trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: add outpost deployment docs, link in outposts list

This commit is contained in:
Jens Langhammer 2020-09-13 22:20:17 +02:00
parent a8744f443c
commit bb4e39aab6
5 changed files with 128 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/outposts/deploy-docker-compose.md Normal file
View File

@ -0,0 +1,20 @@
# Outpost deployment in docker-compose
To deploy an outpost with docker-compose, use this snippet in your docker-compose file.
You can also run the outpost in a separate docker-compose project, you just have to ensure that the outpost container can reach your application container.
```yaml
version: 3.5
services:
passbook_proxy:
image: beryju/passbook-proxy:0.10.0-stable
ports:
- 4180:4180
- 4443:4443
environment:
PASSBOOK_HOST: https://your-passbook.tld
PASSBOOK_INSECURE: 'true'
PASSBOOK_TOKEN: token-generated-by-passbook
```

99
docs/outposts/deploy-kubernetes.md Normal file
View File

@ -0,0 +1,99 @@
# Outpost deployment on Kubernetes
Use the following manifest, replacing all values surrounded with `__`.
Afterwards, configure the proxy provider to connect to `<service name>.<namespace>.svc.cluster.local`, and update your Ingress to connect to the `passbook-outpost` service.
```yaml
api_version: v1
kind: secret
metadata:
labels:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: passbook.beryju.org
app.kubernetes.io/name: passbook-proxy
app.kubernetes.io/version: 0.10.0
name: passbook-outpost-api
string_data:
passbook_host: '__PASSBOOK_URL__'
passbook_host_insecure: 'true'
token: '__PASSBOOK_TOKEN__'
type: Opaque
---
api_version: apps/v1
kind: deployment
metadata:
labels:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: passbook.beryju.org
app.kubernetes.io/name: passbook-proxy
app.kubernetes.io/version: 0.10.0
name: passbook-outpost
spec:
selector:
match_labels:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: passbook.beryju.org
app.kubernetes.io/name: passbook-proxy
app.kubernetes.io/version: 0.10.0
template:
metadata:
labels:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: passbook.beryju.org
app.kubernetes.io/name: passbook-proxy
app.kubernetes.io/version: 0.10.0
spec:
containers:
- env:
- name: PASSBOOK_HOST
value_from:
secret_key_ref:
key: passbook_host
name: passbook-outpost-api
- name: PASSBOOK_TOKEN
value_from:
secret_key_ref:
key: token
name: passbook-outpost-api
- name: PASSBOOK_INSECURE
value_from:
secret_key_ref:
key: passbook_host_insecure
name: passbook-outpost-api
image: beryju/passbook-proxy:0.10.0
name: proxy
ports:
- containerPort: 4180
name: http
protocol: TCP
- containerPort: 4443
name: http
protocol: TCP
---
api_version: v1
kind: service
metadata:
labels:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: passbook.beryju.org
app.kubernetes.io/name: passbook-proxy
app.kubernetes.io/version: 0.10.0
name: passbook-outpost
spec:
ports:
- name: http
port: 4180
protocol: TCP
targetPort: http
- name: https
port: 4443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: passbook.beryju.org
app.kubernetes.io/name: passbook-proxy
app.kubernetes.io/version: 0.10.0
type: ClusterIP
```

20
docs/outposts/outposts.md
View File

@ -6,21 +6,9 @@ An outpost is a single deployment of a passbook component, which can be deployed
Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to passbook. Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to passbook.
To deploy an outpost, you can for example use this docker-compose snippet: To deploy an outpost, see: <a name="deploy">
```yaml - [Kubernetes](deploy-kubernetes.md)
version: 3.5 - [docker-compose](deploy-docker-compose.md)
services: In future versions, this snippet will be automatically generated. You will also be able to deploy an outpost directly into a kubernetes cluster.
passbook_proxy:
image: beryju/passbook-proxy:0.10.0-stable
ports:
- 4180:4180
- 4443:4443
environment:
PASSBOOK_HOST: https://your-passbook.tld
PASSBOOK_INSECURE: 'true'
PASSBOOK_TOKEN: token-generated-by-passbook
```
In future versions, this snippet will be automatically generated. You will also be able to deploy an outpost directly into a kubernetes cluster.w

5
mkdocs.yml
View File

@ -30,7 +30,10 @@ nav:
- OAuth2: providers/oauth2.md - OAuth2: providers/oauth2.md
- SAML: providers/saml.md - SAML: providers/saml.md
- Proxy: providers/proxy.md - Proxy: providers/proxy.md
- Outposts: outposts/outposts.md - Outposts:
- Overview: outposts/outposts.md
- Deploy on docker-compose: outposts/deploy-docker-compose.md
- Deploy on Kubernetes: outposts/deploy-kubernetes.md
- Expressions: - Expressions:
- Overview: expressions/index.md - Overview: expressions/index.md
- Reference: - Reference:

1
passbook/admin/templates/administration/outpost/list.html
View File

@ -69,6 +69,7 @@
<td> <td>
<a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:outpost-update' pk=outpost.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a> <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:outpost-update' pk=outpost.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
<a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:outpost-delete' pk=outpost.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a> <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:outpost-delete' pk=outpost.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
<a href="https://passbook.beryju.org/outposts/outposts/#deploy">{% trans 'Deploy' %}</a>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}