feat: inital release of glauth and platforma

.gitignore

@@ -0,0 +1,3 @@
+# Helm resources
+charts/*/charts/*.tgz
+charts/*/Chart.lock

charts/glauth/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/glauth/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: glauth
+description: GLAuth LDAP authentication server Helm Chart
+type: application
+appVersion: 2.3.2
+version: 1.0.1
+sources:
+  - https://github.com/milaboratory/public-helm-charts/charts/glauth
+maintainers:
+  - name: Vladimir Antropov
+    email: [email protected]

charts/glauth/README.md

@@ -0,0 +1,61 @@
+GLAuth: LDAP authentication server
+==============
+
+For me information please visit the official github repository [GLAuth](https://github.com/glauth/glauth).
+
+## Prerequisites
+
+- Kubernetes 1.20+
+- Helm 3.0+
+
+## Installing
+
+Add the desired configuration under `app.config` in the Helm `values.yaml`. 
+Here's a sample config with hardcoded users and groups:
+```toml
+[backend]
+  datastore = "config"
+  nameformat = "cn"
+  groupformat = "ou"
+  baseDN = "dc=demo,dc=io"
+
+[behaviors]
+  IgnoreCapabilities = false
+  LimitFailedBinds = false
+
+[ldap]
+  enabled = true
+  listen = "0.0.0.0:3893"
+[ldaps]
+  enabled = false
+  listen = "0.0.0.0:3894"
+  cert = "/app/config/ssl/glauth-ca-cert.pem"
+  key = "/app/config/ssl/glauth-ca-key.pem"
+[api]
+  enabled = false
+  internals = true
+  listen = "0.0.0.0:5555"
+
+[[groups]]
+  name = "users"
+  gidnumber = 4401
+
+[[users]]
+  name = "testuser1"
+  uidnumber = 4001
+  primarygroup = 4401
+  passsha256 = "00a082620a12245988ee6ef6d61a561c009e0bbd033b40604b96c199f28c42b6"
+[[users.capabilities]]
+  action = "search"
+  object = "ou=users,dc=demo,dc=io"
+```
+
+Here is how you can generate a SHA256 password hash.
+```bash
+#!/bin/bash
+password=$(pwgen -n1 32)
+echo "Passwd: ${password}"
+# Generate SHA-256 hash of the password
+pass_sha256=$(echo -n "${password}" | openssl dgst -sha256 | sed 's/^.* //')
+echo "Sha256 ${pass_sha256}"
+```

charts/glauth/templates/_helpers.tpl

@@ -0,0 +1,69 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "glauth.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "glauth.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "glauth.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "glauth.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+    {{- default (include "glauth.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+    {{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Get the correct image tag name
+*/}}
+{{- define "glauth.imageTag" -}}
+{{- .Values.app.image.tag | default (printf "v%s" .Chart.AppVersion) -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "glauth.labels" -}}
+helm.sh/chart: {{ include "glauth.chart" . }}
+{{ include "glauth.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "glauth.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "glauth.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/glauth/templates/app-deployment.yaml

@@ -0,0 +1,159 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  {{- with .Values.app.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "glauth.labels" . | nindent 4 }}
+    {{- with .Values.app.extraLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  name: {{ template "glauth.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "glauth.selectorLabels" . | nindent 6 }}
+  replicas: {{ .Values.app.replicaCount }}
+  {{- with .Values.app.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print .Template.BasePath "/app-secret-config.yaml") . | sha256sum }}
+      {{- with .Values.app.podAnnotations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+      {{- include "glauth.labels" . | nindent 8 }}
+      {{- with .Values.app.podLabels }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- if .Values.app.priorityClassName }}
+      priorityClassName: {{ .Values.app.priorityClassName | toString }}
+      {{- end }}
+      {{- if .Values.app.schedulerName }}
+      schedulerName: {{ .Values.app.schedulerName }}
+      {{- end }}
+      {{- if .Values.app.enableServiceLinks }}
+      enableServiceLinks: {{ .Values.app.enableServiceLinks }}
+      {{- end }}
+      automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+      {{- with .Values.app.initContainers }}
+      initContainers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.app.terminationGracePeriodSeconds }}
+      containers:
+        - name: {{ template "glauth.name" . }}-{{ .Values.app.name }}
+          image: "{{ .Values.app.image.repository }}:{{ include "glauth.imageTag" . }}"
+          imagePullPolicy: {{ .Values.app.image.pullPolicy }}
+          {{- if .Values.app.containerWorkingDir }}
+          workingDir: {{ .Values.app.containerWorkingDir }}
+          {{- end }}
+          {{- with .Values.app.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- if .Values.app.image.command }}
+          command: [{{ .Values.app.image.command | quote }}]
+          {{- end }}
+          {{- if .Values.app.image.args }}
+          args:
+          {{- range .Values.app.image.args }}
+            - {{ . | quote }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.app.env }}
+          env:
+          {{- range $key, $value := .Values.app.env }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.app.envValueFrom }}
+          {{- range $key, $value := .Values.app.envValueFrom }}
+            - name: {{ $key | quote }}
+              valueFrom:
+                {{- tpl (toYaml $value) $ | nindent 16 }}
+          {{- end }}
+          {{- end }}
+          ports:
+            - name: {{ .Values.app.service.portName }}
+              containerPort: {{ .Values.app.service.targetPort }}
+          {{- with .Values.app.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.app.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12  }}
+          {{- end }}
+          {{- with .Values.app.startupProbe }}
+          startupProbe:
+            {{- toYaml . | nindent 12  }}
+          {{- end }}
+          {{- with .Values.app.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: config
+              mountPath: /app/config/config.cfg
+              subPath: config.cfg
+              readOnly: true
+            - name: database-volume
+              mountPath: {{ .Values.app.persistentVolume.mountPath }}
+      {{- with .Values.app.podSecurityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.app.hostAliases }}
+      hostAliases:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "glauth.serviceAccountName" . }}
+      {{- with .Values.app.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.app.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.app.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.app.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.app.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      hostNetwork: {{ .Values.app.hostNetwork }}
+      {{- if .Values.app.dnsPolicy }}
+      dnsPolicy: {{ .Values.app.dnsPolicy | toString }}
+      {{- end }}
+      {{- with .Values.dnsConfig }}
+      dnsConfig:
+{{- toYaml . | indent 8 }}
+    {{- end }}
+      volumes:
+        - name: config
+          secret:
+            secretName: {{ template "glauth.fullname" . }}-secret-config
+        - name: database-volume
+        {{- if .Values.app.persistentVolume.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ if .Values.app.persistentVolume.existingClaim }}{{ .Values.app.persistentVolume.existingClaim }}{{- else }}{{ template "glauth.fullname" . }}{{- end }}
+        {{- else }}
+          emptyDir: {}
+        {{- end }}

charts/glauth/templates/app-isito-gateway.yaml

@@ -0,0 +1,25 @@
+{{- if .Values.app.istio.enabled }}
+{{- $istioHosts := .Values.app.istio.hosts }}
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: {{ template "glauth.fullname" . }}-gateway
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "glauth.labels" . | nindent 4 }}
+    {{- with .Values.app.istio.gateway.extraLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    istio: {{ .Values.app.istio.gateway.ingressGatewayName }}
+  servers:
+    - port:
+        number: {{ .Values.app.istio.gateway.port }}
+        name: {{ .Values.app.istio.gateway.portName }}
+        protocol: {{ .Values.app.istio.gateway.protocol }}
+      hosts:
+        {{- range $istioHosts }}
+        - {{ tpl . $ | quote }}
+        {{- end }}
+{{- end }}

charts/glauth/templates/app-isito-virtualservice.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.app.istio.enabled }}
+{{- $istioHosts := .Values.app.istio.hosts }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ template "glauth.fullname" . }}-virtual-service
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "glauth.labels" . | nindent 4 }}
+    {{- with .Values.app.istio.virtualService.extraLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  hosts:
+  {{- range $istioHosts }}
+    - {{ tpl . $ | quote }}
+  {{- end }}
+  gateways:
+    - {{ template "glauth.fullname" . }}-gateway
+  tcp:
+    - match:
+        - port: {{ .Values.app.istio.gateway.port }}
+      route:
+        - destination:
+            host: {{ template "glauth.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+            port:
+              number: {{ .Values.app.istio.gateway.port }}
+{{- end }}