Skip to content

(core) oauth infra for staff dashboard #780

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 17 commits into
base: gql
Choose a base branch
from
Open

(core) oauth infra for staff dashboard #780

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
c4b9591
feat: inital configs for staff dashboard oauth
adit-bala Feb 16, 2025
4db1151
fix: modularities
adit-bala Feb 16, 2025
8c0dedb
chore: same tls since staff dashboard is subdomain
adit-bala Feb 16, 2025
16d1a64
fix: restore annotation for berkeleytime ingress
adit-bala Feb 21, 2025
4cf3b40
fix: rm dependency
adit-bala Feb 21, 2025
00e8312
fix: add back dependency
adit-bala Feb 22, 2025
320ddfc
chore: update app chart version
adit-bala Feb 23, 2025
0405890
chore: update version for base chart
adit-bala Feb 23, 2025
8205720
chore: fix helm keys
adit-bala Feb 23, 2025
1500dad
fix: helm dash hack
adit-bala Feb 23, 2025
601a0b1
fix: revert version
adit-bala Feb 23, 2025
218156a
Merge branch 'gql' into origin/feat/staff-dashboard-oauth-infra
adit-bala Feb 23, 2025
9570727
chore: fix `host` name
adit-bala Feb 23, 2025
9af5378
chore: fix githubteam
adit-bala Feb 23, 2025
a067878
feat: `/helm-diff` command
adit-bala Feb 23, 2025
6f7c691
Revert "feat: `/helm-diff` command"
adit-bala Feb 23, 2025
832c283
Merge branch 'gql' into origin/feat/staff-dashboard-oauth-infra
adit-bala Feb 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion infra/app/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
version: 1.0.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
33 changes: 33 additions & 0 deletions infra/app/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,36 @@
# staff.berkeleytime.com ingress with oauth2 proxy
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}-staff-ingress
labels:
{{- include "bt-app.labels" . | nindent 4 }}
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: {{ .Values.issuerName }}
nginx.ingress.kubernetes.io/auth-url: "https://staff.{{ .Values.host }}/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://staff.{{ .Values.host }}/oauth2/start?rd=$escaped_request_uri"
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization"
spec:
ingressClassName: nginx
tls:
- hosts:
- staff.{{ .Values.host }}
secretName: bt-tls
rules:
- host: staff.{{ .Values.host }}
http:
paths:
- path: {{ .Values.frontend.path }}
pathType: Prefix
backend:
service:
name: {{ include "bt-app.frontendName" . }}-svc
port:
number: {{ .Values.port }}

---
# berkeleytime.com ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
Expand Down
4 changes: 4 additions & 0 deletions infra/base/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,7 @@ version: 0.1.0
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "2.0.0-alpha"
dependencies:
- name: "oauth2-proxy"
version: "7.11.0"
repository: "https://oauth2-proxy.github.io/manifests"
10 changes: 10 additions & 0 deletions infra/base/templates/github-oauth-sealed-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: '{{ index .Values "oauth2-proxy" "config" "existingSecret" }}'
spec:
encryptedData:
client-id: AgBhDLHp/kE6BWH+e8hC+YffEHgquzGtXzOtlRIuGjk00nHrWOblfyIJAMUpt67sSOgglTmER83MBp3o8KZinV8sHWigPcmnbnUA7jSaNnbSAG8a9HudVOEBH4WrMdsEIHuQvoN0Bj0OE4X3xc3tB7eWGW+LgISuT6NBiZu+aCTDOHR5oKkLS1rfkkFVooNXVxKq/lDugAVayIJtk918syrTGskfcovnVXYQvY88HGK8qmmeZJSORqq0l5Usc+P2ExC7kfn6UusZQzVrv7X+tWVas9i0IcsfMLboVu/Xk7edeSCDORwWIdBeisTRumQFGiqaNZuBKBA9PQR0JVtMz/a386WCxmOpI8tulEPOJF8D0IqKuIaGDxf142cWAd+N4pGoFzZ8za8lPLAqZvMUyXX67MgyprKjbFJ8rq76ZoPTkRAsW/bLUzJ86nznc7yXL4/eF8cC/cgY6x7HYA80Tb9MTCLcxusEQNHJOtf0fjOQTB7dgqSbIOUaJjf+vOmqDoDlwUAcZJZlARn9NhihwMNcfvE+wt73nJePO67iiTgj4Rt9FJusHWN/TzHGg+FtA6IOscefBGwN05aH9bhoE7jnI7HwhsX9ENnsnK9UdBSjLLCADFaogVyN9PevOiCEgehDhbcYlg2USP2T75GXhEFJxxWxIM7o0Jw+p8zKB/T+wVQ6/slbfpFBPwdL+GHnjFCl1qTUJu65W7wBF1m5Psg42kdhpg==
client-secret: AgBMW2CPrJWMUO2aH8CzqkQqaMrXnFsokjYAhHf3ieMvnSLoGjt1vxpekHjGIxHN/VKRLJP5vfk4u7zPFJUPBgPa4+aMdqCqrWo3Zmxi1wRMz5F3N0HwCCi+FT7K1nUev0X3dQNTCNoZbdB+ggJFwaC0CmfqXFNFob62mYcvR4l5EFwH9Ol0oqF5u6jAuB5hZ0KozA1seeEmIxuvNZeq5PC/AEYDtQNLam01uF/GWFi4yza7xULt3WfzPFRdGaUS2G6S1/yYOSs7V0qxxjMCzkUQorm4RgppbMLIE1sBkA6ZfSQ+vTFD4AFm3DnQ36KM1qQxqtD62NKDrjHMtmOMO3/LHkkm/KmcoY2HpVEvV60pm6nXRaGWR0Z/XLJFrdXg4ovhxNw3irsaXRkmCjBEy82GBfJ5irwGcx3Q4uZu8pKYTNUp+Ks7MTa4Y+p6IS6xYahff4czbwcJpJaGD8KoBOh88QVP69lsSnfLHbrhVs6J3dmh8rdPoCr7C7pOUNS3yPc50WAy4K3uV3r2CyAnOhB0riEwmzGEEu3/eicYzUshMzofWhJc5DiybAoQDrynUm5rhbk3IakK6bIjGFN5fBYXw4Zs8ldH5RB5Wj9ePtLtOCnT8KOvUZzXc533iMoQidHex8Q29nZCckrRXkUc1kgOFSE57RyCnbG08z+vQZleBH0RdsCPACcWGEAPUxcKnTW4QD0EOAL/PNAIVLdSwQjAy3ThrfINFALzkug87ZxNyhXY3l1gNLu9
cookie-secret: AgAsLPL8n2m06jbupXxX8Jj0uPusQwG7W366hqj8G4k7vO3JfbHQXPxju9PZzWIN+5TSlUAK3HVuS1LE6dPjsawS2wQXDzjGWiADNlud4BrQajc8X4DfMBciAASv0W8ExGSgUI0VtdCGzs5IFtikDhsRvu6T5z1aC+6n97Uik5gA+1cNOoCEyJjvy/Gc4VhAgTp9Yz0GyfruU90P5YDNLjZOXZGG1AkmhzOTQhX4q1qRxn3vl84EQJrUzgR93MvzaQ6qZg4rbIc3DRNsTlxwcmf1LnbHFiet1zxojKnzBxULMuPLftMx61wlr+Xq18CKDZPq9uAQ2Rm0yKpWGKFd9jCrErIvZ1p2xlTT86P7InJu798rGkcRxsrXlNOMuNXI3pnQJKQeV2jXmUlo0JjlmBWPuCn7iUKI12mqh7vwSkuQ+k3HLccJLaSQt9VJQ46WLtTFFowxii0kGxdl20U+dsm/EA8P1axtkwSdpTE0xqHDRSkxHjDWiL7oxPf2aFbJjTGfa3nj9B8Pi0y2MmRM5AiU6KTuv4RlwHBjdWQ4p+a2Qzk3ttNVgFcRiMsGdLJrdoP2vlT6Tr/JUnl12BAzweYQPBM0/Q8Tn34sPpThUD/st6hFuA8YcrEDNdQzpWwT9O3KmRzaDHTfJqpX5/ZCBvRgZ2S2PbmldXqK2lxzNtCBcBVC85V8og2AJTx0I0qfZ2NH/JAE3ykkgQsW3O0giWz7BzkUo8Ev8FmMVoGuw8kMu2gTM9NnZNTOHnQHZf7sAPzPQcEGv+LHjVLZjfs1UV6z
17 changes: 17 additions & 0 deletions infra/base/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,20 @@ acme:
server: https://acme-v02.api.letsencrypt.org/directory
cfApiTokenSecretName: cloudflare-api-token-stanfurdtime-secret
ipAddressRange: 169.229.226.51-169.229.226.51

oauth2-proxy:
config:
existingSecret: bt-github-oauth-secret
clientID: client-id
clientSecret: client-secret
cookieSecret: cookie-secret
provider: "github"
githubOrg: "asuc-octo"
githubTeam: "Berkeleytime"
emailDomains: ["*"]
upstreamTimeout: "30s"
cookie:
name: "_oauth2_proxy"
secure: true
httpOnly: true
expire: "4h"
7 changes: 6 additions & 1 deletion infra/init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ helm repo add bitnami-labs https://bitnami-labs.github.io/sealed-secrets/
helm repo add cert-manager https://charts.jetstack.io
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add metallb https://metallb.github.io/metallb
helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests

# ===================
# BASE INFRASTRUCTURE
Expand All @@ -16,13 +17,17 @@ helm repo add metallb https://metallb.github.io/metallb
helm install bt-sealed-secrets bitnami-labs/sealed-secrets --version 2.17.0 --namespace=bt --create-namespace
helm install bt-metallb metallb/metallb --version 0.14.9 --namespace=bt
helm install bt-cert-manager cert-manager/cert-manager --set crds.enabled=true --version 1.16.2 --namespace=bt
helm install bt-ingress-nginx ingress-nginx/ingress-nginx --version 4.12.0 --namespace=bt

helm package ./infra/base --version 1.0.0 --dependency-update
helm push ./bt-base-1.0.0.tgz oci://registry-1.docker.io/octoberkeleytime
helm install bt-base oci://registry-1.docker.io/octoberkeleytime/bt-base --namespace=bt \
--version=1.0.0

# Install OAuth2 Proxy with values from base chart
helm install bt-oauth2-proxy oauth2-proxy/oauth2-proxy \
--namespace=bt \
--values ./infra/base/values.yaml

# ==========
# BUILD CHARTS AND PUSH TO REGISTRY
# ==========
Expand Down