scottk/wlan-toolsmith
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-toolsmith.git synced 2025-10-30 02:22:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

oAuth2 proxy individual backend

Browse Source
This commit is contained in:
Gleb Boushev
2020-10-06 16:42:59 +03:00
parent 3618dcd612
commit 9bbcd8a42a
14 changed files with 331 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
helmfile/cloud-sdk/charts/standalone-monitoring/Chart.yaml
View File

@@ -3,4 +3,4 @@ name: standalone-monitoring
description: postgres podmonitor template
type: application
version: 0.1.0
appVersion: 0.1.0
appVersion: 0.2.0

3
helmfile/cloud-sdk/charts/standalone-monitoring/templates/grafana.yaml
View File

@@ -4,6 +4,9 @@ kind: Ingress
metadata:
name: prometheus-operator-grafana-oauth
namespace: {{ .Values.monitoring.namespace }}
annotations:
kubernetes.io/ingress.class: nginx-sso
nginx.ingress.kubernetes.io/custom-http-errors: 500,501,502,503
labels:
k8s-app: oauth2-proxy
spec:

3
helmfile/cloud-sdk/charts/standalone-monitoring/templates/kibana.yaml
View File

@@ -4,6 +4,9 @@ kind: Ingress
metadata:
name: kibana-oauth
namespace: {{ .Values.monitoring.namespace }}
annotations:
kubernetes.io/ingress.class: nginx-sso
nginx.ingress.kubernetes.io/custom-http-errors: "500,501,502,503"
labels:
k8s-app: oauth2-proxy
spec:

2
helmfile/cloud-sdk/charts/standalone-monitoring/templates/podmonitor.yaml
View File

@@ -1,4 +1,6 @@
# not needed with the latest postgresql version
# ---
# apiVersion: monitoring.coreos.com/v1
# kind: PodMonitor
# metadata:

3
helmfile/cloud-sdk/charts/standalone-monitoring/templates/prometheus.yaml
View File

@@ -4,6 +4,9 @@ kind: Ingress
metadata:
name: prometheus-operator-prometheus-oauth
namespace: {{ .Values.monitoring.namespace }}
annotations:
kubernetes.io/ingress.class: nginx-sso
nginx.ingress.kubernetes.io/custom-http-errors: "500,501,502,503"
labels:
k8s-app: oauth2-proxy
spec:

98
helmfile/cloud-sdk/helmfile.yaml
View File

@@ -3,8 +3,8 @@ repositories:
url: https://kubernetes-charts.storage.googleapis.com
- name: kiwigrid
url: https://kiwigrid.github.io
- name: tip-cloudsdk
url: https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo
- name: nginx
url: https://kubernetes.github.io/ingress-nginx
environments:
azure:
@@ -94,14 +94,15 @@ releases:
- name: nginx-ingress
condition: ingress.enabled
<<: *default
chart: stable/nginx-ingress
version: 1.41.2
chart: nginx/ingress-nginx
version: 3.4.0
labels:
role: setup
group: system
app: ingress
values:
- controller:
ingressClass: nginx-sso
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Environment.Values.eks.certificateARN }}
@@ -119,6 +120,11 @@ releases:
enabled: true
additionalLabels:
release: prometheus-operator
- defaultBackend:
enabled: true
image:
repository: 4c74356b41/custom-backend
tag: latest
# monitoring
- name: prometheus-operator
@@ -140,6 +146,7 @@ releases:
annotations:
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
kubernetes.io/ingress.class: nginx-sso
hosts:
- prometheus.{{ .Environment.Values.domain }}
- grafana:
@@ -159,6 +166,7 @@ releases:
annotations:
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
kubernetes.io/ingress.class: nginx-sso
hosts:
- grafana.{{ .Environment.Values.domain }}
dashboardProviders:
@@ -281,86 +289,6 @@ releases:
annotations:
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
kubernetes.io/ingress.class: nginx-sso
hosts:
- kibana.{{ .Environment.Values.domain }}
# cloud sdk
- name: tip
namespace: tip
chart: tip-wlan
# chart: tip-cloudsdk/tip-wlan
labels:
app: cloudsdk
role: payload
values:
- tip-wlan/resources/environments/dev.yaml
- wlan-cloud-graphql-gw:
enabled: true
env:
portalsvc: graphql.{{ .Environment.Values.domain }}
ingress:
hosts:
- host: graphql.{{ .Environment.Values.domain }}
paths:
- "/"
- wlan-cloud-static-portal:
enabled: true
ingress:
hosts:
- host: portal.{{ .Environment.Values.domain }}
paths:
- "/"
- opensync-gw-static:
enabled: true
- wlan-ssc-service:
enabled: true
- wlan-portal-service:
enabled: true
- wlan-prov-service:
enabled: false
- nginx-ingress-controller:
enabled: false
- opensync-mqtt-broker:
enabled: true
persistence:
storageClass: {{ .Environment.Values.storageClass }}
- zookeeper:
persistence:
storageClass: {{ .Environment.Values.storageClass }}
- kafka:
replicas: 1
persistence:
storageClass: {{ .Environment.Values.storageClass }}
prometheus:
jmx:
enabled: true
operator:
enabled: true
serviceMonitor:
namespace: tip
selector:
release: prometheus-operator
zookeeper:
enabled: false
url: tip-zookeeper
- cassandra:
persistence:
storageClass: {{ .Environment.Values.storageClass }}
exporter:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
release: prometheus-operator
- postgresql:
enabled: true
postgresqlDatabase: tip
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: {{ .Environment.Values.monitoring.namespace }}
additionalLabels:
release: prometheus-operator
persistence:
storageClass: {{ .Environment.Values.storageClass }}

BIN
helmfile/custom-nginx-ingress-errors/404-screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

3
helmfile/custom-nginx-ingress-errors/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM quay.io/kubernetes-ingress-controller/custom-error-pages-amd64:0.4
COPY www /www

31
helmfile/custom-nginx-ingress-errors/README.md Normal file
View File

@@ -0,0 +1,31 @@
# IMPORTANT
clone of: https://github.com/kenmoini/custom-nginx-ingress-errors with slight modifications
used dockerfile was built manually
# custom-nginx-ingress-errors
Assets to build a container to provide a custom default backend to the nginx-ingress Kubernetes Ingress controller
![404 Screenshot](https://github.com/kenmoini/custom-nginx-ingress-errors/raw/master/404-screenshot.png)
## Editing Error Pages
The container has a set of error HTML and JSON files that are returned based on the error code. These files are stored in the `www/` directory and are copied to the `/www/` directory in the container.
1. Fork this repo, modify the error pages as you see fit.
2. Connect to Docker Hub/Quay.io to build an image you have access to.
3. Modify the `k8s-deployment.yaml` file to point to your custom built image.
## Deploying a custom default-backend for Nginx Ingress
***Note:*** This is for the Kubernetes Nginx Ingress, not the one made by Nginx.
If you haven't deployed it yet, here ya go: https://kubernetes.github.io/ingress-nginx/deploy/
These instructions assume that you deployed this in the default `ingress-nginx` namespace.
1. Modify the `k8s-deployment.yaml` file to point to your custom built image, or use it as is for some snazzy error pages
2. Deploy to the Kubernetes cluster: `kubectl apply -f k8s-deployment.yaml`
3. Modify the `ingress-nginx/ingress-nginx-controller` Deployment and set the value of the `--default-backend-service` flag to the name of the newly created error backend, which should be `ingress-nginx/nginx-errors` by default.
4. Edit the `ingress-nginx/nginx-configuration` ConfigMap and add the key:value pair of `"custom-http-errors": "404,500,503"`
5. ??????
6. PROFIT!!!!1

48
helmfile/custom-nginx-ingress-errors/k8s-deployment.yaml Normal file
View File

@@ -0,0 +1,48 @@
---
apiVersion: v1
kind: Service
metadata:
name: nginx-errors
namespace: ingress-nginx
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
ports:
- port: 80
targetPort: 8080
name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-errors
namespace: ingress-nginx
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
containers:
- name: nginx-error-server
image: kenmoini/custom-nginx-ingress-errors:latest
ports:
- containerPort: 8080
# Setting the environment variable DEBUG we can see the headers sent
# by the ingress controller to the backend in the client response.
# env:
# - name: DEBUG
# value: "true"

34
helmfile/custom-nginx-ingress-errors/www/404.html Normal file
View File

@@ -0,0 +1,34 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Error 404</title>
<link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
<style type="text/css" rel="stylesheet">
*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}
</style>
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div id="notfound">
<div class="notfound">
<div class="notfound-404">
<h1>404</h1>
<h2>Page not found</h2>
</div>
</div>
</div>
<!-- Could insert Google Analytics if you like, or don't -->
</html>

156
helmfile/custom-nginx-ingress-errors/www/500.html Normal file
View File

@@ -0,0 +1,156 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Error 500</title>
<link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
<style type="text/css" rel="stylesheet">
* {
-webkit-box-sizing: border-box;
box-sizing: border-box
}
body {
padding: 0;
margin: 0
}
#notfound {
position: relative;
height: 100vh;
background: #030005
}
#notfound .notfound {
position: absolute;
left: 50%;
top: 50%;
-webkit-transform: translate(-50%, -50%);
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%)
}
.notfound {
max-width: 767px;
width: 100%;
line-height: 1.4;
text-align: center
}
.notfound .notfound-404 {
position: relative;
height: 180px;
margin-bottom: 20px;
z-index: -1
}
.notfound .notfound-404 h1 {
font-family: montserrat, sans-serif;
position: absolute;
left: 50%;
top: 50%;
-webkit-transform: translate(-50%, -50%);
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%);
font-size: 224px;
font-weight: 900;
margin-top: 0;
margin-bottom: 0;
margin-left: -12px;
color: #030005;
text-transform: uppercase;
text-shadow: -1px -1px 0 #8400ff, 1px 1px 0 #ff005a;
letter-spacing: -20px
}
.notfound .notfound-404 h2 {
font-family: montserrat, sans-serif;
position: absolute;
left: 0;
right: 0;
top: 110px;
font-size: 42px;
font-weight: 700;
color: #fff;
text-transform: uppercase;
text-shadow: 0 2px 0 #8400ff;
letter-spacing: 13px;
margin: 0
}
.notfound .notfound-404 h3 {
font-family: montserrat, sans-serif;
position: absolute;
left: 0;
right: 0;
top: 250px;
font-size: 14px;
font-weight: 700;
color: #fff;
text-transform: uppercase;
text-shadow: 0 2px 0 #8400ff;
letter-spacing: 13px;
margin: 0
}
.notfound a {
font-family: montserrat, sans-serif;
display: inline-block;
text-transform: uppercase;
color: #ff005a;
text-decoration: none;
border: 2px solid;
background: 0 0;
padding: 10px 40px;
font-size: 14px;
font-weight: 700;
-webkit-transition: .2s all;
transition: .2s all
}
.notfound a:hover {
color: #8400ff
}
@media only screen and (max-width:767px) {
.notfound .notfound-404 h2 {
font-size: 14px
}
}
@media only screen and (max-width:767px) {
.notfound .notfound-404 h2 {
font-size: 24px
}
}
@media only screen and (max-width:480px) {
.notfound .notfound-404 h1 {
font-size: 182px
}
}
</style>
</head>
<body>
<div id="notfound">
<div class="notfound">
<div class="notfound-404">
<h1>500</h1>
<h2>Internal Server Error</h2>
<h3>Most likely your email isnt verified, please verify your email and try
again</h3>
</div>
</div>
</div>
<!-- Could insert Google Analytics if you like, or don't -->
</html>

33
helmfile/custom-nginx-ingress-errors/www/503.html Normal file
View File

@@ -0,0 +1,33 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Error 503</title>
<link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
<style type="text/css" rel="stylesheet">
*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}
</style>
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div id="notfound">
<div class="notfound">
<div class="notfound-404">
<h1>503</h1>
<h2>Service Unavailable</h2>
</div>
</div>
</div>
<!-- Could insert Google Analytics if you like, or don't -->
</html>

1
helmfile/custom-nginx-ingress-errors/www/css/style.css Normal file
View File

@@ -0,0 +1 @@
*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}