Brand XtremeCloud SSO

Customize the look-and-feel of the Single Sign-On (SSO) experience

Background

Helm Charts from Eupraxia Labs use an init Container to inject the branding before any XtremeCloud Single Sign-On (SSO) Kubernetes pod starts up. By using this technique, we simplify the process for any customer of Eupraxia Labs to brand the SSO experience for their user base.

Note: Init containers are exactly like regular containers, except:

  • Init containers always run to completion.
  • Within the same pod, each init container must complete successfully before the next one starts.

Here is a snippet from the Helm Chart values.yaml that sets up the init Container to run as a short-term sidecar container and inject the brand (theme) into any XtremeCloud SSO container before Kubernetes runs it.

Notice that the init Container is a brand-provider based on a Docker image that is located in a GitLab Docker Registry or Quay.io. Both Docker images are in the public domain. Of course, this Docker image can be pulled, tagged, and stored into a customer’s own private registry if desired.

The GitLab code repository for the branding Docker image is also public, can be cloned, and easily edited for a private branding experience.

extraInitContainers: |
    - name: brand-provider
      image: registry.gitlab.com/eupraxialabs/xtremecloud-brand:3.1.2
      imagePullPolicy: Always
      command:
        - sh
      args:
        - -c
        - |
          echo "XtremeCloud Single Sign-On (SSO) branding."
          cp -R /xtremecloud-sso/* /theme
      volumeMounts:
        - mountPath: /theme
          name: theme
 extraVolumeMounts: |
    - name: theme
      mountPath: /opt/jboss/keycloak/themes/xtremecloud-sso
  extraVolumes: |
    - name: theme
      emptyDir: {}

We render our Charts in a market-leading IDE, that supports Kubernetes artifacts, to check if it is building properly.

Note: It is running ‘Helm template’ under the covers.

XtremeCloud Single Sign-On 'init Container' for Branding - click image to enlarge

Running the init Container

In the result of a kubectl get events command, you can see the branding-provider Docker image being pulled for the init container to be run in the same pod as an XtremeCloud SSO container.


[centos@vm-controller xtremecloud-brand]$ kubectl get events
LAST SEEN   FIRST SEEN   COUNT   NAME                                                         KIND          SUBOBJECT                                     TYPE      REASON             SOURCE                              MESSAGE
50m         1h           249     sso-dev-xtremecloud-sso-azure-0.15d2726dbc5195d0             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Pulled             kubelet, aks-agentpool-15714137-3   Successfully pulled image "quay.io/eupraxialabs/xtremecloud-sso:3.1.1-az"
35m         1h           310     sso-dev-xtremecloud-sso-azure-0.15d27245086ba70e             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Pulling            kubelet, aks-agentpool-15714137-3   pulling image "quay.io/eupraxialabs/xtremecloud-sso:3.1.1-az"
31m         31m          1       sso-dev-xtremecloud-sso-azure-0.15d276dc3f71a2e3             Pod                                                         Normal    Scheduled          default-scheduler                   Successfully assigned dev/sso-dev-xtremecloud-sso-azure-0 to aks-agentpool-15714137-2
31m         31m          1       sso-dev-xtremecloud-sso-azure-0.15d276dd1f5fd3ae             Pod           spec.initContainers{brand-provider}           Normal    Pulling            kubelet, aks-agentpool-15714137-2   pulling image "registry.gitlab.com/eupraxialabs/xtremecloud-brand:3.1.1"
31m         31m          1       sso-dev-xtremecloud-sso-azure-0.15d276dd3e553250             Pod           spec.initContainers{brand-provider}           Normal    Pulled             kubelet, aks-agentpool-15714137-2   Successfully pulled image "registry.gitlab.com/eupraxialabs/xtremecloud-brand:3.1.1"
31m         31m          1       sso-dev-xtremecloud-sso-azure-0.15d276ddad6c0496             Pod           spec.initContainers{brand-provider}           Normal    Started            kubelet, aks-agentpool-15714137-2   Started container
31m         31m          1       sso-dev-xtremecloud-sso-azure-0.15d276dd987627ee             Pod           spec.initContainers{brand-provider}           Normal    Created            kubelet, aks-agentpool-15714137-2   Created container
29m         52d          15      datagrid-dev-xtremecloud-datagrid-azure-0.15c24561152bac7c   Pod           spec.containers{xtremecloud-datagrid-azure}   Warning   Unhealthy          kubelet, aks-agentpool-15714137-2   Readiness probe failed:
27m         28m          7       sso-dev-xtremecloud-sso-azure-0.15d277076e64fc8b             Pod           spec.containers{xtremecloud-sso-azure}        Warning   Failed             kubelet, aks-agentpool-15714137-2   Error: Couldn't find key password in Secret dev/xcsso-keycloak-config
21m         31m          30      sso-dev-xtremecloud-sso-azure-0.15d276df3829e722             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Pulling            kubelet, aks-agentpool-15714137-2   pulling image "quay.io/eupraxialabs/xtremecloud-sso:3.1.1-az"
16m         28m          49      sso-dev-xtremecloud-sso-azure-0.15d27707679ad40d             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Pulled             kubelet, aks-agentpool-15714137-2   Successfully pulled image "quay.io/eupraxialabs/xtremecloud-sso:3.1.1-az"
12m         12m          1       sso-dev-xtremecloud-sso-azure-0.15d277e3b7048c91             Pod                                                         Normal    Scheduled          default-scheduler                   Successfully assigned dev/sso-dev-xtremecloud-sso-azure-0 to aks-agentpool-15714137-0
12m         12m          1       sso-dev-xtremecloud-sso-azure-0.15d277e4493dc44a             Pod           spec.initContainers{brand-provider}           Normal    Pulling            kubelet, aks-agentpool-15714137-0   pulling image "registry.gitlab.com/eupraxialabs/xtremecloud-brand:3.1.1"
12m         12m          1       sso-dev-xtremecloud-sso-azure-0.15d277e46cf29a89             Pod           spec.initContainers{brand-provider}           Normal    Pulled             kubelet, aks-agentpool-15714137-0   Successfully pulled image "registry.gitlab.com/eupraxialabs/xtremecloud-brand:3.1.1"
12m         12m          1       sso-dev-xtremecloud-sso-azure-0.15d277e4b3a72c6c             Pod           spec.initContainers{brand-provider}           Normal    Created            kubelet, aks-agentpool-15714137-0   Created container
12m         12m          1       sso-dev-xtremecloud-sso-azure-0.15d277e4c616e316             Pod           spec.initContainers{brand-provider}           Normal    Started            kubelet, aks-agentpool-15714137-0   Started container
12m         12m          1       sso-dev-xtremecloud-sso-azure-0.15d277e6465c79d6             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Pulling            kubelet, aks-agentpool-15714137-0   pulling image "quay.io/eupraxialabs/xtremecloud-sso:3.1.1-az"
9m          9m           1       sso-dev-xtremecloud-sso-azure-0.15d2780fbbfe15e5             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Pulled             kubelet, aks-agentpool-15714137-0   Successfully pulled image "quay.io/eupraxialabs/xtremecloud-sso:3.1.1-az"
9m          9m           1       sso-dev-xtremecloud-sso-azure-0.15d27810d0dc5233             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Created            kubelet, aks-agentpool-15714137-0   Created container
9m          9m           1       sso-dev-xtremecloud-sso-azure-0.15d27810e5d0ef15             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Started            kubelet, aks-agentpool-15714137-0   Started container
8m          8m           1       sso-dev-xtremecloud-sso-azure-0.15d278188edb2dbb             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Killing            kubelet, aks-agentpool-15714137-0   Killing container with id docker://xtremecloud-sso-azure:Need to kill Pod
8m          1h           4       sso-dev-xtremecloud-sso-azure.15d2724032c10f69               StatefulSet                                                 Normal    SuccessfulCreate   statefulset-controller              create Pod sso-dev-xtremecloud-sso-azure-0 in StatefulSet sso-dev-xtremecloud-sso-azure successful
8m          8m           1       sso-dev-xtremecloud-sso-azure-0.15d278195c1630cf             Pod                                                         Normal    Scheduled          default-scheduler                   Successfully assigned dev/sso-dev-xtremecloud-sso-azure-0 to aks-agentpool-15714137-3
8m          8m           1       sso-dev-xtremecloud-sso-azure-0.15d2781a0f55d033             Pod           spec.initContainers{brand-provider}           Normal    Pulled             kubelet, aks-agentpool-15714137-3   Container image "registry.gitlab.com/eupraxialabs/xtremecloud-brand:3.1.1" already present on machine
8m          8m           1       sso-dev-xtremecloud-sso-azure-0.15d2781a7450e327             Pod           spec.initContainers{brand-provider}           Normal    Started            kubelet, aks-agentpool-15714137-3   Started container
8m          8m           1       sso-dev-xtremecloud-sso-azure-0.15d2781a61fddde1             Pod           spec.initContainers{brand-provider}           Normal    Created            kubelet, aks-agentpool-15714137-3   Created container
8m          8m           1       sso-dev-xtremecloud-sso-azure-0.15d2781bfa1cefd6             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Pulled             kubelet, aks-agentpool-15714137-3   Container image "quay.io/eupraxialabs/xtremecloud-sso:3.1.1-az" already present on machine
8m          8m           1       sso-dev-xtremecloud-sso-azure-0.15d2781c3fc3556c             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Created            kubelet, aks-agentpool-15714137-3   Created container
8m          8m           1       sso-dev-xtremecloud-sso-azure-0.15d2781c543e478e             Pod           spec.containers{xtremecloud-sso-azure}        Normal    Started            kubelet, aks-agentpool-15714137-3   Started container
3m          7m           24      sso-dev-xtremecloud-sso-azure-0.15d2782bf09ba4a9             Pod           spec.containers{xtremecloud-sso-azure}        Warning   Unhealthy          kubelet, aks-agentpool-15714137-3   Readiness probe failed: Get http://10.244.3.45:8080/auth/realms/master: dial tcp 10.244.3.45:8080: connect: connection refused
4s          9m           2       sso-dev-xtremecloud-sso-azure.15d27816bc0f08f4               StatefulSet                                                 Normal    SuccessfulDelete   statefulset-controller              delete Pod sso-dev-xtremecloud-sso-azure-0 in StatefulSet sso-dev-xtremecloud-sso-azure successful

If you run this Kubernetes command, you will see the pod initializing with the branding-provider:

[centos@vm-controller xtremecloud-brand]$ kubectl get pods
NAME                                        READY   STATUS     RESTARTS   AGE
datagrid-dev-xtremecloud-datagrid-azure-0   1/1     Running    1          52d
ksniff-bw4mk                                1/1     Running    0          51d
ksniff-dc7b2                                1/1     Running    0          51d
ksniff-gdz8c                                1/1     Running    0          51d
ksniff-ggbz2                                1/1     Running    0          51d
ksniff-t9p95                                1/1     Running    0          51d
ksniff-tkl5z                                1/1     Running    0          51d
ksniff-vrgk7                                1/1     Running    0          51d
ksniff-xbpzk                                1/1     Running    0          51d
logdna-agent-5nr74                          1/1     Running    0          60d
logdna-agent-fdzbr                          1/1     Running    0          60d
logdna-agent-vscrb                          1/1     Running    0          60d
sso-dev-xtremecloud-sso-azure-0             0/1     Init:0/1   0          3s

After the branding-provider container completes, the XtremeCloud SSO container will be in a PodInitializing state before it begins to start up:

[centos@vm-controller xtremecloud-brand]$ kubectl get pods
NAME                                        READY   STATUS            RESTARTS   AGE
datagrid-dev-xtremecloud-datagrid-azure-0   1/1     Running           1          52d
ksniff-bw4mk                                1/1     Running           0          51d
ksniff-dc7b2                                1/1     Running           0          51d
ksniff-gdz8c                                1/1     Running           0          51d
ksniff-ggbz2                                1/1     Running           0          51d
ksniff-t9p95                                1/1     Running           0          51d
ksniff-tkl5z                                1/1     Running           0          51d
ksniff-vrgk7                                1/1     Running           0          51d
ksniff-xbpzk                                1/1     Running           0          51d
logdna-agent-5nr74                          1/1     Running           0          60d
logdna-agent-fdzbr                          1/1     Running           0          60d
logdna-agent-vscrb                          1/1     Running           0          60d
sso-dev-xtremecloud-sso-azure-0             0/1     PodInitializing   0          11s

Here it is transitioning to a running, but not ready, state:


[centos@vm-controller xtremecloud-brand]$ k get po
NAME                                        READY   STATUS    RESTARTS   AGE
datagrid-dev-xtremecloud-datagrid-azure-0   1/1     Running   1          52d
ksniff-bw4mk                                1/1     Running   0          51d
ksniff-dc7b2                                1/1     Running   0          51d
ksniff-gdz8c                                1/1     Running   0          51d
ksniff-ggbz2                                1/1     Running   0          51d
ksniff-t9p95                                1/1     Running   0          51d
ksniff-tkl5z                                1/1     Running   0          51d
ksniff-vrgk7                                1/1     Running   0          51d
ksniff-xbpzk                                1/1     Running   0          51d
logdna-agent-5nr74                          1/1     Running   0          60d
logdna-agent-fdzbr                          1/1     Running   0          60d
logdna-agent-vscrb                          1/1     Running   0          60d
sso-dev-xtremecloud-sso-azure-0             0/1     Running   0          3m

Then, finally to a running state and users can log into XtremeCloud SSO deployed on the Microsoft Azure Cloud:

[centos@vm-controller xtremecloud-brand]$ kubectl get pods
NAME                                        READY   STATUS    RESTARTS   AGE
datagrid-dev-xtremecloud-datagrid-azure-0   1/1     Running   1          52d
ksniff-bw4mk                                1/1     Running   0          51d
ksniff-dc7b2                                1/1     Running   0          51d
ksniff-gdz8c                                1/1     Running   0          51d
ksniff-ggbz2                                1/1     Running   0          51d
ksniff-t9p95                                1/1     Running   0          51d
ksniff-tkl5z                                1/1     Running   0          51d
ksniff-vrgk7                                1/1     Running   0          51d
ksniff-xbpzk                                1/1     Running   0          51d
logdna-agent-5nr74                          1/1     Running   0          60d
logdna-agent-fdzbr                          1/1     Running   0          60d
logdna-agent-vscrb                          1/1     Running   0          60d
sso-dev-xtremecloud-sso-azure-0             1/1     Running   0          5m