mirror of
https://github.com/yeslayla/nakama-helm-chart.git
synced 2025-10-31 10:03:03 +01:00
Nakama custom Nakama authentication & update to RDS authentication
This commit is contained in:
@ -12,16 +12,41 @@ Parameters:
|
||||
Description: ID of the VPC
|
||||
Type: AWS::EC2::VPC::Id
|
||||
|
||||
#------------------
|
||||
# Secret's Manager
|
||||
#------------------
|
||||
Secret:
|
||||
#-----------------
|
||||
# RDS Information
|
||||
#-----------------
|
||||
InstanceClass:
|
||||
Type: String
|
||||
Description: Arn of the secret in Secret's Manager
|
||||
Description: Instance class for the dabase to run on
|
||||
Default: db.t2.micro
|
||||
DatabaseEngine:
|
||||
Type: String
|
||||
Description: Database engine for the database to use
|
||||
Default: postgres
|
||||
DatabaseUsername:
|
||||
Type: String
|
||||
Description: Master account's username for database
|
||||
Default: postgres
|
||||
DatabasePort:
|
||||
Type: Number
|
||||
Description: Port for the database to open a socket on
|
||||
Default: "5432"
|
||||
DatabaseStorage:
|
||||
Type: Number
|
||||
Description: The amount of storage (in GB) allocated to the RDS instance
|
||||
Default: "100"
|
||||
DatabaseAccessCidr:
|
||||
Type: String
|
||||
Description: The CIDR used in the security group to secure the database
|
||||
Default: "0.0.0.0/0"
|
||||
DatabaseSecret:
|
||||
Type: String
|
||||
Description: Arn of the secret in Secret's Manager to use as the password
|
||||
Default: ""
|
||||
|
||||
|
||||
Conditions:
|
||||
CreateSecret: !Equals [!Ref Secret, ""]
|
||||
CreateSecret: !Equals [!Ref DatabaseSecret, ""]
|
||||
|
||||
Resources:
|
||||
SecurityGroup:
|
||||
@ -33,11 +58,11 @@ Resources:
|
||||
- IpProtocol: icmp
|
||||
FromPort: "-1"
|
||||
ToPort: "-1"
|
||||
CidrIp: 0.0.0.0/0
|
||||
CidrIp: !Ref DatabaseAccessCidr
|
||||
- IpProtocol: tcp
|
||||
FromPort: "5432"
|
||||
ToPort: "5432"
|
||||
CidrIp: 0.0.0.0/0
|
||||
FromPort: !Ref DatabasePort
|
||||
ToPort: !Ref DatabasePort
|
||||
CidrIp: !Ref DatabaseAccessCidr
|
||||
SecurityGroupEgress:
|
||||
- IpProtocol: icmp
|
||||
FromPort: "-1"
|
||||
@ -65,23 +90,23 @@ Resources:
|
||||
DbInstance:
|
||||
Type: AWS::RDS::DBInstance
|
||||
Properties:
|
||||
DBInstanceClass: db.t2.micro
|
||||
DBInstanceClass: !Ref InstanceClass
|
||||
DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
|
||||
Engine: postgres
|
||||
MasterUsername: postgres
|
||||
MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]
|
||||
Port: "5432"
|
||||
AllocatedStorage: "100"
|
||||
Engine: !Ref DatabaseEngine
|
||||
MasterUsername: !Ref DatabaseUsername
|
||||
MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret] ,":SecretString}}" ]]
|
||||
Port: !Ref DatabasePort
|
||||
AllocatedStorage: !Ref DatabaseStorage
|
||||
VPCSecurityGroups:
|
||||
- !Ref SecurityGroup
|
||||
|
||||
Outputs:
|
||||
RdsSecret:
|
||||
Description: ARN of the Secret's Manager secret for the RDS password
|
||||
Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]
|
||||
Value: !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret]
|
||||
RdsUsername:
|
||||
Description: ARN of the Secret's Manager secret for the RDS password
|
||||
Value: postgres
|
||||
Value: !Ref DatabaseUsername
|
||||
RdsEnpoint:
|
||||
Description: Endpoint to connect to database
|
||||
Value: !GetAtt DbInstance.Endpoint.Address
|
||||
|
||||
@ -4,6 +4,22 @@ Parameters:
|
||||
ServerName:
|
||||
Type: String
|
||||
Default: "nakama-default"
|
||||
|
||||
#----------------------------
|
||||
# Admin Portal Configuration
|
||||
#----------------------------
|
||||
NakamaUsername:
|
||||
Type: String
|
||||
Description: Username to access the Nakama admin portal
|
||||
Default: "admin"
|
||||
NakamaPasswordOverride:
|
||||
Type: String
|
||||
Description: Override Nakama admin portal password
|
||||
Default: ""
|
||||
|
||||
#------------------------
|
||||
# Database Configuration
|
||||
#------------------------
|
||||
DatabaseUsername:
|
||||
Type: String
|
||||
Description: Username of the Postgres server
|
||||
@ -19,7 +35,21 @@ Parameters:
|
||||
Description: Port for the Postgres server
|
||||
Default: 5432
|
||||
|
||||
Conditions:
|
||||
CreateSecret: !Equals [!Ref NakamaPasswordOverride, ""]
|
||||
|
||||
Resources:
|
||||
|
||||
AdminPortalPassword:
|
||||
Type: AWS::SecretsManager::Secret
|
||||
Condition: CreateSecret
|
||||
Properties:
|
||||
Name: !Sub "nakama/admin/password"
|
||||
Description: "Admin portal password for Nakama"
|
||||
GenerateSecretString:
|
||||
ExcludePunctuation: true
|
||||
ExcludeCharacters: '"@/\'
|
||||
|
||||
LogGroup:
|
||||
Type: AWS::Logs::LogGroup
|
||||
Properties:
|
||||
@ -48,13 +78,19 @@ Resources:
|
||||
Ref: AWS::Region
|
||||
awslogs-group:
|
||||
Ref: LogGroup
|
||||
EntryPoint:
|
||||
MountPoints:
|
||||
- ContainerPath: /nakama/volume
|
||||
SourceVolume: "nakama-volume"
|
||||
EntryPoint:
|
||||
- "/bin/sh"
|
||||
- "-ecx"
|
||||
- Fn::Sub: |
|
||||
/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&
|
||||
exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort}
|
||||
|
||||
- !Join ["", [
|
||||
!Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n",
|
||||
!Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"",
|
||||
!If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:", !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\""
|
||||
]]
|
||||
Volumes:
|
||||
- Name: "nakama-volume"
|
||||
Outputs:
|
||||
TaskArn:
|
||||
Description: ARN of the TaskDefinition
|
||||
|
||||
@ -38,7 +38,18 @@ Parameters:
|
||||
#----------------------
|
||||
# Nakama Configuration
|
||||
#----------------------
|
||||
NakamaUsername:
|
||||
Type: String
|
||||
Description: Username to access the Nakama admin portal
|
||||
Default: "admin"
|
||||
NakamaPasswordOverride:
|
||||
Type: String
|
||||
Description: Override Nakama admin portal password. Leave blank for random password.
|
||||
Default: ""
|
||||
|
||||
#------------------------
|
||||
# Database Configuration
|
||||
#------------------------
|
||||
CreateDatabase:
|
||||
Type: String
|
||||
Default: "true"
|
||||
@ -62,6 +73,32 @@ Parameters:
|
||||
Description: Port for the Postgres server
|
||||
Default: 5432
|
||||
|
||||
# Advanced RDS Configuration
|
||||
RdsInstanceClass:
|
||||
Type: String
|
||||
Description: Instance class for the dabase to run on
|
||||
Default: db.t2.micro
|
||||
RdsEngine:
|
||||
Type: String
|
||||
Description: Database engine for the database to use
|
||||
Default: postgres
|
||||
AllowedValues: ["aurora", "aurora-mysql", "aurora-postgresql", "mariadb", "mysql", "oracle-ee", "oracle-se2", "oracle-se1", "oracle-se", "postgres", "sqlserver-ee", "sqlserver-se", "sqlserver-ex", "sqlserver-web"]
|
||||
RdsUsername:
|
||||
Type: String
|
||||
Description: Master account's username for database
|
||||
Default: postgres
|
||||
RdsPort:
|
||||
Type: Number
|
||||
Description: Port for the database to open a socket on
|
||||
Default: "5432"
|
||||
RdsStorage:
|
||||
Type: Number
|
||||
Description: The amount of storage (in GB) allocated to the RDS instance
|
||||
Default: "100"
|
||||
RdsAccessCidr:
|
||||
Type: String
|
||||
Description: The CIDR used in the security group to secure the database
|
||||
Default: "0.0.0.0/0"
|
||||
|
||||
Conditions:
|
||||
CreateRdsStack: !Equals [!Ref CreateDatabase, "true"]
|
||||
@ -79,6 +116,12 @@ Resources:
|
||||
Parameters:
|
||||
environment: !Ref environment
|
||||
VpcId: !Ref VpcId
|
||||
InstanceClass: !Ref RdsInstanceClass
|
||||
DatabaseEngine: !Ref RdsEngine
|
||||
DatabaseUsername: !Ref RdsUsername
|
||||
DatabasePort: !Ref RdsPort
|
||||
DatabaseStorage: !Ref RdsStorage
|
||||
DatabaseAccessCidr: !Ref RdsAccessCidr
|
||||
|
||||
#-----------------
|
||||
# Load Balancing
|
||||
@ -93,7 +136,7 @@ Resources:
|
||||
Value: 60
|
||||
Scheme: internet-facing
|
||||
SecurityGroups:
|
||||
- !Ref SecurityGroup
|
||||
- !Ref AlbSecurityGroup
|
||||
Subnets: !Split [",", !Ref PublicSubnets]
|
||||
Tags:
|
||||
- Key: Name
|
||||
@ -101,7 +144,7 @@ Resources:
|
||||
- Key: environment
|
||||
Value: !Ref environment
|
||||
|
||||
SecurityGroup:
|
||||
AlbSecurityGroup:
|
||||
Type: AWS::EC2::SecurityGroup
|
||||
Properties:
|
||||
GroupDescription: ECS Allowed Ports
|
||||
@ -197,6 +240,8 @@ Resources:
|
||||
DatabasePassword: !If ["CreateRdsStack", !Join ["", ["{{resolve:secretsmanager:", !GetAtt RdsDatabase.Outputs.RdsSecret, ":SecretString}}" ]], !Ref DatabasePassword]
|
||||
DatabaseEndpoint: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsEnpoint, !Ref DatabaseEndpoint]
|
||||
DatabasePort: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsPort, !Ref DatabasePort]
|
||||
NakamaUsername: !Ref NakamaUsername
|
||||
NakamaPasswordOverride: !Ref NakamaPasswordOverride
|
||||
|
||||
EcsService:
|
||||
DependsOn: AdminPortalAlbListener
|
||||
|
||||
Reference in New Issue
Block a user