{"id":18753299,"url":"https://github.com/pingidentity/ping-cloud-base","last_synced_at":"2025-04-13T00:31:42.138Z","repository":{"id":38746481,"uuid":"205146601","full_name":"pingidentity/ping-cloud-base","owner":"pingidentity","description":"The base Kubernetes yaml files to deploy the cookie-cutter Ping Identity software stack onto a Kubernetes cluster","archived":false,"fork":false,"pushed_at":"2025-04-11T21:16:57.000Z","size":35914,"stargazers_count":22,"open_issues_count":4,"forks_count":16,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-11T22:28:00.529Z","etag":null,"topics":["devops","ping-devops"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pingidentity.png","metadata":{"files":{"readme":"README.md","changelog":"Changelog.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-29T11:20:03.000Z","updated_at":"2024-12-27T19:45:55.000Z","dependencies_parsed_at":"2023-10-13T08:17:36.516Z","dependency_job_id":"2c404cea-4145-4c22-91c8-1afe80c8c123","html_url":"https://github.com/pingidentity/ping-cloud-base","commit_stats":null,"previous_names":[],"tags_count":187,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pingidentity%2Fping-cloud-base","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pingidentity%2Fping-cloud-base/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pingidentity%2Fping-cloud-base/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pingidentity%2Fping-cloud-base/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pingidentity","download_url":"https://codeload.github.com/pingidentity/ping-cloud-base/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248650590,"owners_count":21139670,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","ping-devops"],"created_at":"2024-11-07T17:25:12.517Z","updated_at":"2025-04-13T00:31:37.124Z","avatar_url":"https://github.com/pingidentity.png","language":"Shell","readme":"# Ping Cloud Base Configuration\n\nThis directory contains all the base Kubernetes configuration files that may be\nused to deploy the Ping Cloud software stack onto a Kubernetes cluster. It\nallows anyone to set up a cookie-cutter Ping Software stack on a Kubernetes\ncluster for evaluation purposes. Currently only AWS EKS clusters are supported.\n\n# Disclaimer\n\n\u003eThe software provided hereunder is provided on an \"as is\" basis, without\nany warranties or representations express, implied or statutory; including,\nwithout limitation, warranties of quality, performance, non-infringement,\nmerchantability or fitness for a particular purpose. Nor are there any\nwarranties created by a course or dealing, course of performance or trade\nusage. Furthermore, there are no warranties that the software will meet\nyour needs or be free from errors, or that the operation of the software\nwill be uninterrupted. In no event shall the copyright holders or\ncontributors be liable for any direct, indirect, incidental, special,\nexemplary, or consequential damages however caused and on any theory of\nliability, whether in contract, strict liability, or tort (including\nnegligence or otherwise) arising in any way out of the use of this\nsoftware, even if advised of the possibility of such damage.\n\n# Warning\n\nThis repository is still under active development and should not be used at this\ntime for production purposes due to potential breaking changes.\n\n# Testing\n\nThe following tools must be set up and configured correctly:\n\n- kubectl (\u003e= v1.14)\n- kustomize (\u003e= v3.2)\n- envsubst (\u003e= 0.20)\n\nTo set up the environment, the following environment variables must be exported\nat the very minimum:\n\n- PING_IDENTITY_DEVOPS_USER\n- PING_IDENTITY_DEVOPS_KEY\n- BACKUP_URL\n- TENANT_DOMAIN\n\nThe DEVOPS user and key may be obtained from the Ping DevOps GTE team here:\n\nhttps://docs.google.com/forms/d/e/1FAIpQLSdgEFvqQQNwlsxlT6SaraeDMBoKFjkJVCyMvGPVPKcrzT3yHA/viewform\n\nThe TENANT_DOMAIN must be an AWS registered domain and hosted zone on Route53 in\nthe same AWS IAM role (e.g. arn:aws:iam::555555555555:role/ROLE) as your EKS\ncluster. For example, if it is set to k8s-icecream.ping-devops.com, then\nping-devops.com must be a valid DNS domain registered by some registrar (e.g.\nAWS Route53). There must also be a hosted zone created for it on AWS Route53.\nRefer to the AWS online documentation on how to set these up.\n\nThe BACKUP_URL must point to an s3 bucket on AWS. PingFederate in clustered mode\n(which is the default) requires an s3 bucket for high availability and fault tolerance. \n\nTo build the environment, simply run:\n\n```\nkustomize build https://github.com/pingidentity/ping-cloud-base?ref=master |\n  envsubst '\n    ${PING_IDENTITY_DEVOPS_USER}\n    ${PING_IDENTITY_DEVOPS_KEY}\n    ${BACKUP_URL}\n    ${TENANT_DOMAIN}' |\n  kubectl apply -f -\n```\n\nMonitor it by running:\n\n```\nkubectl get pods -n ping-cloud\n```\n\nWhen all pods are ready, you should be able to access the following URLs:\n\n```\nPingfederate console:\nhttps://pingfederate-admin.k8s-icecream.ping-devops.com/pingfederate/app\n\nPingfederate API:\nhttps://pingfederate-admin.k8s-icecream.ping-devops.com/pf-admin-api/api-docs\n\nPingfederate runtime endpoint:\nhttps://pingfederate.k8s-icecream.ping-devops.com\n\nPingfederate oauth playground:\nhttps://pingfederate.k8s-icecream.ping-devops.com/OAuthPlayground\n\nPingaccess console:\nhttps://pingaccess-admin.k8s-icecream.ping-devops.com\n\nPingaccess API:\nhttps://pingaccess-admin.k8s-icecream.ping-devops.com/pa-admin-api/v3/api-docs/\n\nPingaccess runtime endpoint:\nhttps://pingaccess.k8s-icecream.ping-devops.com\n\nPingaccess WAS console:\nhttps://pingaccess-was-admin.k8s-icecream.ping-devops.com\n\nPingaccess WAS API:\nhttps://pingaccess-was-admin.k8s-icecream.ping-devops.com/pa-admin-api/v3/api-docs/\n\nPingaccess WAS runtime endpoint:\nhttps://pingaccess-was.k8s-icecream.ping-devops.com\n\nKibana console:\nhttps://logs.k8s-icecream.ping-devops.com\n```\n\nInformation on how to access the environments may be found here:\n\nhttps://github.com/pingidentity/pingidentity-devops-getting-started/tree/master/11-docker-compose/03-full-stack\n\n# Customization\n\nThe configuration in this repository may be used as a base for any customer\ndeployment by simply providing a kustomization.yaml file that looks like this:\n\n```\nkind: Kustomization\napiVersion: kustomize.config.k8s.io/v1beta1\n\nresources:\n- https://github.com/pingidentity/ping-cloud-base/k8s-configs?ref=master\n```\n\nIn addition, some overrides must be provided (e.g. via secret and configmap\ngenerators) for the DEVOPS user/key and the ingress URLs at a minimum. The\nkustomization.yaml in the root of this repository shows an example of how this\ncan be done. More information on kustomize may be found here:\n\nhttps://kustomize.io/\n\nThen, a new environment may simply be created by running:\n\n```\nkustomize build . | kubectl apply -f -\n```\n\nNote that the manifest files only work with kustomize v3.1.0 or later. The\nkustomize that's included in kubectl is of an older version. So the following\ndirect invocation from kubectl does not work at the moment.\n\n~~kubectl apply -k .~~\n\n\n# Gotchas\nMake sure that your branch name is sufficiently short (\u003c37 characters)\n\nWhen automatically testing with CI/CD, the URLs created are based on the git branch name.\nIf this branch name is too long, AWS Route53 will not be able to generate the URLs and your tests will fail.\n\nGitlab push rules are set up to not allow you to push to the branch if this is the case, however, \nyou can also add this git hook to prevent this from occurring before you even push to Gitlab:\n\n```\n❯ cat .git/hooks/pre-push\n#!/bin/sh\n\nCUR_BRANCH=$(git branch --show-current)\n\nif [[ $(echo \"${CUR_BRANCH}\" | wc -c) -gt 37 ]]; then\n  echo \"Your branch name is too long. Please shorten to 37 characters or less to comply with route53 max length requirements\"\n  exit 1\nfi\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpingidentity%2Fping-cloud-base","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpingidentity%2Fping-cloud-base","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpingidentity%2Fping-cloud-base/lists"}