPERIMENTAL | +| global.platform.console.enabled | bool | `true` | | | affinity | object | `{}` | Portal affinity | | annotations | object | `{}` | Portal annotations | | autoscaling.enabled | bool | `false` | | @@ -95,7 +91,7 @@ Kubernetes: `>=1.14.0-0` | ingress.className | string | `""` | ingress class name | | ingress.enabled | bool | `true` | ingress enabled | | ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.portal.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | -| ingress.hosts[0].paths[0].path | string | `"/"` | ingress path | +| ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | ingress.tls | list | `[]` | ingress tls | | livenessProbe | object | `{}` | Portal liveness probe | @@ -116,5 +112,5 @@ Kubernetes: `>=1.14.0-0` | serviceAccount.create | bool | `true` | Service account creation | | serviceAccount.name | string | `""` | Service account name | | tolerations | list | `[]` | Portal tolerations | -| volumeMounts | list | `[]` | Portal volume mounts | +| volumeMounts | list | `[]` | | | volumes | list | `[]` | Portal volumes | diff --git a/charts/portal/templates/_helpers.tpl b/charts/portal/templates/_helpers.tpl index d2b342f..00837ae 100644 --- a/charts/portal/templates/_helpers.tpl +++ b/charts/portal/templates/_helpers.tpl @@ -30,49 +30,57 @@ {{- define "portal.cookie" }} - name: COOKIE_SECRET - {{- if or .Values.config.cookie.existingSecret .Values.global.platform.portal.cookie.existingSecret }} + {{- if or .Values.config.cookie.existingSecret }} valueFrom: secretKeyRef: - name: {{ .Values.config.cookie.existingSecret | default .Values.global.platform.portal.cookie.existingSecret }} - key: {{ .Values.config.cookie.secretKeys.secret | default .Values.global.platform.portal.cookie.secretKeys.encryptionKey }} + name: {{ .Values.config.cookie.existingSecret }} + key: {{ .Values.config.cookie.secretKeys.secret }} {{- else }} - value: {{ .Values.config.cookie.secret | default .Values.global.platform.portal.cookie.encryptionKey }} + value: {{ .Values.config.cookie.secret }} {{- end }} - name: COOKIE_NAME value: __session_platform +{{- if .Values.global.platform.console.enabled }} - name: COOKIE_DOMAIN value: {{ .Values.global.serviceHost }} - name: CONSOLE_COOKIE_SECRET - {{- if gt (len .Values.global.platform.cookie.existingSecret) 0 }} + {{- if gt (len .Values.global.platform.portal.oauth.cookie.existingSecret) 0 }} valueFrom: secretKeyRef: - name: {{ .Values.global.platform.cookie.existingSecret }} - key: {{ .Values.global.platform.cookie.secretKeys.encryptionKey }} + name: {{ .Values.global.platform.portal.oauth.cookie.existingSecret }} + key: {{ .Values.global.platform.portal.oauth.cookie.secretKeys.encryptionKey }} {{- else }} - value: {{ .Values.global.platform.cookie.encryptionKey | quote }} + value: {{ .Values.global.platform.portal.oauth.cookie.encryptionKey | quote }} {{- end }} +{{- else }} +- name: COOKIE_DOMAIN + value: {{ tpl .Values.global.platform.portal.host $ }} +{{- end -}} {{- end -}} -{{- define "portal.env" -}} -- name: NODE_ENV - value: {{ .Values.config.environment }} +{{- define "portal.oauth.client" }} - name: MEMBERSHIP_URL_API value: {{ (printf "%s/api" (include "service.url" (dict "service" .Values.global.platform.membership "Context" .))) }} - name: MEMBERSHIP_CLIENT_ID - value: "{{ .Values.global.platform.membership.oauthClient.id }}" + value: "{{ .Values.global.platform.portal.oauth.client.id }}" - name: MEMBERSHIP_CLIENT_SECRET - {{- if gt (len .Values.global.platform.membership.oauthClient.existingSecret) 0 }} + {{- if gt (len .Values.global.platform.portal.oauth.client.existingSecret) 0 }} valueFrom: secretKeyRef: - name: {{ .Values.global.platform.membership.oauthClient.existingSecret }} - key: {{ .Values.global.platform.membership.oauthClient.secretKeys.secret }} + name: {{ .Values.global.platform.portal.oauth.client.existingSecret }} + key: {{ .Values.global.platform.portal.oauth.client.secretKeys.secret }} {{- else }} - value: {{ .Values.global.platform.membership.oauthClient.secret | quote }} + value: {{ .Values.global.platform.portal.oauth.client.secret | quote }} {{- end }} -- name: FEATURES_DISABLED - value: "{{ join "," .Values.config.featuresDisabled}}" - name: REDIRECT_URI value: {{ include "service.url" (dict "service" .Values.global.platform.portal "Context" .) }} +{{- end }} + +{{- define "portal.env" -}} +- name: NODE_ENV + value: {{ .Values.config.environment }} +- name: FEATURES_DISABLED + value: "{{ join "," .Values.config.featuresDisabled}}" - name: APPS_CONSOLE value: {{ include "service.url" (dict "service" .Values.global.platform.console "Context" .) }} - name: DEBUG diff --git a/charts/portal/values.schema.json b/charts/portal/values.schema.json index 9a21e00..b4935a4 100644 --- a/charts/portal/values.schema.json +++ b/charts/portal/values.schema.json @@ -181,6 +181,9 @@ "properties": { "console": { "properties": { + "enabled": { + "type": "boolean" + }, "host": { "type": "string" }, @@ -190,72 +193,61 @@ }, "type": "object" }, - "cookie": { + "membership": { "properties": { - "encryptionKey": { + "host": { "type": "string" }, - "existingSecret": { + "scheme": { "type": "string" - }, - "secretKeys": { - "properties": { - "encryptionKey": { - "type": "string" - } - }, - "type": "object" } }, "type": "object" }, - "membership": { + "portal": { "properties": { "host": { "type": "string" }, - "oauthClient": { + "oauth": { "properties": { - "existingSecret": { - "type": "string" - }, - "id": { - "type": "string" - }, - "secret": { - "type": "string" - }, - "secretKeys": { + "client": { "properties": { + "existingSecret": { + "type": "string" + }, + "id": { + "type": "string" + }, "secret": { "type": "string" + }, + "secretKeys": { + "properties": { + "secret": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" - } - }, - "type": "object" - }, - "scheme": { - "type": "string" - } - }, - "type": "object" - }, - "portal": { - "properties": { - "cookie": { - "properties": { - "encryptionKey": { - "type": "string" }, - "existingSecret": { - "type": "string" - }, - "secretKeys": { + "cookie": { "properties": { "encryptionKey": { "type": "string" + }, + "existingSecret": { + "type": "string" + }, + "secretKeys": { + "properties": { + "encryptionKey": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" @@ -263,9 +255,6 @@ }, "type": "object" }, - "host": { - "type": "string" - }, "scheme": { "type": "string" } diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index 21fbd83..47b029a 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -36,6 +36,7 @@ global: port: 4317 platform: console: + enabled: true # -- is the scheme for the console # @section -- Global configuration scheme: "https" @@ -49,32 +50,32 @@ global: # -- is the host for the portal # @section -- Global configuration host: "portal.{{ .Values.global.serviceHost }}" - - # -- Console V3: EXPERIMENTAL - cookie: - # -- is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId - # @section -- Global configuration - encryptionKey: "changeMe1" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - encryptionKey: "" - - # -- Console V2 Cookie - cookie: - # -- is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId - # @section -- Global configuration - encryptionKey: "changeMe00" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - encryptionKey: "" + oauth: + cookie: + # -- is used to encrypt a cookie that store authentication between console-v2 and portal + # @section -- Global configuration + encryptionKey: "changeMe00" + # -- is the name of the secret + # @section -- Global configuration + existingSecret: "" + # -- is the key contained within the secret + # @section -- Global configuration + secretKeys: + encryptionKey: "" + client: + # -- is the id of the client + # @section -- Global configuration + id: "platform" + # -- is the secret of the client + # @section -- Global configuration + secret: "changeMe1" + # -- is the name of the secret + # @section -- Global configuration + existingSecret: "" + # -- is the key contained within the secret + # @section -- Global configuration + secretKeys: + secret: "" membership: # -- is the scheme for the membership @@ -84,21 +85,6 @@ global: # @section -- Global configuration host: "membership.{{ .Values.global.serviceHost }}" - oauthClient: - # -- is the id of the client - # @section -- Global configuration - id: "platform" - # -- is the secret of the client - # @section -- Global configuration - secret: "changeMe1" - # -- is the name of the secret - # @section -- Global configuration - existingSecret: "" - # -- is the key contained within the secret - # @section -- Global configuration - secretKeys: - secret: "" - # -- Number of replicas replicas: 1 @@ -149,16 +135,15 @@ ingress: # -- ingress annotations annotations: {} hosts: - # -- ingress host - - host: "{{ tpl .Values.global.platform.portal.host $ }}" - paths: - - # -- ingress path - path: / - # -- ingress path type - pathType: Prefix + # -- ingress host + - host: "{{ tpl .Values.global.platform.portal.host $ }}" + paths: + # -- ingress path + - path: / + # -- ingress path type + pathType: Prefix # -- ingress tls - tls: - [] + tls: [] # -- ingress tls secret name # - secretName: YOUR_TLS_SECRET_NAME @@ -179,8 +164,7 @@ config: # -- Portal environment environment: production featuresDisabled: - - console_v3_beta - + - console_v3_beta # -- EXPERIMENTAL: Console V3 also use this cookie # DO not configure this if using .global.platform.portal.cookie cookie: @@ -210,7 +194,6 @@ config: # -- Additional environment variables additionalEnv: [] - # -- Override monitoring configuration # monitoring: # # -- Override otel service name @@ -232,7 +215,7 @@ service: # -- service node port # nodePort: -# -- Portal volume mounts + # -- Portal volume mounts volumeMounts: [] # -- Portal annotations @@ -242,8 +225,7 @@ annotations: {} volumes: [] # -- Portal resources -resources: - {} +resources: {} # requests: # cpu: 250m # memory: 512Mi diff --git a/test/helm/suite/cloudprem_test.go b/test/helm/suite/cloudprem_test.go index f35a294..c3f7c02 100644 --- a/test/helm/suite/cloudprem_test.go +++ b/test/helm/suite/cloudprem_test.go @@ -107,7 +107,7 @@ func (s *TemplatePlatfromTest) TestAppEnabled() { options.SetValues["global.nats.enabled"] = "true" } - options.SetValues[fmt.Sprintf("%s.enabled", app)] = strconv.FormatBool(enabled) + options.SetValues[fmt.Sprintf("global.platform.%s.enabled", app)] = strconv.FormatBool(enabled) output, err := helm.RenderTemplateE(t, options, s.ChartPath, s.Release, []string{fmt.Sprintf("charts/%s/templates/%s", app, templateName)}) if enabled { require.NoError(t, err) diff --git a/test/helm/suite/console_test.go b/test/helm/suite/console_test.go index 216cb84..df9bb4e 100644 --- a/test/helm/suite/console_test.go +++ b/test/helm/suite/console_test.go @@ -55,12 +55,12 @@ func (s *TemplateConsole) TestCookieEncryptionKey() { var values map[string]string if withEncryptioNKey { values = map[string]string{ - "global.platform.cookie.existingSecret": uuid.NewString(), - "global.platform.cookie.secretKeys.encryptionKey": uuid.NewString(), + "global.platform.portal.oauth.cookie.existingSecret": uuid.NewString(), + "global.platform.portal.oauth.cookie.secretKeys.encryptionKey": uuid.NewString(), } } else { values = map[string]string{ - "global.platform.cookie.encryptionKey": uuid.NewString(), + "global.platform.portal.oauth.cookie.encryptionKey": uuid.NewString(), } } options := s.Options( @@ -73,7 +73,7 @@ func (s *TemplateConsole) TestCookieEncryptionKey() { if !withEncryptioNKey { require.Contains(t, r.Spec.Template.Spec.Containers[0].Env, coreV1.EnvVar{ Name: "ENCRYPTION_KEY", - Value: values["global.platform.cookie.encryptionKey"], + Value: values["global.platform.portal.oauth.cookie.encryptionKey"], }) return @@ -83,9 +83,9 @@ func (s *TemplateConsole) TestCookieEncryptionKey() { ValueFrom: &coreV1.EnvVarSource{ SecretKeyRef: &coreV1.SecretKeySelector{ LocalObjectReference: coreV1.LocalObjectReference{ - Name: values["global.platform.cookie.existingSecret"], + Name: values["global.platform.portal.oauth.cookie.existingSecret"], }, - Key: values["global.platform.cookie.secretKeys.encryptionKey"], + Key: values["global.platform.portal.oauth.cookie.secretKeys.encryptionKey"], }, }, }) From d05c7c6745aa982f33bd5f76983b08536a9c32e3 Mon Sep 17 00:00:00 2001 From: David Ragot <35502263+Dav-14@users.noreply.github.com> Date: Tue, 28 Jan 2025 17:40:50 +0100 Subject: [PATCH 2/9] feat(cloudprem): update doc --- charts/cloudprem/README.md | 39 ++++++++++++++++++++----------- charts/cloudprem/README.md.gotmpl | 22 ++++++++++++----- charts/console-v3/README.md | 3 ++- charts/console-v3/values.yaml | 8 +++---- charts/console/README.md | 2 +- charts/console/values.yaml | 4 ++-- charts/membership/README.md | 8 +++---- charts/membership/values.yaml | 20 +++++++++------- charts/portal/README.md | 4 ++-- charts/portal/values.yaml | 6 ++--- 10 files changed, 70 insertions(+), 46 deletions(-) diff --git a/charts/cloudprem/README.md b/charts/cloudprem/README.md index 5d3f50d..df75212 100644 --- a/charts/cloudprem/README.md +++ b/charts/cloudprem/README.md @@ -271,19 +271,29 @@ See [profiles](./profiles) for more examples. ### From v2.X.X To v3.0.0 -> No configuration changes are required for this upgrade. +## RBAC -Membership service contain a behavior breaking changes within the RBAC module. +Membership service contains a behavior-breaking change within the RBAC module. -Before, permissions were managed dynamically on the organization and stack with a *fallback* on the organization resource. (default organization accesses and default stack accesses). Which led to a lot of confusion and inconsistency regarding the users permissions +Before, permissions were managed dynamically on the organization and stack with a *fallback* on the organization resource. (default organization accesses and default stack accesses). Which led to a lot of confusion and inconsistency regarding the user's permissions -Now, the fallback has been removed from the RBAC module and is only used when a new user joins the organization. +The fallback has been removed from the RBAC module and is only used when a new user joins the organization. -Note: `Console-v3` (experimental) and `Portal` have been updated to manage the new RBAC module. +## Cookies + +Portal and Console v3 are no longer sharing Oauth clients and cookies. The cookie domain is now set on the app domain. Enabling `console` will set the domain on the parent domain. See #breaking-changes for config changes. ## Breaking changes -TODO: Add breaking changes +> The structure does not change + +- `.global.platform.cookie` has been moved to `.global.platform.portal.oauth.cookie` +- `.global.platform.membership.oauthClient` has been moved to `.global.platform.portal.oauth.client` for console backward compatibility but can be different when using console-v3. + +## Additions + +- `global.platform.consoleV3.oauth.client` has been added to manage the new console-v3 oauth client. +- `console-v3.config.cookie` has been added to manage the new console-v3 cookie. ### From v1.0.X To v2.0.X @@ -355,6 +365,7 @@ Dex: |-----|------|---------|-------------| | global.aws.elb | bool | `false` | Enable AWS ELB across all services, appropriate .aws.targertGroup must be set | | global.aws.iam | bool | `false` | Enable AWS IAM Authentification | +| console-v3.aws | object | `{"targetGroups":{"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Console target groups | | membership.aws | object | `{"targetGroups":{"grpc":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.grpc.port }}"},"targetGroupARN":"","targetType":"ip"},"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Membership target groups | | membership.dex.aws | object | `{"targetGroups":{"dex-http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"dex.fullname\" .Subcharts.dex }}","port":"{{ .Values.dex.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Target Groups | | portal.aws | object | `{"targetGroups":{"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Portal target groups | @@ -427,7 +438,7 @@ Dex: | membership.dex.configOverrides.enablePasswordDB | bool | `true` | enable password db | | membership.dex.configOverrides.oauth2.responseTypes | list | `["code","token","id_token"]` | oauth2 response types | | membership.dex.configOverrides.oauth2.skipApprovalScreen | bool | `true` | oauth2 skip approval screen | -| membership.dex.configOverrides.staticPasswords[0] | object | `{"email":"admin@formance.com","hash":"$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W","userID":"08a8684b-db88-4b73-90a9-3cd1661f5466","username":"admin"}` | static passwords email | +| membership.dex.configOverrides.staticPasswords[0].email | string | `"admin@formance.com"` | static passwords email | | membership.dex.configOverrides.staticPasswords[0].hash | string | `"$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"` | static passwords hash | | membership.dex.configOverrides.staticPasswords[0].userID | string | `"08a8684b-db88-4b73-90a9-3cd1661f5466"` | static passwords user id | | membership.dex.configOverrides.staticPasswords[0].username | string | `"admin"` | static passwords username | @@ -442,7 +453,7 @@ Dex: | membership.dex.ingress.annotations | object | `{}` | Dex ingress annotations | | membership.dex.ingress.className | string | `""` | Dex ingress class name | | membership.dex.ingress.enabled | bool | `true` | Dex ingress enabled | -| membership.dex.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.membership.relyingParty.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | Dex ingress host | +| membership.dex.ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.membership.relyingParty.host $ }}"` | Dex ingress host | | membership.dex.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | Dex ingress path refer to .Values.global.platform.membership.relyingParty.host.path | | membership.dex.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | Dex ingress path type | | membership.dex.ingress.tls | list | `[]` | Dex ingress tls | @@ -505,7 +516,7 @@ Dex: | console.ingress.annotations | object | `{}` | ingress annotations | | console.ingress.className | string | `""` | ingress class name | | console.ingress.enabled | bool | `true` | ingress enabled | -| console.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.console.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | +| console.ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.console.host $ }}"` | ingress host | | console.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | console.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | console.ingress.tls | list | `[]` | ingress tls | @@ -555,7 +566,7 @@ Dex: | console-v3.ingress.annotations | object | `{}` | ingress annotations | | console-v3.ingress.className | string | `""` | ingress class name | | console-v3.ingress.enabled | bool | `true` | ingress enabled | -| console-v3.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.consoleV3.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | +| console-v3.ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.consoleV3.host $ }}"` | ingress host | | console-v3.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | console-v3.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | console-v3.ingress.tls | list | `[]` | ingress tls | @@ -593,7 +604,7 @@ Dex: | membership.config.job | object | `{"garbageCollector":{"concurrencyPolicy":"Forbid","enabled":false,"resources":{},"restartPolicy":"Never","schedule":"0 0 * * *","startingDeadlineSeconds":200,"suspend":false,"tolerations":[],"volumeMounts":[],"volumes":[]},"stackLifeCycle":{"concurrencyPolicy":"Forbid","enabled":false,"resources":{},"restartPolicy":"Never","schedule":"*/30 * * * *","startingDeadlineSeconds":200,"suspend":false,"tolerations":[],"volumeMounts":[],"volumes":[]}}` | CronJob to manage the stack life cycle and the garbage collector | | membership.config.job.garbageCollector | object | `{"concurrencyPolicy":"Forbid","enabled":false,"resources":{},"restartPolicy":"Never","schedule":"0 0 * * *","startingDeadlineSeconds":200,"suspend":false,"tolerations":[],"volumeMounts":[],"volumes":[]}` | Clean expired tokens and refresh tokens after X time | | membership.config.job.stackLifeCycle | object | `{"concurrencyPolicy":"Forbid","enabled":false,"resources":{},"restartPolicy":"Never","schedule":"*/30 * * * *","startingDeadlineSeconds":200,"suspend":false,"tolerations":[],"volumeMounts":[],"volumes":[]}` | Job create 2 jobs to eaither warn or prune a stacks This does not change the state of the stack WARN: Mark stack Disposable -> trigger a mail PRUNE: Mark stack Warned -> trigger a mail It blocks stack cycles if supendend It is highly recommended to enable it as it is the only way we control | -| membership.config.migration.annotations | object | `{}` | Membership job migration annotations | +| membership.config.migration.annotations | object | `{}` | Membership job migration annotations Argo CD translate `pre-install,pre-upgrade` to: argocd.argoproj.io/hook: PreSync | | membership.config.migration.serviceAccount.annotations | object | `{}` | | | membership.config.migration.serviceAccount.create | bool | `true` | | | membership.config.migration.serviceAccount.name | string | `""` | | @@ -650,7 +661,7 @@ Dex: | membership.securityContext.runAsUser | int | `1000` | Membership security context run as user | | membership.service.annotations | object | `{}` | service annotations | | membership.service.clusterIP | string | `""` | service cluster IP | -| membership.service.ports.grpc.port | int | `8082` | | +| membership.service.ports.grpc.port | int | `8082` | service grpc port | | membership.service.ports.http | object | `{"port":8080}` | service http port | | membership.service.type | string | `"ClusterIP"` | service type | | membership.serviceAccount.annotations | object | `{}` | Service account annotations | @@ -684,7 +695,7 @@ Dex: | portal.ingress.annotations | object | `{}` | ingress annotations | | portal.ingress.className | string | `""` | ingress class name | | portal.ingress.enabled | bool | `true` | ingress enabled | -| portal.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.portal.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | +| portal.ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.portal.host $ }}"` | ingress host | | portal.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | portal.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | portal.ingress.tls | list | `[]` | ingress tls | @@ -706,5 +717,5 @@ Dex: | portal.serviceAccount.create | bool | `true` | Service account creation | | portal.serviceAccount.name | string | `""` | Service account name | | portal.tolerations | list | `[]` | Portal tolerations | -| portal.volumeMounts | list | `[]` | | +| portal.volumeMounts | list | `[]` | Portal volume mounts | | portal.volumes | list | `[]` | Portal volumes | diff --git a/charts/cloudprem/README.md.gotmpl b/charts/cloudprem/README.md.gotmpl index cedc3c7..31550e3 100644 --- a/charts/cloudprem/README.md.gotmpl +++ b/charts/cloudprem/README.md.gotmpl @@ -273,19 +273,29 @@ See [profiles](./profiles) for more examples. ### From v2.X.X To v3.0.0 -> No configuration changes are required for this upgrade. +## RBAC -Membership service contain a behavior breaking changes within the RBAC module. +Membership service contains a behavior-breaking change within the RBAC module. -Before, permissions were managed dynamically on the organization and stack with a *fallback* on the organization resource. (default organization accesses and default stack accesses). Which led to a lot of confusion and inconsistency regarding the users permissions +Before, permissions were managed dynamically on the organization and stack with a *fallback* on the organization resource. (default organization accesses and default stack accesses). Which led to a lot of confusion and inconsistency regarding the user's permissions -Now, the fallback has been removed from the RBAC module and is only used when a new user joins the organization. +The fallback has been removed from the RBAC module and is only used when a new user joins the organization. -Note: `Console-v3` (experimental) and `Portal` have been updated to manage the new RBAC module. +## Cookies + +Portal and Console v3 are no longer sharing Oauth clients and cookies. The cookie domain is now set on the app domain. Enabling `console` will set the domain on the parent domain. See #breaking-changes for config changes. ## Breaking changes -TODO: Add breaking changes +> The structure does not change + +- `.global.platform.cookie` has been moved to `.global.platform.portal.oauth.cookie` +- `.global.platform.membership.oauthClient` has been moved to `.global.platform.portal.oauth.client` for console backward compatibility but can be different when using console-v3. + +## Additions + +- `global.platform.consoleV3.oauth.client` has been added to manage the new console-v3 oauth client. +- `console-v3.config.cookie` has been added to manage the new console-v3 cookie. ### From v1.0.X To v2.0.X diff --git a/charts/console-v3/README.md b/charts/console-v3/README.md index b61c90d..b63267a 100644 --- a/charts/console-v3/README.md +++ b/charts/console-v3/README.md @@ -31,6 +31,7 @@ Kubernetes: `>=1.14.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| | global.aws.elb | bool | `false` | Enable AWS ELB across all services, appropriate .aws.targertGroup must be set | +| aws | object | `{"targetGroups":{"http":{"ipAddressType":"ipv4","serviceRef":{"name":"{{ include \"core.fullname\" $ }}","port":"{{ .Values.service.ports.http.port }}"},"targetGroupARN":"","targetType":"ip"}}}` | AWS Console target groups | ### Global configuration @@ -90,7 +91,7 @@ Kubernetes: `>=1.14.0-0` | ingress.annotations | object | `{}` | ingress annotations | | ingress.className | string | `""` | ingress class name | | ingress.enabled | bool | `true` | ingress enabled | -| ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.consoleV3.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | +| ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.consoleV3.host $ }}"` | ingress host | | ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | ingress.tls | list | `[]` | ingress tls | diff --git a/charts/console-v3/values.yaml b/charts/console-v3/values.yaml index 217badd..f1e0c39 100644 --- a/charts/console-v3/values.yaml +++ b/charts/console-v3/values.yaml @@ -149,8 +149,8 @@ service: # -- service node port # nodePort: - # -- AWS Console target groups - # @section -- Global AWS configuration +# -- AWS Console target groups +# @section -- Global AWS configuration aws: targetGroups: http: @@ -174,8 +174,8 @@ ingress: # -- ingress annotations annotations: {} hosts: - # -- ingress host - - host: "{{ tpl .Values.global.platform.consoleV3.host $ }}" + - # -- ingress host + host: "{{ tpl .Values.global.platform.consoleV3.host $ }}" paths: # -- ingress path - path: / diff --git a/charts/console/README.md b/charts/console/README.md index ed4008e..3efad31 100644 --- a/charts/console/README.md +++ b/charts/console/README.md @@ -88,7 +88,7 @@ Kubernetes: `>=1.14.0-0` | ingress.annotations | object | `{}` | ingress annotations | | ingress.className | string | `""` | ingress class name | | ingress.enabled | bool | `true` | ingress enabled | -| ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.console.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | +| ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.console.host $ }}"` | ingress host | | ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | ingress.tls | list | `[]` | ingress tls | diff --git a/charts/console/values.yaml b/charts/console/values.yaml index c449c6b..ab2c3b9 100644 --- a/charts/console/values.yaml +++ b/charts/console/values.yaml @@ -183,8 +183,8 @@ ingress: # -- ingress annotations annotations: {} hosts: - # -- ingress host - - host: "{{ tpl .Values.global.platform.console.host $ }}" + - # -- ingress host + host: "{{ tpl .Values.global.platform.console.host $ }}" paths: # -- ingress path - path: / diff --git a/charts/membership/README.md b/charts/membership/README.md index 805e2c9..9eafb67 100644 --- a/charts/membership/README.md +++ b/charts/membership/README.md @@ -88,7 +88,7 @@ Kubernetes: `>=1.14.0-0` | dex.configOverrides.enablePasswordDB | bool | `true` | enable password db | | dex.configOverrides.oauth2.responseTypes | list | `["code","token","id_token"]` | oauth2 response types | | dex.configOverrides.oauth2.skipApprovalScreen | bool | `true` | oauth2 skip approval screen | -| dex.configOverrides.staticPasswords[0] | object | `{"email":"admin@formance.com","hash":"$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W","userID":"08a8684b-db88-4b73-90a9-3cd1661f5466","username":"admin"}` | static passwords email | +| dex.configOverrides.staticPasswords[0].email | string | `"admin@formance.com"` | static passwords email | | dex.configOverrides.staticPasswords[0].hash | string | `"$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"` | static passwords hash | | dex.configOverrides.staticPasswords[0].userID | string | `"08a8684b-db88-4b73-90a9-3cd1661f5466"` | static passwords user id | | dex.configOverrides.staticPasswords[0].username | string | `"admin"` | static passwords username | @@ -103,7 +103,7 @@ Kubernetes: `>=1.14.0-0` | dex.ingress.annotations | object | `{}` | Dex ingress annotations | | dex.ingress.className | string | `""` | Dex ingress class name | | dex.ingress.enabled | bool | `true` | Dex ingress enabled | -| dex.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.membership.relyingParty.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | Dex ingress host | +| dex.ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.membership.relyingParty.host $ }}"` | Dex ingress host | | dex.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | Dex ingress path refer to .Values.global.platform.membership.relyingParty.host.path | | dex.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | Dex ingress path type | | dex.ingress.tls | list | `[]` | Dex ingress tls | @@ -155,7 +155,7 @@ Kubernetes: `>=1.14.0-0` | config.job | object | `{"garbageCollector":{"concurrencyPolicy":"Forbid","enabled":false,"resources":{},"restartPolicy":"Never","schedule":"0 0 * * *","startingDeadlineSeconds":200,"suspend":false,"tolerations":[],"volumeMounts":[],"volumes":[]},"stackLifeCycle":{"concurrencyPolicy":"Forbid","enabled":false,"resources":{},"restartPolicy":"Never","schedule":"*/30 * * * *","startingDeadlineSeconds":200,"suspend":false,"tolerations":[],"volumeMounts":[],"volumes":[]}}` | CronJob to manage the stack life cycle and the garbage collector | | config.job.garbageCollector | object | `{"concurrencyPolicy":"Forbid","enabled":false,"resources":{},"restartPolicy":"Never","schedule":"0 0 * * *","startingDeadlineSeconds":200,"suspend":false,"tolerations":[],"volumeMounts":[],"volumes":[]}` | Clean expired tokens and refresh tokens after X time | | config.job.stackLifeCycle | object | `{"concurrencyPolicy":"Forbid","enabled":false,"resources":{},"restartPolicy":"Never","schedule":"*/30 * * * *","startingDeadlineSeconds":200,"suspend":false,"tolerations":[],"volumeMounts":[],"volumes":[]}` | Job create 2 jobs to eaither warn or prune a stacks This does not change the state of the stack WARN: Mark stack Disposable -> trigger a mail PRUNE: Mark stack Warned -> trigger a mail It blocks stack cycles if supendend It is highly recommended to enable it as it is the only way we control | -| config.migration.annotations | object | `{}` | Membership job migration annotations | +| config.migration.annotations | object | `{}` | Membership job migration annotations Argo CD translate `pre-install,pre-upgrade` to: argocd.argoproj.io/hook: PreSync | | config.migration.serviceAccount.annotations | object | `{}` | | | config.migration.serviceAccount.create | bool | `true` | | | config.migration.serviceAccount.name | string | `""` | | @@ -212,7 +212,7 @@ Kubernetes: `>=1.14.0-0` | securityContext.runAsUser | int | `1000` | Membership security context run as user | | service.annotations | object | `{}` | service annotations | | service.clusterIP | string | `""` | service cluster IP | -| service.ports.grpc.port | int | `8082` | | +| service.ports.grpc.port | int | `8082` | service grpc port | | service.ports.http | object | `{"port":8080}` | service http port | | service.type | string | `"ClusterIP"` | service type | | serviceAccount.annotations | object | `{}` | Service account annotations | diff --git a/charts/membership/values.yaml b/charts/membership/values.yaml index 89d417c..c596d78 100644 --- a/charts/membership/values.yaml +++ b/charts/membership/values.yaml @@ -202,7 +202,8 @@ serviceAccount: # -- Service account name name: "" # -- Service account annotations - annotations: {} # eks.amazonaws.com/role-arn: "" + annotations: {} + # eks.amazonaws.com/role-arn: "" image: # -- Membership image repository @@ -297,8 +298,8 @@ service: port: 8080 # -- service node port # nodePort: - # -- service grpc port grpc: + # -- service grpc port port: 8082 # -- Membership service node port # nodePort: @@ -514,7 +515,8 @@ config: annotations: {} # -- Membership job migration annotations - annotations: {} # Argo CD translate `pre-install,pre-upgrade` to: argocd.argoproj.io/hook: PreSync + # Argo CD translate `pre-install,pre-upgrade` to: argocd.argoproj.io/hook: PreSync + annotations: {} ttlSecondsAfterFinished: "" volumes: [] @@ -547,9 +549,9 @@ dex: # @section -- Dex configuration annotations: {} hosts: - # -- Dex ingress host - # @section -- Dex configuration - - host: "{{ tpl .Values.global.platform.membership.relyingParty.host $ }}" + - # -- Dex ingress host + # @section -- Dex configuration + host: "{{ tpl .Values.global.platform.membership.relyingParty.host $ }}" paths: # -- Dex ingress path # @section -- Dex configuration @@ -647,9 +649,9 @@ dex: enablePasswordDB: true # Generate password: https://github.com/dexidp/dex/blob/576f990d257d9dd63e283cf379960e50506e8bcc/examples/config-dev.yaml#L145 staticPasswords: - # -- static passwords email - # @section -- Dex configuration - - email: admin@formance.com + - # -- static passwords email + # @section -- Dex configuration + email: admin@formance.com # -- static passwords hash # @section -- Dex configuration hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" # password diff --git a/charts/portal/README.md b/charts/portal/README.md index 0b71a09..3da76f8 100644 --- a/charts/portal/README.md +++ b/charts/portal/README.md @@ -90,7 +90,7 @@ Kubernetes: `>=1.14.0-0` | ingress.annotations | object | `{}` | ingress annotations | | ingress.className | string | `""` | ingress class name | | ingress.enabled | bool | `true` | ingress enabled | -| ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.portal.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | +| ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.portal.host $ }}"` | ingress host | | ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | ingress.tls | list | `[]` | ingress tls | @@ -112,5 +112,5 @@ Kubernetes: `>=1.14.0-0` | serviceAccount.create | bool | `true` | Service account creation | | serviceAccount.name | string | `""` | Service account name | | tolerations | list | `[]` | Portal tolerations | -| volumeMounts | list | `[]` | | +| volumeMounts | list | `[]` | Portal volume mounts | | volumes | list | `[]` | Portal volumes | diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index 47b029a..747f230 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -135,8 +135,8 @@ ingress: # -- ingress annotations annotations: {} hosts: - # -- ingress host - - host: "{{ tpl .Values.global.platform.portal.host $ }}" + - # -- ingress host + host: "{{ tpl .Values.global.platform.portal.host $ }}" paths: # -- ingress path - path: / @@ -215,7 +215,7 @@ service: # -- service node port # nodePort: - # -- Portal volume mounts +# -- Portal volume mounts volumeMounts: [] # -- Portal annotations From e82a06c4d1443319a57438b1addec3bf9b00b74d Mon Sep 17 00:00:00 2001 From: David Ragot <35502263+Dav-14@users.noreply.github.com> Date: Wed, 29 Jan 2025 14:02:06 +0100 Subject: [PATCH 3/9] fix(console,portal): default oauth client id --- charts/cloudprem/README.md | 4 ++-- charts/cloudprem/README.md.gotmpl | 2 +- charts/console-v3/templates/_helpers.tpl | 2 +- charts/console/README.md | 2 +- charts/console/values.yaml | 2 +- charts/membership/templates/configmap.yaml | 2 +- charts/portal/README.md | 2 +- charts/portal/values.yaml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/cloudprem/README.md b/charts/cloudprem/README.md index df75212..b16939e 100644 --- a/charts/cloudprem/README.md +++ b/charts/cloudprem/README.md @@ -279,7 +279,7 @@ Before, permissions were managed dynamically on the organization and stack with The fallback has been removed from the RBAC module and is only used when a new user joins the organization. -## Cookies +## OAuth clients and cookies Portal and Console v3 are no longer sharing Oauth clients and cookies. The cookie domain is now set on the app domain. Enabling `console` will set the domain on the parent domain. See #breaking-changes for config changes. @@ -403,7 +403,7 @@ Dex: | global.platform.membership.scheme | string | `"https"` | is the scheme for the membership | | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | | global.platform.portal.oauth.client.existingSecret | string | `""` | is the name of the secret | -| global.platform.portal.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.portal.oauth.client.id | string | `"portal"` | is the id of the client | | global.platform.portal.oauth.client.scopes | list | `["supertoken","accesses","remember_me","keep_refresh_token"]` | is the name of the secret | | global.platform.portal.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | | global.platform.portal.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | diff --git a/charts/cloudprem/README.md.gotmpl b/charts/cloudprem/README.md.gotmpl index 31550e3..7b4d087 100644 --- a/charts/cloudprem/README.md.gotmpl +++ b/charts/cloudprem/README.md.gotmpl @@ -281,7 +281,7 @@ Before, permissions were managed dynamically on the organization and stack with The fallback has been removed from the RBAC module and is only used when a new user joins the organization. -## Cookies +## OAuth clients and cookies Portal and Console v3 are no longer sharing Oauth clients and cookies. The cookie domain is now set on the app domain. Enabling `console` will set the domain on the parent domain. See #breaking-changes for config changes. diff --git a/charts/console-v3/templates/_helpers.tpl b/charts/console-v3/templates/_helpers.tpl index 539800e..f80a3b9 100644 --- a/charts/console-v3/templates/_helpers.tpl +++ b/charts/console-v3/templates/_helpers.tpl @@ -39,7 +39,7 @@ valueFrom: secretKeyRef: name: {{ .Values.config.cookie.existingSecret }} - key: {{ .Values.config.cookie.secretKeysencryptionKey }} + key: {{ .Values.config.cookie.secretKeys.encryptionKey }} {{- else }} value: {{ .Values.config.cookie.encryptionKey }} {{- end }} diff --git a/charts/console/README.md b/charts/console/README.md index 3efad31..b1bb426 100644 --- a/charts/console/README.md +++ b/charts/console/README.md @@ -50,7 +50,7 @@ Kubernetes: `>=1.14.0-0` | global.platform.membership.scheme | string | `"https"` | is the scheme for the membership | | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | | global.platform.portal.oauth.client.existingSecret | string | `""` | is the name of the secret | -| global.platform.portal.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.portal.oauth.client.id | string | `"portal"` | is the id of the client | | global.platform.portal.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | | global.platform.portal.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.portal.oauth.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId It is not shared with console-v3 and the domain is only limited to portal app | diff --git a/charts/console/values.yaml b/charts/console/values.yaml index ab2c3b9..c48c483 100644 --- a/charts/console/values.yaml +++ b/charts/console/values.yaml @@ -54,7 +54,7 @@ global: client: # -- is the id of the client # @section -- Global configuration - id: "platform" + id: "portal" # -- is the secret of the client # @section -- Global configuration secret: "changeMe1" diff --git a/charts/membership/templates/configmap.yaml b/charts/membership/templates/configmap.yaml index d6d8b4b..e4b787f 100644 --- a/charts/membership/templates/configmap.yaml +++ b/charts/membership/templates/configmap.yaml @@ -14,7 +14,7 @@ data: {{- end }} {{- range $serviceName, $service := .Values.global.platform }} {{- if and (and (hasKey $service "oauth") (hasKey $service.oauth "client")) $service.enabled }} - - id: "{{ $service.oauth.client.id }}" + - id: "{{ $service.oauth.client.id }}" secrets: - "{{ printf "$%s_OAUTH_CLIENT_SECRET" (upper $serviceName) }}" redirectUris: diff --git a/charts/portal/README.md b/charts/portal/README.md index 3da76f8..4b83992 100644 --- a/charts/portal/README.md +++ b/charts/portal/README.md @@ -51,7 +51,7 @@ Kubernetes: `>=1.14.0-0` | global.platform.membership.scheme | string | `"https"` | is the scheme for the membership | | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | | global.platform.portal.oauth.client.existingSecret | string | `""` | is the name of the secret | -| global.platform.portal.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.portal.oauth.client.id | string | `"portal"` | is the id of the client | | global.platform.portal.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | | global.platform.portal.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.portal.oauth.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that store authentication between console-v2 and portal | diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index 747f230..6d1cc77 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -65,7 +65,7 @@ global: client: # -- is the id of the client # @section -- Global configuration - id: "platform" + id: "portal" # -- is the secret of the client # @section -- Global configuration secret: "changeMe1" From e14a9fa9ccaac06f13983f1723a06cbf57cc2674 Mon Sep 17 00:00:00 2001 From: David Ragot <35502263+Dav-14@users.noreply.github.com> Date: Wed, 29 Jan 2025 14:20:05 +0100 Subject: [PATCH 4/9] fix(console-v3): default oauth client id --- charts/cloudprem/README.md | 6 +++--- charts/console-v3/README.md | 6 +++--- charts/console-v3/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/cloudprem/README.md b/charts/cloudprem/README.md index b16939e..8d6d3ba 100644 --- a/charts/cloudprem/README.md +++ b/charts/cloudprem/README.md @@ -388,12 +388,12 @@ Dex: | global.nats.url | string | `""` | NATS URL: nats://nats:4222 nats://$PUBLISHER_NATS_USERNAME:$PUBLISHER_NATS_PASSWORD@nats:4222 | | global.platform.console.host | string | `"console.{{ .Values.global.serviceHost }}"` | is the host for the console | | global.platform.console.scheme | string | `"https"` | is the scheme for the console | -| global.platform.consoleV3 | object | `{"host":"console.v3.{{ .Values.global.serviceHost }}","oauth":{"client":{"existingSecret":"","id":"platform","secret":"changeMe1","secretKeys":{"secret":""}}},"scheme":"https"}` | Console V3: EXPERIMENTAL | +| global.platform.consoleV3 | object | `{"host":"console.v3.{{ .Values.global.serviceHost }}","oauth":{"client":{"existingSecret":"","id":"console-v3","secret":"changeMe2","secretKeys":{"secret":""}}},"scheme":"https"}` | Console V3: EXPERIMENTAL | | global.platform.consoleV3.host | string | `"console.v3.{{ .Values.global.serviceHost }}"` | is the host for the console | | global.platform.consoleV3.oauth.client.existingSecret | string | `""` | is the name of the secret | -| global.platform.consoleV3.oauth.client.id | string | `"platform"` | is the id of the client | +| global.platform.consoleV3.oauth.client.id | string | `"console-v3"` | is the id of the client | | global.platform.consoleV3.oauth.client.scopes | list | `["supertoken","accesses","remember_me","keep_refresh_token"]` | is the name of the secret | -| global.platform.consoleV3.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | +| global.platform.consoleV3.oauth.client.secret | string | `"changeMe2"` | is the secret of the client | | global.platform.consoleV3.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.consoleV3.scheme | string | `"https"` | is the scheme for the console | | global.platform.membership.host | string | `"membership.{{ .Values.global.serviceHost }}"` | is the host for the membership | diff --git a/charts/console-v3/README.md b/charts/console-v3/README.md index b63267a..35b8117 100644 --- a/charts/console-v3/README.md +++ b/charts/console-v3/README.md @@ -45,11 +45,11 @@ Kubernetes: `>=1.14.0-0` | global.monitoring.traces.insecure | bool | `true` | Insecure | | global.monitoring.traces.mode | string | `"grpc"` | Mode | | global.monitoring.traces.port | int | `4317` | Port | -| global.platform.consoleV3 | object | `{"host":"console.v3.{{ .Values.global.serviceHost }}","oauth":{"client":{"existingSecret":"","id":"platform","secret":"changeMe1","secretKeys":{"secret":""}}},"scheme":"https"}` | Console V3: EXPERIMENTAL | +| global.platform.consoleV3 | object | `{"host":"console.v3.{{ .Values.global.serviceHost }}","oauth":{"client":{"existingSecret":"","id":"console-v3","secret":"changeMe2","secretKeys":{"secret":""}}},"scheme":"https"}` | Console V3: EXPERIMENTAL | | global.platform.consoleV3.host | string | `"console.v3.{{ .Values.global.serviceHost }}"` | is the host for the console | | global.platform.consoleV3.oauth.client.existingSecret | string | `""` | is the name of the secret | -| global.platform.consoleV3.oauth.client.id | string | `"platform"` | is the id of the client | -| global.platform.consoleV3.oauth.client.secret | string | `"changeMe1"` | is the secret of the client | +| global.platform.consoleV3.oauth.client.id | string | `"console-v3"` | is the id of the client | +| global.platform.consoleV3.oauth.client.secret | string | `"changeMe2"` | is the secret of the client | | global.platform.consoleV3.oauth.client.secretKeys | object | `{"secret":""}` | is the key contained within the secret | | global.platform.consoleV3.scheme | string | `"https"` | is the scheme for the console | | global.platform.membership.host | string | `"membership.{{ .Values.global.serviceHost }}"` | is the host for the membership | diff --git a/charts/console-v3/values.yaml b/charts/console-v3/values.yaml index f1e0c39..3b2a409 100644 --- a/charts/console-v3/values.yaml +++ b/charts/console-v3/values.yaml @@ -57,10 +57,10 @@ global: client: # -- is the id of the client # @section -- Global configuration - id: "platform" + id: "console-v3" # -- is the secret of the client # @section -- Global configuration - secret: "changeMe1" + secret: "changeMe2" # -- is the name of the secret # @section -- Global configuration existingSecret: "" From 30214de76b336a14a8cc419383f43b5462b01bb8 Mon Sep 17 00:00:00 2001 From: David Ragot <35502263+Dav-14@users.noreply.github.com> Date: Wed, 29 Jan 2025 14:30:28 +0100 Subject: [PATCH 5/9] fix(portal): missing oauth client --- charts/portal/templates/_helpers.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/portal/templates/_helpers.tpl b/charts/portal/templates/_helpers.tpl index 00837ae..b841f2a 100644 --- a/charts/portal/templates/_helpers.tpl +++ b/charts/portal/templates/_helpers.tpl @@ -86,6 +86,7 @@ - name: DEBUG value: {{ .Values.global.debug | quote }} {{- include "portal.cookie" . }} +{{- include "portal.oauth.client" . }} {{- include "core.sentry" . }} {{- include "core.monitoring" . }} {{ include "portal.additionalEnv" . }} From 0c9e458499115a72182fa69c7de57f466a069a7f Mon Sep 17 00:00:00 2001 From: David Ragot <35502263+Dav-14@users.noreply.github.com> Date: Wed, 29 Jan 2025 14:48:10 +0100 Subject: [PATCH 6/9] fix(console-v3): change cookie name --- charts/console-v3/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/console-v3/templates/_helpers.tpl b/charts/console-v3/templates/_helpers.tpl index f80a3b9..b69b732 100644 --- a/charts/console-v3/templates/_helpers.tpl +++ b/charts/console-v3/templates/_helpers.tpl @@ -44,7 +44,7 @@ value: {{ .Values.config.cookie.encryptionKey }} {{- end }} - name: COOKIE_NAME - value: __session_platform + value: __session_console_v3 - name: COOKIE_DOMAIN value: {{ tpl .Values.global.platform.consoleV3.host $ }} {{- end -}} From eb12bf16039043fb82e483fdc5e6bd6b3b3af791 Mon Sep 17 00:00:00 2001 From: David Ragot <35502263+Dav-14@users.noreply.github.com> Date: Wed, 29 Jan 2025 15:26:33 +0100 Subject: [PATCH 7/9] fix: dex version, upgrade console-v3 and portal --- charts/cloudprem/README.md | 2 +- charts/console-v3/Chart.yaml | 2 +- charts/console-v3/README.md | 2 +- charts/membership/README.md | 2 +- charts/membership/values.yaml | 2 +- charts/portal/Chart.yaml | 14 +++++++------- charts/portal/README.md | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/charts/cloudprem/README.md b/charts/cloudprem/README.md index 8d6d3ba..5449998 100644 --- a/charts/cloudprem/README.md +++ b/charts/cloudprem/README.md @@ -449,7 +449,7 @@ Dex: | membership.dex.envVars | list | `[]` | Dex additional environment variables | | membership.dex.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | | membership.dex.image.repository | string | `"ghcr.io/formancehq/dex"` | image repository | -| membership.dex.image.tag | string | `"v0.36.2"` | image tag | +| membership.dex.image.tag | string | `"v1.0.4"` | image tag | | membership.dex.ingress.annotations | object | `{}` | Dex ingress annotations | | membership.dex.ingress.className | string | `""` | Dex ingress class name | | membership.dex.ingress.enabled | bool | `true` | Dex ingress enabled | diff --git a/charts/console-v3/Chart.yaml b/charts/console-v3/Chart.yaml index d5ae3b6..a965133 100644 --- a/charts/console-v3/Chart.yaml +++ b/charts/console-v3/Chart.yaml @@ -35,7 +35,7 @@ version: 2.0.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "fd50377c162c62a1dc4485a41996bb4e4574cf3d" +appVersion: "9bc0913c2e5eecf5713a68312e43e7a80b4c61e5" kubeVersion: ">=1.14.0-0" sources: - https://github.com/formancehq/console diff --git a/charts/console-v3/README.md b/charts/console-v3/README.md index 35b8117..c6a1861 100644 --- a/charts/console-v3/README.md +++ b/charts/console-v3/README.md @@ -1,6 +1,6 @@ # console-v3 -![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: fd50377c162c62a1dc4485a41996bb4e4574cf3d](https://img.shields.io/badge/AppVersion-fd50377c162c62a1dc4485a41996bb4e4574cf3d-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 9bc0913c2e5eecf5713a68312e43e7a80b4c61e5](https://img.shields.io/badge/AppVersion-9bc0913c2e5eecf5713a68312e43e7a80b4c61e5-informational?style=flat-square) Formance Console diff --git a/charts/membership/README.md b/charts/membership/README.md index 9eafb67..b75d33c 100644 --- a/charts/membership/README.md +++ b/charts/membership/README.md @@ -99,7 +99,7 @@ Kubernetes: `>=1.14.0-0` | dex.envVars | list | `[]` | Dex additional environment variables | | dex.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | | dex.image.repository | string | `"ghcr.io/formancehq/dex"` | image repository | -| dex.image.tag | string | `"v0.36.2"` | image tag | +| dex.image.tag | string | `"v1.0.4"` | image tag | | dex.ingress.annotations | object | `{}` | Dex ingress annotations | | dex.ingress.className | string | `""` | Dex ingress class name | | dex.ingress.enabled | bool | `true` | Dex ingress enabled | diff --git a/charts/membership/values.yaml b/charts/membership/values.yaml index c596d78..4df1275 100644 --- a/charts/membership/values.yaml +++ b/charts/membership/values.yaml @@ -536,7 +536,7 @@ dex: pullPolicy: IfNotPresent # -- image tag # @section -- Dex configuration - tag: v0.36.2 + tag: v1.0.4 ingress: # -- Dex ingress enabled diff --git a/charts/portal/Chart.yaml b/charts/portal/Chart.yaml index dd8987f..002d069 100644 --- a/charts/portal/Chart.yaml +++ b/charts/portal/Chart.yaml @@ -6,8 +6,8 @@ description: |- home: "https://formance.com" maintainers: - - name: "Formance Team" - email: "support@formance.com" +- name: "Formance Team" + email: "support@formance.com" icon: "https://avatars.githubusercontent.com/u/84325077?s=200&v=4" # A chart can be either an 'application' or a 'library' chart. @@ -29,13 +29,13 @@ version: 2.0.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "fd50377c162c62a1dc4485a41996bb4e4574cf3d" +appVersion: "9bc0913c2e5eecf5713a68312e43e7a80b4c61e5" kubeVersion: ">=1.14.0-0" sources: - - https://github.com/formancehq/platform-ui +- https://github.com/formancehq/platform-ui dependencies: - - name: core - version: "1.X" - repository: file://../core +- name: core + version: "1.X" + repository: file://../core diff --git a/charts/portal/README.md b/charts/portal/README.md index 4b83992..71def75 100644 --- a/charts/portal/README.md +++ b/charts/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: fd50377c162c62a1dc4485a41996bb4e4574cf3d](https://img.shields.io/badge/AppVersion-fd50377c162c62a1dc4485a41996bb4e4574cf3d-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 9bc0913c2e5eecf5713a68312e43e7a80b4c61e5](https://img.shields.io/badge/AppVersion-9bc0913c2e5eecf5713a68312e43e7a80b4c61e5-informational?style=flat-square) Formance Portal From f0b3dff5dbcb2c75fa4e9dd4f1a91b9a6af7363b Mon Sep 17 00:00:00 2001 From: David Ragot <35502263+Dav-14@users.noreply.github.com> Date: Wed, 29 Jan 2025 15:35:13 +0100 Subject: [PATCH 8/9] feat: update values documentation --- charts/cloudprem/README.md | 7 +++++-- charts/cloudprem/README.md.gotmpl | 3 +++ charts/console-v3/README.md | 4 ++-- charts/console-v3/values.yaml | 6 +++--- charts/portal/values.yaml | 1 + 5 files changed, 14 insertions(+), 7 deletions(-) diff --git a/charts/cloudprem/README.md b/charts/cloudprem/README.md index 5449998..a7e2173 100644 --- a/charts/cloudprem/README.md +++ b/charts/cloudprem/README.md @@ -289,6 +289,9 @@ Portal and Console v3 are no longer sharing Oauth clients and cookies. The cooki - `.global.platform.cookie` has been moved to `.global.platform.portal.oauth.cookie` - `.global.platform.membership.oauthClient` has been moved to `.global.platform.portal.oauth.client` for console backward compatibility but can be different when using console-v3. +- `.console.enabled` -> `.global.platform.console.enabled` +- `.membership.enabled` -> `.global.platform.membership.enabled` +- `.portal.enabled` -> `.global.platform.portal.enabled` ## Additions @@ -422,7 +425,7 @@ Dex: | global.postgresql.host | string | `""` | Host for PostgreSQL (overrides included postgreql `host`) | | global.postgresql.service.ports.postgresql | int | `5432` | PostgreSQL service port (overrides `service.ports.postgresql`) | | global.serviceHost | string | `""` | is the base domain for portal and console | -| console-v3.config.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | +| console-v3.config.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie value | | console-v3.config.cookie.existingSecret | string | `""` | is the name of the secret | | console-v3.config.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | | membership.config.migration.postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`). | @@ -566,7 +569,7 @@ Dex: | console-v3.ingress.annotations | object | `{}` | ingress annotations | | console-v3.ingress.className | string | `""` | ingress class name | | console-v3.ingress.enabled | bool | `true` | ingress enabled | -| console-v3.ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.consoleV3.host $ }}"` | ingress host | +| console-v3.ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.consoleV3.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | | console-v3.ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | console-v3.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | console-v3.ingress.tls | list | `[]` | ingress tls | diff --git a/charts/cloudprem/README.md.gotmpl b/charts/cloudprem/README.md.gotmpl index 7b4d087..0324e7a 100644 --- a/charts/cloudprem/README.md.gotmpl +++ b/charts/cloudprem/README.md.gotmpl @@ -291,6 +291,9 @@ Portal and Console v3 are no longer sharing Oauth clients and cookies. The cooki - `.global.platform.cookie` has been moved to `.global.platform.portal.oauth.cookie` - `.global.platform.membership.oauthClient` has been moved to `.global.platform.portal.oauth.client` for console backward compatibility but can be different when using console-v3. +- `.console.enabled` -> `.global.platform.console.enabled` +- `.membership.enabled` -> `.global.platform.membership.enabled` +- `.portal.enabled` -> `.global.platform.portal.enabled` ## Additions diff --git a/charts/console-v3/README.md b/charts/console-v3/README.md index c6a1861..3d2a90a 100644 --- a/charts/console-v3/README.md +++ b/charts/console-v3/README.md @@ -57,7 +57,7 @@ Kubernetes: `>=1.14.0-0` | global.platform.portal.host | string | `"portal.{{ .Values.global.serviceHost }}"` | is the host for the portal | | global.platform.portal.scheme | string | `"https"` | is the scheme for the portal | | global.serviceHost | string | `""` | is the base domain for portal and console | -| config.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId | +| config.cookie.encryptionKey | string | `"changeMe00"` | is used to encrypt a cookie value | | config.cookie.existingSecret | string | `""` | is the name of the secret | | config.cookie.secretKeys | object | `{"encryptionKey":""}` | is the key contained within the secret | @@ -91,7 +91,7 @@ Kubernetes: `>=1.14.0-0` | ingress.annotations | object | `{}` | ingress annotations | | ingress.className | string | `""` | ingress class name | | ingress.enabled | bool | `true` | ingress enabled | -| ingress.hosts[0].host | string | `"{{ tpl .Values.global.platform.consoleV3.host $ }}"` | ingress host | +| ingress.hosts[0] | object | `{"host":"{{ tpl .Values.global.platform.consoleV3.host $ }}","paths":[{"path":"/","pathType":"Prefix"}]}` | ingress host | | ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | ingress path | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | ingress path type | | ingress.tls | list | `[]` | ingress tls | diff --git a/charts/console-v3/values.yaml b/charts/console-v3/values.yaml index 3b2a409..0e7837c 100644 --- a/charts/console-v3/values.yaml +++ b/charts/console-v3/values.yaml @@ -174,8 +174,8 @@ ingress: # -- ingress annotations annotations: {} hosts: - - # -- ingress host - host: "{{ tpl .Values.global.platform.consoleV3.host $ }}" + # -- ingress host + - host: "{{ tpl .Values.global.platform.consoleV3.host $ }}" paths: # -- ingress path - path: / @@ -206,7 +206,7 @@ affinity: {} config: cookie: - # -- is used to encrypt a cookie that share authentication between platform services (console, portal, ...),is used to store the current state organizationId-stackId + # -- is used to encrypt a cookie value # @section -- Global configuration encryptionKey: "changeMe00" # -- is the name of the secret diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index 6d1cc77..e7eebb5 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -51,6 +51,7 @@ global: # @section -- Global configuration host: "portal.{{ .Values.global.serviceHost }}" oauth: + # Deprecated with console-v3 cookie: # -- is used to encrypt a cookie that store authentication between console-v2 and portal # @section -- Global configuration From 2d2c7a7b58f1c84a4c0a29b842f1c196010a69e5 Mon Sep 17 00:00:00 2001 From: Maxence Maireaux Date: Thu, 30 Jan 2025 11:12:24 +0100 Subject: [PATCH 9/9] Update chart versions in README.md Bumped versions for Cloudprem, Console, Console-V3, Membership, and Portal to reflect the latest changes. This ensures version consistency and accurate documentation for these Helm charts. --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e284a04..9c493cb 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,13 @@ | Readme | Chart Version | App Version | Description | Hub | |--------|---------------|-------------|-------------|-----| | [Agent](./charts/agent/README.md) | 2.4.0 |v2.2.0 | Formance Membership Agent Helm Chart | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/agent)](https://artifacthub.io/packages/search?repo=agent) | -| [Cloudprem](./charts/cloudprem/README.md) | 2.2.1 |v0.36.2 | Formance control-plane | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cloudprem)](https://artifacthub.io/packages/search?repo=cloudprem) | -| [Console](./charts/console/README.md) | 1.2.0 |fccc26c5b568781b86fbd06c651399c0edd67bac | Formance Console | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/console)](https://artifacthub.io/packages/search?repo=console) | -| [Console-V3](./charts/console-v3/README.md) | 1.2.0 |368ae6f5bd0a51bd5d9ebc0248a866869df5e326 | Formance Console | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/console-v3)](https://artifacthub.io/packages/search?repo=console-v3) | +| [Cloudprem](./charts/cloudprem/README.md) | 3.0.0-rc.0 |v1.0.4 | Formance control-plane | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cloudprem)](https://artifacthub.io/packages/search?repo=cloudprem) | +| [Console](./charts/console/README.md) | 2.0.0 |console-on.v1.0.2 | Formance Console | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/console)](https://artifacthub.io/packages/search?repo=console) | +| [Console-V3](./charts/console-v3/README.md) | 2.0.0 |9bc0913c2e5eecf5713a68312e43e7a80b4c61e5 | Formance Console | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/console-v3)](https://artifacthub.io/packages/search?repo=console-v3) | | [Core](./charts/core/README.md) | 1.1.0 |latest | Formance Core Library | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/core)](https://artifacthub.io/packages/search?repo=core) | | [Demo](./charts/demo/README.md) | 2.1.0 |latest | Formance Private Regions Demo | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/demo)](https://artifacthub.io/packages/search?repo=demo) | -| [Membership](./charts/membership/README.md) | 1.2.0 |v0.36.2 | Formance Membership API. Manage stacks, organizations, regions, invitations, users, roles, and permissions. | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/membership)](https://artifacthub.io/packages/search?repo=membership) | -| [Portal](./charts/portal/README.md) | 1.2.0 |191a441519a65dae56a5b2cf56fe64eee03fc059 | Formance Portal | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/portal)](https://artifacthub.io/packages/search?repo=portal) | +| [Membership](./charts/membership/README.md) | 2.0.0 |v1.0.4 | Formance Membership API. Manage stacks, organizations, regions, invitations, users, roles, and permissions. | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/membership)](https://artifacthub.io/packages/search?repo=membership) | +| [Portal](./charts/portal/README.md) | 2.0.0 |9bc0913c2e5eecf5713a68312e43e7a80b4c61e5 | Formance Portal | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/portal)](https://artifacthub.io/packages/search?repo=portal) | | [Regions](./charts/regions/README.md) | 2.8.2 |latest | Formance Private Regions Helm Chart | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/regions)](https://artifacthub.io/packages/search?repo=regions) | | [Stargate](./charts/stargate/README.md) | 0.6.0 |latest | Formance Stargate gRPC Gateway | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/stargate)](https://artifacthub.io/packages/search?repo=stargate) |