flavienbwk
diff --git a/‎README.md
Lines changed: 48 additions & 4 deletions b/‎README.md
Lines changed: 48 additions & 4 deletions
diff --git a/‎api/app/service/auth_service.py
Lines changed: 3 additions & 1 deletion b/‎api/app/service/auth_service.py
Lines changed: 3 additions & 1 deletion
diff --git a/‎api/app/service/user_service.py
Lines changed: 2 additions & 1 deletion b/‎api/app/service/user_service.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎docker-compose.yml
Lines changed: 0 additions & 1 deletion b/‎docker-compose.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎k8s/api-pvc.yaml
Lines changed: 25 additions & 0 deletions b/‎k8s/api-pvc.yaml
Lines changed: 25 additions & 0 deletions
diff --git a/‎k8s/api.yaml
Lines changed: 138 additions & 0 deletions b/‎k8s/api.yaml
Lines changed: 138 additions & 0 deletions
diff --git a/‎k8s/app.yaml
Lines changed: 56 additions & 0 deletions b/‎k8s/app.yaml
Lines changed: 56 additions & 0 deletions
diff --git a/‎k8s/database-pvc.yaml
Lines changed: 12 additions & 0 deletions b/‎k8s/database-pvc.yaml
Lines changed: 12 additions & 0 deletions
@@ -1,4 +1,4 @@
-# Dockerized ReactJS, Flask, LDAP-auth boilerplate
+# Dockerized ReactJS, Flask, LDAP boilerplate
 
 <p align="center">
     <a href="https://travis-ci.org/flavienbwk/reactjs-flask-ldap-boilerplate.svg?branch=master" target="_blank">
@@ -15,11 +15,11 @@
 - Docker architecture
 - LDAP authentication
 - Token-based API authentication
-- Automatic [token renewal](./api/app/service/auth_service.py#L44) with [a Flask middleware](./api/app/service/auth_service.py#L31)
+- Automatic [token renewal](./api/app/service/auth_service.py#L45) with [a Flask middleware](./api/app/service/auth_service.py#L32)
 - Swagger documentation
 - Flask-Migrate
 - Flask-SQLAlchemy (PostgreSQL was chosen)
-- [Logging and logs rotation](./api/app/utils/Logger.py#L12)
+- [Logging and logs rotation](./api/app/utils/Logger.py#L11)
 - [Choose](./app/app/src/App.js#L65) between sidebar and navbar (or use both !)
 - Responsive design
 - [Production](./prod.docker-compose.yml) and [development](./docker-compose.yml) builds
@@ -46,7 +46,7 @@ With this boilerplate, you will be able to develop corporate-ready services AND
 
 This section will explain how to properly run this project and set-up the LDAP server with one user.
 
-1. Copy the `.env.example` to `.env`
+1. Copy the `.env.example` file to `.env`
 
     ```bash
     cp .env.example .env
@@ -133,3 +133,47 @@ This section will explain how to properly run this project and set-up the LDAP s
     ```
 
     Access the UI at `https://localhost:8080`
+
+### Deploy to K8S
+
+I pretend you have here your K8S instance configured to be accessed by your `kubectl` CLI.
+
+I've used [Scaleway Kapsule](https://www.scaleway.com/en/kubernetes-kapsule) to perform my tests. This is an easy way to have a Kubernetes cluster quickly ready.
+
+1. Building production images (optional)
+
+    Images are tagged `flavienb/reactjs-flask-ldap-boilerplate-{api,web,nginx}:latest` by default. Edit it in `prod.docker-compose.yml` before building.
+
+    :information_source: You might be interested in pushing your images in a private registry (e.g: [Scaleway's Container Registry service](https://www.scaleway.com/en/container-registry/)).
+
+    ```bash
+    docker-compose -f prod.docker-compose.yml build
+    ```
+
+    Finally, `docker push` the 3 images and edit K8S' configurations :
+
+    - [k8s/app.yaml, line 26](k8s/app.yaml#L26)
+    - [k8s/api.yaml, line 21](k8s/api.yaml#L21)
+    - [k8s/nginx.yaml, line 21](k8s/nginx.yaml#L21)
+
+2. Add a new `reactjs-flask-ldap-boilerplate` namespace
+
+    ```bash
+    kubectl create namespace my-app
+    ```
+
+3. Configure your Ingress app endpoint
+
+    - **Edit** the env variables in [k8s/env-configmap.yaml](./k8s/env-configmap.yaml)
+    - **Edit** the app and phpldapadmin endpoints in [k8s/ingress.yaml, line 10 and 35](./k8s/ingress.yaml#L10)
+    - **Check** the PersistentVolumeClaim if you're not using Scaleway in all `*-pvc.yaml` files
+
+    Deploy with :
+
+    ```bash
+    kubectl apply -f ./k8s
+    ```
+
+4. Configure the first user
+
+    **Create** your first user by accessing phpLDAPAdmin at [endpoint defined](./k8s/ingress.yaml#L35) and [following the LDAP user creation guide](./CREATE_LDAP_USER.md).
@@ -67,10 +67,12 @@ def authLDAPUser(username: str, password: str):
                 # from users's LDAP details
                 sql_datetime = datetime.datetime.utcnow()
                 last_id = (UserService.getLastUserID() + 1)
+                first_name = user_details[0][1]["givenName"][0].decode('utf-8')\
+                    if "givenName" in user_details[0][1] else "" # givenName is optional in LDAP
                 UserService.createUser({
                     "ids": sha256(hash_id(last_id) + str(time.time())),
                     "username": username,
-                    "first_name": user_details[0][1]["givenName"][0].decode('utf-8'),
+                    "first_name": first_name,
                     "last_name": user_details[0][1]["sn"][0].decode('utf-8'),
                     "created_at": sql_datetime,
                     "updated_at": sql_datetime
 
@@ -68,7 +68,8 @@ def updateLDAPUser(user: User):
             ldap_user = connection.search_s(LDAP_USERS_DN, ldap.SCOPE_SUBTREE, search_filter)
             if len(ldap_user):
                 ldap_user_details = {
-                    "first_name": ldap_user[0][1]["givenName"][0].decode('utf-8'),
+                    "first_name": ldap_user[0][1]["givenName"][0].decode('utf-8')\
+                        if "givenName" in ldap_user[0][1] else "", # givenName is optional in LDAP
                     "last_name": ldap_user[0][1]["sn"][0].decode('utf-8')
                 }
                 user_details = {
 
@@ -2,7 +2,6 @@ version: "3.3"
 
 services:
 
-
   # LDAP-related
 
   ldap:
 
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: my-app
+  name: api-logs-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: scw-bssd-retain # Specific to Scaleway Kapsule
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: my-app
+  name: api-migrations-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: scw-bssd-retain # Specific to Scaleway Kapsule
+  resources:
+    requests:
+      storage: 1Gi
@@ -0,0 +1,138 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: my-app
+  labels:
+    app: api
+  name: api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: api
+    spec:
+      containers:
+        - image: flavienb/reactjs-flask-ldap-boilerplate-api:latest
+          name: api
+          ports:
+            - containerPort: 5000
+          imagePullPolicy: Always
+          env:
+            - name: FLASK_LEVEL
+              valueFrom:
+                configMapKeyRef:
+                  key: FLASK_LEVEL
+                  name: env
+            - name: LOG_LEVEL
+              valueFrom:
+                configMapKeyRef:
+                  key: LOG_LEVEL
+                  name: env
+            - name: FLASK_SERVER_NAME
+              valueFrom:
+                configMapKeyRef:
+                  key: FLASK_SERVER_NAME
+                  name: env
+            - name: FLASK_SERVER_DESCRIPTION
+              valueFrom:
+                configMapKeyRef:
+                  key: FLASK_SERVER_DESCRIPTION
+                  name: env
+            - name: FLASK_SECRET_KEY
+              valueFrom:
+                configMapKeyRef:
+                  key: FLASK_SECRET_KEY
+                  name: env
+            - name: LDAP_HOST
+              valueFrom:
+                configMapKeyRef:
+                  key: LDAP_HOST
+                  name: env
+            - name: LDAP_SCHEME
+              valueFrom:
+                configMapKeyRef:
+                  key: LDAP_SCHEME
+                  name: env
+            - name: LDAP_PORT
+              valueFrom:
+                configMapKeyRef:
+                  key: LDAP_PORT
+                  name: env
+            - name: LDAP_USERS_DN
+              valueFrom:
+                configMapKeyRef:
+                  key: LDAP_USERS_DN
+                  name: env
+            - name: LDAP_ADMIN_DN
+              valueFrom:
+                configMapKeyRef:
+                  key: LDAP_ADMIN_DN
+                  name: env
+            - name: LDAP_ADMIN_PASSWORD
+              valueFrom:
+                configMapKeyRef:
+                  key: LDAP_ADMIN_PASSWORD
+                  name: env
+            - name: POSTGRES_HOST
+              valueFrom:
+                configMapKeyRef:
+                  key: POSTGRES_HOST
+                  name: env
+            - name: POSTGRES_PORT
+              valueFrom:
+                configMapKeyRef:
+                  key: POSTGRES_PORT
+                  name: env
+            - name: POSTGRES_USER
+              valueFrom:
+                configMapKeyRef:
+                  key: POSTGRES_USER
+                  name: env
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                configMapKeyRef:
+                  key: POSTGRES_PASSWORD
+                  name: env
+            - name: POSTGRES_DB
+              valueFrom:
+                configMapKeyRef:
+                  key: POSTGRES_DB
+                  name: env
+          volumeMounts:
+            - mountPath: /logs
+              name: api-logs-pvc
+            - mountPath: /migrations
+              subPath: migrations # https://stackoverflow.com/a/51174380/4958081
+              name: api-migrations-pvc
+          resources: {}
+      volumes:
+        - name: api-logs-pvc
+          persistentVolumeClaim:
+            claimName: api-logs-pvc
+        - name: api-migrations-pvc
+          persistentVolumeClaim:
+            claimName: api-migrations-pvc
+      restartPolicy: Always
+status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: api
+  namespace: my-app
+  name: api
+spec:
+  ports:
+    - port: 5000
+      targetPort: 5000
+  selector:
+    app: api
+status:
+  loadBalancer: {}
@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: my-app
+  labels:
+    app: app
+  name: app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: app
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: app
+    spec:
+      containers:
+        - env:
+            - name: NODE_ENV
+              valueFrom:
+                configMapKeyRef:
+                  key: NODE_ENV
+                  name: env
+            - name: CHOKIDAR_USEPOLLING
+              valueFrom:
+                configMapKeyRef:
+                  key: CHOKIDAR_USEPOLLING
+                  name: env
+          image: flavienb/reactjs-flask-ldap-boilerplate-app:latest
+          name: app
+          ports:
+            - containerPort: 3000
+          imagePullPolicy: Always
+          resources: {}
+      restartPolicy: Always
+status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: my-app
+  labels:
+    app: app
+  name: app
+spec:
+  ports:
+    - port: 3000 # Port accessible inside cluster
+      targetPort: 3000 # Port to forward to inside the pod
+      protocol: TCP
+      name: http
+  selector:
+    app: app
+status:
+  loadBalancer: {}
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: my-app
+  name: database-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: scw-bssd-retain # Specific to Scaleway Kapsule
+  resources:
+    requests:
+      storage: 10Gi