diff --git a/docs/outposts/outposts.md b/docs/outposts/outposts.md new file mode 100644 index 000000000..377918ff1 --- /dev/null +++ b/docs/outposts/outposts.md @@ -0,0 +1,26 @@ +# Outposts + +An outpost is a single deployment of a passbook component, which can be deployed in a completely separate environment. Currently, only the Proxy Provider is supported as outpost. + +![](outposts.png) + +Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to passbook. + +To deploy an outpost, you can for example use this docker-compose snippet: + +```yaml +version: 3.5 + +services: + passbook_proxy: + image: beryju/passbook-proxy:0.10.0-stable + ports: + - 4180:4180 + - 4443:4443 + environment: + PASSBOOK_HOST: https://your-passbook.tld + PASSBOOK_INSECURE: 'true' + PASSBOOK_TOKEN: token-generated-by-passbook +``` + +In future versions, this snippet will be automatically generated. You will also be able to deploy an outpost directly into a kubernetes cluster.w diff --git a/docs/outposts/outposts.png b/docs/outposts/outposts.png new file mode 100644 index 000000000..77e134aaa Binary files /dev/null and b/docs/outposts/outposts.png differ diff --git a/docs/providers/proxy.md b/docs/providers/proxy.md index 000f1de88..fbb671669 100644 --- a/docs/providers/proxy.md +++ b/docs/providers/proxy.md @@ -1,5 +1,8 @@ # Proxy Provider +!!! info + This provider is to be used in conjunction with [Outposts](../outposts/outposts.md) + This provider protects applications, which have no built-in support for OAuth2 or SAML. This is done by running a lightweight Reverse Proxy in front of the application, which authenticates the requests. passbook Proxy is based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), but has been integrated more tightly with passbook. diff --git a/docs/upgrading/to-0.10.md b/docs/upgrading/to-0.10.md index 658da1c22..5184336b4 100644 --- a/docs/upgrading/to-0.10.md +++ b/docs/upgrading/to-0.10.md @@ -16,6 +16,8 @@ This update brings a lot of big features, such as: This is a new Object type, used currently only by the Proxy Provider. It manages the creation and permissions of service accounts, which are used by the outposts to communicate with passbook. + See [Outposts](../outposts/outposts.md) + - Flow Import/Export Flows can now be imported and exported. This feature can be used as a backup system, or to share complex flows with other people. Example flows have also been added to the documentation to help you get going with passbook. diff --git a/mkdocs.yml b/mkdocs.yml index 911db8d81..1a3455098 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -30,6 +30,7 @@ nav: - OAuth2: providers/oauth2.md - SAML: providers/saml.md - Proxy: providers/proxy.md + - Outposts: outposts/outposts.md - Expressions: - Overview: expressions/index.md - Reference: diff --git a/passbook/outposts/migrations/0005_auto_20200909_1733.py b/passbook/outposts/migrations/0005_auto_20200909_1733.py new file mode 100644 index 000000000..5a5f41843 --- /dev/null +++ b/passbook/outposts/migrations/0005_auto_20200909_1733.py @@ -0,0 +1,22 @@ +# Generated by Django 3.1.1 on 2020-09-09 17:33 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("passbook_outposts", "0004_auto_20200830_1056"), + ] + + operations = [ + migrations.AlterField( + model_name="outpost", + name="deployment_type", + field=models.TextField( + choices=[("custom", "Custom")], + default="custom", + help_text="Select between passbook-managed deployment types or a custom deployment.", + ), + ), + ] diff --git a/passbook/outposts/models.py b/passbook/outposts/models.py index a82657a4e..432bc4ea7 100644 --- a/passbook/outposts/models.py +++ b/passbook/outposts/models.py @@ -47,7 +47,7 @@ class OutpostType(models.TextChoices): class OutpostDeploymentType(models.TextChoices): """Deployment types that are managed through passbook""" - KUBERNETES = "kubernetes" + # KUBERNETES = "kubernetes" CUSTOM = "custom"