In order to be able to take manual actions in Estafette you need to protect it with a login.
To log in to Estafette using Google login first set up the OAuth consent screen in one of your Google Cloud projects at
https://console.cloud.google.com/apis/credentials/consent?project=<gcp project id>.
Once that's done you can go to
https://console.cloud.google.com/apis/credentials?project=<gcp project id> and click Create credentials and select OAuth client ID. Fill in the form with the following values:
After creating the application you'll be able to see the Client ID and Client secret. Armed with these details you can update the values used by the Helm installation by updating your
values.yaml values file:
api: ... config: files: | config.yaml: | apiServer: baseURL: 'https://<(private) host for the web gui>' integrationsHost: 'https://<public host to receive webhooks>' auth: google: clientID: '<google oauth client id>' clientSecret: '<google oauth client secret>' allowedIdentitiesRegex: '<regex to restrict domain for the email address of the user; for example [email protected]\.io>' administrators: - [email protected] - [email protected]
or override the default config with environment variables like:
api: baseHost: '<(private) host for the web gui>' integrationsHost: '<public host to receive webhooks>' deployment: extraEnv: - name: ESCI_AUTH_GOOGLE_CLIENTID value: '<google oauth client id>' - name: ESCI_AUTH_GOOGLE_CLIENTSECRET value: '<google oauth client secret>' - name: ESCI_AUTH_GOOGLE_ALLOWEDIDENTITIESREGEX value: '<regex to restrict domain for the email address of the user; for example [email protected]\.io>' - name: ESCI_AUTH_ADMINISTRATORS value: '<comma separate list of admin email addresses, for example [email protected],[email protected]>'
With this in place run
helm upgrade --install estafette-ci estafette/estafette-ci -n estafette-ci --create-namespace --timeout 600s --values values.yaml
Now when navigating to your base host you should be able to see a Google login button and use it to log in to your Estafette setup.