diff --git a/README.md b/README.md index fdab25e..ceabeed 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ -# CASA +# CaaSa -## Container as a Service Admin +## Container as a Service admin -| [Demo](https://knrdl.github.io/casa/) | [Docker Hub](https://hub.docker.com/r/knrdl/casa) [![Docker Hub](https://img.shields.io/docker/pulls/knrdl/casa.svg?logo=docker&style=popout-square)](https://hub.docker.com/r/knrdl/casa) | [![CI](https://github.com/knrdl/casa/actions/workflows/docker-image.yml/badge.svg)](https://github.com/knrdl/casa/actions/workflows/docker-image.yml) -| ----------- | ----------- | ----------- | +| [Demo](https://knrdl.github.io/caasa/) | [Docker Hub](https://hub.docker.com/r/knrdl/caasa) [![Docker Hub](https://img.shields.io/docker/pulls/knrdl/caasa.svg?logo=docker&style=popout-square)](https://hub.docker.com/r/knrdl/caasa) | [![CI](https://github.com/knrdl/caasa/actions/workflows/docker-image.yml/badge.svg)](https://github.com/knrdl/caasa/actions/workflows/docker-image.yml) +|----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ----------- | Outsource the administration of a handful of containers to your co-workers. -CASA provides a simple web-interface to handle basic container admin tasks: +CaaSa provides a simple web-interface to handle basic container admin tasks: * View resource consumption/runtime behaviour * Restart, Stop containers @@ -19,17 +19,17 @@ Restrict permissions per container and user ## Getting started -### 1. Deploy CASA +### 1. Deploy CaaSa ```yaml version: '2.4' services: - casa: - image: knrdl/casa + caasa: + image: knrdl/caasa restart: always environment: - ROLES_casa_admin_basic: info, state, logs, procs, files, files-read - ROLES_casa_admin_full: info, info-annotations, state, logs, term, procs, files, files-read, files-write + ROLES_caasa_admin_basic: info, state, logs, procs, files, files-read + ROLES_caasa_admin_full: info, info-annotations, state, logs, term, procs, files, files-read, files-write AUTH_API_URL: https://identity.mycompany.com/login AUTH_API_FIELD_USERNAME: username AUTH_API_FIELD_PASSWORD: password @@ -41,7 +41,7 @@ services: cpu_count: 1 ``` -> :warning: **For production** is a reverse-proxy with TLS termination in front of CASA highly recommended +> :warning: **For production** is a reverse-proxy with TLS termination in front of CaaSa highly recommended Roles are defined via environment variables and might contain these permissions: @@ -59,7 +59,7 @@ Roles are defined via environment variables and might contain these permissions: #### 2.1 Restful authentication -To perform logins CASA sends http-post requests to the URL defined in the environment variable `AUTH_API_URL`. The requests contain a json body with username and password. The json field names are defined via environment variables `AUTH_API_FIELD_USERNAME` (default: *username*) and `AUTH_API_FIELD_PASSWORD` (default: *password*). A 2XX response code (e.g. *200 OK*) represents a successful login. +To perform logins CaaSa sends http-post requests to the URL defined in the environment variable `AUTH_API_URL`. The requests contain a json body with username and password. The json field names are defined via environment variables `AUTH_API_FIELD_USERNAME` (default: *username*) and `AUTH_API_FIELD_PASSWORD` (default: *password*). A 2XX response code (e.g. *200 OK*) represents a successful login. #### 2.2 Dummy authentication @@ -69,19 +69,19 @@ Set the environment variable `AUTH_API_URL=https://example.org`. Now you can log #### 2.3 WebProxy authentication -CASA can read the username from a http request header. This header must be supplied by a reverse proxy in front of CASA. It can be specified via the environment variable `WEBPROXY_AUTH_HEADER`. A typical header name is *Remote-User*. +CaaSa can read the username from a http request header. This header must be supplied by a reverse proxy in front of CaaSa. It can be specified via the environment variable `WEBPROXY_AUTH_HEADER`. A typical header name is *Remote-User*. > :warning: The header must be supplied by the reverse proxy and must not be set by the client. ### 3. Annotate containers -If a container should be visible in CASA, it must be annotated with a label defined above as `ROLES_` and list all permitted usernames (or user IDs). Usernames are treated as case-insensitive. +If a container should be visible in CaaSa, it must be annotated with a label defined above as `ROLES_` and list all permitted usernames (or user IDs). Usernames are treated as case-insensitive. ```bash -docker run -it --rm --name casa_demo --label casa.admin.full=user1,user2 nginx:alpine +docker run -it --rm --name caasa_demo --label caasa.admin.full=user1,user2 nginx:alpine ``` -In this example the users `user1` and `user2` are granted the rights of the `casa.admin.full` role for the container `casa_demo` via CASA web interface. +In this example the users `user1` and `user2` are granted the rights of the `caasa.admin.full` role for the container `caasa_demo` via CaaSa web interface. ## Screenshot diff --git a/client/package-lock.json b/client/package-lock.json index 26ac755..b4b9043 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -1,11 +1,11 @@ { - "name": "casa", + "name": "caasa", "version": "1.0.0", "lockfileVersion": 2, "requires": true, "packages": { "": { - "name": "casa", + "name": "caasa", "version": "1.0.0", "dependencies": { "sirv-cli": "^2.0.0" diff --git a/client/package.json b/client/package.json index a2d7895..d3ff5e9 100644 --- a/client/package.json +++ b/client/package.json @@ -1,5 +1,5 @@ { - "name": "casa", + "name": "caasa", "version": "1.0.0", "private": true, "scripts": { diff --git a/client/public/index.html b/client/public/index.html index f1df696..0a84a3c 100644 --- a/client/public/index.html +++ b/client/public/index.html @@ -5,13 +5,13 @@ - Casa + CaaSa - + @@ -20,4 +20,4 @@ - \ No newline at end of file + diff --git a/client/src/api.mock.ts b/client/src/api.mock.ts index 9e8a327..636551f 100644 --- a/client/src/api.mock.ts +++ b/client/src/api.mock.ts @@ -7,7 +7,7 @@ function mockResponse(body) { return `{"response": "get_system_info", "payload": {"version": "20.10.7", "containers": {"total": 178, "running": 170, "stopped": 0}, "os": "Ubuntu 20.04.3 LTS", "cpus": 24, "mem": 31277850624}}` case 'get_container_list': return `{"response": "get_container_list", "payload": [ - {"id": "2b7eb6b9d2f7fd2dd26738500a81a16310f78e46eea2f9c2a27ed876d85d8586", "name": "Casa Demo", "namespace": null, "status": "running", "permissions": ["info", "info-annotations", "procs", "files-read", "files-write", "files", "logs", "state", "term"]}, + {"id": "2b7eb6b9d2f7fd2dd26738500a81a16310f78e46eea2f9c2a27ed876d85d8586", "name": "CaaSa Demo", "namespace": null, "status": "running", "permissions": ["info", "info-annotations", "procs", "files-read", "files-write", "files", "logs", "state", "term"]}, {"id": "2b7eb6b9d2f7fd2dd26738500a81a16310f78e46eea2f9c2a27ed876d85d8587", "name": "Backend", "namespace": "Cool Web App", "status": "running", "permissions": ["info", "info-annotations", "procs", "files-read", "files-write", "files", "logs", "state", "term"]}, {"id": "2b7eb6b9d2f7fd2dd26738500a81a16310f78e46eea2f9c2a27ed876d85d8588", "name": "Gateway", "namespace": "Cool Web App", "status": "running", "permissions": ["info", "info-annotations", "procs", "files-read", "files-write", "files", "logs", "state", "term"]} ]}` @@ -15,11 +15,11 @@ function mockResponse(body) { return `{"response": "get_processes", "payload": [{"pid": "45756", "ppid": "45733", "%cpu": "0.0", "%mem": "0.0", "user": "root", "stime": "16:24", "command": "nginx: master process nginx -g daemon off;", "level": 0}, {"pid": "45822", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45823", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45824", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45825", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45826", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45827", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45828", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45829", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45830", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45831", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45832", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "45833", "ppid": "45756", "%cpu": "0.0", "%mem": "0.0", "user": "systemd+", "stime": "16:24", "command": "nginx: worker process", "level": 1}, {"pid": "46825", "ppid": "45733", "%cpu": "0.0", "%mem": "0.0", "user": "root", "stime": "16:34", "command": "sh", "level": 0}]}` case 'get_container_info': const container_name = { - '2b7eb6b9d2f7fd2dd26738500a81a16310f78e46eea2f9c2a27ed876d85d8586': '/casa_demo', + '2b7eb6b9d2f7fd2dd26738500a81a16310f78e46eea2f9c2a27ed876d85d8586': '/caasa_demo', '2b7eb6b9d2f7fd2dd26738500a81a16310f78e46eea2f9c2a27ed876d85d8587': '/cool_web_app_backend_1', '2b7eb6b9d2f7fd2dd26738500a81a16310f78e46eea2f9c2a27ed876d85d8588': '/cool_web_app_gateway_1', } - return `{"response": "get_container_info", "payload": {"id": "${body.payload.container_id}", "name": "${container_name[body.payload.container_id]}", "status": "running", "command": "/docker-entrypoint.sh nginx -g daemon off;", "created_at": "2021-12-02T10:33:16.628618832Z", "started_at": "2021-12-02T10:33:17.015866729Z", "finished_at": "0001-01-01T00:00:00Z", "crashes": 0, "env": {"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION": "1.21.1", "NJS_VERSION": "0.6.1", "PKG_RELEASE": "1"}, "labels": {"casa.admin.full": "user1,user2", "maintainer": "NGINX Docker Maintainers "}, "image": {"name": "nginx:alpine", "hash": "sha256:b9e2356ea1be9452f3777a587b0b6a30bc16c295fe6190eda6a0776522f27439"}, "mem": {"used": 10452992, "max_used": 19345408, "total": 52428800}, "cpu": {"perc": ${Math.random() * 10}}, "net": {"rx_bytes": 18201, "tx_bytes": 0}, "ports": ["80/tcp"]}}` + return `{"response": "get_container_info", "payload": {"id": "${body.payload.container_id}", "name": "${container_name[body.payload.container_id]}", "status": "running", "command": "/docker-entrypoint.sh nginx -g daemon off;", "created_at": "2021-12-02T10:33:16.628618832Z", "started_at": "2021-12-02T10:33:17.015866729Z", "finished_at": "0001-01-01T00:00:00Z", "crashes": 0, "env": {"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION": "1.21.1", "NJS_VERSION": "0.6.1", "PKG_RELEASE": "1"}, "labels": {"caasa.admin.full": "user1,user2", "maintainer": "NGINX Docker Maintainers "}, "image": {"name": "nginx:alpine", "hash": "sha256:b9e2356ea1be9452f3777a587b0b6a30bc16c295fe6190eda6a0776522f27439"}, "mem": {"used": 10452992, "max_used": 19345408, "total": 52428800}, "cpu": {"perc": ${Math.random() * 10}}, "net": {"rx_bytes": 18201, "tx_bytes": 0}, "ports": ["80/tcp"]}}` case 'get_container_logs': if (body.payload.onlynew) return `{"response": "get_container_logs", "payload":""}` diff --git a/client/src/containers/SystemInfo.svelte b/client/src/containers/SystemInfo.svelte index 0bc55d1..6f6c7ae 100644 --- a/client/src/containers/SystemInfo.svelte +++ b/client/src/containers/SystemInfo.svelte @@ -55,10 +55,10 @@ {info.containers.running}/{info.containers.total} Containers running
- - Casa on Github + CaaSa on Github
diff --git a/setup-dev/.env b/setup-dev/.env index 405ee58..cee0eb2 100644 --- a/setup-dev/.env +++ b/setup-dev/.env @@ -1 +1 @@ -COMPOSE_PROJECT_NAME=casadev +COMPOSE_PROJECT_NAME=caasadev diff --git a/setup-dev/docker-compose.yml b/setup-dev/docker-compose.yml index 0b6feb4..34581b3 100644 --- a/setup-dev/docker-compose.yml +++ b/setup-dev/docker-compose.yml @@ -1,12 +1,12 @@ version: '2.4' services: - casa: + caasa: build: .. restart: always environment: - ROLES_casa_admin_basic: info, state, logs, procs, files, files-read - ROLES_casa_admin_full: info, info-annotations, state, logs, term, procs, files, files-read, files-write + ROLES_caasa_admin_basic: info, state, logs, procs, files, files-read + ROLES_caasa_admin_full: info, info-annotations, state, logs, term, procs, files, files-read, files-write AUTH_API_URL: https://example.org AUTH_API_FIELD_USERNAME: username AUTH_API_FIELD_PASSWORD: password @@ -21,9 +21,9 @@ services: mem_limit: 150m cpu_count: 1 labels: - traefik.http.routers.casa.rule: Host(`localhost`) + traefik.http.routers.caasa.rule: Host(`localhost`) traefik.http.middlewares.webproxy-auth.headers.customrequestheaders.Remote-User: user1 # for web proxy auth - traefik.http.routers.casa.middlewares: 'webproxy-auth@docker' + traefik.http.routers.caasa.middlewares: 'webproxy-auth@docker' proxy: image: docker.io/traefik:v2.9 @@ -36,17 +36,17 @@ services: # - /var/run/docker.sock:/var/run/docker.sock # DOCKER - /run/user/1000/podman/podman.sock:/var/run/docker.sock # PODMAN labels: - casa.admin.basic: user1,user2 + caasa.admin.basic: user1,user2 demo1: image: docker.io/nginx:alpine labels: - casa.admin.full: user1,user2 + caasa.admin.full: user1,user2 demo2: image: docker.io/traefik/whoami labels: - casa.admin.basic: user1,user2 + caasa.admin.basic: user1,user2 networks: net: