From fb43f6a239a6b2874e0ea9548440c7f5bdb898e7 Mon Sep 17 00:00:00 2001 From: seemywings Date: Mon, 16 Dec 2024 12:19:47 -0500 Subject: [PATCH 1/3] grafana tls secret name --- catalogs/devops/grafana/grafana.yaml.liquid | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/catalogs/devops/grafana/grafana.yaml.liquid b/catalogs/devops/grafana/grafana.yaml.liquid index c3f73196..192e3d08 100644 --- a/catalogs/devops/grafana/grafana.yaml.liquid +++ b/catalogs/devops/grafana/grafana.yaml.liquid @@ -10,7 +10,7 @@ ingress: tls: - hosts: - {{ context.hostname }} - secretName: monitoring-tls + secretName: grafana-{{ context.cluster }}-tls persistence: enabled: true From 321e1754ada7067982bd87e5b437be76942c7da6 Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Tue, 17 Dec 2024 10:24:28 +0100 Subject: [PATCH 2/3] fix stack ref --- catalogs/data/dagster/dagster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/catalogs/data/dagster/dagster.yaml b/catalogs/data/dagster/dagster.yaml index ae5cf5a6..2359a58b 100644 --- a/catalogs/data/dagster/dagster.yaml +++ b/catalogs/data/dagster/dagster.yaml @@ -44,7 +44,7 @@ spec: imports: - stackRef: name: dagster-{{ context.cluster }} - namespace: infra + namespace: apps configuration: cluster: {{ context.cluster }} hostname: {{ context.hostname }} From bd3ca6dd0defe4cef76fb968d53a9e705adab279 Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Tue, 17 Dec 2024 12:16:34 +0100 Subject: [PATCH 3/3] update dagster --- .../helm/oauth-proxy-config.yaml.liquid | 28 +++++++++++++++++ catalogs/data/dagster/oauth-proxy-config.yaml | 31 +++++++++++++++++++ setup/catalogs/data/dagster.yaml | 3 ++ 3 files changed, 62 insertions(+) create mode 100644 catalogs/data/dagster/helm/oauth-proxy-config.yaml.liquid create mode 100644 catalogs/data/dagster/oauth-proxy-config.yaml diff --git a/catalogs/data/dagster/helm/oauth-proxy-config.yaml.liquid b/catalogs/data/dagster/helm/oauth-proxy-config.yaml.liquid new file mode 100644 index 00000000..0722c60a --- /dev/null +++ b/catalogs/data/dagster/helm/oauth-proxy-config.yaml.liquid @@ -0,0 +1,28 @@ +{% raw %} +{% assign imports_dagster_key = 'dagster-' | append: configuration.cluster %} + +service: + name: dagster-oauth2-proxy + selector: + app.kubernetes.io/instance: dagster + app.kubernetes.io/name: webapp + +secret: + clientID: {{ imports[imports_dagster_key].oidc_client_id }} + clientSecret: {{ imports[imports_dagster_key].oidc_client_secret }} + cookieSecret: {{ imports[imports_dagster_key].oidc_cookie_secret }} + issuer: https://oidc.plural.sh/ + upstream: http://localhost:8080 + name: dagster-proxy-config + env: + OAUTH2_PROXY_UPSTREAM_TIMEOUT: '120s' + +{% if configuration["basicAuth"] %} +{% assign basicAuth = configuration["basicAuth"] | from_json %} +users: +{% for user in basicAuth %} + {{ user[0] }}: {{ user[1] }} +{% endfor %} +{% endif %} + +{% endraw %} diff --git a/catalogs/data/dagster/oauth-proxy-config.yaml b/catalogs/data/dagster/oauth-proxy-config.yaml new file mode 100644 index 00000000..be247072 --- /dev/null +++ b/catalogs/data/dagster/oauth-proxy-config.yaml @@ -0,0 +1,31 @@ +apiVersion: deployments.plural.sh/v1alpha1 +kind: ServiceDeployment +metadata: + name: dagster-oauth-proxy-config-{{ context.cluster }} + namespace: apps +spec: + namespace: dagster + git: + folder: helm/dagster/{{ context.cluster }} + ref: main + repositoryRef: + kind: GitRepository + name: infra + namespace: infra + helm: + version: "x.x.x" + chart: oidc-config + url: https://pluralsh.github.io/module-library + valuesFiles: + - oauth-proxy-config.yaml.liquid + imports: + - stackRef: + name: dagster-{{ context.cluster }} + namespace: apps + configuration: + cluster: {{ context.cluster }} + hostname: {{ context.hostname }} + clusterRef: + kind: Cluster + name: {{ context.cluster }} + namespace: infra diff --git a/setup/catalogs/data/dagster.yaml b/setup/catalogs/data/dagster.yaml index a3931c89..e09a6aea 100644 --- a/setup/catalogs/data/dagster.yaml +++ b/setup/catalogs/data/dagster.yaml @@ -23,6 +23,9 @@ spec: - source: "terraform/{{ context.cloud }}" destination: "terraform/apps/dagster/{{ context.cluster }}" external: true + - source: oauth-proxy-config.yaml + destination: "bootstrap/apps/dagster/{{ context.cluster }}/oauth-proxy-config.yaml" + external: true repositoryRef: name: scaffolds catalogRef: