Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

salt,dex: Allow to disable Dex deployment and configure another IDP #3688

Merged
merged 6 commits into from
Mar 2, 2022
Merged

salt,dex: Allow to disable Dex deployment and configure another IDP #3688

merged 6 commits into from
Mar 2, 2022

Conversation

alexandre-allard
Copy link
Contributor

@alexandre-allard alexandre-allard commented Feb 4, 2022
edited
Loading

Component: salt, dex

Context:
We want to be able to not deploy Dex and rather rely on an external IDP.

Summary:

To disable Dex deployment at installation,
you must add the following to the boostrap config:

addons:
  dex:
    enabled: false

Acceptance criteria:
We can use another IDP than Dex (e.g. Keycloak) and everything work fine.

@alexandre-allard alexandre-allard requested a review from a team as a code owner February 4, 2022 10:33
@bert-e
Copy link
Contributor

bert-e commented Feb 4, 2022

Hello alexandre-allard-scality,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Status report is not available.

@bert-e
Copy link
Contributor

bert-e commented Feb 4, 2022

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

@alexandre-allard alexandre-allard force-pushed the improvement/no-idp branch 7 times, most recently from b268f49 to c247195 Compare February 10, 2022 16:43
@alexandre-allard alexandre-allard changed the title salt,dex: Allow to disable Dex deployment salt,dex: Allow to disable Dex deployment and configure another IDP Feb 10, 2022
@alexandre-allard alexandre-allard force-pushed the improvement/no-idp branch 3 times, most recently from b8e09cc to abe027e Compare February 11, 2022 15:51
TeddyAndrieux
TeddyAndrieux reviewed Feb 15, 2022
View reviewed changes
Copy link
Collaborator

@TeddyAndrieux TeddyAndrieux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM but I think we will need to add some E2E tests maybe just a really simple one for the moment
Like just a simple install with no OIDC for the moment, we put it in post-merge so that we can enrich it in the future with a real scenario (deploy with no OIDC, then set up another OIDC then re-configure the product to use this new OIDC)

salt/metalk8s/addons/dex/deployed/init.sls Show resolved Hide resolved
salt/metalk8s/addons/ui/deployed/init.sls Outdated Show resolved Hide resolved
salt/metalk8s/addons/prometheus-operator/deployed/grafana-ini-configmap.sls Show resolved Hide resolved
salt/tests/unit/formulas/data/base_pillar.yaml Outdated Show resolved Hide resolved
buildchain/buildchain/salt_tree.py Outdated Show resolved Hide resolved
@alexandre-allard alexandre-allard force-pushed the improvement/no-idp branch 4 times, most recently from 74b237a to 121b4a1 Compare February 17, 2022 16:55
@TeddyAndrieux TeddyAndrieux marked this pull request as draft February 24, 2022 17:46
@TeddyAndrieux TeddyAndrieux force-pushed the improvement/no-idp branch 6 times, most recently from cc1aaef to cfbd463 Compare February 25, 2022 17:29
@TeddyAndrieux TeddyAndrieux marked this pull request as ready for review February 25, 2022 17:44
gdemonet
gdemonet reviewed Mar 1, 2022
View reviewed changes
salt/metalk8s/addons/prometheus-operator/config/grafana.yaml.j2 Show resolved Hide resolved
docs/installation/bootstrap.rst Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
alexandre-allard and others added 6 commits March 1, 2022 15:39
@alexandre-allard @TeddyAndrieux
salt,dex: Allow to disable Dex deployment
de5ce61 
To disable Dex deployment at installation,
you must add the following to the boostrap config:

```
addons:
  dex:
    enabled: false
```
@alexandre-allard @TeddyAndrieux
salt: Dynamic rendering of Grafana INI config
5c1db24 
Extract Grafana INI configuration and put it
in a CSC ConfigMap to allow dynamic configuration.

Re-render the chart with the following command:
```
./charts/render.py prometheus-operator \
  charts/kube-prometheus-stack.yaml \
  charts/kube-prometheus-stack/ \
  --namespace metalk8s-monitoring \
  --service-config grafana \
  metalk8s-grafana-config \
  metalk8s/addons/prometheus-operator/config/grafana.yaml.j2 \
  metalk8s-monitoring \
  --service-config prometheus \
  metalk8s-prometheus-config \
  metalk8s/addons/prometheus-operator/config/prometheus.yaml \
  metalk8s-monitoring \
  --service-config alertmanager \
  metalk8s-alertmanager-config \
  metalk8s/addons/prometheus-operator/config/alertmanager.yaml \
  metalk8s-monitoring \
  --drop-prometheus-rules charts/drop-prometheus-rules.yaml \
  --patch 'PrometheusRule,metalk8s-monitoring,prometheus-operator-kubernetes-system-kubelet,spec:groups:0:rules:1:for,"5m"' \
  --remove-manifest ConfigMap prometheus-operator-grafana \
  > salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
```
@alexandre-allard @TeddyAndrieux
salt: Allow to configure OIDC for api-server
0432a9a
@TeddyAndrieux
tests: Add "authentication" tag on test that rely on Dex
2618dcc 
Since we can deploy MetalK8s without Dex we need to be able to
skip test that rely on Dex
@TeddyAndrieux
eve: Add post-merge e2e test for install without IDP
7cb7b7f 
We add a new stage in post-merge to test installation without Dex, note
that this stage would likely be updated in the future in order to deploy
another IDP and use this new IDP for Grafana and MetalK8s UI
@TeddyAndrieux
changelog: Add entry for installation without Dex
48d3734
TeddyAndrieux
TeddyAndrieux approved these changes Mar 1, 2022
View reviewed changes
Copy link
Collaborator

@TeddyAndrieux TeddyAndrieux left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/bypass_author_approval (it does not work in review comment apparently)

@TeddyAndrieux
Copy link
Collaborator

/bypass_author_approval

@bert-e
Copy link
Contributor

bert-e commented Mar 1, 2022

Build failed

The build for commit did not succeed in branch improvement/no-idp.

The following options are set: bypass_author_approval

@bert-e
Copy link
Contributor

bert-e commented Mar 2, 2022

In the queue

The changeset has received all authorizations and has been added to the
relevant queue(s). The queue(s) will be merged in the target development
branch(es) as soon as builds have passed.

The changeset will be merged in:

  • ✔️ development/123.0

The following branches will NOT be impacted:

  • development/2.0
  • development/2.1
  • development/2.10
  • development/2.11
  • development/2.2
  • development/2.3
  • development/2.4
  • development/2.5
  • development/2.6
  • development/2.7
  • development/2.8
  • development/2.9

There is no action required on your side. You will be notified here once
the changeset has been merged. In the unlikely event that the changeset
fails permanently on the queue, a member of the admin team will
contact you to help resolve the matter.

IMPORTANT

Please do not attempt to modify this pull request.

  • Any commit you add on the source branch will trigger a new cycle after the
    current queue is merged.
  • Any commit you add on one of the integration branches will be lost.

If you need this pull request to be removed from the queue, please contact a
member of the admin team now.

The following options are set: bypass_author_approval

@bert-e
Copy link
Contributor

bert-e commented Mar 2, 2022

I have successfully merged the changeset of this pull request
into targetted development branches:

  • ✔️ development/123.0

The following branches have NOT changed:

  • development/2.0
  • development/2.1
  • development/2.10
  • development/2.11
  • development/2.2
  • development/2.3
  • development/2.4
  • development/2.5
  • development/2.6
  • development/2.7
  • development/2.8
  • development/2.9

Please check the status of the associated issue None.

Goodbye alexandre-allard.

@bert-e bert-e merged commit 9804282 into development/123.0 Mar 2, 2022
@bert-e bert-e deleted the improvement/no-idp branch March 2, 2022 11:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gdemonet gdemonet gdemonet approved these changes

@TeddyAndrieux TeddyAndrieux TeddyAndrieux approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alexandre-allard @bert-e @TeddyAndrieux @gdemonet