esgf2-us
diff --git a/‎chart/Chart.yaml‎
Lines changed: 2 additions & 2 deletions b/‎chart/Chart.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎chart/README.md‎
Lines changed: 74 additions & 52 deletions b/‎chart/README.md‎
Lines changed: 74 additions & 52 deletions
diff --git a/‎chart/README.md.gotmpl‎
Lines changed: 14 additions & 7 deletions b/‎chart/README.md.gotmpl‎
Lines changed: 14 additions & 7 deletions
diff --git a/‎chart/tbump.toml‎
Lines changed: 1 addition & 1 deletion b/‎chart/tbump.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎chart/templates/_helpers.tpl‎
Lines changed: 63 additions & 28 deletions b/‎chart/templates/_helpers.tpl‎
Lines changed: 63 additions & 28 deletions
@@ -2,8 +2,8 @@ apiVersion: v2
 name: metagrid
 description: A Helm chart for the Metagrid frontend/backend
 type: application
-version: 0.1.2
-appVersion: "v1.0.9-beta"
+version: 0.1.3
+appVersion: "v1.1.0"
 home: https://github.com/esgf2-us/metagrid-k8s
 sources:
   - https://github.com/aims-group/metagrid
 
@@ -39,50 +39,31 @@ helm delete my-release
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| external.globus.redirect | string | `nil` | Redirect URI used to obtain Globus authorization token |
-| external.globus.clientID | string | `nil` | Client ID used to obtain Globus authorization token |
-| external.globus.nodes | string | `nil` | List of Globus nodes separated by commas |
-| external.wget | string | `"https://esgf-node.llnl.gov/esg-search/wget"` | ESGF wget service URL |
-| external.search | string | `"https://esgf-node.llnl.gov/esg-search/search"` | ESGF search URL |
-| external.nodeStatus | string | URL to the django backend node status path | Override node status URL, may be required when using an ingress |
-| external.metagridAPIUrl | string | URL to the django backend api path | Override the metagrid API URL, may be required when using an ingress |
-| external.solr | string | `"https://esgf-fedtest.llnl.gov/solr"` | URL for the ESGF solr catalog |
-| external.keycloak.url | string | `"https://login.esgf.io/"` | URL of the ESGF Keycloak instance |
-| external.keycloak.realm | string | `"esgf"` | Keycloak realm |
-| external.keycloak.clientID | string | `"metagrid-llnl"` | Keycloak client ID |
-| external.hotjar | object | `{"id":null,"sv":null}` | [Hotjar](https://www.hotjar.com/) tracking codes, **OPTIONAL** |
-| external.googleAnalyticsTrackingID | string | `nil` | Google analytics tracking id, **OPTIONAL** |
+| authType | string | `"globus"` | Type of authentication to use, possible choices are globus (deafult), and keycloak |
+| globus.redirect | string | `"https://localhost:3000/cart/items"` |  |
+| globus.frontend | object | `{"clientID":null}` | Client ID for a globus thick client, the redirect will need to be the url of the frontend e.g. https://metagrid.io/metagrid |
+| globus.backend | object | `{"clientID":null,"clientSecret":null}` | Client ID/Secret for globus portal, the redirect will need to be the url of the backend e.g. https://metagrid.io/metagrid-backend/complete/globus/ |
+| globus.nodes[0] | string | `"aims3.llnl.gov"` |  |
+| globus.nodes[1] | string | `"esgf-data1.llnl.gov"` |  |
+| globus.nodes[2] | string | `"esgf-data2.llnl.gov"` |  |
+| keyCloak.url | string | `nil` | Keycloak service url |
+| keyCloak.realm | string | `nil` | Client realm |
+| keyCloak.clientID | string | `nil` | Client ID |
+| wgetApiUrl | string | `"https://esgf-node.llnl.gov/esg-search/wget"` | ESGF wget service url |
+| searchUrl | string | `"https://esgf-node.llnl.gov/esg-search/search"` | ESGF search service url |
+| esgfNodeStatusUrl | string | `nil` | ESGF node status url |
+| solrUrl | Deprecated | `"https://esgf-node.llnl.gov/solr"` | ESGF solr url |
+| baseUrl | string | `nil` | Base url for use when using an external TLS termination e.g. https://metagrid.io |
 | projects | string | `nil` | Customize projects loaded during the initial migration, this is the value stored in [initial_projects_data.py](https://github.com/aims-group/metagrid/blob/master/backend/metagrid/initial_projects_data.py) |
 | imagePullSecrets | list | `[]` | List of secrets used to pull images from private registries |
-| django.replicaCount | int | `1` | Number of replicas |
-| django.debug | bool | `false` | Enable Django debugging |
-| django.adminURL | string | `"panel/"` | Relative path to the Django management panel |
-| django.corsOriginWhitelist | string | to django backend service url | Override CORS origin whitelist |
-| django.secretKey | string | a random 50 character string | Django secret key, recommended to set a value rather than use the random default value |
-| django.gunicornCmdArgs | string | `nil` | Override the gunicorn command arguments |
-| django.image.repository | string | `"ghcr.io/aims-group/metagrid-backend"` | Django container URI |
-| django.image.pullPolicy | string | `"Always"` | Image pull policy |
-| django.image.tag | string | `"latest"` | Container tag |
-| django.nameOverride | string | `""` |  |
-| django.fullnameOverride | string | `""` |  |
-| django.podAnnotations | object | `{}` | Extra pod annotations |
-| django.migrateJob.enabled | bool | `true` | Enable database migration job |
-| django.migrateJob.restartPolicy | string | `"Never"` |  |
-| django.affinity | object | `{}` | [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity), pod node scheduling constraints |
-| django.resources | object | `{}` | Container [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) |
-| django.securityContext | object | `{}` | Container [security](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) context |
-| django.nodeSelector | object | `{}` | Node [selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) labels |
-| django.preemptionPolicy | string | `nil` | Pod [preemption](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#preemption) policy |
-| django.priority | string | `nil` | Pod scheduling [priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) |
-| django.priorityClassName | string | `nil` | Pod scheduling [priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) class name |
-| django.podSecurityContext | object | `{}` | Pod [security](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) context |
-| django.tolerations | list | `[]` | Pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration) |
-| django.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Horizontal pod autoscaling configuration |
-| django.service | object | `{"port":5000,"type":"ClusterIP"}` | Django service |
-| django.service.type | string | `"ClusterIP"` | Service type |
-| django.service.port | int | `5000` | Service port |
+| react.hotjarID | string | `nil` | Hotjar configuration |
+| react.hotjarSV | string | `nil` |  |
+| react.googleAnalyticsID | string | `nil` | Google analytics ID |
+| react.backendUrl | string | `nil` | Custom url for external metagrid backend |
+| react.urlPath | string | `"/metagrid"` | Frontend path prefix |
+| react.previousUrlPath | string | `nil` |  |
 | react.replicaCount | int | `1` | Number of replicas |
-| react.image.repository | string | `"ghcr.io/aims-group/metagrid-frontend"` | React container URI |
+| react.image.repository | string | `"ghcr.io/esgf2-us/metagrid-frontend"` | React container URI |
 | react.image.pullPolicy | string | `"Always"` | Container pull policy |
 | react.image.tag | string | `"latest"` | Container tag |
 | react.nameOverride | string | `""` |  |
@@ -102,16 +83,50 @@ helm delete my-release
 | react.service.type | string | `"ClusterIP"` | Service type |
 | react.service.port | int | `3000` | Service port |
 | react.monitoring | object | `{"enabled":false}` | Prometheus monitoring |
+| django.secretKey | string | `nil` | Django [secret](https://docs.djangoproject.com/en/5.0/ref/settings/#std-setting-SECRET_KEY) key |
+| django.adminUrl | string | `"panel/"` | Path for the admin panel |
+| django.debug | bool | `false` | Enable django debugging |
+| django.gunicornCmdArgs | list | `nil` | Custom gunicorn CLI arguments |
+| django.urlPath | string | `"metagrid-backend"` | Backend path prefix |
+| django.loginPath | string | `"login/globus/"` |  |
+| django.logoutPath | string | `"proxy/globus-logout/"` |  |
+| django.loginRedirect | string | `"search"` | Frontend path to redirect to on login |
+| django.logoutRedirect | string | `"search"` | Frontend path to redirect to on logout |
+| django.admin.create | bool | `false` | Enable creating initial admin user |
+| django.admin.username | string | `"admin"` | Admin username |
+| django.admin.password | string | `nil` | Admin password |
+| django.admin.email | string | `nil` | Admin email |
+| django.migrateJob.enabled | bool | `true` | Enable migrate database job |
+| django.migrateJob.backoffLimit | int | `nil` | Backoff limit for migrate job |
+| django.migrateJob.restartPolicy | string | `"Never"` | Restart policy for migrate job |
+| django.replicaCount | int | `1` | Number of replicas |
+| django.image.repository | string | `"ghcr.io/esgf2-us/metagrid-backend"` | Django container URI |
+| django.image.pullPolicy | string | `"Always"` | Image pull policy |
+| django.image.tag | string | `"latest"` | Container tag |
+| django.nameOverride | string | `""` |  |
+| django.fullnameOverride | string | `""` |  |
+| django.podAnnotations | object | `{}` | Extra pod annotations |
+| django.affinity | object | `{}` | [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity), pod node scheduling constraints |
+| django.resources | object | `{}` | Container [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) |
+| django.securityContext | object | `{}` | Container [security](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) context |
+| django.nodeSelector | object | `{}` | Node [selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) labels |
+| django.preemptionPolicy | string | `nil` | Pod [preemption](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#preemption) policy |
+| django.priority | string | `nil` | Pod scheduling [priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) |
+| django.priorityClassName | string | `nil` | Pod scheduling [priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) class name |
+| django.podSecurityContext | object | `{}` | Pod [security](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) context |
+| django.tolerations | list | `[]` | Pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration) |
+| django.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Horizontal pod autoscaling configuration |
+| django.service | object | `{"port":5000,"type":"ClusterIP"}` | Django service |
+| django.service.type | string | `"ClusterIP"` | Service type |
+| django.service.port | int | `5000` | Service port |
 | ingress.enabled | bool | `false` | Enable ingress |
 | ingress.annotations | object | `{}` | Extra ingress annotations |
 | ingress.labels | object | `{}` | Extra ingress labels |
 | ingress.className | string | `nil` | Override ingress class |
-| ingress.react | object | `{"host":null,"path":"/metagrid"}` | React ingress endpoint |
+| ingress.react | object | `{"host":null}` | React ingress endpoint |
 | ingress.react.host | string | `nil` | Endpoint host |
-| ingress.react.path | string | `"/metagrid"` | Endpoint path |
-| ingress.django | object | `{"host":null,"path":"/metagrid-backend"}` | Django ingress endpoint |
+| ingress.django | object | `{"host":null}` | Django ingress endpoint |
 | ingress.django.host | string | `nil` | Endpoint host |
-| ingress.django.path | string | `"/metagrid-backend"` | Endpoint path |
 | ingress.tls.enabled | bool | `false` |  |
 | ingress.tls.secretName | string | `nil` |  |
 | postgresql | object | `{"enabled":true,"persistence":{"enabled":false},"pgpool":{"adminPassword":"pgpooladminpass","containerSecurityContext":{"enabled":false},"podSecurityContext":{"enabled":false}},"postgresql":{"containerSecurityContext":{"enabled":false},"password":"pgpass","podSecurityContext":{"enabled":false},"replicaCount":1,"repmgrPassword":"repmgrpass"}}` | Postgresql database, **REQUIRED** |
@@ -152,14 +167,21 @@ kubectl exec -it $(kubectl get pod -oname -l app.kubernetes.io/component=django)
 kubectl exec -it $(kubectl get pod -oname -l app.kubernetes.io/component=django) -- python manage.py migrate projects
 ```
 
-### External TLS termination
-The `nodeStatus` and `metagridAPIUrl` values by default are automatically generated. If using an upstream reverse-proxy that handles TLS, then these urls will be incorrect and cause
-the application to not work correctly.
+### Create initial admin
+To create an initial backend user, enable the following and fill out the details.
 
-To fix this both `nodeStatus` and `metagridAPIUrl` need to be overwritten, see the following example.
+```
+django:
+  admin:
+    create: true
+    username: <username>
+    password: <password>
+    email: <email>
+```
+
+### External TLS termination
+When using external TLS termination e.g. Traefik, Nginx, etc, the chart will need to be configured with the external url.
 
 ```
-external:
-  nodeStatus: https://<host>/metagrid-backend/proxy/status
-  metagridAPIUrl: https://<host>/metagrid-backend
+baseUrl: https://metagrid.io
 ```
@@ -59,14 +59,21 @@ kubectl exec -it $(kubectl get pod -oname -l app.kubernetes.io/component=django)
 kubectl exec -it $(kubectl get pod -oname -l app.kubernetes.io/component=django) -- python manage.py migrate projects
 ```
 
-### External TLS termination
-The `nodeStatus` and `metagridAPIUrl` values by default are automatically generated. If using an upstream reverse-proxy that handles TLS, then these urls will be incorrect and cause
-the application to not work correctly.
+### Create initial admin
+To create an initial backend user, enable the following and fill out the details.
 
-To fix this both `nodeStatus` and `metagridAPIUrl` need to be overwritten, see the following example.
+```
+django:
+  admin:
+    create: true
+    username: <username>
+    password: <password>
+    email: <email>
+```
+
+### External TLS termination
+When using external TLS termination e.g. Traefik, Nginx, etc, the chart will need to be configured with the external url.
 
 ```
-external:
-  nodeStatus: https://<host>/metagrid-backend/proxy/status
-  metagridAPIUrl: https://<host>/metagrid-backend
+baseUrl: https://metagrid.io
 ```
@@ -1,7 +1,7 @@
 github_url = "https://github.com/esgf2-us/metagrid-k8s/"
 
 [version]
-current = "0.1.0"
+current = "0.1.3"
 
 regex = '''
   (?P<major>\d+)
 
@@ -93,48 +93,83 @@ postgres://{{ include "metagrid.pg_user" $ }}:{{ include "metagrid.pg_pass" $ }}
 {{- end }}
 
 {{/*
-Keycloak URL
+React base url
 */}}
-{{- define "metagrid.keycloak_url" -}}
-  {{- if .Values.keycloak.external -}}
-    {{- .Values.keycloak.url -}}
-  {{- else -}}
-    {{- include "common.names.fullname" .Subcharts.keycloak }}.{{ .Release.Namespace }}.svc.{{ .Subcharts.keycloak.Values.clusterDomain }}:{{ coalesce .Subcharts.keycloak.Values.service.ports.http .Subcharts.keycloak.Values.service.port }}
-  {{- end -}}
+{{- define "metagrid.react.baseUrl" -}}
+{{- $host := ternary .Values.ingress.react.host (printf "127.0.0.1:%v" .Values.react.service.port) .Values.ingress.enabled }}
+{{- $scheme := ternary "https" "http" (and .Values.ingress.enabled .Values.ingress.tls.enabled) }}
+{{- printf "%s" (default (printf "%s://%s" $scheme $host) .Values.baseUrl) }}
 {{- end }}
 
 {{/*
-Django ALLOWED_HOSTS
+React Url
 */}}
-{{- define "metagrid.django_allowed_hosts" -}}
-{{- join "," (list "0.0.0.0" "localhost" .Values.ingress.react.host (printf "%s-django" (include "metagrid.fullname" .))) -}}
+{{- define "metagrid.react.url" -}}
+{{- $baseUrl := include "metagrid.react.baseUrl" . }}
+{{- printf "%s%s" $baseUrl (printf "/%s" (trimPrefix "/" .Values.react.urlPath)) }}
 {{- end }}
 
 {{/*
-Django CORS_ORIGIN_WHITELIST
+Django base url
 */}}
-{{- define "metagrid.django.corsOriginWhitelist" -}}
-{{- $defaultValue := printf "http://%v-react:%v" (include "metagrid.fullname" .) .Values.react.service.port }}
-{{- printf "%s" (default $defaultValue .Values.django.corsOriginWhitelist) }}
+{{- define "metagrid.django.baseUrl" -}}
+{{- $host := ternary .Values.ingress.django.host (printf "127.0.0.1:%v" .Values.django.service.port) .Values.ingress.enabled }}
+{{- $scheme := ternary "https" "http" (and .Values.ingress.enabled .Values.ingress.tls.enabled) }}
+{{- printf "%s" (default (printf "%s://%s" $scheme $host) .Values.baseUrl) }}
+{{- end }}
+
+{{/*
+Django Url
+*/}}
+{{- define "metagrid.django.url" -}}
+{{- $baseUrl := include "metagrid.django.baseUrl" . }}
+{{- printf "%s%s" $baseUrl (printf "/%s" (trimPrefix "/" .Values.django.urlPath)) }}
+{{- end }}
+
+{{/*
+Django login url
+*/}}
+{{- define "metagrid.django.loginUrl" -}}
+{{- $baseUrl := include "metagrid.django.url" . }}
+{{- printf "%s/login/globus/" $baseUrl }}
+{{- end }}
+
+{{/*
+Django logout url
+*/}}
+{{- define "metagrid.django.logoutUrl" -}}
+{{- $baseUrl := include "metagrid.django.url" . }}
+{{- printf "%s/proxy/globus-logout/" $baseUrl }}
+{{- end }}
+
+{{/*
+Django login redirect
+*/}}
+{{- define "metagrid.django.loginRedirect" -}}
+{{- $baseUrl := include "metagrid.react.url" . }}
+{{- printf "%s/%s" $baseUrl (trimPrefix "/" .Values.django.loginRedirect) }}
+{{- end }}
+
+{{/*
+Django logout redirect
+*/}}
+{{- define "metagrid.django.logoutRedirect" -}}
+{{- $baseUrl := include "metagrid.react.url" . }}
+{{- printf "%s/%s" $baseUrl (trimPrefix "/" .Values.django.logoutRedirect) }}
 {{- end }}
 
 {{/*
-Django ESGF node status url
+Django ALLOWED_HOSTS
 */}}
-{{- define "metagrid.django.esgfNodeStatusUrl" -}}
-{{- $service := printf "127.0.0.1:%v" .Values.django.service.port }}
-{{- $ssl := ternary "s" "" .Values.ingress.tls.enabled }}
-{{- $host := ternary .Values.ingress.django.host $service .Values.ingress.enabled }}
-{{- $url := printf "http%v://%v/%v/proxy/status" $ssl $host (trimPrefix "/" .Values.ingress.django.path) }}
-{{- printf "%v" (default $url .Values.external.nodeStatus) }}
+{{- define "metagrid.djangoAllowedHosts" -}}
+{{- join "," (list "127.0.0.1" "localhost" (printf "%s-django" (include "metagrid.fullname" .)) .Values.ingress.react.host ) -}}
 {{- end }}
 
-{{- define "metagrid.react.metagridUrl" -}}
-{{- $service := printf "127.0.0.1:%v" .Values.django.service.port }}
-{{- $ssl := ternary "s" "" .Values.ingress.tls.enabled }}
-{{- $host := ternary .Values.ingress.django.host $service .Values.ingress.enabled }}
-{{- $url := printf "http%v://%v/%v" $ssl $host .Values.ingress.django.path  }}
-{{- printf "%v" (default $url .Values.external.metagridAPIUrl) }}
+{{/*
+Django CORS_ORIGIN_WHITELIST
+*/}}
+{{- define "metagrid.django.corsOriginWhitelist" -}}
+{{- printf "%s" (include "metagrid.react.baseUrl" .) }}
 {{- end }}
 
 {{- define "metagrid.podSpec" -}}
@@ -156,7 +191,7 @@ containers:
   env:
   {{- range $name, $value := . }}
   - name: {{ $name }}
-    value: {{ tpl $value .TemplateValues | quote }}
+    value: {{ tpl $value $.TemplateValues | quote }}
   {{- end }}
   {{- end }}
   {{- with .envFrom }}