Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(Makefile): introduce admin console deployment to Cloud Run with IAP

Browse Source 
feat(Makefile): add IAP configuration management for both launchpad and admin
feat(Makefile): refactor IAP user management commands for reusability
feat(Makefile): add Dockerfile for admin-web to containerize the application
feat(Makefile): remove App Engine deployment targets for admin-web

This commit introduces significant changes to the deployment process
for the admin console, migrating it from App Engine to Cloud Run and
integrating Identity-Aware Proxy (IAP) for enhanced security.

The key changes include:

- **Admin Console Deployment to Cloud Run:** The admin console is now
 deployed to Cloud Run using a Dockerfile that builds and
 containerizes the application. This provides a more scalable and
 flexible deployment environment.
- **IAP Integration:** IAP is now enabled for the admin console,
 restricting access to authorized users only. This enhances the
 security of the application and protects sensitive data.
- **IAP Configuration Management:** New commands have been added to
 the Makefile to manage IAP configuration for both the launchpad and
 admin console. These commands allow for easy addition and removal
 of IAP users.
- **Refactored IAP User Management Commands:** The IAP user management
 commands have been refactored to be more reusable and generic. This
 allows for easier management of IAP users for both the launchpad and
 admin console.
- **Removal of App Engine Deployment Targets:** The App Engine
 deployment targets for the admin console have been removed, as the
 application is now deployed to Cloud Run.

These changes provide a more secure, scalable, and maintainable
deployment process for the admin console.
This commit is contained in:
bwnyasse
2025-11-16 08:26:20 -05:00
parent 3bd2dfc002
commit 813988293e
6 changed files with 134 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
admin-web/iap-users.txt Normal file
View File

@@ -0,0 +1,8 @@
# List of authorized users for the Admin Console
# Format: one email per line, lines starting with # are comments
#
# IMPORTANT: These users must belong to the 'krowwithus.com' organization.
# This is a known limitation of enabling IAP directly on Cloud Run.
# See: https://docs.cloud.google.com/run/docs/securing/identity-aware-proxy-cloud-run#known_limitations
user:admin@krowwithus.com