Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cog ai model nginx sidecar auth #2

Merged
merged 8 commits into from
May 29, 2024
Merged

Cog ai model nginx sidecar auth #2

merged 8 commits into from
May 29, 2024

Conversation

sergiotejon
Copy link
Contributor

Añade soporte para un sidecar con Nginx que permite authorizar un Bearer Token.

Es una configuración opcional, desactivada por defecto.

Además, permite crear el token, junto con su secret, a partir de SealedSecret. Para simplificar el asunto. En cualquier caso, esto es opcional. Siempre se podrá crear el secret del token por otros medios y usarlo luego mediante una variable de entorno llamada TOKEN.

Todo esto debería estar documentado en el README.

@sergiotejon
build(charts/cog-ai-model/templates): Add sidecar container and secre…
c4175d0 
…t for token in templates
@sergiotejon
build(charts/cog-ai-model/templates/deployment.yaml): Add sidecar con…
e986961 
…tainer and configure

Add sidecar container with image and security context.
Configure env variables, ports, and probes.
@sergiotejon
docs(charts/cog-ai-model/templates/configmap.yaml): Add configmap tem…
0da55a2 
…plate for sidecar

Create a new configmap template file for the sidecar
@sergiotejon
docs(charts/cog-ai-model/templates/sealedsecret.yaml): Add SealedSecr…
4f9b58e 
…et template to cog-ai-model chart

Create a new SealedSecret template file in the charts/cog-ai-model/templates directory.
Configure the template with the appropriate metadata and encryptedData properties.
@sergiotejon
build(templates/service.yaml): add service object for nginx sidecar
c8937c3
@sergiotejon
refactor: Add sidecar deployment instructions for various service types
0ead49c 
Change: Added instructions for accessing sidecar services with NodePort, LoadBalancer, and ClusterIP types.
Change: Updated existing instruction to use 'port-forward' command instead of 'kubectl proxy'
@sergiotejon
feat(charts/cog-ai-model): Add Nginx sidecar for auth-token management
a5bb025 
Add a new sidecar container to enable authorization token.
It creates a service in port TCP 80 to retrieve request and authorize it to proxy that request to COG later.
Disabled by default.
@sergiotejon
application: Update chart values and add Nginx auth
47487d3 
Changes to the Helm chart values file and addition of Nginx auth.
Added support for Bearer Token authentication using sidecar container.
Users can enable authentication by setting sidecar.enable to true and providing required values.
Optionally, users can use sealed secrets to store and retrieve the token.
@sergiotejon sergiotejon self-assigned this May 29, 2024
kerunaru
kerunaru approved these changes May 29, 2024
View reviewed changes
Copy link

@kerunaru kerunaru left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems good to me.

@sergiotejon sergiotejon merged commit f1a6f83 into main May 29, 2024
1 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kerunaru kerunaru kerunaru approved these changes

@alepalma91 alepalma91 alepalma91 approved these changes

@Muriano Muriano Awaiting requested review from Muriano

@jdominguez408 jdominguez408 Awaiting requested review from jdominguez408

Assignees

@sergiotejon sergiotejon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sergiotejon @kerunaru @alepalma91