From e7c9696fd7874003581e0c35774f82217349b048 Mon Sep 17 00:00:00 2001 From: ricoberger Date: Sun, 10 Oct 2021 15:12:29 +0200 Subject: [PATCH] Add auth settings to Helm chart It is now possible to set the settings for authentication and authorization in the Helm chart. --- CHANGELOG.md | 1 + deploy/helm/kobs/Chart.yaml | 2 +- deploy/helm/kobs/templates/deployment.yaml | 4 ++++ deploy/helm/kobs/values.yaml | 5 +++++ docs/installation/helm.md | 4 ++++ 5 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7014f512..c97e4b84b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ NOTE: As semantic versioning states all 0.y.z releases can contain breaking chan - [#162](https://github.com/kobsio/kobs/pull/162): Add support to visualize logs in the ClickHouse plugin. - [#170](https://github.com/kobsio/kobs/pull/170): Add Custom Resource Definition for Users. - [#171](https://github.com/kobsio/kobs/pull/171): :warning: _Breaking change:_ :warning: Add authentication and authorization mechanism for plugins and resources. These settings are configured via the `--api.auth.` flags. Permissions are always granted on a team level. A users gets all permissions of the team where he is a member of. +- [#172](https://github.com/kobsio/kobs/pull/172): Add authentication and authorization settings to Helm chart. ### Fixed diff --git a/deploy/helm/kobs/Chart.yaml b/deploy/helm/kobs/Chart.yaml index 746544993..0ac91a19b 100644 --- a/deploy/helm/kobs/Chart.yaml +++ b/deploy/helm/kobs/Chart.yaml @@ -4,5 +4,5 @@ description: Kubernetes Observability Platform type: application home: https://kobs.io icon: https://kobs.io/assets/images/logo.svg -version: 0.7.1 +version: 0.7.2 appVersion: v0.5.0 diff --git a/deploy/helm/kobs/templates/deployment.yaml b/deploy/helm/kobs/templates/deployment.yaml index 401f6b6b3..15461dd87 100644 --- a/deploy/helm/kobs/templates/deployment.yaml +++ b/deploy/helm/kobs/templates/deployment.yaml @@ -32,6 +32,10 @@ spec: image: "{{ .Values.kobs.image.repository }}:{{ .Values.kobs.image.tag }}" imagePullPolicy: {{ .Values.kobs.image.pullPolicy }} args: + - --api.auth.default-team={{ .Values.kobs.settings.auth.defaultTeam }} + - --api.auth.enabled={{ .Values.kobs.settings.auth.enabled }} + - --api.auth.header={{ .Values.kobs.settings.auth.header }} + - --api.auth.interval={{ .Values.kobs.settings.auth.interval }} - --clusters.cache-duration.namespaces={{ .Values.kobs.settings.clustersCacheDurationNamespaces }} - --log.format={{ .Values.kobs.settings.logFormat }} - --log.level={{ .Values.kobs.settings.logLevel }} diff --git a/deploy/helm/kobs/values.yaml b/deploy/helm/kobs/values.yaml index 18f447132..97ac59e30 100644 --- a/deploy/helm/kobs/values.yaml +++ b/deploy/helm/kobs/values.yaml @@ -83,6 +83,11 @@ kobs: ## Specify some settings like log level, log format, etc. for kobs. ## settings: + auth: + enabled: false + defaultTeam: "" + header: X-Auth-Request-Email + interval: 1h0m0s clustersCacheDurationNamespaces: 5m logFormat: plain logLevel: info diff --git a/docs/installation/helm.md b/docs/installation/helm.md index 9be50a3e5..57a521cb7 100644 --- a/docs/installation/helm.md +++ b/docs/installation/helm.md @@ -64,6 +64,10 @@ helm upgrade kobs kobs/kobs | `kobs.securityContext` | Specify security settings for the kobs Container. They override settings made at the Pod level via the `podSecurityContext` when there is overlap. | `{}` | | `kobs.resources` | Set cpu and memory requests and limits for the kobs container. | `{}` | | `kobs.env` | Set additional environment variables for the kobs container. | `[]` | +| `kobs.settings.auth.enabled` | Enable the authentication and authorization middleware. | `false` | +| `kobs.settings.auth.defaultTeam` | The name of the team, which should be used for a users permissions when a user hasn't any teams. The team is specified in the following format: `cluster,namespace,name`. | `""` | +| `kobs.settings.auth.header` | The header, which contains the details about the authenticated user. | `X-Auth-Request-Email` | +| `kobs.settings.auth.interval` | The interval to refresh the internal users list and there permissions. | `1h0m0s` | | `kobs.settings.clustersCacheDurationNamespaces` | The duration for how long the list of namespaces for each cluster should be cached. | `5m` | | `kobs.settings.logFormat` | Set the output format of the logs. Must be `plain` or `json`. | `plain` | | `kobs.settings.logLevel` | Set the log level. Must be `trace`, `debug`, `info`, `warn`, `error`, `fatal` or `panic`. | `info` |