diff --git a/deploy/kubernetes/charts/templates/iris_app.yaml b/deploy/kubernetes/charts/templates/iris_app.yaml index 3756c76eb..35bbdb377 100644 --- a/deploy/kubernetes/charts/templates/iris_app.yaml +++ b/deploy/kubernetes/charts/templates/iris_app.yaml @@ -66,26 +66,17 @@ spec: - name: POSTGRES_USER # Setting Database username value: {{ .Values.irisapp.POSTGRES_USER| quote }} - - name: POSTGRES_PASSWORDD # Setting Database password - value: {{ .Values.irisapp.POSTGRES_PASSWORD | quote }} - - name: POSTGRES_ADMIN_USER # Setting Database admin user value: {{ .Values.irisapp.POSTGRES_ADMIN_USER | quote }} - - name: POSTGRES_ADMIN_PASSWORD # Setting Database admin password - value: {{ .Values.irisapp.POSTGRES_ADMIN_PASSWORD | quote }} - - name: POSTGRES_PORT # Setting Database port - value: {{ .Values.irisapp.POSTGRES_PORT | quote }} + value: {{ .Values.irisapp.POSTGRES_PORT | quote }} - - name: POSTGRES_SERVER # Setting Database server - value: {{ .Values.irisapp.POSTGRES_SERVER | quote }} - - - name: IRIS_SECRET_KEY - value: {{ .Values.irisapp.IRIS_SECRET_KEY | quote }} + - name: POSTGRES_DB + value: {{ .Values.irisapp.POSTGRES_DB | quote }} - - name: IRIS_SECURITY_PASSWORD_SALT - value: {{ .Values.irisapp.IRIS_SECURITY_PASSWORD_SALT | quote }} + - name: POSTGRES_SERVER # Setting Database server + value: {{ .Values.irisapp.POSTGRES_SERVER | quote }} - name: DB_RETRY_COUNT value: {{ .Values.irisapp.DB_RETRY_COUNT | quote }} @@ -96,12 +87,63 @@ spec: - name: INTERFACE_HTTPS_PORT value: {{ .Values.irisapp.INTERFACE_HTTPS_PORT | quote }} - - name: IRIS_ADM_USERNAME + - name: IRIS_ADM_USERNAME value: {{ .Values.irisapp.IRIS_ADM_USERNAME | quote }} - - name: IRIS_ADM_PASSWORD + - name: IRIS_SERVE_SECURE + value: {{.Values.irisapp.IRIS_SERVE_SECURE | quote}} + + {{if .Values.irisapp.secrets.enabled}} + + - name: IRIS_ADM_PASSWORD + valueFrom: + secretKeyRef: + name: {{.Values.irisapp.secrets.iris_admin_password.name}} + key: {{.Values.irisapp.secrets.iris_admin_password.key}} + + - name: IRIS_SECURITY_PASSWORD_SALT + valueFrom: + secretKeyRef: + name: {{.Values.irisapp.secrets.password_salt.name}} + key: {{.Values.irisapp.secrets.password_salt.key}} + + - name: IRIS_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{.Values.irisapp.secrets.secret_key.name}} + key: {{.Values.irisapp.secrets.secret_key.key}} + + - name: POSTGRES_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{.Values.irisapp.secrets.postgres_admin_password.name}} + key: {{.Values.irisapp.secrets.postgres_admin_password.key}} + + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{.Values.irisapp.secrets.postgres_password.name}} + key: {{.Values.irisapp.secrets.postgres_password.key}} + + {{else}} + + - name: IRIS_ADM_PASSWORD value: {{ .Values.irisapp.IRIS_ADM_PASSWORD | quote }} + - name: IRIS_SECURITY_PASSWORD_SALT + value: {{ .Values.irisapp.IRIS_SECURITY_PASSWORD_SALT | quote }} + + - name: IRIS_SECRET_KEY + value: {{ .Values.irisapp.IRIS_SECRET_KEY | quote }} + + - name: POSTGRES_ADMIN_PASSWORD # Setting Database admin password + value: {{ .Values.irisapp.POSTGRES_ADMIN_PASSWORD | quote }} + + - name: POSTGRES_PASSWORD # Setting Database password + value: {{ .Values.irisapp.POSTGRES_PASSWORD | quote }} + + {{end}} + ports: - containerPort: 8000 diff --git a/deploy/kubernetes/charts/templates/iris_worker.yaml b/deploy/kubernetes/charts/templates/iris_worker.yaml index f4fed4a2b..f3421920d 100644 --- a/deploy/kubernetes/charts/templates/iris_worker.yaml +++ b/deploy/kubernetes/charts/templates/iris_worker.yaml @@ -66,27 +66,68 @@ spec: - name: POSTGRES_USER value: {{ .Values.irisworker.POSTGRES_USER | quote }} - - name: POSTGRES_PASSWORDD - value: {{ .Values.irisworker.POSTGRES_PASSWORD | quote }} + - name: POSTGRES_DB + value: {{ .Values.irisworker.POSTGRES_DB | quote }} - name: POSTGRES_ADMIN_USER value: {{ .Values.irisworker.POSTGRES_ADMIN_USER | quote }} - - name: POSTGRES_ADMIN_PASSWORD - value: {{ .Values.irisworker.POSTGRES_ADMIN_PASSWORD | quote }} - - name: POSTGRES_PORT value: {{ .Values.irisworker.POSTGRES_PORT | quote }} - name: POSTGRES_SERVER - value: {{ .Values.irisworker.POSTGRES_SERVER | quote }} + value: {{ .Values.irisworker.POSTGRES_SERVER | quote }} + + {{if .Values.irisworker.secrets.enabled}} + + - name: IRIS_SECURITY_PASSWORD_SALT + valueFrom: + secretKeyRef: + name: {{.Values.irisworker.secrets.password_salt.name}} + key: {{.Values.irisworker.secrets.password_salt.key}} + + - name: IRIS_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{.Values.irisworker.secrets.secret_key.name}} + key: {{.Values.irisworker.secrets.secret_key.key}} + + - name: POSTGRES_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{.Values.irisworker.secrets.postgres_admin_password.name}} + key: {{.Values.irisworker.secrets.postgres_admin_password.key}} + + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{.Values.irisworker.secrets.postgres_password.name}} + key: {{.Values.irisworker.secrets.postgres_password.key}} - - name: IRIS_SECRET_KEY + - name: CELERY_BROKER + valueFrom: + secretKeyRef: + name: {{.Values.irisworker.secrets.celery_broker.name}} + key: {{.Values.irisworker.secrets.celery_broker.key}} + + {{else}} + + - name: IRIS_SECURITY_PASSWORD_SALT + value: {{ .Values.irisworker.IRIS_SECURITY_PASSWORD_SALT | quote }} + + - name: IRIS_SECRET_KEY value: {{ .Values.irisworker.IRIS_SECRET_KEY | quote }} - - name: IRIS_SECURITY_PASSWORD_SALT - value: {{ .Values.irisworker.IRIS_SECURITY_PASSWORD_SALT | quote }} - + - name: POSTGRES_ADMIN_PASSWORD # Setting Database admin password + value: {{ .Values.irisworker.POSTGRES_ADMIN_PASSWORD | quote }} + + - name: POSTGRES_PASSWORD # Setting Database password + value: {{ .Values.irisworker.POSTGRES_PASSWORD | quote }} + + - name: CELERY_BROKER + value: {{ .Values.irisworker.CELERY_BROKER | quote }} + + {{end}} volumeMounts: - mountPath: /home/iris/downloads diff --git a/deploy/kubernetes/charts/templates/nginx_ingress.yaml b/deploy/kubernetes/charts/templates/nginx_ingress.yaml index 709c02a47..f0cf6f2bc 100644 --- a/deploy/kubernetes/charts/templates/nginx_ingress.yaml +++ b/deploy/kubernetes/charts/templates/nginx_ingress.yaml @@ -1,33 +1,36 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Values.ingress.name }} - annotations: - {{- toYaml .Values.ingress.annotations | nindent 4 }} -spec: - ingressClassName: {{ .Values.ingress.className }} - rules: - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host.host }} - http: - paths: - {{- range $path := $host.paths }} - - path: {{ $path.path }} - pathType: Prefix - backend: - service: - name: {{ $path.serviceName }} - port: - number: {{ $path.servicePort }} - {{- end }} +{{if .Values.ingress.enabled}} + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: {{ .Values.ingress.name }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} + spec: + ingressClassName: {{ .Values.ingress.className }} + rules: + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host.host }} + http: + paths: + {{- range $path := $host.paths }} + - path: {{ $path.path }} + pathType: Prefix + backend: + service: + name: {{ $path.serviceName }} + port: + number: {{ $path.servicePort }} + {{- end }} + {{- end }} + {{- with .Values.ingress.tls }} + tls: + {{- range . }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} {{- end }} - {{- with .Values.ingress.tls }} - tls: - {{- range . }} - - hosts: - {{- range .hosts }} - - {{ . }} {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} + {{else}} + {{end}} diff --git a/deploy/kubernetes/charts/templates/postgres.yaml b/deploy/kubernetes/charts/templates/postgres.yaml index 15a223665..c6a3b4313 100644 --- a/deploy/kubernetes/charts/templates/postgres.yaml +++ b/deploy/kubernetes/charts/templates/postgres.yaml @@ -1,4 +1,5 @@ ---- +{{if .Values.postgres.deploy}} +--- # Here I have used a hostpath # Local volumes can only be used as a statically created PersistentVolume. Dynamic provisioning is not supported. # If you need to go with Dynamic volumes you may choose AWS EBS or EFS @@ -101,4 +102,6 @@ spec: - port: {{ .Values.postgres.service.port }} selector: app: {{ .Values.postgres.app }} ---- \ No newline at end of file +--- +{{else}} +{{end}} \ No newline at end of file diff --git a/deploy/kubernetes/charts/templates/rabbitmq.yaml b/deploy/kubernetes/charts/templates/rabbitmq.yaml index 7875083fa..ba0fcbbdc 100644 --- a/deploy/kubernetes/charts/templates/rabbitmq.yaml +++ b/deploy/kubernetes/charts/templates/rabbitmq.yaml @@ -1,3 +1,4 @@ +{{if .Values.rabbitmq.deploy}} --- apiVersion: apps/v1 kind: Deployment @@ -33,4 +34,6 @@ spec: type: ClusterIP selector: app: {{ .Values.rabbitmq.app }} ---- \ No newline at end of file +--- +{{else}} +{{end}} \ No newline at end of file diff --git a/deploy/kubernetes/charts/values.yaml b/deploy/kubernetes/charts/values.yaml index da82720c9..d8551e03a 100644 --- a/deploy/kubernetes/charts/values.yaml +++ b/deploy/kubernetes/charts/values.yaml @@ -4,6 +4,9 @@ rabbitmq: ## @param rabbitmq.app App name for rabbitmq ## app: rabbitmq + ## @param rabbitmq.deploy for rabbitmq + # + deploy: true ## @param rabbitmq.name Name for rabbitmq ## name: rabbitmq @@ -27,6 +30,9 @@ postgres: ## @param postgres.app PostgreSQL App ## app: postgres + ## @param postres.enabled + ## + deploy: true ## @param postgres.name PostgreSQL Name ## name: postgres @@ -53,7 +59,7 @@ postgres: POSTGRES_PASSWORD: postgres POSTGRES_ADMIN_USER: raptor POSTGRES_ADMIN_PASSWORD: postgres - POSTGRES_DB: iris_db + POSTGRES_DB: iris POSTGRES_PORT: 5432 @@ -83,7 +89,26 @@ irisapp: ## service: port: 8000 - + + ## Use kubernetes secrets instead of setting env variables + secrets: + enabled: false + postgres_password: + name: '' + key: '' + postgres_admin_password: + name: '' + key: '' + secret_key: + name: '' + key: '' + password_salt: + name: '' + key: '' + iris_admin_password: + name: '' + key: '' + ## @param irisapp.type Iris Frontend Service type ## type: NodePort @@ -96,16 +121,20 @@ irisapp: POSTGRES_ADMIN_PASSWORD: postgres POSTGRES_PORT: 5432 POSTGRES_SERVER: postgres..svc.cluster.local + POSTGRES_DB: iris DOCKERIZED: 1 IRIS_SECRET_KEY: AVerySuperSecretKey-SoNotThisOne IRIS_SECURITY_PASSWORD_SALT: ARandomSalt-NotThisOneEither IRIS_ADM_USERNAME: administrator + IRIS_SERVE_SECURE: 1 + # Must be 12 characters minimum and contains a capital letter and a number. IRIS_ADM_PASSWORD: Hello12345! DB_RETRY_COUNT: 5 DB_RETRY_DELAY: 5 INTERFACE_HTTPS_PORT: 443 + ## @section Iris Backend Configuration ## irisworker: @@ -128,6 +157,25 @@ irisworker: ## replicaCount: 1 + ## Use kubernetes secrets instead of setting env variables + secrets: + enabled: false + postgres_password: + name: '' + key: '' + postgres_admin_password: + name: '' + key: '' + secret_key: + name: '' + key: '' + password_salt: + name: '' + key: '' + celery_broker: + name: '' + key: '' + ## @param Iris Backend Environments ## POSTGRES_USER: raptor @@ -139,6 +187,7 @@ irisworker: DOCKERIZED: 1 IRIS_SECRET_KEY: AVerySuperSecretKey-SoNotThisOne IRIS_SECURITY_PASSWORD_SALT: ARandomSalt-NotThisOneEither + CELERY_BROKER: amqp://guest:**@rabbitmq:5672 ## @section Nginx Ingress Configuration ## diff --git a/source/app/configuration.py b/source/app/configuration.py index 14efd291e..fdf0e1e13 100644 --- a/source/app/configuration.py +++ b/source/app/configuration.py @@ -289,8 +289,10 @@ class Config: IRIS_ADM_API_KEY = config.load('IRIS', 'ADM_API_KEY') PERMANENT_SESSION_LIFETIME = timedelta(hours=24) - SESSION_COOKIE_SAMESITE = 'Lax' - SESSION_COOKIE_SECURE = True + + if config.load('IRIS', 'SERVE_SECURE', '1') == '1': + SESSION_COOKIE_SAMESITE = 'Lax' + SESSION_COOKIE_SECURE = True PG_ACCOUNT = PG_ACCOUNT_ PG_PASSWD = PG_PASSWD_ diff --git a/source/run.py b/source/run.py index 32dbe6204..b5118fdda 100644 --- a/source/run.py +++ b/source/run.py @@ -27,5 +27,5 @@ if __name__ == "__main__": - socket_io.run(app, host='127.0.0.1', port=8000, debug=True) + socket_io.run(app, host='0.0.0.0', port=8000, debug=True)