Added jumppods basic auth - installation helm template & values

Author: zeroc0d3

CHANGELOG.md

@@ -8,6 +8,14 @@ Helm chart for devopscorner services (Semantic Version)
 - [Helmfile](https://github.com/roboll/helmfile) CLI
 
 
+## Version 1.2
+
+### Features
+
+- Added Jumppods (Jump Host Pods) for maintenance EKS inside pods (`curl`, `wget`, `telnet`, `ping`, etc), securing with basic-auth access inside ingress-nginx
+
+---
+
 ## Version 1.1
 
 ### Features

helmfile/auth

@@ -0,0 +1 @@
+jumppods-admin:$2y$10$pfimLRkeJL/1RcW6Koe0uujoB0xZh4hQVU3uDCRdkqqQh1jlAAQaG

helmfile/basic-auth.txt

@@ -0,0 +1,42 @@
+=============================
+References:
+- https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/auth/basic
+- https://www.askapache.com/online-tools/htpasswd-generator/
+=============================
+
+htpasswd -c auth jumppods-admin > jumppods-auth/auth
+---
+jumppods-admin
+6T2pull8UB6aKKvC
+
+=============================
+Filename: auth (jumppods)
+=============================
+## SHA
+jumppods-admin:{SHA}8N4ap0CfmbTulo0utyLz9m4NBOA=
+## Crypt
+jumppods-admin:92FYck7tvCPXA
+## Bcrypt
+jumppods-admin:$2y$10$pfimLRkeJL/1RcW6Koe0uujoB0xZh4hQVU3uDCRdkqqQh1jlAAQaG
+## MD5
+jumppods-admin:$apr1$v5pjz34h$9lnJ98EBgn7MCjNAx9Lvt/
+## Digest
+jumppods-admin:Authentication Required - Jumppods:1f5700303099e203d3c927e7bfc29b6f
+
+=============================
+Kubernetes Secret
+=============================
+kubectl create secret generic jumppods-auth \
+  --from-file=jumppods-auth/auth -n jumppods
+
+kubectl get secret jumppods-auth -o yaml -n jumppods
+
+---
+apiVersion: v1
+data:
+  auth: anVtcHBvZHMtYWRtaW46JDJ5JDEwJHBmaW1MUmtlSkwvMVJjVzZLb2UwdXVqb0IweFpoNGhRVlUzdURDUmRrcXFRaDFqbEFBUWFHCg==
+kind: Secret
+metadata:
+  name: jumppods-auth
+  namespace: jumppods
+type: Opaque

helmfile/jumppod-template-basic-auth.yml

@@ -0,0 +1,16 @@
+---
+repositories:
+  - name: devopscorner-lab
+    url: s3://devopscorner-helm-chart/lab
+
+templates:
+  default: &default
+    namespace: devops-tools
+    version: "1.2.0-rc"
+
+releases:
+  - name: jumppod
+    chart: devopscorner-lab/api
+    values:
+      - ./jumppod-values-basic-auth.yml
+    <<: *default

helmfile/jumppod-values-basic-auth.yml

@@ -0,0 +1,119 @@
+replicaCount: 1
+
+secret:
+  enabled: false
+
+configMap:
+  enabled: true
+  name: "jumppod-api"
+  mountPath: /app/core/config
+  readOnly: true
+  data:
+    .app.config.json : |-
+      {
+          "AppName": "Commons Service",
+          "GRPCTimeout": 10,
+          "CacheExpiry": 300,
+          "CacheCleanup": 600,
+          "DefaultPageLimit": 3,
+          "ClientTimeout": 10
+      }
+
+image:
+  repository: devopscorner/cicd
+  pullPolicy: Always
+  tag: "alpine"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: true
+  annotations: {}
+  name: jumppod
+  namespace: devops-tools
+
+service:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
+    - name: ssh
+      port: 2222
+      targetPort: 22
+      protocol: TCP
+
+containers:
+  ports:
+    - name: http
+      containerPort: 80
+      protocol: TCP
+    - name: ssh
+      containerPort: 22
+      protocol: TCP
+
+ingress:
+  enabled: true
+  annotations:
+    nginx.ingress.kubernetes.io/cors-allow-headers: '*'
+    nginx.ingress.kubernetes.io/cors-allow-methods: '*'
+    nginx.ingress.kubernetes.io/cors-allow-origin: '*'
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/affinity: cookie
+    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
+    kubernetes.io/ingress.class: nginx
+    ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/32
+    # type of authentication
+    nginx.ingress.kubernetes.io/auth-type: basic
+    # name of the secret that contains the user/password definitions
+    nginx.ingress.kubernetes.io/auth-secret: jumppods-auth
+    # message to display with an appropriate context why the authentication is required
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - Jumppods'
+  hosts:
+    - host: jumppods.awscb.id
+      http:
+        paths:
+          - path: /
+            backend:
+              serviceName: jumppod-api
+              servicePort: 80
+  tls: []
+
+application:
+  enabled: true
+  env:
+    - name: HELM_TEMPLATE_NAME
+      value: api
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 200Mi
+  requests:
+    cpu: 140m
+    memory: 170Mi
+
+autoscaling:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 5
+  targetCPUUtilizationPercentage: 80
+  targetMemoryUtilizationPercentage: 80
+
+nodeSelector:
+  enabled: true
+  select:
+    node: "devopscorner-tools"   # DEV/UAT Cluster
+
+tolerations: []
+
+affinity: {}
+
+podAnnotations: {}
+
+podSecurityContext: {}
+
+securityContext: {}

helmfile/jumppod-values.yml

@@ -89,7 +89,7 @@ autoscaling:
 nodeSelector:
   enabled: true
   select:
-    node: "devops-tools"   # DEV/UAT Cluster
+    node: "devopscorner-tools"   # DEV/UAT Cluster
 
 tolerations: []
 

helmfile/jumppods-auth.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  auth: anVtcHBvZHMtYWRtaW46JDJ5JDEwJHBmaW1MUmtlSkwvMVJjVzZLb2UwdXVqb0IweFpoNGhRVlUzdURDUmRrcXFRaDFqbEFBUWFHCg==
+kind: Secret
+metadata:
+  name: jumppods-auth
+  namespace: jumppods
+type: Opaque