docs: gcp security with secret (#410)
Signed-off-by: Yue Yang <g1enyy0ung@gmail.com>
This commit is contained in:
Yue Yang
GitHub
parent
33b451056d
commit
dfd17eae0d
|
|
@ -12,26 +12,43 @@ Create GCP OAuth client and get the Client ID and Client Secret according to [Se
|
|||
2. From the projects list, select a project or create a new one.
|
||||
3. If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.
|
||||
4. Click "Credentials" on the left.
|
||||
5. Click "New Credentials", then select "OAuth client ID".
|
||||
6. Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is `ROOT_URL/api/auth/gcp/callback`. In this part, `ROOT_URL` is the root URL of Chaos dashboard, like "http://localhost:2333". This URL can be set through the configuration item `dashboard.rootUrl` by`helm`.
|
||||
7. Click "Create Client ID".
|
||||
5. Click "Create Credentials", then select "OAuth client ID".
|
||||
6. Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is `ROOT_URL/api/auth/gcp/callback`. In this part, `ROOT_URL` is the root URL of Chaos dashboard, like `http://localhost:2333`. This URL can be set through the configuration item `dashboard.rootUrl` by `helm`.
|
||||
7. Click "Create".
|
||||
|
||||
After creating the client, remember to save the Client ID and Client Secret for the following steps.
|
||||
|
||||
## Configure and start Chaos Mesh
|
||||
## Configure and Start Chaos Mesh
|
||||
|
||||
:::info
|
||||
|
||||
Update: Since `v2.7.0`, you can provide a **Secret** to store the Client ID and Client Secret. **We recommend you to use this method**.
|
||||
|
||||
This change is to avoid exposing the Client ID and Client Secret to the public. In the previous versions, the Client ID and Client Secret are specified in the values directly, which is not safe in general.
|
||||
|
||||
For more information, see https://github.com/chaos-mesh/chaos-mesh/issues/4206.
|
||||
|
||||
:::
|
||||
|
||||
To enable the function, you need to set the configuration items in helm charts as follows:
|
||||
|
||||
1. Set `dashboard.gcpSecurityMode` to `true`.
|
||||
2. Set `dashboard.gcpClientId` to the Client ID from the former section.
|
||||
3. Set `dashboard.gcpClientSecret` to the Client Secret from the former section.
|
||||
4. Set `dashboard.rootUrl` to the root address of Chaos Dashboard.
|
||||
```yaml
|
||||
dashboard:
|
||||
rootUrl: http://localhost:2333
|
||||
gcpSecurityMode:
|
||||
enabled: true
|
||||
# Old configuration items for compatibility.
|
||||
clientId: ''
|
||||
clientSecret: ''
|
||||
# References existing Kubernetes secret containing `GCP_CLIENT_ID` and `GCP_CLIENT_SECRET`.
|
||||
existingSecret: ''
|
||||
```
|
||||
|
||||
If Chaos Mesh has been installed, you can update the configuration items through `helm upgrade`. If not, you can install Chaos Mesh through `helm install`.
|
||||
|
||||
## Use the function
|
||||
## Login with Google
|
||||
|
||||
Open Chaos Dashboard, and click the google icon under the authentication window.
|
||||
Open Chaos Dashboard, and click the Google icon under the authentication window.
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: GCP 身份验证接入
|
||||
title: GCP OAuth 验证
|
||||
---
|
||||
|
||||
如果 Chaos Mesh 集群部署于 Google Cloud Platform,用户将能够通过 Google OAuth 验证登入 Chaos Dashboard。本文档将介绍如何配置和启用这项功能。
|
||||
|
||||
## 创建用于登陆验证的 OAuth Client
|
||||
## 创建 OAuth Client
|
||||
|
||||
根据 [Setting up OAuth 2.0](https://support.google.com/cloud/answer/6158849?hl=en) 创建用于接入 GCP 的 OAuth 2.0 客户端,并获得 Client ID 与 Client Secret。
|
||||
|
||||
|
|
@ -20,18 +20,35 @@ title: GCP 身份验证接入
|
|||
|
||||
## 填写配置并启动 Chaos Mesh
|
||||
|
||||
:::info
|
||||
|
||||
更新:从 `v2.7.0` 开始,你可以通过提供一个 **Secret** 来存储 Client ID 与 Client Secret。**我们推荐你使用这种方式**。
|
||||
|
||||
这一改动是为了避免将 Client ID 与 Client Secret 暴露在公共环境中。在之前的版本中,Client ID 与 Client Secret 是直接写在 values 中的,这一做法在一般情况下是不安全的。
|
||||
|
||||
了解更多信息请参考 https://github.com/chaos-mesh/chaos-mesh/issues/4206。
|
||||
|
||||
:::
|
||||
|
||||
要启动这项功能,需要打开 Chaos Mesh 的 helm charts ,设置以下配置项:
|
||||
|
||||
1. `dashboard.gcpSecurityMode` 需要设置为 `true`
|
||||
2. `dashboard.gcpClientId` 需要设置为上一步骤中获得的 Client ID
|
||||
3. `dashboard.gcpClientSecret` 需要设置为上一步骤中获得的 Client Secret
|
||||
4. `dashboard.rootUrl` 需要设置为 Chaos Dashboard 的根地址
|
||||
```yaml
|
||||
dashboard:
|
||||
rootUrl: http://localhost:2333
|
||||
gcpSecurityMode:
|
||||
enabled: true
|
||||
# Old configuration items for compatibility.
|
||||
clientId: ''
|
||||
clientSecret: ''
|
||||
# References existing Kubernetes secret containing `GCP_CLIENT_ID` and `GCP_CLIENT_SECRET`.
|
||||
existingSecret: ''
|
||||
```
|
||||
|
||||
如果已经安装并运行了 Chaos Mesh,可以通过 `helm upgrade` 命令来更新配置;如果还未安装 Chaos Mesh,则可以通过 `helm install` 进行安装。
|
||||
|
||||
## 使用
|
||||
|
||||
打开 Chaos Dashboard,点击验证窗口下方的 Google Icon。
|
||||
打开 Chaos Dashboard,点击验证窗口下方的 Google 图标。
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: GCP 身份验证接入
|
||||
title: GCP OAuth 验证
|
||||
---
|
||||
|
||||
如果 Chaos Mesh 集群部署于 Google Cloud Platform,用户将能够通过 Google OAuth 验证登入 Chaos Dashboard。本文档将介绍如何配置和启用这项功能。
|
||||
|
||||
## 创建用于登陆验证的 OAuth Client
|
||||
## 创建 OAuth Client
|
||||
|
||||
根据 [Setting up OAuth 2.0](https://support.google.com/cloud/answer/6158849?hl=en) 创建用于接入 GCP 的 OAuth 2.0 客户端,并获得 Client ID 与 Client Secret。
|
||||
|
||||
|
|
@ -31,7 +31,7 @@ title: GCP 身份验证接入
|
|||
|
||||
## 使用
|
||||
|
||||
打开 Chaos Dashboard,点击验证窗口下方的 Google Icon。
|
||||
打开 Chaos Dashboard,点击验证窗口下方的 Google 图标。
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: GCP 身份验证接入
|
||||
title: GCP OAuth 验证
|
||||
---
|
||||
|
||||
如果 Chaos Mesh 集群部署于 Google Cloud Platform,用户将能够通过 Google OAuth 验证登入 Chaos Dashboard。本文档将介绍如何配置和启用这项功能。
|
||||
|
||||
## 创建用于登陆验证的 OAuth Client
|
||||
## 创建 OAuth Client
|
||||
|
||||
根据 [Setting up OAuth 2.0](https://support.google.com/cloud/answer/6158849?hl=en) 创建用于接入 GCP 的 OAuth 2.0 客户端,并获得 Client ID 与 Client Secret。
|
||||
|
||||
|
|
@ -31,7 +31,7 @@ title: GCP 身份验证接入
|
|||
|
||||
## 使用
|
||||
|
||||
打开 Chaos Dashboard,点击验证窗口下方的 Google Icon。
|
||||
打开 Chaos Dashboard,点击验证窗口下方的 Google 图标。
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: GCP 身份验证接入
|
||||
title: GCP OAuth 验证
|
||||
---
|
||||
|
||||
如果 Chaos Mesh 集群部署于 Google Cloud Platform,用户将能够通过 Google OAuth 验证登入 Chaos Dashboard。本文档将介绍如何配置和启用这项功能。
|
||||
|
||||
## 创建用于登陆验证的 OAuth Client
|
||||
## 创建 OAuth Client
|
||||
|
||||
根据 [Setting up OAuth 2.0](https://support.google.com/cloud/answer/6158849?hl=en) 创建用于接入 GCP 的 OAuth 2.0 客户端,并获得 Client ID 与 Client Secret。
|
||||
|
||||
|
|
@ -31,7 +31,7 @@ title: GCP 身份验证接入
|
|||
|
||||
## 使用
|
||||
|
||||
打开 Chaos Dashboard,点击验证窗口下方的 Google Icon。
|
||||
打开 Chaos Dashboard,点击验证窗口下方的 Google 图标。
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -12,13 +12,13 @@ Create GCP OAuth client and get the Client ID and Client Secret according to [Se
|
|||
2. From the projects list, select a project or create a new one.
|
||||
3. If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.
|
||||
4. Click "Credentials" on the left.
|
||||
5. Click "New Credentials", then select "OAuth client ID".
|
||||
6. Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is `ROOT_URL/api/auth/gcp/callback`. In this part, `ROOT_URL` is the root URL of Chaos dashboard, like "http://localhost:2333". This URL can be set through the configuration item `dashboard.rootUrl` by`helm`.
|
||||
7. Click "Create Client ID".
|
||||
5. Click "Create Credentials", then select "OAuth client ID".
|
||||
6. Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is `ROOT_URL/api/auth/gcp/callback`. In this part, `ROOT_URL` is the root URL of Chaos dashboard, like `http://localhost:2333`. This URL can be set through the configuration item `dashboard.rootUrl` by `helm`.
|
||||
7. Click "Create".
|
||||
|
||||
After creating the client, remember to save the Client ID and Client Secret for the following steps.
|
||||
|
||||
## Configure and start Chaos Mesh
|
||||
## Configure and Start Chaos Mesh
|
||||
|
||||
To enable the function, you need to set the configuration items in helm charts as follows:
|
||||
|
||||
|
|
@ -29,9 +29,9 @@ To enable the function, you need to set the configuration items in helm charts a
|
|||
|
||||
If Chaos Mesh has been installed, you can update the configuration items through `helm upgrade`. If not, you can install Chaos Mesh through `helm install`.
|
||||
|
||||
## Use the function
|
||||
## Login with Google
|
||||
|
||||
Open Chaos Dashboard, and click the google icon under the authentication window.
|
||||
Open Chaos Dashboard, and click the Google icon under the authentication window.
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -12,13 +12,13 @@ Create GCP OAuth client and get the Client ID and Client Secret according to [Se
|
|||
2. From the projects list, select a project or create a new one.
|
||||
3. If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.
|
||||
4. Click "Credentials" on the left.
|
||||
5. Click "New Credentials", then select "OAuth client ID".
|
||||
6. Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is `ROOT_URL/api/auth/gcp/callback`. In this part, `ROOT_URL` is the root URL of Chaos dashboard, like "http://localhost:2333". This URL can be set through the configuration item `dashboard.rootUrl` by`helm`.
|
||||
7. Click "Create Client ID".
|
||||
5. Click "Create Credentials", then select "OAuth client ID".
|
||||
6. Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is `ROOT_URL/api/auth/gcp/callback`. In this part, `ROOT_URL` is the root URL of Chaos dashboard, like `http://localhost:2333`. This URL can be set through the configuration item `dashboard.rootUrl` by `helm`.
|
||||
7. Click "Create".
|
||||
|
||||
After creating the client, remember to save the Client ID and Client Secret for the following steps.
|
||||
|
||||
## Configure and start Chaos Mesh
|
||||
## Configure and Start Chaos Mesh
|
||||
|
||||
To enable the function, you need to set the configuration items in helm charts as follows:
|
||||
|
||||
|
|
@ -29,9 +29,9 @@ To enable the function, you need to set the configuration items in helm charts a
|
|||
|
||||
If Chaos Mesh has been installed, you can update the configuration items through `helm upgrade`. If not, you can install Chaos Mesh through `helm install`.
|
||||
|
||||
## Use the function
|
||||
## Login with Google
|
||||
|
||||
Open Chaos Dashboard, and click the google icon under the authentication window.
|
||||
Open Chaos Dashboard, and click the Google icon under the authentication window.
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -12,13 +12,13 @@ Create GCP OAuth client and get the Client ID and Client Secret according to [Se
|
|||
2. From the projects list, select a project or create a new one.
|
||||
3. If the APIs & services page was not loaded automatically, open the console left side menu and select "APIs & services" manually.
|
||||
4. Click "Credentials" on the left.
|
||||
5. Click "New Credentials", then select "OAuth client ID".
|
||||
6. Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is `ROOT_URL/api/auth/gcp/callback`. In this part, `ROOT_URL` is the root URL of Chaos dashboard, like "http://localhost:2333". This URL can be set through the configuration item `dashboard.rootUrl` by`helm`.
|
||||
7. Click "Create Client ID".
|
||||
5. Click "Create Credentials", then select "OAuth client ID".
|
||||
6. Select "Web Application" as the application type, and enter additional information and the redirect URL of Chaos dashboard, which is `ROOT_URL/api/auth/gcp/callback`. In this part, `ROOT_URL` is the root URL of Chaos dashboard, like `http://localhost:2333`. This URL can be set through the configuration item `dashboard.rootUrl` by `helm`.
|
||||
7. Click "Create".
|
||||
|
||||
After creating the client, remember to save the Client ID and Client Secret for the following steps.
|
||||
|
||||
## Configure and start Chaos Mesh
|
||||
## Configure and Start Chaos Mesh
|
||||
|
||||
To enable the function, you need to set the configuration items in helm charts as follows:
|
||||
|
||||
|
|
@ -29,9 +29,9 @@ To enable the function, you need to set the configuration items in helm charts a
|
|||
|
||||
If Chaos Mesh has been installed, you can update the configuration items through `helm upgrade`. If not, you can install Chaos Mesh through `helm install`.
|
||||
|
||||
## Use the function
|
||||
## Login with Google
|
||||
|
||||
Open Chaos Dashboard, and click the google icon under the authentication window.
|
||||
Open Chaos Dashboard, and click the Google icon under the authentication window.
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue