[stable/chronograf] Support OAuth (Google, Heroku, Github) and bump version (#390)

* And OAuth support and bump version * Remove confusing default values * Address PR comment * Fix tls config * Fix typo * Add Heroku and Google oauth support * Fix verbosity * Resolved version conflict

[stable/chronograf] Support OAuth (Google, Heroku, Github) and bump version (#390)
62c89e3b · Jack Zampolin · Michael Goodness · f9a59dc1 · 62c89e3b · 62c89e3b
Commit 62c89e3b authored Mar 22, 2017 by Jack Zampolin Committed by Michael Goodness Mar 22, 2017
5 changed files
--- a/stable/chronograf/Chart.yaml
+++ b/stable/chronograf/Chart.yaml
 name: chronograf
-version: 0.1.2
+version: 0.2.0
 description: Open-source web application written in Go and React.js that provides the tools to visualize your monitoring data and easily create alerting and automation rules.
 keywords:
 - chronograf

--- a/stable/chronograf/templates/deployment.yaml
+++ b/stable/chronograf/templates/deployment.yaml
@@ -8,7 +8,7 @@ metadata:
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
 spec:
-  replicas: 1
+  replicas: {{ .Values.service.replicas }}
  template:
    metadata:
      labels:
@@ -18,6 +18,70 @@ spec:
      - name: {{ .Chart.Name }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
+{{- if .Values.oauth.enabled }}
+        env:
+        - name: TOKEN_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: token_secret
+{{- if .Values.oauth.github.enabled}}
+        - name: GH_CLIENT_IDx
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: gh_client_id
+        - name: GH_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: gh_client_secret
+        - name: GH_ORGS
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: gh_orgs
+{{- end }}
+{{- if .Values.oauth.heroku.enabled}}
+        - name: HEROKU_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: he_client_id
+        - name: HEROKU_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: he_client_secret
+        - name: HEROKU_ORGS
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: he_orgs
+{{- end }}
+{{- if .Values.oauth.google.enabled}}
+        - name: GOOGLE_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: go_client_id
+        - name: GOOGLE_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: go_client_secret
+        - name: GOOGLE_DOMAINS
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: go_domains
+        - name: PUBLIC_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: go_public_url
+{{- end }}
+{{- end }}
        ports:
        - containerPort: 8888
          name: api

--- a/stable/chronograf/templates/ingress.yaml
+++ b/stable/chronograf/templates/ingress.yaml
@@ -13,9 +13,9 @@ metadata:
 spec:
 {{- if .Values.ingress.tls }}
  tls:
-  - hosts:
-    - {{ .Values.ingress.hostname }}
-    secretName: {{ template "fullname" . }}-tls
+    - hosts:
+      - {{ .Values.ingress.hostname | quote }}
+      secretName: {{ .Values.ingress.secretName | default (printf "%s-tls" (include "fullname" .)) }}
 {{- end }}
  rules:
  - host: {{ .Values.ingress.hostname }}

--- a/stable/chronograf/templates/secret.yaml
+++ b/stable/chronograf/templates/secret.yaml
+{{- if .Values.oauth.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "fullname" . }}
+type: Opaque
+data:
+  token_secret: {{ .Values.oauth.token_secret | b64enc | quote }}
+{{- if .Values.oauth.github.enabled }}
+  gh_client_id: {{ .Values.oauth.github.client_id | b64enc | quote }}
+  gh_client_secret: {{ .Values.oauth.github.client_secret | b64enc | quote }}
+  gh_orgs: {{ .Values.oauth.github.gh_orgs | b64enc | quote }}
+{{- end }}
+{{- if .Values.oauth.google.enabled }}
+  go_client_id: {{ .Values.oauth.google.client_id | b64enc | quote }}
+  go_client_secret: {{ .Values.oauth.google.client_secret | b64enc | quote }}
+  go_domains: {{ .Values.oauth.google.domains | b64enc | quote }}
+  go_public_url: {{ .Values.oauth.google.public_url | b64enc | quote }}
+{{- end }}
+{{- if .Values.oauth.heroku.enabled }}
+  he_client_id: {{ .Values.oauth.heroku.client_id | b64enc | quote }}
+  he_client_secret: {{ .Values.oauth.heroku.client_secret | b64enc | quote }}
+  he_orgs: {{ .Values.oauth.heroku.heroku_orgs | b64enc | quote }}
+{{- end }}
+{{- end }}
\ No newline at end of file
--- a/stable/chronograf/values.yaml
+++ b/stable/chronograf/values.yaml
+## Image Settings
+##
 image:
  repository: "quay.io/influxdb/chronograf"
  tag: "latest"
  pullPolicy: "Always"

 ## Specify a service type
-## NodePort is default
+## ClusterIP is default
 ## ref: http://kubernetes.io/docs/user-guide/services/
+##
 service:
+  replicas: 1
  type: ClusterIP

 ## Persist data to a persitent volume
+##
 persistence:
  enabled: false
  ## If defined, volume.beta.kubernetes.io/storage-class: <storageClass>
@@ -32,10 +37,41 @@ resources:
    
 ## Configure the ingress object to hook into existing infastructure
 ## ref : http://kubernetes.io/docs/user-guide/ingress/
+## OPTIONALLY you can set .Values.ingress.secretName to set which secret to use    
 ## 
 ingress:
  enabled: false
  tls: false
  hostname: chronograf.foobar.com
  annotations:
-    kubernetes.io/ingress.class: "nginx"
\ No newline at end of file
+    # kubernetes.io/ingress.class: "nginx"
+    # secretName: my-tls-cert
+    # kubernetes.io/tls-acme: "true"
+
+## OAuth Settings for OAuth Providers
+## More information -> https://github.com/influxdata/chronograf/blob/master/docs/auth.md
+##
+oauth:
+  # Need to set to true to use any of the oauth options
+  enabled: false
+  # Used for JWT to support running multiple copies of Chronograf
+  token_secret: CHANGE_ME
+  github:
+    enabled: false
+    client_id: CHANGE_ME
+    client_secret: CHANGE_ME
+    # This is a comma seperated list of GH organizations (OPTIONAL)
+    gh_orgs: ""
+  google:
+    enabled: false
+    client_id: CHANGE_ME
+    client_secret: CHANGE_ME
+    public_url: "" # eg. http://chronograf.foobar.com
+    # This is a comma seperated list of Google Apps domains (OPTIONAL)
+    google_domains: ""
+  heroku:
+    enabled: false
+    client_id: CHANGE_ME
+    client_secret: CHANGE_ME
+    # This is a comma seperated list of Heroku organizations (OPTIONAL)
+    he_orgs: ""