Merge pull request #206 from memphisdev/master_to_delete

release 1.4.0

Author: valeraBr

README.md

@@ -137,7 +137,9 @@ helm install memphis memphis/memphis --create-namespace --namespace memphis --wa
 | restGateway.enabled | **\*Optional\***  <br>Memphis Rest Gateway can be disabled if not in use | "true" | "false" |
 | restGateway.jwtSecret | **\*Optional\***  <br>Manual Jwt Token configurtion | ""  | ""  |
 | restGateway.refreshJwtSecret | **\*Optional\***  <br>Manual Refresh Jwt Token configurtion | ""  | ""  |
-
+| auth.enabled | **\*Optional\***  <br>Enable using predefined parameters | "false"  | "true"  |
+| auth.enabled.mgmt | **\*Optional\***  <br>Management users that will be created at first deployment | ""  | ""  |
+| auth.enabled.client | **\*Optional\***  <br>Client users that will be created at first deployment | ""  | ""  |
 Here is how to run an installation command with additional options -&#x20;
 
 ```

examples/initial_config_values.yaml

@@ -0,0 +1,15 @@
+auth:
+  enabled: true
+  users:
+    mgmt:
+    - user: admin
+      password: Admin123456!
+    - user: test_mgmt
+      password: Test123456!
+    - user: test
+      password: Test123456@
+    client:
+    - user: test_app
+      password: Test123456!@
+    - user: test_app2
+      password: Test123456@!

memphis/README.md

@@ -44,7 +44,8 @@ Memphis is cloud-native and cloud-agnostic to any Kubernetes on **any cloud**.
 Production-grade Memphis with three memphis brokers configured in cluster-mode
 
 ```bash
-helm repo add memphis https://k8s.memphis.dev/charts/ --force-update && helm install memphis memphis/memphis --set global.cluster.enabled="true" --create-namespace --namespace memphis --wait
+helm repo add memphis https://k8s.memphis.dev/charts/ --force-update &&
+helm install memphis memphis/memphis --set global.cluster.enabled="true" --create-namespace --namespace memphis --wait
 ```
 
 **Dev**
@@ -56,6 +57,8 @@ helm repo add memphis https://k8s.memphis.dev/charts/ --force-update &&
 helm install memphis memphis/memphis --create-namespace --namespace memphis --wait
 ```
 
+For more information, please visit the [Memphis Documentation](https://docs.memphis.dev/memphis/open-source-installation/kubernetes/1-installation).
+
 #### Helm deployment options
 
 | Option | Description | Default Value | Example |
@@ -114,12 +117,11 @@ helm install memphis memphis/memphis --create-namespace --namespace memphis --wa
 | restGateway.enabled | **\*Optional\***  <br>Memphis Rest Gateway can be disabled if not in use | "true" | "false" |
 | restGateway.jwtSecret | **\*Optional\***  <br>Manual Jwt Token configurtion | ""  | ""  |
 | restGateway.refreshJwtSecret | **\*Optional\***  <br>Manual Refresh Jwt Token configurtion | ""  | ""  |
-
+| auth.enabled | **\*Optional\***  <br>Enable initial configuration import | "false"  | "true"  |
+| auth.enabled.mgmt | **\*Optional\***  <br>Management users that will be created at first deployment | ""  | ""  |
+| auth.enabled.client | **\*Optional\***  <br>Client users that will be created at first deployment | ""  | ""  |
 Here is how to run an installation command with additional options -&#x20;
 
-```
-helm install memphis --set cluster.replicas=3,memphis.creds.rootPwd=rootpassword" memphis/memphis --create-namespace --namespace memphis
-```
 
 ### Deployed pods
 
@@ -130,98 +132,6 @@ helm install memphis --set cluster.replicas=3,memphis.creds.rootPwd=rootpassword
 
 For more information on each component, please head to the [architecture section](../../memphis/architecture.md#key-components).
 
-## Deploy Memphis with TLS (encrypted communication via SSL)
-
-### 0. Optional: Create self-signed certificates
-
-a) Generate a self-signed certificate using `mkcert`
-
-```bash
-$ mkcert -client \
--cert-file memphis_client.pem \
--key-file memphis-key_client.pem  \
-"127.0.0.1" "localhost" "*.memphis.dev" ::1 \
-email@localhost [email protected]
-```
-
-b) Find the `rootCA`
-
-```
-$ mkcert -CAROOT
-```
-
-c) Create self-signed certificates for client
-
-```bash
-$ mkcert -client -cert-file client.pem -key-file key-client.pem  localhost ::1 
-```
-
-### 1. Create namespace + secret for the TLS certs
-
-a) Create a dedicated namespace for memphis
-
-```bash
-kubectl create namespace memphis
-```
-
-b) Create a k8s secret with the required certs
-
-
-```bash
-kubectl create secret generic memphis-client-tls-secret \
---from-file=memphis_client.pem \
---from-file=memphis-key_client.pem \
---from-file=rootCA.pem -n memphis
-```
-
-```yaml
-tls:
-  secret:
-    name: memphis-client-tls-secret
-  ca: "rootCA.pem"
-  cert: "memphis_client.pem"
-  key: "memphis-key_client.pem"
-```
-
-### 2. Deploy Memphis with the generated certificate
-
-```bash
-helm install memphis memphis \
---create-namespace --namespace memphis --wait \
---set \
-global.cluster.enabled="true",\
-memphis.tls.verify="true",\
-memphis.tls.cert="memphis_client.pem",\
-memphis.tls.key="memphis-key_client.pem",\
-memphis.tls.secret.name="memphis-client-tls-secret",\
-memphis.tls.ca="rootCA.pem"
-```
-
-## Upgrade existing deployment
-
-### For adding TLS support
-
-1. Create a k8s secret with the provided TLS certs
-
-```
-kubectl create secret generic memphis-client-tls-secret \
---from-file=memphis_client.pem \
---from-file=memphis-key_client.pem \
---from-file=rootCA.pem -n memphis
-```
-
-2. Upgrade Memphis to use the TLS certs
-
-```bash
-helm upgrade memphis memphis -n memphis --reuse-values \
---set \
-memphis.tls.verify="true",\
-memphis.tls.cert="memphis_client.pem",\
-memphis.tls.key="memphis-key_client.pem",\
-memphis.tls.secret.name="tls-client-secret",\
-memphis.tls.ca="rootCA.pem"
-```
-
 ## Deployment diagram
 
 ![Memphis Architecture (1)](https://user-images.githubusercontent.com/70286779/229374721-963cd3e6-e425-44cd-8467-233e6fc5e680.jpeg)

memphis/templates/memphis-rest-gateway.yaml

@@ -1,4 +1,4 @@
-apiVersion: /v1
+apiVersion: v1
 kind: Service
 metadata:
   name: memphis-rest-gateway

memphis/templates/memphis_configmap.yaml

@@ -261,114 +261,11 @@ data:
     }
     {{- end }}
 
-    {{- if .Values.auth.enabled }}
-    ##################
-    #                #
-    # Authorization  #
-    #                #
-    ##################
-    {{- if .Values.auth.resolver }}
-      {{- if eq .Values.auth.resolver.type "memory" }}
-        resolver: MEMORY
-        include "accounts/{{ .Values.auth.resolver.configMap.key }}"
-      {{- end }}
-
-      {{- if eq .Values.auth.resolver.type "full" }}
-        {{- if .Values.auth.resolver.configMap }}
-        include "accounts/{{ .Values.auth.resolver.configMap.key }}"
-        {{- else }}
-          {{- with .Values.auth.resolver }}
-            {{- if $.Values.auth.timeout }}
-            authorization {
-              timeout: {{ $.Values.auth.timeout }}
-             }
-            {{- end }}
-
-            {{- if .operator }}
-            operator: {{ .operator }}
-            {{- end }}
-
-            {{- if .systemAccount }}
-            system_account: {{ .systemAccount | quote }}
-            {{- end }}
-          {{- end }}
-
-          resolver: {
-            type: full
-            {{- with .Values.auth.resolver }}
-            dir: {{ .store.dir | quote }}
-
-            allow_delete: {{ .allowDelete }}
-
-            interval: {{ .interval | quote }}
-            {{- end }}
-          }
-        {{- end }}
-      {{- end }}
-
-      {{- if .Values.auth.resolver.resolverPreload }}
-      resolver_preload: {{ toRawJson .Values.auth.resolver.resolverPreload }}
-      {{- end }}
-
-      {{- if eq .Values.auth.resolver.type "URL" }}
-        {{- with .Values.auth.resolver.url }}
-        resolver: URL({{ . }})
-        {{- end }}
-        operator: /etc/memphis-config/operator/{{ .Values.auth.operatorjwt.configMap.key }}
-      {{- end }}
-    {{- end }}
-
-    {{- with .Values.auth.systemAccount }}
-    system_account: {{ . | quote }}
-    {{- end }}
-
-
-    {{- with .Values.auth.nkeys }}
-    {{- with .users }}
-    authorization {
-      {{- if $.Values.auth.timeout }}
-      timeout: {{ $.Values.auth.timeout }}
-      {{- end }}
-
-      users: [
-      {{- range . }}
-      {{- toRawJson . | nindent 4 }},
-      {{- end }}
-      ]
-    }
-    {{- end }}
-    {{- end }}
-
-    {{- with .Values.auth.basic }}
-
-    {{- with .noAuthUser }}
-    no_auth_user: {{ . }}
-    {{- end }}
-
-    {{- with .users }}
-    authorization {
-      {{- if $.Values.auth.timeout }}
-      timeout: {{ $.Values.auth.timeout }}
-      {{- end }}
-
-      users: [
-      {{- range . }}
-      {{- toRawJson . | nindent 4 }},
-      {{- end }}
-      ]
-    }
-    {{- end }}
-
-    {{- with .accounts }}
-    authorization {
-      {{- if $.Values.auth.timeout }}
-      timeout: {{ $.Values.auth.timeout }}
-      {{- end }}
-    }
-
-    accounts: {{- toRawJson . }}
-    {{- end }}
-
-    {{- end }}
-
-    {{- end }}
+  {{- if .Values.auth.enabled }}  
+  initial.conf: |
+    users:
+      mgmt:
+      {{- .Values.auth.users.mgmt | toYaml | nindent 6  }}
+      client:
+      {{- .Values.auth.users.client | toYaml | nindent 6  }}
+  {{- end }}

memphis/templates/memphis_statefulset.yaml

@@ -112,13 +112,10 @@ spec:
       # Common volumes for the containers.
       volumes:
       - name: config-volume
-        {{ if .Values.memphis.secretConfig }}
-        secret:
-          secretName: {{ .Values.memphis.secretConfig.name }}
-        {{ else }}
         configMap:
           name: {{ include "memphis.fullname" . }}-config
-        {{ end }}
+
+
 
       {{/* User extended config volumes*/}}
       {{- if .Values.memphis.config }}
@@ -132,20 +129,6 @@ spec:
       - name: pid
         emptyDir: {}
 
-      {{- if and .Values.auth.enabled .Values.auth.resolver }}
-      {{- if .Values.auth.resolver.configMap }}
-      - name: resolver-volume
-        configMap:
-          name: {{ .Values.auth.resolver.configMap.name }}
-      {{- end }}
-
-      {{- if eq .Values.auth.resolver.type "URL" }}
-      - name: operator-jwt-volume
-        configMap:
-          name: {{ .Values.auth.operatorjwt.configMap.name }}
-      {{- end }}
-      {{- end }}
-
       {{- if and .Values.memphis.storageEngine.fileStorage.enabled .Values.memphis.storageEngine.fileStorage.existingClaim }}
       # Persistent volume for storageEngine running with file storage option
       - name: {{ include "memphis.fullname" . }}-js-pvc
@@ -402,30 +385,6 @@ spec:
             mountPath: /etc/nats-config/{{ .name }}
           {{- end }}
 
-
-          {{- if and .Values.auth.enabled .Values.auth.resolver }}
-          {{- if eq .Values.auth.resolver.type "memory" }}
-          - name: resolver-volume
-            mountPath: /etc/nats-config/accounts
-          {{- end }}
-
-          {{- if eq .Values.auth.resolver.type "full" }}
-          {{- if .Values.auth.resolver.configMap }}
-          - name: resolver-volume
-            mountPath: /etc/nats-config/accounts
-          {{- end }}
-          {{- if and .Values.auth.resolver .Values.auth.resolver.store }}
-          - name: memphis-jwt-pvc
-            mountPath: {{ .Values.auth.resolver.store.dir }}
-          {{- end }}
-          {{- end }}
-
-          {{- if eq .Values.auth.resolver.type "URL" }}
-          - name: operator-jwt-volume
-            mountPath: /etc/nats-config/operator
-          {{- end }}
-          {{- end }}
-
           {{- if .Values.memphis.storageEngine.fileStorage.enabled }}
           - name: {{ include "memphis.fullname" . }}-js-pvc
             mountPath: {{ .Values.memphis.storageEngine.fileStorage.storageDirectory }}
@@ -609,23 +568,6 @@ spec:
 
 
   volumeClaimTemplates:
-  {{- if eq .Values.auth.resolver.type "full" }}
-  {{- if and .Values.auth.resolver .Values.auth.resolver.store }}
-  #####################################
-  #                                   #
-  #  Account Server Embedded JWT      #
-  #                                   #
-  #####################################
-    - metadata:
-        name: nats-jwt-pvc
-      spec:
-        accessModes:
-        - ReadWriteOnce
-        resources:
-          requests:
-            storage: {{ .Values.auth.resolver.store.size }}
-  {{- end }}
-  {{- end }}
 
   {{- if and .Values.memphis.storageEngine.fileStorage.enabled (not .Values.memphis.storageEngine.fileStorage.existingClaim) }}
   #########################################