Add auth config for scalar manager

scalar-labs · Dec 27, 2024 · cd2476b · cd2476b
1 parent ee508b9
commit cd2476b
Show file tree

Hide file tree

Showing 5 changed files with 132 additions and 11 deletions.
diff --git a/charts/scalar-manager/README.md b/charts/scalar-manager/README.md
@@ -27,12 +27,17 @@ Current chart version is `3.0.0-SNAPSHOT`
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | securityContext.runAsNonRoot | bool | `true` |  |
-| service.port | int | `80` |  |
-| service.type | string | `"ClusterIP"` |  |
+| service.api.port | int | `8080` |  |
+| service.api.type | string | `"ClusterIP"` |  |
+| service.web.port | int | `80` |  |
+| service.web.type | string | `"ClusterIP"` |  |
 | serviceAccount.automountServiceAccountToken | bool | `true` |  |
 | serviceAccount.serviceAccountName | string | `""` |  |
 | tolerations | list | `[]` |  |
+| web.authorization.baseUrl | string | `"http://localhost:8080"` |  |
+| web.authorization.enabled | bool | `false` |  |
 | web.image.pullPolicy | string | `"IfNotPresent"` |  |
 | web.image.repository | string | `"ghcr.io/scalar-labs/scalar-manager-web"` |  |
 | web.image.tag | string | `""` |  |
+| web.operation.baseUrl | string | `"http://localhost:8080"` |  |
 | web.resources | object | `{}` |  |
diff --git a/charts/scalar-manager/templates/scalar-manager/deployment.yaml b/charts/scalar-manager/templates/scalar-manager/deployment.yaml
@@ -44,6 +44,13 @@ spec:
           image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag | default .Chart.AppVersion }}"
           resources:
             {{- toYaml .Values.web.resources | nindent 12 }}
+          env:
+            - name: NEXT_PUBLIC_AUTH_ENABLED
+              value: {{ .Values.web.authorization.enabled | quote }}
+            - name: NEXT_PUBLIC_PERSISTENCE_API_BASE_URL
+              value: {{ .Values.web.authorization.baseUrl | quote }}
+            - name: NEXT_PUBLIC_OPERATION_API_BASE_URL
+              value: {{ .Values.web.operation.baseUrl | quote }}
           ports:
             - containerPort: 3000
           imagePullPolicy: {{ .Values.web.image.pullPolicy }}

diff --git a/charts/scalar-manager/templates/scalar-manager/service.yaml b/charts/scalar-manager/templates/scalar-manager/service.yaml
@@ -1,16 +1,33 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "scalar-manager.fullname" . }}
+  name: {{ include "scalar-manager.fullname" . }}-web
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "scalar-manager.labels" . | nindent 4 }}
 spec:
-  type: {{ .Values.service.type }}
+  type: {{ .Values.service.web.type }}
   ports:
     - protocol: TCP
       name: web
-      port: {{ .Values.service.port }}
+      port: {{ .Values.service.web.port }}
       targetPort: 3000
   selector:
     {{- include "scalar-manager.selectorLabels" . | nindent 4 }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "scalar-manager.fullname" . }}-api
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "scalar-manager.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.api.type }}
+  ports:
+    - protocol: TCP
+      name: api
+      port: {{ .Values.service.api.port }}
+      targetPort: 8080
+  selector:
+    {{- include "scalar-manager.selectorLabels" . | nindent 4 }}
diff --git a/charts/scalar-manager/values.schema.json b/charts/scalar-manager/values.schema.json
@@ -94,11 +94,27 @@
         "service": {
             "type": "object",
             "properties": {
-                "port": {
-                    "type": "integer"
+                "api": {
+                    "type": "object",
+                    "properties": {
+                        "port": {
+                            "type": "integer"
+                        },
+                        "type": {
+                            "type": "string"
+                        }
+                    }
                 },
-                "type": {
-                    "type": "string"
+                "web": {
+                    "type": "object",
+                    "properties": {
+                        "port": {
+                            "type": "integer"
+                        },
+                        "type": {
+                            "type": "string"
+                        }
+                    }
                 }
             }
         },
@@ -119,6 +135,17 @@
         "web": {
             "type": "object",
             "properties": {
+                "authorization": {
+                    "type": "object",
+                    "properties": {
+                        "baseUrl": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
                 "image": {
                     "type": "object",
                     "properties": {
@@ -133,6 +160,14 @@
                         }
                     }
                 },
+                "operation": {
+                    "type": "object",
+                    "properties": {
+                        "baseUrl": {
+                            "type": "string"
+                        }
+                    }
+                },
                 "resources": {
                     "type": "object"
                 }

diff --git a/charts/scalar-manager/values.yaml b/charts/scalar-manager/values.yaml
@@ -27,8 +27,12 @@ nodeSelector: {}
 tolerations: []
 
 service:
-  type: ClusterIP
-  port: 80
+  web:
+    type: ClusterIP
+    port: 80
+  api:
+    type: ClusterIP
+    port: 8080
 
 serviceAccount:
   serviceAccountName: ""
@@ -80,12 +84,65 @@ api:
     paused-state-retention.storage=${PAUSED_STATE_RETENTION_STORAGE:configmap}
     paused-state-retention.max-number=${PAUSED_STATE_RETENTION_MAX_NUMBER:100}
 
+    # JWT configuration
+    # P-256 (secp256k1) private key in PKCS8 format, using for signing JWT tokens, required when persistence endpoints are enabled
+    authentication.providers.static-jwt.private-key=${AUTHENTICATION_PROVIDERS_STATIC_JWT_PRIVATE_KEY:}
+    # Public key in X.509/SPKI format using for verifying JWT tokens, when authentication is enabled, this key is used for verifying JWT tokens
+    authentication.providers.static-jwt.public-key=${AUTHENTICATION_PROVIDERS_STATIC_JWT_PUBLIC_KEY:}
+    authentication.providers.static-jwt.issuer-uri=${AUTHENTICATION_PROVIDERS_STATIC_JWT_ISSUER_URI:https://scalar-manager.scalar-labs.com}
+    authentication.providers.static-jwt.access-token-expiration-time=${AUTHENTICATION_PROVIDERS_STATIC_JWT_ACCESS_TOKEN_EXPIRATION_TIME:15m}
+    authentication.providers.static-jwt.refresh-token-expiration-time=${AUTHENTICATION_PROVIDERS_STATIC_JWT_REFRESH_TOKEN_EXPIRATION_TIME:3d}
+
+    # OpenAPI configuration
+    springdoc.swagger-ui.enabled=${SPRINGDOC_SWAGGER_UI_ENABLED:false}
+    springdoc.swagger-ui.path=${SPRINGDOC_SWAGGER_UI_PATH:/swagger-ui.html}
+
+    # Whether to enable persistence endpoints or not (auth, user management)
+    app.persistence-endpoints.enabled=${APP_PERSISTENCE_ENDPOINTS_ENABLED:false}
+
+    # Whether to enable authorization or not for the operational endpoints
+    app.authorization.enabled=${APP_AUTHORIZATION_ENABLED:false}
+
+    # CORS configuration
+    app.cors.allowed-origins=${APP_CORS_ALLOWED_ORIGINS:*}
+    app.cors.allowed-methods=${APP_CORS_ALLOWED_METHODS:*}
+    app.cors.allowed-headers=${APP_CORS_ALLOWED_HEADERS:*}
+
+    # # Initial admin configuration, only need these configurations if persistence endpoints is enabled
+    # app.initial-admin-user.enabled=${APP_INITIAL_ADMIN_USER_ENABLED:false}
+    # app.initial-admin-user.email=${APP_INITIAL_ADMIN_USER_EMAIL:[email protected]}
+    # app.initial-admin-user.name=${APP_INITIAL_ADMIN_USER_NAME:Administrator}
+    # app.initial-admin-user.password=${APP_INITIAL_ADMIN_USER_PASSWORD:Password@123!}
+
+    # # JPA configuration, only need these configurations if persistence endpoints is enabled
+    # spring.jpa.hibernate.ddl-auto=${SPRING_JPA_HIBERNATE_DDL_AUTO:update}
+    # spring.jpa.show-sql=${SPRING_JPA_SHOW_SQL:false}
+    # spring.jpa.properties.hibernate.format_sql=${SPRING_JPA_PROPERTIES_HIBERNATE_FORMAT_SQL:false}
+
+    # # Database configuration, only need these configurations if persistence endpoints is enabled
+    # spring.datasource.url=jdbc:postgresql://${DATABASE_HOST:scalar-manager-postgres-postgresql}:${DATABASE_PORT:5432}/${DATABASE_NAME:scalar-manager}
+    # spring.datasource.username=${DATABASE_USERNAME:scalar-manager}
+    # spring.datasource.password=${DATABASE_PASSWORD:scalar-manager}
+    # spring.datasource.driver-class-name=org.postgresql.Driver
+
+
 web:
   image:
     repository: ghcr.io/scalar-labs/scalar-manager-web
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
     tag: ""
+
+  authorization:
+    # Whether to enable authorization or not for the web application, if enabled the login, user management page will be available
+    enabled: false
+    # The base URL of the authorization service, default is same as the scalar-manager-api service
+    baseUrl: http://localhost:8080
+
+  operation:
+    # The base URL of the operation service, default is same as the scalar-manager-api service
+    baseUrl: http://localhost:8080
+
   resources:
     {}
     # We usually recommend not to specify default resources and to leave this as a conscious