CiallooWeb/Authenticator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add JWT and Redis configuration to deployment and environment setup
All checks were successful
CI - Build and Push / Build and Push Docker Image (push) Successful in 50s
Details

Browse Source
This commit is contained in:
cialloo
2025-10-25 09:10:19 +08:00
parent 15d4088904
commit e09fac365e
5 changed files with 87 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/cd.yml vendored
View File

@@ -32,6 +32,14 @@ env:
# Application configuration # Application configuration
DATABASE_DSN: ${{ secrets.DATABASE_DSN }} DATABASE_DSN: ${{ secrets.DATABASE_DSN }}
JWT_SECRET: ${{ secrets.JWT_SECRET }}
JWT_ISSUER: ${{ secrets.JWT_ISSUER }}
JWT_EXPIRES_IN: ${{ secrets.JWT_EXPIRES_IN }}
STEAM_CALLBACK_URL: ${{ secrets.STEAM_CALLBACK_URL }}
STEAM_FRONTEND_CALLBACK_URL: ${{ secrets.STEAM_FRONTEND_CALLBACK_URL }}
REDIS_HOST: ${{ secrets.REDIS_HOST }}
REDIS_TYPE: ${{ secrets.REDIS_TYPE }}
REDIS_PASS: ${{ secrets.REDIS_PASS }}
jobs: jobs:
deploy: deploy:
@@ -59,6 +67,7 @@ jobs:
echo "**Namespace:** \`${KUBERNETES_NAMESPACE}\`" >> $GITHUB_STEP_SUMMARY echo "**Namespace:** \`${KUBERNETES_NAMESPACE}\`" >> $GITHUB_STEP_SUMMARY
echo "**Image:** \`${CONTAINER_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}/${CONTAINER_IMAGE_NAME}:${CONTAINER_IMAGE_TAG}\`" >> $GITHUB_STEP_SUMMARY echo "**Image:** \`${CONTAINER_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}/${CONTAINER_IMAGE_NAME}:${CONTAINER_IMAGE_TAG}\`" >> $GITHUB_STEP_SUMMARY
echo "**Database:** Connected" >> $GITHUB_STEP_SUMMARY echo "**Database:** Connected" >> $GITHUB_STEP_SUMMARY
echo "**Redis:** Connected" >> $GITHUB_STEP_SUMMARY
echo "**URL:** http://${KUBERNETES_INGRESS_HOST}" >> $GITHUB_STEP_SUMMARY echo "**URL:** http://${KUBERNETES_INGRESS_HOST}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY
echo "---" >> $GITHUB_STEP_SUMMARY echo "---" >> $GITHUB_STEP_SUMMARY

2
app/authenticator.go
View File

@@ -18,7 +18,7 @@ func main() {
flag.Parse() flag.Parse()
var c config.Config var c config.Config
conf.MustLoad(*configFile, &c) conf.MustLoad(*configFile, &c, conf.UseEnv())
server := rest.MustNewServer(c.RestConf) server := rest.MustNewServer(c.RestConf)
defer server.Stop() defer server.Stop()

16
app/etc/authenticator.yaml
View File

@@ -3,15 +3,15 @@ Host: 0.0.0.0
Port: 8888 Port: 8888
Steam: Steam:
CallbackURL: https://www.cialloo.com/api/authenticator/steam/callback CallbackURL: "${STEAM_CALLBACK_URL}"
FrontendCallbackURL: https://www.cialloo.com/auth/callback FrontendCallbackURL: "${STEAM_FRONTEND_CALLBACK_URL}"
JWT: JWT:
Secret: your-secret-key-change-in-production Secret: "${JWT_SECRET}"
Issuer: cialloo-authenticator Issuer: "${JWT_ISSUER}"
ExpiresIn: 604800 # 7 days in seconds ExpiresIn: ${JWT_EXPIRES_IN}
Redis: Redis:
Host: redis.production.svc.cluster.local:6379 Host: "${REDIS_HOST}"
Type: node Type: "${REDIS_TYPE}"
Pass: "" Pass: "${REDIS_PASS}"

43
script/cd.sh
View File

@@ -24,6 +24,14 @@ CONTAINER_IMAGE_TAG="${CONTAINER_IMAGE_TAG:-latest}"
# Application Configuration # Application Configuration
DATABASE_DSN="${DATABASE_DSN:-postgres://postgres:password@localhost:5432/steam_union?sslmode=disable}" DATABASE_DSN="${DATABASE_DSN:-postgres://postgres:password@localhost:5432/steam_union?sslmode=disable}"
JWT_SECRET="${JWT_SECRET:-your-secret-key-change-in-production}"
JWT_ISSUER="${JWT_ISSUER:-cialloo-authenticator}"
JWT_EXPIRES_IN="${JWT_EXPIRES_IN:-604800}"
STEAM_CALLBACK_URL="${STEAM_CALLBACK_URL:-https://www.cialloo.com/api/authenticator/steam/callback}"
STEAM_FRONTEND_CALLBACK_URL="${STEAM_FRONTEND_CALLBACK_URL:-https://www.cialloo.com/auth/callback}"
REDIS_HOST="${REDIS_HOST:-redis.production.svc.cluster.local:6379}"
REDIS_TYPE="${REDIS_TYPE:-node}"
REDIS_PASS="${REDIS_PASS:-}"
FORCE_RESTART="${FORCE_RESTART:-true}" FORCE_RESTART="${FORCE_RESTART:-true}"
# ============================================================================= # =============================================================================
@@ -46,6 +54,14 @@ print_help() {
echo " CONTAINER_IMAGE_NAME Image name (default: authenticator)" echo " CONTAINER_IMAGE_NAME Image name (default: authenticator)"
echo " CONTAINER_IMAGE_TAG Image tag (default: latest)" echo " CONTAINER_IMAGE_TAG Image tag (default: latest)"
echo " DATABASE_DSN Database connection string" echo " DATABASE_DSN Database connection string"
echo " JWT_SECRET JWT secret key"
echo " JWT_ISSUER JWT issuer"
echo " JWT_EXPIRES_IN JWT expiration time in seconds"
echo " STEAM_CALLBACK_URL Steam OAuth callback URL"
echo " STEAM_FRONTEND_CALLBACK_URL Frontend callback URL after auth"
echo " REDIS_HOST Redis host and port"
echo " REDIS_TYPE Redis type (node/cluster)"
echo " REDIS_PASS Redis password"
echo " FORCE_RESTART Force rollout restart (default: true)" echo " FORCE_RESTART Force rollout restart (default: true)"
echo "" echo ""
echo "Commands:" echo "Commands:"
@@ -98,6 +114,20 @@ create_image_pull_secret() {
echo "✓ Image pull secret created/updated" echo "✓ Image pull secret created/updated"
} }
# Create or update application secrets
create_app_secrets() {
echo "Creating application secrets..."
kubectl create secret generic authenticator-secrets \
--from-literal=database-dsn="${DATABASE_DSN}" \
--from-literal=jwt-secret="${JWT_SECRET}" \
--from-literal=redis-pass="${REDIS_PASS}" \
--namespace="${KUBERNETES_NAMESPACE}" \
--dry-run=client -o yaml | kubectl apply -f -
echo "✓ Application secrets created/updated"
}
# Deploy to Kubernetes # Deploy to Kubernetes
deploy_to_kubernetes() { deploy_to_kubernetes() {
FULL_IMAGE_NAME="${CONTAINER_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}/${CONTAINER_IMAGE_NAME}:${CONTAINER_IMAGE_TAG}" FULL_IMAGE_NAME="${CONTAINER_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}/${CONTAINER_IMAGE_NAME}:${CONTAINER_IMAGE_TAG}"
@@ -120,14 +150,27 @@ deploy_to_kubernetes() {
# Create image pull secret # Create image pull secret
create_image_pull_secret || return 1 create_image_pull_secret || return 1
# Create application secrets
create_app_secrets || return 1
# Apply Kubernetes manifests with variable substitution # Apply Kubernetes manifests with variable substitution
echo "Applying Kubernetes manifests..." echo "Applying Kubernetes manifests..."
export FULL_IMAGE_NAME export FULL_IMAGE_NAME
export KUBERNETES_NAMESPACE export KUBERNETES_NAMESPACE
export KUBERNETES_INGRESS_HOST export KUBERNETES_INGRESS_HOST
export KUBERNETES_DEPLOYMENT_REPLICAS
export CONTAINER_IMAGE_NAME export CONTAINER_IMAGE_NAME
export CONTAINER_REGISTRY_URL
export CONTAINER_REGISTRY_NAMESPACE
export CONTAINER_IMAGE_TAG
export DATABASE_DSN export DATABASE_DSN
export JWT_ISSUER
export JWT_EXPIRES_IN
export STEAM_CALLBACK_URL
export STEAM_FRONTEND_CALLBACK_URL
export REDIS_HOST
export REDIS_TYPE
for file in script/k8s/*.yaml; do for file in script/k8s/*.yaml; do
echo "Applying: $(basename $file)" echo "Applying: $(basename $file)"

27
script/k8s/deployment.yaml
View File

@@ -61,4 +61,29 @@ spec:
- name: TZ - name: TZ
value: "UTC" value: "UTC"
- name: DATABASE_DSN - name: DATABASE_DSN
value: "${DATABASE_DSN}" valueFrom:
secretKeyRef:
name: authenticator-secrets
key: database-dsn
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: authenticator-secrets
key: jwt-secret
- name: JWT_ISSUER
value: "${JWT_ISSUER}"
- name: JWT_EXPIRES_IN
value: "${JWT_EXPIRES_IN}"
- name: STEAM_CALLBACK_URL
value: "${STEAM_CALLBACK_URL}"
- name: STEAM_FRONTEND_CALLBACK_URL
value: "${STEAM_FRONTEND_CALLBACK_URL}"
- name: REDIS_HOST
value: "${REDIS_HOST}"
- name: REDIS_TYPE
value: "${REDIS_TYPE}"
- name: REDIS_PASS
valueFrom:
secretKeyRef:
name: authenticator-secrets
key: redis-pass