update charts

charts/cosmo-controller-manager/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: cosmo-controller-manager
 description: COSMO Controller Manager Helm chart for Kubernetes
 type: application
-version: 0.8.0
-appVersion: v0.8.0
+version: 0.9.0
+appVersion: v0.9.0
 kubeVersion: ">= 1.19.0-0"
 home: https://github.com/cosmo-workspace/cosmo
 icon: https://raw.githubusercontent.com/cosmo-workspace/cosmo/main/logo/logo-square-small.png

charts/cosmo-controller-manager/templates/manager.yaml

@@ -111,6 +111,20 @@ spec:
         {{- if ne .Values.logLevel "info" }}
         - --zap-devel=true
         {{- end }}
+        {{- if .Values.traefik.entrypoints }}
+        - --traefik-entrypoints={{ join "," .Values.traefik.entrypoints }}
+        {{- end }}
+        {{- if .Values.traefik.middlewares.auth }}
+        - --traefik-authen-middleware={{ .Values.traefik.middlewares.auth }}
+        {{- end }}
+        {{- if .Values.traefik.namespace }}
+        - --traefik-authen-middleware-namespace={{ .Values.traefik.namespace }}
+        {{- else }}
+        - --traefik-authen-middleware-namespace={{ .Release.Namespace }}
+        {{- end }}
+        {{- if .Values.traefik.middlewares.usernameHeader }}
+        - --traefik-username-header-middleware={{ .Values.traefik.middlewares.usernameHeader }}
+        {{- end }}
         - --workspace-default-urlbase={{ .Values.defaultURLBase.protocol }}://{{ .Values.defaultURLBase.host }}.{{ .Values.defaultURLBase.domain }}
         command:
         - /manager

charts/cosmo-controller-manager/values.yaml

@@ -87,11 +87,20 @@ defaultURLBase:
   # this values are passed to the entrypoint args as follows
   # --workspace-default-urlbase=https://{{NETRULE_GROUP}}-{{INSTANCE}}-{{NAMESPACE}}.example.com
   protocol: https
-  host: "{{NETRULE_GROUP}}-{{INSTANCE}}-{{NAMESPACE}}"
+  host: "{{NETRULE_GROUP}}-{{WORKSPACE}}-{{USER_NAME}}"
   domain: example.com
 
 localRunTest:
   enabled: false
   webhookEndpoint:
     ip: 127.0.0.1
     port: 9443
+
+traefik:
+  entrypoints:
+    - web
+    - websecure
+  namespace:
+  middlewares:
+    auth: cosmo-auth
+    usernameHeader: cosmo-username-headers

charts/cosmo-dashboard/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: cosmo-dashboard
 description: COSMO Dashboard Helm chart for Kubernetes
 type: application
-version: 0.8.0
-appVersion: v0.8.0
+version: 0.9.0
+appVersion: v0.9.0
 kubeVersion: ">= 1.19.0-0"
 home: https://github.com/cosmo-workspace/cosmo
 icon: https://raw.githubusercontent.com/cosmo-workspace/cosmo/main/logo/logo-square-small.png

charts/cosmo-dashboard/templates/dashboard.yaml

@@ -12,15 +12,43 @@ metadata:
     traefik.ingress.kubernetes.io/service.serversscheme: https
   {{- end }}
 spec:
+  type: {{ .Values.service.type }}
   ports:
-  - name: cosmo-dashboard
+  - name: cosmo-dashboard-server
     port: {{ .Values.service.port }}
     protocol: TCP
     targetPort: {{ .Values.service.port }}
+  {{- if .Values.localRunTest.enabled }}
+  - name: cosmo-dashboard-ui-server
+    port: {{ .Values.localRunTest.dashboardEndpoint.uiServerPort }}
+    protocol: TCP
+    targetPort: {{ .Values.localRunTest.dashboardEndpoint.uiServerPort }}
+  {{- end }}
+  {{- if not .Values.localRunTest.enabled }}
   selector:
     {{- include "cosmo-dashboard.selectorLabels" . | nindent 4 }}
-  type: {{ .Values.service.type }}
+  {{- end }}
+---
+{{- if .Values.localRunTest.enabled }}
+apiVersion: v1
+kind: Endpoints
+metadata:
+  labels:
+    {{- include "cosmo-dashboard.labels" . | nindent 4 }}
+  name: cosmo-dashboard
+  namespace: {{ .Release.Namespace }}
+subsets:
+- addresses:
+  - ip: {{ .Values.localRunTest.dashboardEndpoint.ip }}
+  ports:
+  - name: cosmo-dashboard-server
+    port: {{ .Values.localRunTest.dashboardEndpoint.serverPort }}
+    protocol: TCP
+  - name: cosmo-dashboard-ui-server
+    port: {{ .Values.localRunTest.dashboardEndpoint.uiServerPort }}
+    protocol: TCP
 ---
+{{- end }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -29,7 +57,7 @@ metadata:
   name: cosmo-dashboard
   namespace: {{ .Release.Namespace }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
       {{- include "cosmo-dashboard.selectorLabels" . | nindent 6 }}
@@ -51,6 +79,10 @@ spec:
         - --maxage-minutes={{ .Values.maxMinutes }}
         - --zap-log-level={{ .Values.logLevel }}
         - --zap-time-encoding={{ .Values.logTimeEncoding }}
+        - --cookie-domain=$(COOKIE_DOMAIN)
+        - --cookie-hashkey=$(COOKIE_HASHKEY)
+        - --cookie-blockkey=$(COOKIE_BLOCKKEY)
+        - --cookie-session-name=$(COOKIE_SESSION_NAME)
         {{- if ne .Values.logLevel "info" }}
         - --zap-devel=true
         {{- end }}
@@ -66,6 +98,16 @@ spec:
         - --tls-key=/app/cert/tls.key
         - --tls-cert=/app/cert/tls.crt
         {{- end }}
+        {{- if .Values.auth.ldap.enabled }}
+        - --ldap-url={{ .Values.auth.ldap.url }}
+        - --ldap-user-attr={{ .Values.auth.ldap.userAttr }}
+        - --ldap-basedn={{ .Values.auth.ldap.baseDn }}
+        - --ldap-insecure-skip-verify={{ .Values.auth.ldap.tls.insecure }}
+        - --ldap-start-tls={{ .Values.auth.ldap.tls.startTls }}
+        {{- if .Values.auth.ldap.tls.secretName }}
+        - --ldap-ca-cert=/app/ldapCert/ca.crt
+        {{- end }}
+        {{- end }}
         command:
         - /app/dashboard
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -80,6 +122,9 @@ spec:
           initialDelaySeconds: 15
           periodSeconds: 20
         name: dashboard
+        envFrom:
+          - secretRef:
+              name: cosmo-auth-env
         ports:
         - containerPort: 8443
           name: https
@@ -88,20 +133,31 @@ spec:
           {{- toYaml .Values.resources | nindent 10 }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 10 }}
-        {{- if not .Values.insecure }}
         volumeMounts:
+        {{- if not .Values.insecure }}
         - mountPath: /app/cert
           name: cert
           readOnly: true
         {{- end }}
+        {{- if .Values.auth.ldap.tls.secretName }}
+        - mountPath: /app/ldapCert
+          name: ldap-cert
+          readOnly: true
+        {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       serviceAccountName: {{ include "cosmo-dashboard.serviceAccountName" . }}
       terminationGracePeriodSeconds: 10
-      {{- if not .Values.insecure }}
       volumes:
+      {{- if not .Values.insecure }}
       - name: cert
         secret:
           defaultMode: 420
           secretName: {{ .Values.cert.secretName }}
       {{- end }}
+      {{- if .Values.auth.ldap.tls.secretName }}
+      - name: ldap-cert
+        secret:
+          defaultMode: 420
+          secretName: {{ .Values.auth.ldap.tls.secretName }}
+      {{- end }}

charts/cosmo-dashboard/templates/ingress.yaml

@@ -1,8 +1,7 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "cosmo-dashboard.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
 metadata:
   name: {{ $fullName }}
   namespace: {{ .Release.Namespace }}
@@ -13,26 +12,39 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  {{- if .Values.ingress.className}}
-  ingressClassName: {{ .Values.ingress.className }}
-  {{- end}}
-  {{- with .Values.ingress.tls }}
-  tls:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            pathType: {{ .pathType }}
-            backend:
-              service:
-                name: {{ $fullName }}
-                port: 
-                  number: {{ $svcPort }}
-          {{- end }}
+  entryPoints:
+    - web
+    - websecure
+  routes:
+    {{- if .Values.localRunTest.enabled }}
+    - kind: Rule
+      match: Host(`{{ .Values.ingress.hostName }}`) && (Path(`/`) || PathPrefix(`/@`,`/src`,`/manifest.json`,`/node_modules`,`/logo`))
+      priority: 1002
+      services:
+        - kind: Service
+          name: {{ $fullName }}
+          namespace: {{ .Release.Namespace }}
+          port: cosmo-dashboard-ui-server
+          scheme: {{ if .Values.insecure -}}http{{- else -}}https{{ end }}
     {{- end }}
-  {{- end }}
+    - kind: Rule
+      match: Host(`{{ .Values.ingress.hostName }}`) && (Path(`/`) || PathPrefix(`/logo`,`/assets/`,`/dashboard.v1alpha1.AuthService/`))
+      priority: 1001
+      services:
+        - kind: Service
+          name: {{ $fullName }}
+          namespace: {{ .Release.Namespace }}
+          port: cosmo-dashboard-server
+          scheme: {{ if .Values.insecure -}}http{{- else -}}https{{ end }}
+    - kind: Rule
+      match: Host(`{{ .Values.ingress.hostName }}`)
+      priority: 1000
+      services:
+        - kind: Service
+          name: {{ $fullName }}
+          namespace: {{ .Release.Namespace }}
+          port: cosmo-dashboard-server
+          scheme: {{ if .Values.insecure -}}http{{- else -}}https{{ end }}
+      middlewares:
+        - name: cosmo-auth
+{{- end }}

charts/cosmo-dashboard/values.yaml

@@ -41,20 +41,9 @@ service:
   port: 8443
 
 ingress:
-  enabled: false
-  className: traefik
-  annotations:
-    {}
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: Prefix
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+  enabled: true
+  annotations: {}
+  hostName: dashboard.local
 
 resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -80,6 +69,22 @@ logTimeEncoding: iso8601
 
 maxMinutes: 180
 
+auth:
+  ldap:
+    enabled: false
+    # url is ldap server url. protocol is supported "ldap://" or "ldaps://"
+    url: "ldap://example.com:389"
+    # sAMAccountname=USERX,dc=example,dc=com
+    # ^^^^^^^^^^^^^^       ^^^^^^^^^^^^^^^^^
+    #   user-attr               baseDn
+    baseDn: "dc=example,dc=com"
+    # usually sAMAccountname or uid or cn
+    userAttr: "sAMAccountname"
+    tls:
+      insecure: false
+      secretName: ""
+      startTls: false
+
 cert:
   secretName: dashboard-server-cert
   enableCertManager: true
@@ -88,4 +93,11 @@ cert:
     name: cosmo-selfsigned-clusterissuer
   dnsName:
 
-insecure: false
+insecure: true
+
+localRunTest:
+  enabled: false
+  dashboardEndpoint:
+    ip: 127.0.0.1
+    uiServerPort: 3000
+    serverPort: 8443

charts/cosmo-traefik/Chart.yaml

@@ -1,11 +1,30 @@
 apiVersion: v2
 name: cosmo-traefik
-description: A Helm chart for Kubernetes
+description: COSMO traefij Helm chart for Kubernetes
 type: application
-version: 0.1.0
-appVersion: "21.2.0"
+version: 0.9.0
+appVersion: "23.0.1"
+kubeVersion: ">= 1.19.0-0"
+home: https://github.com/cosmo-workspace/cosmo
+icon: https://raw.githubusercontent.com/cosmo-workspace/cosmo/main/logo/logo-square-small.png
+sources:
+  - https://github.com/cosmo-workspace/charts
+annotations:
+  artifacthub.io/prerelease: "false"
+maintainers:
+  - name: jlandowner
+    url: https://github.com/jlandowner
+    email: [email protected]
 dependencies:
   - name: traefik
-    version: 21.2.0
+    version: "23.0.1"
     repository: https://traefik.github.io/charts
     condition: traefik.enabled
+keywords:
+  - cosmo
+  - kubernetes
+  - webide
+  - code-server
+  - theia
+  - dev-environment
+  - dev-container