This is a demo project for our Kubernetes-Ready Rapid Application Framework.
Project description
Kubernetes-Ready RAD (K8SRAD)
Rapid Application Development is a software development principle to use pre-given and frequently needed components of a software application to accelerate the software development process massively. These components are for example functions for user authentication and authorization, user management (self-registration of a user, deactivating an account) but also application designs. With the usage of pre-given component, a lot of development tasks are omitted what rapidly accelerates the software development.
YOTRON put this development principles one step ahead and uses a Kubernetes-ready Rapid Application Development framework. The Kubernetes deployment is integrated part of the software development, means the software we provide for you is Kubernetes-Ready out-of-the-box.
This is the default application, which is the starting point of the Rapid Application Development. Please see the description.
URLs
The project contains code, build packages, container ... . Below an overview:
Type | Provider | URL |
---|---|---|
Kubernetes-Ready RAD | yotron.de | https://www.yotron.de/blog/kuberentesreadyrad/ |
Container | hub.docker.com | https://hub.docker.com/r/yotronpublic/k8srad |
Python Package (PyPi) | pypi.org | https://pypi.org/project/k8srad/ |
HELM package | artifacthub.io / helm.yotron.de | https://artifacthub.io/packages/helm/yotron-helm-charts/k8srad |
Installation
We provide two installation methods. A native installation on any OS which supports Python3 and a installation in Kubernetes via HELM. Per default, K8SRAD runs on a sqlite database. Sqlite is recommended only for testing and on a standalone installation.
In production, you should use a PostgreSQL database for a better data persistency and to allow a HA setup with more K8SRAD nodes.
The K8SRAD has no TLS-termination ("https"). We recommend to use a Reverse Proxy like NGINX or Apache Web Server in front of K8SRAD Web App for TLS termination.
The HELM project of K8SRAD for Kubernetes contains all needed and recommended components. You can optionally install a NGINX Reverse Proxy and a PostgreSQL database with the project, but you can also use separated applications.
Native
Prerequisites
- Python3
- Python-pip for dependency installation
- OpenLDAP for LDAP authentication
- SSL for secured LDAP authentication
- recommended: python3-venv to create a virtual environment for Python3
- recommended: PostgreSQL database for the K8SRAD metadata
- recommended: A reverse proxy with TLS termination (e.g. NGINX).
Prerequisites Python and pip
K8SRAD supports all current Python3 versions. It is tested with Python 3.9.x and 3.10.x
To check which Python version is running:
vagrant@bullseye:~$ python3 -V
Python 3.9.2
To check which Pip version is running:
vagrant@bullseye:~$ pip3 -V
pip 20.3.4 from /home/vagrant/k8srad/lib/python3.9/site-packages/pip (python 3.9)
It is possible, that in your distribution Python must be called with python
and pip
.
If you need a Python installation from the scratch. Python3, Pip3 and python3-venv are available in the main OS distribution.
For Debian/Ubuntu:
sudo apt-get install python3 python3-pip python3-venv
For RedHat/CentOS:
sudo yum install python3 python3-pip python3-venv
Prerequisites OpenLDAP and SSL
For authentication packages for authentication like OpenLDAP and SSL are needed
For Debian/Ubuntu:
sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
For RedHat/CentOS:
sudo yum install python-devel openldap-devel
Installation
There are a lot of variants how to start a Python web project. We use a Python virtual environment for setting up K8SRAD on a virtual environment. Depend on your environment and knowledge in Python the process can be different.
-
Create a virtual environment of Python
-
Create a virtual environment for K8SRAD
vagrant@bullseye:~$ python3 -m venv venv
-
Activate your virtual environment
This steps is to repeat every time you want to restart K8SRAD.
vagrant@bullseye:~$ source venv/bin/activate (venv) vagrant@bullseye:~$
-
-
Install all Python dependencies needed for the project:
(k8srad) vagrant@bullseye:~$ pip install k8srad --upgrade
-
Start K8SRAD server
(k8srad) vagrant@bullseye:~$ k8srad-run --host=0.0.0.0 --port=8080 2022-10-06 15:21:07,382:INFO:flask_appbuilder.base:Registering class View on menu ... 2022-10-10 11:18:22,385:INFO:flask_appbuilder.baseviews:Registering route / ('GET',) 2022-10-10 11:18:22,424:INFO:waitress:Serving on http://0.0.0.0:8080
-
Open Browser and start K8SRAD with one of the IPs mentioned above:
Your will automatically redirected to http://x.x.x.x:8080/login
-
Login as a admin user
The default credentials for the admin user are:
Username: admin
Password: admin
Please see the manual to allow access to buckets.
HELM
You find the installation instructions for Kubernetes here
Manual
The manual for K8SRAD you find here
Configuration
The dotenv file and K8SRAD_CONF_FILE
variable
You can customize K8SRAD with a setting defined in a dotenv file. The dotenv file can be chosen freely and you can put the file in a folder of your choice but the file must be reachable by the K8SRAD App.
Additionally, you need a environment variable K8SRAD_CONF_FILE
with the path to your config file.
For example, for Linux you can set the environment variable with:
export K8SRAD_CONF_FILE=/etc/k8srad/.k8srad
with .k8srad
as the dotenv file name.
The file contains setting to the following topics:
- customization of your K8SRAD
- Authentication
The parameter of the config file
Kubernetes RAD
name | example | description | possible values | default |
---|---|---|---|---|
K8SRAD_APP_NAME | My Fancy Kuberrentes App | The name of your K8SRAD. It is display in the head of your application. | ||
K8SRAD_APP_ICON | https://myserver.com/my_own_logo.svg | The icon of your K8SRAD as a html link. It is display in the head of your application. | ||
K8SRAD_LOG_LEVEL | info | LogLevel for the Logging. | fatal, error, warning, info, debug | info |
K8SRAD_LOG_FILE | /var/log/k8srad.log | When set logs are written to the mentioned file. If not set it is written to console (stdout). | not set | |
K8SRAD_DB_TYPE | postgresql | Type of database to use. Can be a SQLite or a PostgreSQL Database | sqlite, postgres | sqlite |
K8SRAD_PG_DB_HOST | k8s-1.mydatabse.com | Only if db-type postgres: Host name of the PostresSQL server. | ||
K8SRAD_PG_DB_PORT | 5432 | Only if db-type postgres: Port number of the PostresSQL server. | 5432 | |
K8SRAD_PG_DB_NAME | k8srad | Only if db-type postgres: Name of the PostgreSQL Database. | ||
K8SRAD_PG_DB_USER_NAME | k8srad | Only if db-type postgres: Username to authenticate against the PostgreSQL Database | ||
K8SRAD_PG_DB_USER_PW | k8srad | Only if db-type postgres: Password to authenticate against the PostgreSQL Database | ||
K8SRAD_SECRET_KEY | thisIsMyHiddenSecretKey | A key which used to sign session cookies for protection against cookie data tampering. In production please change it. |
Authentication general
name | example | description | possible values | default |
---|---|---|---|---|
K8SRAD_AUTH_TYPE | database | Parameter to define the authentication method. It can be an authentication via LDAP or via the default database with name and password. | ldap, database | database |
AUTH_USER_REGISTRATION | Parameter to define if a user can self registrate to K8SRAD. With LDAP it must be set to True. | True, False | False | |
AUTH_USER_REGISTRATION_ROLE | Default role a user, when registered or authenticated via LDAP firstly. | Public, Admin | Public | |
AUTH_ROLES_MAPPING | Mapping a LDAP group onto a K8SRAD role Admin and Public . |
|||
K8SRAD_SESSION_LIFETIME | 1800 | Seconds of inactivity after which a user must re-login. | 600 |
Example of a role mapping
AUTH_ROLES_MAPPING = {
"cn=k8suser,ou=groups,dc=example,dc=com": ["Public"],
"cn=k8sradadmins,ou=groups,dc=example,dc=com": ["Admin"],
}
Authentication LDAP
To allow authentication with LDAP, a LDAP group must be mapped onto one the K8SRAD Role Public
or Admin
.
name | example | description | possible values | default |
---|---|---|---|---|
AUTH_LDAP_SERVER | ldap://ldap.example.com | The URL of the LDAP server. | ||
AUTH_LDAP_USE_TLS | False | If the LDAP server allows TLS secured communication set to True. | True, False | |
AUTH_LDAP_FIRSTNAME_FIELD | givenName | Name of the field of the person LDAP entity with the given name. | ||
AUTH_LDAP_LASTNAME_FIELD | sn | Name of the field of the person LDAP entity with the last name. | ||
AUTH_LDAP_EMAIL_FIELD | Name of the field of the person LDAP entity with the email address. | |||
AUTH_LDAP_USERNAME_FORMAT | uid=%s,ou=users,dc=example,dc=com | Distinguished name of the user to authenticate. %s will be replaced by the username of the K8SRAD login. |
||
AUTH_LDAP_APPEND_DOMAIN | example.com | When a username always has a domain appendix. | ||
AUTH_LDAP_SEARCH | ou=users,dc=example,dc=com | LDAP search string if a user is part of an organizational unit. | ||
AUTH_LDAP_UID_FIELD | uid | When using a LDAP search the filed name with the username of the organizational unit. | ||
AUTH_LDAP_BIND_USER | ldapadmin | The bind user used for authentication against LDAP. | ||
AUTH_LDAP_BIND_PASSWORD | myHiddenPassword | The password of the bin user sed for authentication against LDAP. | ||
AUTH_LDAP_SEARCH_FILTER | (memberOf=cn=myTeam,ou=teams,dc=example,dc=com) | Filter the user which are allowed to access K8SRAD generally. | ||
AUTH_LDAP_GROUP_FIELD | memberOf | When using AUTH_ROLES_MAPPING the name of the field with the role DN. |
You find further information about how to configure LDAP against Microsoft AD or OpenLDAP here.
The start parameter
To start of the K8SRAD server simply call k8srad-run
as shown above. You have has the following parameter:
name | short | example | description | default |
---|---|---|---|---|
HOST | -s, --host | 127.0.0.1 | Listener Host IP. 0.0.0.0 for all IPs. | 0.0.0.0 |
PORT | -P, --port | 8090 | Listener Host Port | 8080 |
THREADS | -t --threads | 1 | Threads for parallelization | 4 |
With k8srad-run -h
you get the possible configuration:
(k8srad) vagrant@bullseye:~$ k8srad-run -h
...
usage: k8srad-run [-h] [-s HOST] [-p PORT] [-t THREADS]
Start parameter for the K8SRAD web server.
optional arguments:
-h, --help show this help message and exit
-s HOST, --host HOST Listener Host IP. Default: 0.0.0.0
-p PORT, --port PORT Listener Host Port. Default: 8080.
-t THREADS, --threads THREADS Threads for parallelization. Default: 4.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for k8srad-1.0.7-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 50357bc2cbf10659ebdcbb5d755eb5189306b0f378bf6110f5065526207b6dba |
|
MD5 | b4544de01ec85d5c99ade328666e7593 |
|
BLAKE2b-256 | 3046b68142699495fe03aebea3a963a8d74ae9d93025dd767fb0cd69617debc3 |