Update v3 master with v2

.gitignore

@@ -90,6 +90,7 @@ e2e-reports/
 src/jetstream/jetstream
 src/jetstream/console-database.db
 src/jetstream/config.properties
+src/jetstream/db/dbconf.yml
 
 # Customisations
 

build/tools/mysqldb-dev.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+echo "Starting MariaDB database for development"
+
+STRATOS_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && cd ../.. && pwd)"
+echo $STRATOS_PATH
+
+docker stop stratos-db
+docker rm stratos-db
+
+ID=$(docker run --name stratos-db -d -e MYSQL_ROOT_PASSWORD=dbroot -p 3306:3306 splatform/stratos-mariadb)
+echo $ID
+
+rm -f dbsetup.sql init.sh
+cat <<EOF > dbsetup.sql
+CREATE DATABASE stratosdb;
+CREATE USER stratos IDENTIFIED BY 'strat0s';
+GRANT ALL PRIVILEGES ON stratosdb.* to 'stratos'@'%';
+EOF
+
+cat <<EOF > init.sh
+#!/usr/bin/env bash
+mysql -uroot -pdbroot < /dbsetup.sql
+EOF
+
+chmod +x init.sh
+docker cp ./dbsetup.sql ${ID}:/dbsetup.sql
+docker cp ./init.sh ${ID}:/init.sh
+rm dbsetup.sql init.sh
+
+#Fetch dockerize tool
+wget https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-linux-amd64-v0.6.1.tar.gz
+tar -xzvf dockerize-linux-amd64-v0.6.1.tar.gz
+rm dockerize-linux-amd64-v0.6.1.tar.gz
+
+chmod +x ./dockerize
+docker cp ./dockerize ${ID}:/dockerize
+rm dockerize
+
+#We us wait for the internal socket to come up before running init script
+echo "Just waiting a few seconds for the DB to come online ..."
+docker exec -t ${ID} /dockerize -wait file:///var/run/mysql/mysql.sock -timeout 1m
+
+echo "Database ready"
+docker exec -t ${ID} /init.sh
+
+mkdir -p ${STRATOS_PATH}/src/jetstream/db
+cp ${STRATOS_PATH}/deploy/db/dbconf.yml ${STRATOS_PATH}/src/jetstream/db
+
+if [ -f ${STRATOS_PATH}/src/jetstream/jetstream ]; then
+  ${STRATOS_PATH}/src/jetstream/jetstream --env=mariadb-dev up
+else
+  echo "Build the Stratos backend and run db migrations with:"
+  echo "  ./jetstream --env=mariadb-local up"
+fi

build/tools/postgres-dev.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+echo "Startind Postgres database for development"
+
+STRATOS_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && cd ../.. && pwd)"
+echo $STRATOS_PATH
+
+docker stop stratos-db
+docker rm stratos-db
+
+ID=$(docker run --name stratos-db -d -e POSTGRES_DB=stratosdb -e POSTGRES_USER=stratos -e POSTGRES_PASSWORD=strat0s -p 5432:5432 postgres)
+echo $ID
+
+echo "Just waiting a few seconds for the DB to come online ..."
+sleep 5
+
+echo "Database ready"
+
+mkdir -p ${STRATOS_PATH}/src/jetstream/db
+cp ${STRATOS_PATH}/deploy/db/dbconf.yml ${STRATOS_PATH}/src/jetstream/db
+
+if [ -f ${STRATOS_PATH}/src/jetstream/jetstream ]; then
+  ${STRATOS_PATH}/src/jetstream/jetstream --env=postgres-dev up
+else
+  echo "Build the Stratos backend and run db migrations with:"
+  echo "  ./jetstream --env=postgres-local up"
+fi

deploy/db/dbconf.yml

@@ -10,3 +10,9 @@ mariadb-development:
 mariadb-k8s:
     driver: mysql
     open: $DB_USER:$DB_PASSWORD@tcp($DB_HOST:$DB_PORT)/$DB_DATABASE_NAME?parseTime=true
+mariadb-dev:
+    driver: mysql
+    open: stratos:strat0s@tcp(127.0.0.1:3306)/stratosdb?parseTime=true
+postgres-dev:
+    driver: postgres
+    open: host='127.0.0.1' port=5432 user='stratos' password='strat0s' dbname='stratosdb' sslmode='disable'

deploy/kubernetes/README.md

@@ -14,6 +14,7 @@ The following guide details how to deploy Stratos in Kubernetes.
 - [Accessing the Console](#accessing-the-console)
 - [Advanced Topics](#advanced-topics)
   * [Using a Load Balancer](#using-a-load-balancer)
+  * [Using an Ingress Controller](#ingress)
   * [Specifying an External IP](#specifying-an-external-ip)
   * [Upgrading your deployment](#upgrading-your-deployment)
   * [Specifying UAA configuration](#specifying-uaa-configuration)
@@ -23,7 +24,6 @@ The following guide details how to deploy Stratos in Kubernetes.
   * [Deploying Stratos with your own TLS certificates](#deploying-stratos-with-your-own-tls-certificates)
   * [Using with a Secure Image Repostiory](#using-with-a-secure-image-repository)
   * [Installing Nightly Release](#installing-a-nightly-release)
-  * [Configuring Stratos to use an Ingress controller](./ingress)
 <!-- /TOC -->
 
 ## Requirements
@@ -178,6 +178,26 @@ If your Kubernetes deployment supports automatic configuration of a load balance
 helm install stratos/console --namespace=console --name my-console --set console.service.type=LoadBalancer
 ```
 
+### Using an Ingress Controller
+
+If your Kubernetes Cluster supports Ingress, you can expose Stratos through Ingress by supplying the appropriate ingress configuration when installing.
+
+This configuration is described below:
+
+|Parameter|Description|Default|
+|----|---|---|
+|console.service.ingress.enabled|Enables ingress|false|
+|console.service.ingress.annotations|Annotations to be added to the ingress resource.|{}|
+|console.service.ingress.extraLabels|Additional labels to be added to the ingress resource.|{}|
+|console.service.ingress.host|The host name that will be used for the Stratos service.||
+|console.service.ingress.secretName|The existing TLS secret that contains the certificate for ingress.||
+
+You must provide `console.service.ingress.host` when enabling ingress.
+
+By default a certificate will be generated for TLS. You can provide your own certificate by creating a secret and specifying this with `console.service.ingress.secretName`.
+
+> Note: If you do not supply `console.service.ingress.host` but do supply `env.DOMAIN` then the host `console.[env.DOMAIN]` will be used.
+
 ### Specifying an External IP
 
 If the kubernetes cluster supports external IPs for services (see [ Service External IPs](https://kubernetes.io/docs/concepts/services-networking/service/#external-ips)), then the following arguments can be provided. In this following example the dashboard will be available at `https://192.168.100.100:5000`.
@@ -351,3 +371,4 @@ Install
 ```
 helm install stratos/console --namespace=console --name my-console --version 2.0.0-dev-9a5611dc
 ```
+

deploy/kubernetes/console/templates/__helpers.tpl

@@ -104,4 +104,32 @@ Generate self-signed certificate
 {{- $cert := genSignedCert ( include "console.certName" . ) nil $altNames 365 $ca -}}
 tls.crt: {{ $cert.Cert | b64enc }}
 tls.key: {{ $cert.Key | b64enc }}
-{{- end -}}
+{{- end -}}
+
+
+{{/*
+Ingress Host from .Values.console.service
+*/}}
+{{- define "ingress.host.value" -}}
+{{- if .Values.console.service -}}
+{{- if .Values.console.service.ingress -}}
+{{- if .Values.console.service.ingress.host -}}
+{{ .Values.console.service.ingress.host }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Ingress Host:
+*/}}
+{{- define "ingress.host" -}}
+{{ $host := (include "ingress.host.value" .) }}
+{{- if $host -}}
+{{ $host | quote }}
+{{- else if .Values.env.DOMAIN -}}
+{{ print "console." .Values.env.DOMAIN }}
+{{- else -}}
+{{ required "Host name is required" $host | quote }}
+{{- end -}}
+{{- end -}}

deploy/kubernetes/console/templates/deployment.yaml

@@ -247,6 +247,8 @@ spec:
           value: {{default "false" .Values.console.ssoLogin | quote}}
         - name: SSO_OPTIONS
           value: {{default "" .Values.console.ssoOptions | quote}}
+        - name: SSO_WHITELIST
+          value: {{ default "" .Values.console.ssoWhiteList | quote }}
         {{- if .Values.console.templatesConfigMapName }}
         - name: TEMPLATE_DIR
           value: /etc/templates

deploy/kubernetes/console/templates/ingress.yaml

@@ -0,0 +1,76 @@
+{{- if .Values.console.service -}}
+{{- if .Values.console.service.ingress -}}
+{{- if .Values.console.service.ingress.enabled -}}
+
+{{- if not .Values.console.service.ingress.secretName -}}
+---
+# The certificate and key for the TLS secret are passed through ingress.tls.crt and ingress.tls.key
+# respectively. If the operator does not provide these values at installation time, the TLS secret
+# will contain empty values. The standard behaviour for NGINX ingress controller is to provide a
+# fake certificate instead. It is useful only for testing and development. It is expected that for
+# production use the operator will provide these values.
+apiVersion: "v1"
+kind: "Secret"
+type: kubernetes.io/tls
+metadata:
+  name: "{{ .Release.Name }}-ingress-tls"
+  labels:
+    app.kubernetes.io/name: "stratos"
+    app.kubernetes.io/instance: "{{ .Release.Name }}"
+    app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+    app.kubernetes.io/component: "console-ingress-tls"
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+data:
+  tls.crt: {{ .Values.console.service.ingress.tls.crt | default "" | b64enc | quote }}
+  tls.key: {{ .Values.console.service.ingress.tls.key | default "" | b64enc | quote }}
+{{- end }}
+
+---
+# Ingress for the Console UI service
+apiVersion: "extensions/v1beta1"
+kind: "Ingress"
+metadata:
+  name: "{{ .Release.Name }}-ingress"
+  annotations:
+    {{- if hasKey .Values.console.service.ingress.annotations "kubernetes.io/ingress.class" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "kubernetes.io/ingress.class" "nginx" }}
+    {{- end }}
+    {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/secure-backends" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/secure-backends" "true" }}
+    {{- end }}
+    {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/backend-protocol" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/backend-protocol" "HTTPS" }}
+    {{- end }}
+    {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/ssl-redirect" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/ssl-redirect" "false" }}
+    {{- end }}
+    {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/proxy-body-size" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/proxy-body-size" "200m" }}
+    {{- end }}
+    {{ $_ := set .Values.console.service.ingress.annotations "nginx.org/websocket-services" (print .Release.Name "-ui-ext") }}
+{{ toYaml .Values.console.service.ingress.annotations | indent 4 }}
+  labels:
+    app.kubernetes.io/name: "stratos"
+    app.kubernetes.io/component: "console-ingress"
+    app.kubernetes.io/instance: "{{ .Release.Name }}"
+    app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+{{- range $key, $value := .Values.console.service.ingress.extraLabels }}
+    {{ $key }}: {{ $value }}
+{{- end }}    
+spec:
+  tls:
+  - secretName: {{ default "{{ .Release.Name }}-ingress-tls" .Values.console.service.ingress.secretName | quote }}
+    hosts:
+    - {{ template "ingress.host" . }}
+  rules:
+    - host: {{ template "ingress.host" . }}
+      http:
+        paths:
+          - path: "/"
+            backend:
+              serviceName: "{{ .Release.Name }}-ui-ext"
+              servicePort: 443
+{{- end }}
+{{- end }}
+{{- end }}