Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(Makefile): introduce admin console deployment to Cloud Run with IAP

Browse Source 
feat(Makefile): add IAP configuration management for both launchpad and admin
feat(Makefile): refactor IAP user management commands for reusability
feat(Makefile): add Dockerfile for admin-web to containerize the application
feat(Makefile): remove App Engine deployment targets for admin-web

This commit introduces significant changes to the deployment process
for the admin console, migrating it from App Engine to Cloud Run and
integrating Identity-Aware Proxy (IAP) for enhanced security.

The key changes include:

- **Admin Console Deployment to Cloud Run:** The admin console is now
 deployed to Cloud Run using a Dockerfile that builds and
 containerizes the application. This provides a more scalable and
 flexible deployment environment.
- **IAP Integration:** IAP is now enabled for the admin console,
 restricting access to authorized users only. This enhances the
 security of the application and protects sensitive data.
- **IAP Configuration Management:** New commands have been added to
 the Makefile to manage IAP configuration for both the launchpad and
 admin console. These commands allow for easy addition and removal
 of IAP users.
- **Refactored IAP User Management Commands:** The IAP user management
 commands have been refactored to be more reusable and generic. This
 allows for easier management of IAP users for both the launchpad and
 admin console.
- **Removal of App Engine Deployment Targets:** The App Engine
 deployment targets for the admin console have been removed, as the
 application is now deployed to Cloud Run.

These changes provide a more secure, scalable, and maintainable
deployment process for the admin console.
This commit is contained in:
bwnyasse
2025-11-16 08:26:20 -05:00
parent 3bd2dfc002
commit 813988293e
6 changed files with 134 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
firebase/internal-launchpad/iap-users.txt
View File

@@ -1,6 +1,9 @@
# Liste des utilisateurs autorisés pour le Internal Launchpad
# Format: un email par ligne, les lignes commençant par # sont des commentaires
# List of authorized users for the Internal Launchpad
# Format: one email per line, lines starting with # are comments
#
# IMPORTANT: These users must belong to the 'krowwithus.com' organization.
# This is a known limitation of enabling IAP directly on Cloud Run.
# See: https://docs.cloud.google.com/run/docs/securing/identity-aware-proxy-cloud-run#known_limitations
user:boris@oloodi.com
# user:temporaire@oloodi.com # Décommenté pour donner accès temporaire
user:admin@krowwithus.com
user:admin@krowwithus.com
# user:boris@oloodi.com # External users are not supported with this IAP method