search

AdWerx / charts

helm charts maintained by Adwerx Engineering
MIT License
25 stars 34 forks source link

.Values.extraConfiguration badly indented #37

Closed Guss4241 closed 2 years ago

Guss4241 commented 2 years ago

hi,

started to use your chart some week ago, anf I just comme to an issue, i'm configuring a SSO to athenticate to awx, and to achieve it I must edit the settings.py set by your config map, I have used the values varailble to do it (.Values.extraConfiguration)

as it' only a 2 indent instead of 4 indent, the template for the config map is not good.

with value:

extraConfiguration: |-
    SOCIAL_AUTH_SAML_SP_ENTITY_ID = 'https://awx-pprod.dns.ext'

it generate it:

# Source: helm-awx/charts/awx/templates/settings-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: awx-pprod-settings
  labels:
    app.kubernetes.io/name: awx
    helm.sh/chart: awx-3.4.2
    app.kubernetes.io/instance: awx-pprod
    app.kubernetes.io/managed-by: Helm
data:
  redis.conf: |
    bind 127.0.0.1
    port 0
    unixsocket /var/run/redis/redis.sock
    unixsocketperm 777
  nginx.conf: |
    worker_processes  1;

    pid        /tmp/nginx.pid;

    events {
        worker_connections  1024;
    }

    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;
        server_tokens off;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

        access_log /dev/stdout main;

        map $http_upgrade $connection_upgrade {
            default upgrade;
            ''      close;
        }

        sendfile        on;

        upstream uwsgi {
            server 127.0.0.1:8050;
        }

        upstream daphne {
            server 127.0.0.1:8051;
        }

        server {
            listen 8052 default_server;

            server_name _;
            keepalive_timeout 65;

            add_header Strict-Transport-Security max-age=15768000;
            add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
            add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
            add_header X-Frame-Options "DENY";

            location /nginx_status {
                stub_status on;
                access_log off;
                allow 127.0.0.1;
                deny all;
            }

            location /static/ {
                alias /var/lib/awx/public/static/;
            }

            location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }

            location /websocket {
                proxy_pass http://daphne;
                proxy_http_version 1.1;
                proxy_buffering off;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
            }

            location / {
                rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
                uwsgi_read_timeout 120s;
                uwsgi_pass uwsgi;
                include /etc/nginx/uwsgi_params;
                proxy_set_header X-Forwarded-Port 443;
                uwsgi_param HTTP_X_FORWARDED_PORT 443;
                add_header Cache-Control "no-cache, no-store, must-revalidate";
                add_header Expires "0";
                add_header Pragma "no-cache";
            }
        }
    }
  settings.py: |
    import os
    import socket
    ADMINS = ()

    AWX_PROOT_ENABLED = False

    IS_K8S = True

    # Automatically deprovision pods that go offline
    AWX_AUTO_DEPROVISION_INSTANCES = True

    # SYSTEM_TASK_ABS_CPU =
    # SYSTEM_TASK_ABS_MEM =

    # Autoprovisioning should replace this
    CLUSTER_HOST_ID = socket.gethostname()
    SYSTEM_UUID = os.environ.get('MY_POD_UID', '00000000-0000-0000-0000-000000000000')

    SESSION_COOKIE_SECURE = False
    CSRF_COOKIE_SECURE = False

    REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR']

    def get_secret():
        if os.environ.get('SECRET_KEY'):
            return os.environ['SECRET_KEY']
        else:
            return open('/etc/tower/SECRET_KEY', 'rb').read().strip()

    STATIC_ROOT = '/var/lib/awx/public/static'
    PROJECTS_ROOT = '/var/lib/awx/projects'
    JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
    SECRET_KEY = get_secret()
    ALLOWED_HOSTS = ['*']
    INTERNAL_API_URL = 'http://127.0.0.1:8052'
    SERVER_EMAIL = 'root@localhost'
    DEFAULT_FROM_EMAIL = 'webmaster@localhost'
    EMAIL_SUBJECT_PREFIX = '[AWX] '
    EMAIL_HOST = 'localhost'
    EMAIL_PORT = 25
    EMAIL_HOST_USER = ''
    EMAIL_HOST_PASSWORD = ''
    EMAIL_USE_TLS = False

    LOGGING['handlers']['console'] = {
        '()': 'logging.StreamHandler',
        'level': 'DEBUG',
        'formatter': 'simple'
    }

    LOGGING['loggers']['django.request']['handlers'] = ['console']
    LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
    LOGGING['loggers']['awx']['handlers'] = ['console', 'external_logger']
    LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console']
    LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console', 'external_logger']
    LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console', 'external_logger']
    LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
    LOGGING['loggers']['social']['handlers'] = ['console']
    LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
    LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
    LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
    LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
    LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
    LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}
    LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'}
    LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'}

    DJANGO_REDIS_IGNORE_EXCEPTIONS = True

    USE_X_FORWARDED_PORT = True

    BROADCAST_WEBSOCKET_PORT = 8052
    BROADCAST_WEBSOCKET_PROTOCOL = 'http'

    AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'

  SOCIAL_AUTH_SAML_SP_ENTITY_ID = 'https://awx-pprod.dns.ext'

may be i'm wrong with the use of this Value variable.

jbielick commented 2 years ago

Thank you for the details. I've fixed this indentation issue in v3.4.3 which is publishing right now.

Guss4241 commented 2 years ago

thanks a lot for this really fast reaction