deploy adjustment

.gitignore

@@ -0,0 +1 @@
+k8s/deployed_config

clone_opencloud_microservices.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+REPOS=(
+    "oc-auth"
+    "oc-catalog"
+    "oc-datacenter"
+    "oc-front"
+    "oc-monitord"
+    "oc-peer"
+    "oc-shared"
+    "oc-scheduler"
+    "oc-schedulerd"
+    "oc-workflow"
+    "oc-workspace"
+)
+
+# Function to clone repositories
+clone_repo() {
+    local repo_url="https://cloud.o-forge.io/core/$1.git"
+    local repo_name=$(basename "$repo_url" .git)
+    local branche=$2
+    echo "Processing repository: $repo_name"
+
+    if [ ! -d "$repo_name" ]; then
+        echo "Cloning repository: $repo_name"
+        git clone "$repo_url"
+        if [ $? -ne 0 ]; then
+            echo "Error cloning $repo_url"
+            exit 1
+        fi 
+    fi
+    echo "Check in $branche & pull"
+    ls
+    echo "Repository '$repo_name' already exists. Pulling latest changes..."
+    cd "$repo_name" && git checkout $branche && git pull 
+    cd ..
+}
+
+cd ..
+# Iterate through each repository in the list
+for repo in "${REPOS[@]}"; do
+    clone_repo $repo ${1:-main}
+done
+
+echo "All repositories processed successfully."
+
+
+

docker/db/add.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker cp ./datas mongo:.
+
+for i in $(ls ./datas); do 
+   firstString=$i
+   echo "ADD file $i in collection ${i/.json/}"
+   docker exec -it mongo sh -c "mongoimport --jsonArray --db DC_myDC --collection ${i/.json/} --file ./datas/$i"
+done

docker/db/datas/collaborative_area.json

@@ -0,0 +1 @@
+[{"_id":"0b6a375f-be3e-49a9-9827-3c2d5eddb057","abstractobject":{"id":"0b6a375f-be3e-49a9-9827-3c2d5eddb057","name":"test","is_draft":false,"creator_id":"c0cece97-7730-4c2a-8c20-a30944564106","creation_date":{"$date":"2025-01-27T10:41:47.741Z"},"update_date":{"$date":"2025-01-27T10:41:47.741Z"},"updater_id":"c0cece97-7730-4c2a-8c20-a30944564106","access_mode":0},"description":"Proto Collaborative area example","collaborative_area":{},"workflows":["58314c99-c595-4ca2-8b5e-822a6774efed"],"allowed_peers_group":{"c0cece97-7730-4c2a-8c20-a30944564106":["*"]},"workspaces":[]}]

docker/db/datas/peer.json

@@ -0,0 +1 @@
+[{"_id":"c0cece97-7730-4c2a-8c20-a30944564106","failed_execution":null,"abstractobject":{"update_date":{"$date":"2025-03-27T09:13:13.230Z"},"access_mode":0,"id":"c0cece97-7730-4c2a-8c20-a30944564106","name":"local","is_draft":false,"creation_date":{"$date":"2025-03-27T09:13:13.230Z"}},"url":"http://localhost:8000","wallet_address":"my-wallet","public_key":"-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAw2pdG6wMtuLcP0+k1LFvIb0DQo/oHW2uNJaEJK74plXqp4ztz2dR\nb+RQHFLeLuqk4i/zc3b4K3fKPXSlwnVPJCwzPrnyT8jYGOZVlWlETiV9xeJhu6s/\nBh6g1PWz75XjjwV50iv/CEiLNBT23f/3J44wrQzygqNQCiQSALdxWLAEl4l5kHSa\n9oMyV70/Uql94/ayMARZsHgp9ZvqQKbkZPw6yzVMfCBxQozlNlo315OHevudhnhp\nDRjN5I7zWmqYt6rbXJJC7Y3Izdvzn7QI88RqjSRST5I/7Kz3ndCqrOnI+OQUE5NT\nREyQebphvQfTDTKlRPXkdyktdK2DH28Zj6ZF3yjQvN35Q4zhOzlq77dO5IhhopI7\nct8dZH1T1nYkvdyCA/EVMtQsASmBOitH0Y0ACoXQK5Kb6nm/TcM/9ZSJUNiEMuy5\ngBZ3YKE9oa4cpTpPXwcA+S/cU7HPNnQAsvD3iJi8GTW9uJs84pn4/WhpQqmXd4rv\nhKWECCN3fHy01fUs/U0PaSj2jDY/kQVeXoikNMzPUjdZd9m816TIBh3v3aVXCH/0\niTHHAxctvDgMRb2fpvRJ/wwnYjFG9RpamVFDMvC9NffuYzWAA9IRIY4cqgerfHrV\nZ2HHiPTDDvDAIsvImXZc/h7mXN6m3RCQ4Qywy993wd9gUdgg/qnynHcCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n","state":1}]

docker/db/datas/storage_resource.json

@@ -0,0 +1 @@
+[{"_id":"04bc70b5-8d7b-44e6-9015-fadfa0fb102d","abstractinstanciatedresource":{"abstractresource":{"type":"storage","abstractobject":{"id":"04bc70b5-8d7b-44e6-9015-fadfa0fb102d","name":"IRT risk database","is_draft":false,"creator_id":"c0cece97-7730-4c2a-8c20-a30944564106","creation_date":"2021-09-30T14:00:00.000Z","update_date":"2021-09-30T14:00:00.000Z","updater_id":"c0cece97-7730-4c2a-8c20-a30944564106","access_mode":1},"logo":"https://cloud.o-forge.io/core/deperecated-oc-catalog/raw/branch/main/scripts/local_imgs/IRT risk database.png","description":"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.","short_description":"S3 compliant IRT file storage","owners":[{"name":"IRT"}]},"instances":[{"env":[{"attr":"source","readonly":true}],"resourceinstance":{"abstractobject":{"id":"7fdccb9c-7090-40a5-bacd-7435bc56c90d","name":"IRT local file storage Marseille"},"location":{"latitude":50.62925,"longitude":3.057256},"country":250,"partnerships":[{"resourcepartnership":{"namespace":"default","peer_groups":{"c0cece97-7730-4c2a-8c20-a30944564106":["*"]},"pricing_profiles":[{"pricing":{"price":50,"currency":"EUR","buying_strategy":0,"time_pricing_strategy":0}}]}}]},"source":"/mnt/vol","local":false,"security_level":"public","size":50,"size_type":3,"redundancy":"RAID5","throughput":"r:200,w:150"}]},"storage_type":5,"acronym":"DC_myDC"},{"_id":"e726020a-b68e-4abc-ab36-c3640ea3f557","abstractinstanciatedresource":{"abstractresource":{"type":"storage","abstractobject":{"id":"e726020a-b68e-4abc-ab36-c3640ea3f557","name":"IRT local file storage","is_draft":false,"creator_id":"c0cece97-7730-4c2a-8c20-a30944564106","creation_date":"2021-09-30T14:00:00.000Z","update_date":"2021-09-30T14:00:00.000Z","updater_id":"c0cece97-7730-4c2a-8c20-a30944564106","access_mode":1},"logo":"https://cloud.o-forge.io/core/deperecated-oc-catalog/raw/branch/main/scripts/local_imgs/IRT local file storage.png","description":"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.","short_description":"S3 compliant IRT file storage","owners":[{"name":"IRT"}]},"instances":[{"resourceinstance":{"env":[{"attr":"source","readonly":true}],"abstractobject":{"id":"7fdccb9c-7090-40a5-bacd-7435bc56c90d","name":"IRT local file storage Marseille"},"location":{"latitude":50.62925,"longitude":3.057256},"country":250,"partnerships":[{"resourcepartnership":{"namespace":"default","peer_groups":{"c0cece97-7730-4c2a-8c20-a30944564106":["*"]},"pricing_profiles":[{"pricing":{"price":50,"currency":"EUR","buying_strategy":0,"time_pricing_strategy":0}}]}}]},"source":"/mnt/vol","local":true,"security_level":"public","size":500,"size_type":0,"encryption":true,"redundancy":"RAID5S","throughput":"r:300,w:350"}]},"storage_type":5,"acronym":"DC_myDC"}]

docker/docker-compose.yml

@@ -1,88 +0,0 @@
-version: '3.8'
-
-services:
-  traefik:
-    image: traefik:latest
-    command:
-      - "--api.insecure=true"
-      - "--providers.docker=true"
-      - "--entrypoints.web.address=:80"
-    ports:
-      - "80:80"
-      - "8080:8080"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-
-  mongo:
-    image: mongo:latest
-    ports:
-      - "27017:27017"
-    volumes:
-      - mongo-data:/data/db
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.mongo.rule=PathPrefix(`/mongo`)"
-      - "traefik.http.services.mongo.loadbalancer.server.port=27017"
-
-  nats:
-    image: nats:latest
-    ports:
-      - "4222:4222"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.nats.rule=PathPrefix(`/nats`)"
-      - "traefik.http.services.nats.loadbalancer.server.port=4222"
-
-  zinc:
-    image: public.ecr.aws/zinclabs/zincsearch:latest
-    ports:
-      - "4080:4080"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.zinc.rule=PathPrefix(`/zinc`)"
-      - "traefik.http.services.zinc.loadbalancer.server.port=4080"
-
-  dex:
-    image: quay.io/dexidp/dex:latest
-    ports:
-      - "5556:5556"
-    volumes:
-      - ./dex/config.yaml:/etc/dex/cfg/config.yaml
-    command: ["dex", "serve", "/etc/dex/cfg/config.yaml"]
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dex.rule=PathPrefix(`/dex`)"
-      - "traefik.http.services.dex.loadbalancer.server.port=5556"
-
-  ldap:
-    image: bitnami/openldap
-    ports:
-      - "389:389"
-    environment:
-      - LDAP_ADMIN_USERNAME=admin
-      - LDAP_ADMIN_PASSWORD=adminpassword
-      - LDAP_USERS=user01,user02
-      - LDAP_PASSWORDS=password1,password2
-
-  grafana:
-    image: grafana/grafana:latest
-    ports:
-      - "3000:3000"
-    environment:
-      GF_SECURITY_ADMIN_PASSWORD: "admin"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.grafana.rule=PathPrefix(`/grafana`)"
-      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
-
-  loki:
-    image: grafana/loki:latest
-    ports:
-      - "3100:3100"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.loki.rule=PathPrefix(`/loki`)"
-      - "traefik.http.services.loki.loadbalancer.server.port=3100"
-
-volumes:
-  mongo-data:

docker/kube.exemple.env

@@ -0,0 +1,4 @@
+KUBERNETES_SERVICE_HOST=192.168.47.20
+KUBE_CA="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTWpNeE1USXdNell3SGhjTk1qUXdPREE0TVRBeE16VTJXaGNOTXpRd09EQTJNVEF4TXpVMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTWpNeE1USXdNell3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTVlk3ZHZhNEdYTVdkMy9jMlhLN3JLYjlnWXgyNSthaEE0NmkyNVBkSFAKRktQL2UxSVMyWVF0dzNYZW1TTUQxaStZdzJSaVppNUQrSVZUamNtNHdhcnFvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWtlUVJpNFJiODduME5yRnZaWjZHClc2SU55NnN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnRXA5ck04WmdNclRZSHYxZjNzOW5DZXZZeWVVa3lZUk4KWjUzazdoaytJS1FDSVFDbk05TnVGKzlTakIzNDFacGZ5ays2NEpWdkpSM3BhcmVaejdMd2lhNm9kdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+KUBE_CERT="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJWUxWNkFPQkdrU1F3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOekl6TVRFeU1ETTJNQjRYRFRJME1EZ3dPREV3TVRNMU5sb1hEVEkxTURndwpPREV3TVRNMU5sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJGQ2Q1MFdPeWdlQ2syQzcKV2FrOWY4MVAvSkJieVRIajRWOXBsTEo0ck5HeHFtSjJOb2xROFYxdUx5RjBtOTQ2Nkc0RmRDQ2dqaXFVSk92Swp3NVRPNnd5alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCVFJkOFI5cXVWK2pjeUVmL0ovT1hQSzMyS09XekFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQTArbThqTDBJVldvUTZ0dnB4cFo4NVlMalF1SmpwdXM0aDdnSXRxS3NmUVVDSUI2M2ZNdzFBMm5OVWU1TgpIUGZOcEQwSEtwcVN0Wnk4djIyVzliYlJUNklZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTWpNeE1USXdNell3SGhjTk1qUXdPREE0TVRBeE16VTJXaGNOTXpRd09EQTJNVEF4TXpVMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTWpNeE1USXdNell3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFRc3hXWk9pbnIrcVp4TmFEQjVGMGsvTDF5cE01VHAxOFRaeU92ektJazQKRTFsZWVqUm9STW0zNmhPeVljbnN3d3JoNnhSUnBpMW5RdGhyMzg0S0Z6MlBvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTBYZkVmYXJsZm8zTWhIL3lmemx6Cnl0OWlqbHN3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUxJL2dNYnNMT3MvUUpJa3U2WHVpRVMwTEE2cEJHMXgKcnBlTnpGdlZOekZsQWlFQW1wdjBubjZqN3M0MVI0QzFNMEpSL0djNE53MHdldlFmZWdEVGF1R2p3cFk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+KUBE_DATA="LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU5ZS1BFb1dhd1NKUzJlRW5oWmlYMk5VZlY1ZlhKV2krSVNnV09TNFE5VTlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVUozblJZN0tCNEtUWUx0WnFUMS96VS84a0Z2Sk1lUGhYMm1Vc25pczBiR3FZblkyaVZEeApYVzR2SVhTYjNqcm9iZ1YwSUtDT0twUWs2OHJEbE03ckRBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="

docker/start-demo.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+KUBERNETES_ENV_FILE=$(realpath ${1:-"./kube.exemple.env"})
+HOST=${2:-"http://localhost:8000"}
+docker network create oc | true
+
+docker compose down
+cd ./tools && docker compose  -f ./docker-compose.dev.yml up --force-recreate -d
+docker compose  -f ./docker-compose.traefik.yml up --force-recreate -d  && cd ..
+
+cd ./db && ./add.sh && cd ..
+
+cd ../..
+
+REPOS=(
+    "oc-auth"
+    "oc-catalog"
+    "oc-datacenter"
+    "oc-monitord"
+    "oc-peer"
+    "oc-shared"
+    "oc-scheduler"
+    "oc-schedulerd"
+    "oc-workflow"
+    "oc-workspace"
+    "oc-front"
+)
+for i in "${REPOS[@]}"
+do
+   echo "Building $i"
+   docker kill $i | true
+   docker rm $i | true
+   cd ./$i 
+   cp $KUBERNETES_ENV_FILE ./env.env
+   docker build . -t $i --build-arg=HOST=$HOST && docker compose up -d
+   cd ..
+done

docker/start.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+export KUBERNETES_ENV_FILE=$(realpath ${KUBERNETES_ENV_FILE=:-"./kube.exemple.env"})
+export HOST=${HOST:-"http://localhost:8000"}
+docker network create oc | true
+
+docker compose down
+cd ./tools && docker compose  -f ./docker-compose.dev.yml up --force-recreate -d
+docker compose  -f ./docker-compose.traefik.yml up --force-recreate -d  && cd ..
+
+cd ../..
+
+REPOS=(
+    "oc-auth"
+    "oc-catalog"
+    "oc-datacenter"
+    "oc-monitord"
+    "oc-peer"
+    "oc-shared"
+    "oc-scheduler"
+    "oc-schedulerd"
+    "oc-workflow"
+    "oc-workspace"
+    "oc-front"
+)
+for i in "${REPOS[@]}"
+do
+   echo "Building $i"
+   docker kill $i | true
+   docker rm $i | true
+   cd ./$i 
+   cp $KUBERNETES_ENV_FILE ./env.env
+   make run-docker
+   cd ..
+done

docker/stop.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+docker network delete oc | true
+
+docker compose -f ./tools/docker-compose.traefik.yml down
+
+TOOLS=(
+    "mongo"
+    "mongo-express"
+    "nats"
+    "loki"
+    "grafana"
+    "hydra-client"
+    "hydra"
+    "keto"
+    "ldap"
+)
+
+for i in "${TOOLS[@]}"
+do
+   echo "kill $i"
+   docker kill $i | true
+   docker rm $i | true
+done
+
+docker volume rm tools_oc-data
+
+cd ../..
+
+REPOS=(
+    "oc-auth"
+    "oc-catalog"
+    "oc-datacenter"
+    "oc-monitord"
+    "oc-peer"
+    "oc-shared"
+    "oc-scheduler"
+    "oc-schedulerd"
+    "oc-workflow"
+    "oc-workspace"
+    "oc-front"
+)
+for i in "${REPOS[@]}"
+do
+   echo "Kill $i"
+   cd ./$i 
+   docker kill $i | true
+   docker rm $i | true
+   make purge | true
+   cd ..
+done

docker/tools/conf/grafana_data_source.yml

@@ -0,0 +1,8 @@
+datasources:
+  - name: Loki
+    type: loki
+    access: proxy
+    url: http://loki:3100
+    isDefault: true
+    jsonData:
+      httpMethod: POST  

docker/tools/docker-compose.dev.yml

@@ -0,0 +1,162 @@
+version: '3.4'
+
+services:
+  mongo:
+    image: 'mongo:latest'
+    networks: 
+      - oc
+    ports:
+      - 27017:27017
+    container_name: mongo
+    volumes: 
+      - oc-data:/data/db
+      - oc-data:/data/configdb
+  
+  mongo-express:
+    image: "mongo-express:latest"
+    restart: always
+    depends_on: 
+      - mongo
+    networks: 
+      - oc
+    ports:
+      - 8081:8081
+    environment:
+      - ME_CONFIG_BASICAUTH_USERNAME=test
+      - ME_CONFIG_BASICAUTH_PASSWORD=test
+  nats:
+    image: 'nats:latest'
+    container_name: nats
+    ports:
+      - 4222:4222
+    command:
+      - "--debug"
+    networks: 
+      - oc
+  loki:
+    image: 'grafana/loki'
+    container_name: loki
+    labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.loki.entrypoints=web"
+        - "traefik.http.routers.loki.rule=PathPrefix(`/tools/loki`)"
+        - "traefik.http.services.loki.loadbalancer.server.port=3100"
+        - "traefik.http.middlewares.loki-stripprefix.stripprefix.prefixes=/tools/loki"
+        - "traefik.http.routers.loki.middlewares=loki-stripprefix"
+        - "traefik.http.middlewares.loki.forwardauth.address=http://oc-auth:8080/oc/forward"
+    ports : 
+      - "3100:3100"
+    networks:
+      - oc
+  grafana:
+    image: 'grafana/grafana'
+    container_name: grafana
+    ports:
+      - '3000:3000'
+    labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.grafana.entrypoints=web"
+        - "traefik.http.routers.grafana.rule=PathPrefix(`/tools/grafana`)"
+        - "traefik.http.services.grafana.loadbalancer.server.port=3000"
+        - "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/tools/grafana"
+        - "traefik.http.routers.grafana.middlewares=grafana-stripprefix"
+        - "traefik.http.middlewares.grafana.forwardauth.address=http://oc-auth:8080/oc/forward"
+    networks:
+      - oc
+    volumes:
+      - ./conf/grafana_data_source.yml:/etc/grafana/provisioning/datasources/datasource.yml
+    environment:
+      - GF_SECURITY_ADMIN_PASSWORD=pfnirt                   # Change this to anything but admin to not have a password change page at startup
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_DISABLE_INITIAL_ADMIN_PASSWORD_CHANGE=true
+  hydra:
+      container_name: hydra
+      image: oryd/hydra:v2.2.0
+      environment:
+        SECRETS_SYSTEM: oc-auth-got-secret
+        LOG_LEAK_SENSITIVE_VALUES: true
+        # OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims
+        URLS_SELF_ISSUER: http://hydra:4444
+        URLS_SELF_PUBLIC: http://hydra:4444
+        WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
+        WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
+        DSN: memory
+      command: serve all --dev
+      networks:
+        - oc
+      ports:
+        - "4444:4444"
+        - "4445:4445"
+      deploy:
+        restart_policy:
+          condition: on-failure
+  hydra-client: 
+        image: oryd/hydra:v2.2.0
+        container_name: hydra-client
+        environment:
+            HYDRA_ADMIN_URL: http://hydra:4445
+            ORY_SDK_URL: http://hydra:4445
+        command:
+            - create
+            - oauth2-client
+            - --skip-tls-verify
+            - --name
+            - test-client
+            - --secret
+            - oc-auth-got-secret
+            - --response-type
+            - id_token,token,code
+            - --grant-type
+            - implicit,refresh_token,authorization_code,client_credentials
+            - --scope
+            - openid,profile,email,roles
+            - --token-endpoint-auth-method
+            - client_secret_post
+            - --redirect-uri
+            - http://localhost:3000
+
+        networks:
+            - oc
+        deploy:
+            restart_policy:
+                condition: none
+        depends_on:
+            - hydra
+        healthcheck:
+            test: ["CMD", "curl", "-f", "http://hydra:4445"]
+            interval: 10s
+            timeout: 10s
+            retries: 10
+  ldap:
+    image: pgarrett/ldap-alpine
+    container_name: ldap
+    volumes:  
+      - "./ldap.ldif:/ldif/ldap.ldif"
+    networks:
+      - oc
+    ports:
+      - "390:389"
+    deploy:
+      restart_policy:
+        condition: on-failure
+  keto:
+    image: oryd/keto:v0.7.0-alpha.1-sqlite
+    ports:
+      - "4466:4466"
+      - "4467:4467"
+    command: serve -c /home/ory/keto.yml
+    restart: on-failure
+    volumes:
+      - type: bind
+        source: .
+        target: /home/ory
+    container_name: keto
+    networks: 
+      - oc
+
+volumes:
+  oc-data:
+
+networks: 
+  oc:
+    external: true

docker/tools/docker-compose.traefik.yml

@@ -0,0 +1,24 @@
+version: '3.4'
+
+services:
+  traefik:
+    image: traefik:v2.10.4
+    container_name: traefik
+    restart: unless-stopped
+    networks:
+      - oc
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--entrypoints.web.address=:8000"
+    ports:
+      - "8000:8000"  # Expose Traefik on port 8000    
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+volumes:
+  oc-data:
+
+networks: 
+  oc:
+    external: true

docker/tools/keto.yml

@@ -0,0 +1,18 @@
+version: v0.6.0-alpha.1
+
+log:
+  level: debug
+
+namespaces:
+  - id: 0
+    name: open-cloud
+
+dsn: memory
+
+serve:
+  read:
+    host: 0.0.0.0
+    port: 4466
+  write:
+    host: 0.0.0.0
+    port: 4467

docker/tools/ldap.ldif

@@ -0,0 +1,24 @@
+dn: uid=admin,ou=Users,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Admin
+sn: Istrator
+uid: admin
+userPassword: admin
+mail: admin@example.com
+ou: Users
+
+dn: ou=AppRoles,dc=example,dc=com
+objectClass: organizationalunit
+ou: AppRoles
+description: AppRoles
+
+dn: ou=App1,ou=AppRoles,dc=example,dc=com
+objectClass: organizationalunit
+ou: App1
+description: App1
+
+dn: cn=traveler,ou=App1,ou=AppRoles,dc=example,dc=com
+objectClass: groupofnames
+cn: traveler
+description: traveler
+member: uid=admin,ou=Users,dc=example,dc=com

env.env

@@ -0,0 +1,4 @@
+KUBERNETES_SERVICE_HOST=192.168.1.169
+KUBE_CA="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTWpNeE1USXdNell3SGhjTk1qUXdPREE0TVRBeE16VTJXaGNOTXpRd09EQTJNVEF4TXpVMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTWpNeE1USXdNell3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTVlk3ZHZhNEdYTVdkMy9jMlhLN3JLYjlnWXgyNSthaEE0NmkyNVBkSFAKRktQL2UxSVMyWVF0dzNYZW1TTUQxaStZdzJSaVppNUQrSVZUamNtNHdhcnFvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWtlUVJpNFJiODduME5yRnZaWjZHClc2SU55NnN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnRXA5ck04WmdNclRZSHYxZjNzOW5DZXZZeWVVa3lZUk4KWjUzazdoaytJS1FDSVFDbk05TnVGKzlTakIzNDFacGZ5ays2NEpWdkpSM3BhcmVaejdMd2lhNm9kdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+KUBE_CERT="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJWUxWNkFPQkdrU1F3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOekl6TVRFeU1ETTJNQjRYRFRJME1EZ3dPREV3TVRNMU5sb1hEVEkxTURndwpPREV3TVRNMU5sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJGQ2Q1MFdPeWdlQ2syQzcKV2FrOWY4MVAvSkJieVRIajRWOXBsTEo0ck5HeHFtSjJOb2xROFYxdUx5RjBtOTQ2Nkc0RmRDQ2dqaXFVSk92Swp3NVRPNnd5alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCVFJkOFI5cXVWK2pjeUVmL0ovT1hQSzMyS09XekFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQTArbThqTDBJVldvUTZ0dnB4cFo4NVlMalF1SmpwdXM0aDdnSXRxS3NmUVVDSUI2M2ZNdzFBMm5OVWU1TgpIUGZOcEQwSEtwcVN0Wnk4djIyVzliYlJUNklZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTWpNeE1USXdNell3SGhjTk1qUXdPREE0TVRBeE16VTJXaGNOTXpRd09EQTJNVEF4TXpVMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTWpNeE1USXdNell3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFRc3hXWk9pbnIrcVp4TmFEQjVGMGsvTDF5cE01VHAxOFRaeU92ektJazQKRTFsZWVqUm9STW0zNmhPeVljbnN3d3JoNnhSUnBpMW5RdGhyMzg0S0Z6MlBvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTBYZkVmYXJsZm8zTWhIL3lmemx6Cnl0OWlqbHN3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUxJL2dNYnNMT3MvUUpJa3U2WHVpRVMwTEE2cEJHMXgKcnBlTnpGdlZOekZsQWlFQW1wdjBubjZqN3M0MVI0QzFNMEpSL0djNE53MHdldlFmZWdEVGF1R2p3cFk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+KUBE_DATA="LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU5ZS1BFb1dhd1NKUzJlRW5oWmlYMk5VZlY1ZlhKV2krSVNnV09TNFE5VTlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVUozblJZN0tCNEtUWUx0WnFUMS96VS84a0Z2Sk1lUGhYMm1Vc25pczBiR3FZblkyaVZEeApYVzR2SVhTYjNqcm9iZ1YwSUtDT0twUWs2OHJEbE03ckRBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="

helm/oc-catalog/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v2
-name: oc-catalog
-description: A Helm chart for deploying the oc-catalog application
-version: 0.1.0
-appVersion: "1.0"

helm/oc-catalog/templates/service.yml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-oc-catalog
-spec:
-  selector:
-    app: {{ .Chart.Name }}
-  ports:
-    - protocol: TCP
-      port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
-  type: {{ .Values.service.type }}

helm/oc-catalog/templates/statefulset.yml

@@ -1,33 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ .Release.Name }}-oc-catalog
-  labels:
-    app: oc-catalog
-spec:
-  serviceName: "{{ .Release.Name }}-oc-catalog"
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: oc-catalog
-  template:
-    metadata:
-      labels:
-        app: oc-catalog
-    spec:
-      containers:
-      - name: oc-catalog
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        ports:
-        - containerPort: 8080
-        env:
-        - name: MONGO_DATABASE
-          value: "DC_myDC"
-        - name: MONGO_URI
-          value: "mongodb://mongo:27017"
-      imagePullSecrets:
-      {{- if .Values.imagePullSecrets }}
-      {{- range .Values.imagePullSecrets }}
-        - name: {{ .name }}
-      {{- end }}
-      {{- end }}

helm/oc-catalog/values.yaml

@@ -1,19 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: registry.dev.svc.cluster.local:5000/oc-catalog
-  tag: latest
-  pullPolicy: IfNotPresent
-
-service:
-  type: NodePort
-  port: 8087
-  targetPort: 8080
-
-mongo:
-  database: DC_myDC
-  uri: mongodb://mongo:27017
-
-imagePullSecrets:
-  - name: regcred
-

helm/oc-deploy/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

helm/oc-deploy/Chart.lock

@@ -1,12 +0,0 @@
-dependencies:
-- name: oc-mongo
-  repository: file://../oc-mongo
-  version: 0.1.0
-- name: oc-mongo-express
-  repository: file://../oc-mongo-express
-  version: 0.1.0
-- name: oc-catalog
-  repository: file://../oc-catalog
-  version: 0.1.0
-digest: sha256:036af8acf7fe0a73f039776d13f63aeb7530e7a8b0febb49fd5e8415ac6672c6
-generated: "2024-08-27T14:34:41.6038407+02:00"

helm/oc-deploy/Chart.yaml

@@ -1,14 +0,0 @@
-apiVersion: v2
-name: oc-deploy
-description: A Helm chart to deploy oc-mongo, oc-mongo-express, and oc-catalog together
-version: 0.1.0
-dependencies:
-  - name: oc-mongo
-    version: 0.1.0
-    repository: "file://../oc-mongo"
-  - name: oc-mongo-express
-    version: 0.1.0
-    repository: "file://../oc-mongo-express"
-  - name: oc-catalog
-    version: 0.1.0
-    repository: "file://../oc-catalog"

helm/oc-deploy/charts/oc-catalog/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v2
-name: oc-catalog
-description: A Helm chart for deploying the oc-catalog application
-version: 0.1.0
-appVersion: "1.0"

helm/oc-deploy/charts/oc-catalog/templates/service.yml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: oc-catalog
-spec:
-  selector:
-    app: {{ .Chart.Name }}
-  ports:
-    - protocol: TCP
-      port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
-  type: {{ .Values.service.type }}

helm/oc-deploy/charts/oc-catalog/templates/statefulset.yml

@@ -1,33 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ .Release.Name }}-oc-catalog
-  labels:
-    app: oc-catalog
-spec:
-  serviceName: "oc-catalog"
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: oc-catalog
-  template:
-    metadata:
-      labels:
-        app: oc-catalog
-    spec:
-      containers:
-      - name: oc-catalog
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        ports:
-        - containerPort: 8080
-        env:
-        - name: MONGO_DATABASE
-          value: "DC_myDC"
-        - name: MONGO_URI
-          value: "mongodb://{{ .Release.Name }}-mongo:27017"
-      imagePullSecrets:
-      {{- if .Values.imagePullSecrets }}
-      {{- range .Values.imagePullSecrets }}
-        - name: {{ .name }}
-      {{- end }}
-      {{- end }}

helm/oc-deploy/charts/oc-catalog/values.yaml

@@ -1,19 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: registry.dev.svc.cluster.local:5000/oc-catalog
-  tag: latest
-  pullPolicy: IfNotPresent
-
-service:
-  type: NodePort
-  port: 8087
-  targetPort: 8080
-
-mongo:
-  database: DC_myDC
-  uri: mongodb://oc-deploy-mongo:27017
-
-imagePullSecrets:
-  - name: regcred
-

helm/oc-deploy/charts/oc-mongo-express/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v2
-name: oc-mongo-express
-description: A Helm chart for deploying mongo-express
-version: 0.1.0
-appVersion: "1.0"

helm/oc-deploy/charts/oc-mongo-express/templates/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: mongo-express
-spec:
-  selector:
-    app: mongo-express
-  ports:
-    - protocol: TCP
-      port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
-  type: {{ .Values.service.type }}

helm/oc-deploy/charts/oc-mongo-express/templates/statefulset.yaml

@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ .Release.Name }}-mongo-express
-  labels:
-    app: mongo-express
-spec:
-  serviceName: "mongo-express"
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: mongo-express
-  template:
-    metadata:
-      labels:
-        app: mongo-express
-    spec:
-      containers:
-      - name: mongo-express
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        ports:
-        - containerPort: {{ .Values.service.targetPort }}
-        env:
-        - name: ME_CONFIG_BASICAUTH_USERNAME
-          valueFrom:
-            secretKeyRef:
-              name: mongo-secret
-              key: {{ .Values.secret.usernameKey }}
-        - name: ME_CONFIG_BASICAUTH_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: mongo-secret
-              key: {{ .Values.secret.passwordKey }}
-      imagePullSecrets:
-      {{- if .Values.imagePullSecrets }}
-      {{- range .Values.imagePullSecrets }}
-        - name: {{ .name }}
-      {{- end }}
-      {{- end }}

helm/oc-deploy/charts/oc-mongo-express/values.yaml

@@ -1,18 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: mongo-express
-  tag: latest
-  pullPolicy: IfNotPresent
-
-service:
-  port: 8081
-  targetPort: 8081
-  type: NodePort
-
-imagePullSecrets:
-  - name: my-registry-key
-
-secret:
-  usernameKey: mongo-username
-  passwordKey: mongo-password

helm/oc-deploy/charts/oc-mongo/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v2
-name: oc-mongo
-description: A Helm chart for deploying the oc-mongo component
-version: 0.1.0
-appVersion: "1.0"

helm/oc-deploy/charts/oc-mongo/templates/pvc.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Values.persistence.name }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}

helm/oc-deploy/charts/oc-mongo/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-mongo-secret
-type: Opaque
-data:
-  username: {{ .Values.secret.username }}
-  password: {{ .Values.secret.password }}

helm/oc-deploy/charts/oc-mongo/templates/service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: mongo
-spec:
-  selector:
-    app: mongo
-  ports:
-    - protocol: TCP
-      port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.port }}

helm/oc-deploy/charts/oc-mongo/templates/statefulset.yaml

@@ -1,31 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ .Release.Name }}-mongo
-  labels:
-    app: mongo
-spec:
-  serviceName: "mongo"
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: mongo
-  template:
-    metadata:
-      labels:
-        app: mongo
-    spec:
-      containers:
-      - name: mongo
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        ports:
-        - containerPort: 27017
-        volumeMounts:
-        - name: mongo-persistent-storage
-          mountPath: /data/db
-        - name: mongo-persistent-storage
-          mountPath: /data/configdb
-      volumes:
-      - name: mongo-persistent-storage
-        persistentVolumeClaim:
-          claimName: {{ .Values.persistence.name }}

helm/oc-deploy/charts/oc-mongo/values.yaml

@@ -1,19 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: mongo
-  tag: latest
-  pullPolicy: IfNotPresent
-
-service:
-  port: 27017
-
-persistence:
-  name: mongo-pvc-helm
-  enabled: true
-  accessMode: ReadWriteOnce
-  size: 1Gi
-
-secret:
-  username: dGVzdA==  # base64 encoding of 'test'
-  password: dGVzdA==  # base64 encoding of 'test'

helm/oc-deploy/values.yaml

@@ -1,48 +0,0 @@
-oc-mongo:
-  replicaCount: 1
-  image:
-    repository: registry.dev.svc.cluster.local:5000/mongo
-    tag: latest
-    pullPolicy: IfNotPresent
-  service:
-    port: 27017
-  persistence:
-    name: mongo-pvc-helm
-    enabled: true
-    accessMode: ReadWriteOnce
-    size: 1Gi
-  secret:
-    username: dGVzdA==  # base64 encoding of 'test'
-    password: dGVzdA==  # base64 encoding of 'test'
-
-oc-mongo-express:
-  replicaCount: 1
-  image:
-    repository: registry.dev.svc.cluster.local:5000/mongo-express
-    tag: latest
-    pullPolicy: IfNotPresent
-  service:
-    port: 8081
-    targetPort: 8081
-    type: NodePort
-  imagePullSecrets:
-    - name: regcred
-  secret:
-    usernameKey: mongo-username
-    passwordKey: mongo-password
-
-oc-catalog:
-  replicaCount: 1
-  image:
-    repository: registry.dev.svc.cluster.local:5000/oc-catalog
-    tag: latest
-    pullPolicy: IfNotPresent
-  service:
-    type: NodePort
-    port: 8087
-    targetPort: 8080
-  mongo:
-    database: DC_myDC
-    uri: mongodb://oc-catalog-mongo:27017
-  imagePullSecrets:
-    - name: regcred

helm/oc-mongo-express/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v2
-name: oc-mongo-express
-description: A Helm chart for deploying mongo-express
-version: 0.1.0
-appVersion: "1.0"

helm/oc-mongo-express/templates/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-mongo-express
-spec:
-  selector:
-    app: mongo-express
-  ports:
-    - protocol: TCP
-      port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
-  type: {{ .Values.service.type }}

helm/oc-mongo-express/templates/statefulset.yaml

@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ .Release.Name }}-mongo-express
-  labels:
-    app: mongo-express
-spec:
-  serviceName: "{{ .Release.Name }}-mongo-express"
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: mongo-express
-  template:
-    metadata:
-      labels:
-        app: mongo-express
-    spec:
-      containers:
-      - name: mongo-express
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        ports:
-        - containerPort: {{ .Values.service.targetPort }}
-        env:
-        - name: ME_CONFIG_BASICAUTH_USERNAME
-          valueFrom:
-            secretKeyRef:
-              name: mongo-secret
-              key: {{ .Values.secret.usernameKey }}
-        - name: ME_CONFIG_BASICAUTH_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: mongo-secret
-              key: {{ .Values.secret.passwordKey }}
-      imagePullSecrets:
-      {{- if .Values.imagePullSecrets }}
-      {{- range .Values.imagePullSecrets }}
-        - name: {{ .name }}
-      {{- end }}
-      {{- end }}

helm/oc-mongo-express/values.yaml

@@ -1,18 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: mongo-express
-  tag: latest
-  pullPolicy: IfNotPresent
-
-service:
-  port: 8081
-  targetPort: 8081
-  type: NodePort
-
-imagePullSecrets:
-  - name: my-registry-key
-
-secret:
-  usernameKey: mongo-username
-  passwordKey: mongo-password

helm/oc-mongo/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v2
-name: oc-mongo
-description: A Helm chart for deploying the oc-mongo component
-version: 0.1.0
-appVersion: "1.0"

helm/oc-mongo/templates/pvc.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Values.persistence.name }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}

helm/oc-mongo/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-mongo-secret
-type: Opaque
-data:
-  username: {{ .Values.secret.username }}
-  password: {{ .Values.secret.password }}

helm/oc-mongo/templates/service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: mongo
-spec:
-  selector:
-    app: mongo
-  ports:
-    - protocol: TCP
-      port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.port }}

helm/oc-mongo/templates/statefulset.yaml

@@ -1,31 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ .Release.Name }}-mongo
-  labels:
-    app: mongo
-spec:
-  serviceName: "{{ .Release.Name }}-mongo"
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: mongo
-  template:
-    metadata:
-      labels:
-        app: mongo
-    spec:
-      containers:
-      - name: mongo
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        ports:
-        - containerPort: 27017
-        volumeMounts:
-        - name: mongo-persistent-storage
-          mountPath: /data/db
-        - name: mongo-persistent-storage
-          mountPath: /data/configdb
-      volumes:
-      - name: mongo-persistent-storage
-        persistentVolumeClaim:
-          claimName: {{ .Values.persistence.name }}

helm/oc-mongo/values.yaml

@@ -1,19 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: mongo
-  tag: latest
-  pullPolicy: IfNotPresent
-
-service:
-  port: 27017
-
-persistence:
-  name: mongo-pvc-helm
-  enabled: true
-  accessMode: ReadWriteOnce
-  size: 1Gi
-
-secret:
-  username: dGVzdA==  # base64 encoding of 'test'
-  password: dGVzdA==  # base64 encoding of 'test'

helm/occhart/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

helm/occhart/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: occhart
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

helm/occhart/charts/dex/dex-deployment.yaml

@@ -1,32 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: dex
-  labels:
-    app: dex
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: dex
-  template:
-    metadata:
-      labels:
-        app: dex
-    spec:
-      containers:
-        - name: dex
-          image: quay.io/dexidp/dex:v2.27.0
-          ports:
-            - containerPort: 5556
-          args:
-            - serve
-            - /etc/dex/cfg/config.yaml
-          volumeMounts:
-            - mountPath: /etc/dex/cfg
-              name: config
-      volumes:
-        - name: config
-          configMap:
-            name: dex-config
-  

helm/occhart/charts/dex/dex-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: dex
-  labels:
-    app: dex
-spec:
-  ports:
-    - port: 5556
-  selector:
-    app: dex

helm/occhart/charts/grafana/grafana-deployment.yaml

@@ -1,21 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: grafana
-  labels:
-    app: grafana
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: grafana
-  template:
-    metadata:
-      labels:
-        app: grafana
-    spec:
-      containers:
-        - name: grafana
-          image: grafana/grafana:7.5.0
-          ports:
-            - containerPort: 3000

helm/occhart/charts/grafana/grafana-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: grafana
-  labels:
-    app: grafana
-spec:
-  ports:
-    - port: 3000
-  selector:
-    app: grafana

helm/occhart/charts/ldap/ldap-deployment.yaml

@@ -1,21 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: ldap
-  labels:
-    app: ldap
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: ldap
-  template:
-    metadata:
-      labels:
-        app: ldap
-    spec:
-      containers:
-        - name: ldap
-          image: osixia/openldap:1.5.0
-          ports:
-            - containerPort: 389

helm/occhart/charts/ldap/ldap-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: ldap
-  labels:
-    app: ldap
-spec:
-  ports:
-    - port: 389
-  selector:
-    app: ldap

helm/occhart/charts/loki/loki-deployment.yaml

@@ -1,21 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: loki
-  labels:
-    app: loki
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: loki
-  template:
-    metadata:
-      labels:
-        app: loki
-    spec:
-      containers:
-        - name: loki
-          image: grafana/loki:2.2.0
-          ports:
-            - containerPort: 3100

helm/occhart/charts/loki/loki-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: loki
-  labels:
-    app: loki
-spec:
-  ports:
-    - port: 3100
-  selector:
-    app: loki

helm/occhart/charts/mongo/mongo-deployment.yaml

@@ -1,21 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mongo
-  labels:
-    app: mongo
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mongo
-  template:
-    metadata:
-      labels:
-        app: mongo
-    spec:
-      containers:
-        - name: mongo
-          image: mongo:4.4
-          ports:
-            - containerPort: 27017

helm/occhart/charts/mongo/mongo-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: mongo
-  labels:
-    app: mongo
-spec:
-  ports:
-    - port: 27017
-  selector:
-    app: mongo

helm/occhart/charts/nats/nats-deployment.yaml

@@ -1,21 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nats
-  labels:
-    app: nats
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: nats
-  template:
-    metadata:
-      labels:
-        app: nats
-    spec:
-      containers:
-        - name: nats
-          image: nats:2.1.9
-          ports:
-            - containerPort: 4222

helm/occhart/charts/nats/nats-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nats
-  labels:
-    app: nats
-spec:
-  ports:
-    - port: 4222
-  selector:
-    app: nats

helm/occhart/charts/traefik/traefik-deployment.yaml

@@ -1,37 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: traefik
-  labels:
-    app: traefik
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: traefik
-  template:
-    metadata:
-      labels:
-        app: traefik
-    spec:
-      containers:
-        - name: traefik
-          image: traefik:v2.4
-          ports:
-            - name: web
-              containerPort: 80
-            - name: admin
-              containerPort: 8080
-          args:
-            - --entrypoints.web.address=:80
-            - --entrypoints.websecure.address=:443
-            - --providers.kubernetescrd
-            - --api
-          volumeMounts:
-            - mountPath: /etc/traefik
-              name: traefik-config
-      volumes:
-        - name: traefik-config
-          configMap:
-            name: traefik-config
-

helm/occhart/charts/traefik/traefik-ingress.yaml

@@ -1,81 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: traefik-ingress
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: web
-spec:
-  rules:
-    - host: <your-domain>
-      http:
-        paths:
-          - path: /front
-            pathType: Prefix
-            backend:
-              service:
-                name: front-service
-                port:
-                  number: 80
-          - path: /back1
-            pathType: Prefix
-            backend:
-              service:
-                name: back1-service
-                port:
-                  number: 80
-          - path: /back2
-            pathType: Prefix
-            backend:
-              service:
-                name: back2-service
-                port:
-                  number: 80
-          - path: /mongo
-            pathType: Prefix
-            backend:
-              service:
-                name: mongo
-                port:
-                  number: 27017
-          - path: /nats
-            pathType: Prefix
-            backend:
-              service:
-                name: nats
-                port:
-                  number: 4222
-          - path: /zinc
-            pathType: Prefix
-            backend:
-              service:
-                name: zinc
-                port:
-                  number: 4080
-          - path: /dex
-            pathType: Prefix
-            backend:
-              service:
-                name: dex
-                port:
-                  number: 5556
-          - path: /ldap
-            pathType: Prefix
-            backend:
-              service:
-                name: ldap
-                port:
-                  number: 389
-          - path: /grafana
-            pathType: Prefix
-            backend:
-              service:
-                name: grafana
-                port:
-                  number: 3000
-          - path: /loki
-            pathType: Prefix
-            backend:
-              service:
-                name: loki
-                port:
-                  number: 3100

helm/occhart/charts/traefik/traefik-service.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: traefik
-  labels:
-    app: traefik
-spec:
-  type: LoadBalancer
-  ports:
-    - port: 80
-      name: web
-      targetPort: 80
-    - port: 8080
-      name: admin
-      targetPort: 8080
-  selector:
-    app: traefik

helm/occhart/charts/zinc/zinc-deployment.yaml

@@ -1,21 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: zinc
-  labels:
-    app: zinc
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: zinc
-  template:
-    metadata:
-      labels:
-        app: zinc
-    spec:
-      containers:
-        - name: zinc
-          image: public.ecr.aws/zinclabs/zinc:latest
-          ports:
-            - containerPort: 4080

helm/occhart/charts/zinc/zinc-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: zinc
-  labels:
-    app: zinc
-spec:
-  ports:
-    - port: 4080
-  selector:
-    app: zinc

helm/occhart/templates/NOTES.txt

@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "occhart.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "occhart.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "occhart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "occhart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}

helm/occhart/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "occhart.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "occhart.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "occhart.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "occhart.labels" -}}
-helm.sh/chart: {{ include "occhart.chart" . }}
-{{ include "occhart.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "occhart.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "occhart.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "occhart.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "occhart.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

helm/occhart/templates/deployment.yaml

@@ -1,68 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "occhart.fullname" . }}
-  labels:
-    {{- include "occhart.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "occhart.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "occhart.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "occhart.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            {{- toYaml .Values.livenessProbe | nindent 12 }}
-          readinessProbe:
-            {{- toYaml .Values.readinessProbe | nindent 12 }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

helm/occhart/templates/hpa.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "occhart.fullname" . }}
-  labels:
-    {{- include "occhart.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "occhart.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}

helm/occhart/templates/ingress.yaml

@@ -1,61 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "occhart.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
-  {{- end }}
-{{- end }}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    {{- include "occhart.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.className }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
-            pathType: {{ .pathType }}
-            {{- end }}
-            backend:
-              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
-              service:
-                name: {{ $fullName }}
-                port:
-                  number: {{ $svcPort }}
-              {{- else }}
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-              {{- end }}
-          {{- end }}
-    {{- end }}
-{{- end }}

helm/occhart/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "occhart.fullname" . }}
-  labels:
-    {{- include "occhart.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "occhart.selectorLabels" . | nindent 4 }}

helm/occhart/templates/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "occhart.serviceAccountName" . }}
-  labels:
-    {{- include "occhart.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}

helm/occhart/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "occhart.fullname" . }}-test-connection"
-  labels:
-    {{- include "occhart.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "occhart.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

helm/occhart/values.yaml

@@ -1,107 +0,0 @@
-# Default values for occhart.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: nginx
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-podLabels: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-service:
-  type: ClusterIP
-  port: 80
-
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-livenessProbe:
-  httpGet:
-    path: /
-    port: http
-readinessProbe:
-  httpGet:
-    path: /
-    port: http
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

k8s/README.md

@@ -0,0 +1,46 @@
+
+## Deploy the opencloud chart
+
+```
+./start.sh <mode: dev|prod default:dev> <branche | default:main> 
+```
+
+Feel free to modify/create a new opencloud/dev-values.yaml. Provided setup should work out of the box, but is not suitable for production usage.
+
+## Hostname settings
+
+Edit your /etc/hosts file, and add following line:
+
+```
+127.0.0.1 beta.opencloud.com
+```
+
+## Done
+
+Everything should be operational now, go to http://beta.opencloud.com and enjoy the ride
+
+# Prebuilt microservices deployment procedure
+
+TODO
+
+# First steps
+
+Go to http://beta.opencloud.com/users
+
+Log in using default user/password combo ldapadmin/ldapadmin
+
+Create a new user, or change the default one
+
+Go to http://beta.opencloud.com
+
+Log in using your fresh credentials
+
+Do stuff
+
+You can go to http://beta.opencloud.com/mongoexpress
+
+... for mongo express web client access (default login/password is test/testme)
+
+You can go to http://localhost/dashboard/
+
+... for access to Traefik reverse proxy front-end

k8s/start.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+mode=${1:-dev}
+branch=${2:-main}
+
+cd ../..
+
+if [ ! -d "oc-k8s" ]; then
+    echo "Cloning repository: $repo_name"
+    git clone "https://cloud.o-forge.io/core/oc-k8s.git"
+    if [ $? -ne 0 ]; then
+        echo "Error cloning oc-k8s"
+        exit 1
+    fi
+fi
+echo "Repository 'oc-k8s' already exists. Pulling latest changes..."
+cd "oc-k8s" && git checkout $branch && git pull
+
+./create_kind_cluster.sh
+./clone_opencloud_microservices.sh  $branch
+./build_opencloud_microservices.sh
+./install.sh $mode

k8s/stop.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+mode=${1:-dev}
+branch=${2:-main}
+
+cd ../..
+
+if [ ! -d "oc-k8s" ]; 
+    echo "Cloning repository: $repo_name"
+    git clone "https://cloud.o-forge.io/core/oc-k8s.git"
+    if [ $? -ne 0 ]; then
+        echo "Error cloning oc-k8s"
+        exit 1
+    fi
+fi
+echo "Repository 'oc-k8s' already exists. Pulling latest changes..."
+cd "oc-k8s" && git checkout $branch && git pull
+
+./uninstall.sh $mode
+./delete_kind_cluster.sh
+

kube/oc-catalog/oc-catalog-deployment.yml

@@ -1,29 +0,0 @@
-# oc-catalog-deployment.yml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: oc-catalog
-  labels:
-    app: oc-catalog
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: oc-catalog
-  template:
-    metadata:
-      labels:
-        app: oc-catalog
-    spec:
-      containers:
-      - name: oc-catalog
-        image: registry.dev.svc.cluster.local:5000/oc-catalog:latest
-        ports:
-        - containerPort: 8080
-        env:
-        - name: MONGO_DATABASE
-          value: "DC_myDC"
-        - name: MONGO_URI
-          value: "mongodb://mongo:27017"
-      imagePullSecrets:
-      - name: regcred

kube/oc-catalog/oc-catalog-service.yml

@@ -1,13 +0,0 @@
-# oc-catalog-service.yml
-apiVersion: v1
-kind: Service
-metadata:
-  name: oc-catalog
-spec:
-  selector:
-    app: oc-catalog
-  ports:
-    - protocol: TCP
-      port: 8087
-      targetPort: 8080
-  type: NodePort  # Optional, useful for accessing via Minikube IP and NodePort

kube/oc-mongo/mongo-express/mongo-express-deployment.yml

@@ -1,32 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mongo-express
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mongo-express
-  template:
-    metadata:
-      labels:
-        app: mongo-express
-    spec:
-      containers:
-      - name: mongo-express
-        image: mongo-express:latest
-        ports:
-        - containerPort: 8081
-        env:
-        - name: ME_CONFIG_BASICAUTH_USERNAME
-          valueFrom:
-            secretKeyRef:
-              name: mongo-secret
-              key: mongo-username
-        - name: ME_CONFIG_BASICAUTH_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: mongo-secret
-              key: mongo-password
-      imagePullSecrets:
-      - name: my-registry-key

kube/oc-mongo/mongo-express/mongo-express-service.yml

@@ -1,13 +0,0 @@
-# mongo-express-service.yml
-apiVersion: v1
-kind: Service
-metadata:
-  name: mongo-express
-spec:
-  selector:
-    app: mongo-express
-  ports:
-    - protocol: TCP
-      port: 8081
-      targetPort: 8081
-  type: NodePort  # Optional, useful for accessing via Minikube IP and NodePort

kube/oc-mongo/mongo/mongo-deployment.yml

@@ -1,42 +0,0 @@
-# mongo-deployment.yml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mongo
-  labels:
-    app: mongo
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mongo
-  template:
-    metadata:
-      labels:
-        app: mongo
-    spec:
-      containers:
-      - name: mongo
-        image: mongo:latest
-        ports:
-        - containerPort: 27017
-        volumeMounts:
-        - name: mongo-persistent-storage
-          mountPath: /data/db
-        - name: mongo-persistent-storage
-          mountPath: /data/configdb
-      volumes:
-      - name: mongo-persistent-storage
-        persistentVolumeClaim:
-          claimName: mongo-pvc
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: mongo-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi

kube/oc-mongo/mongo/mongo-secret.yml

@@ -1,9 +0,0 @@
-# mongo-secret.yml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mongo-secret
-type: Opaque
-data:
-  username: dGVzdA==  # base64 encoding of 'test'
-  password: dGVzdA==  # base64 encoding of 'test'

kube/oc-mongo/mongo/mongo-service.yml

@@ -1,12 +0,0 @@
-# mongo-service.yml
-apiVersion: v1
-kind: Service
-metadata:
-  name: mongo
-spec:
-  selector:
-    app: mongo
-  ports:
-    - protocol: TCP
-      port: 27017
-      targetPort: 27017

vanilla/README.md

@@ -0,0 +1,7 @@
+# RUN 
+- `./start.sh <YOUR INTERNET IP>`
+Now reach localhost:8000
+
+# STOP
+- `./stop.sh`
+

vanilla/start.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+echo "Stopping all services..."
+
+./stop.sh > /dev/null 2>&1
+
+echo "Starting all services"
+
+cp ./traefik-dev-reverse/template_dynamic.yml ./traefik-dev-reverse/dynamic.yml
+sed -i "s/localhost/$1/g" ./traefik-dev-reverse/dynamic.yml
+
+docker network create oc | true
+cd ./tools && docker compose -f ./docker-compose.dev.yml up --force-recreate -d
+cd .. && docker compose -f ./traefik-dev-reverse/docker-compose.yml up --force-recreate -d
+
+cd ../..
+
+REPOS=(
+    "oc-auth"
+    "oc-catalog"
+    "oc-datacenter"
+    "oc-monitord"
+    "oc-peer"
+    "oc-shared"
+    "oc-scheduler"
+    "oc-schedulerd"
+    "oc-workflow"
+    "oc-workspace"
+    "oc-front"
+)
+for i in "${REPOS[@]}"
+do
+   echo "Building $i"
+   cd ./$i 
+   make dev HOST="${2:-http://localhost:8000}" &
+   cd ..
+done
+

vanilla/stop.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+docker network delete oc | true
+
+docker compose -f ./traefik-dev-reverse/docker-compose.yml rm -s -v -f
+
+TOOLS=(
+    "mongo"
+    "mongo-express"
+    "nats"
+    "loki"
+    "grafana"
+    "keto"
+    "ldap"
+)
+
+for i in "${TOOLS[@]}"
+do
+   echo "kill $i"
+   docker kill $i | true
+   docker rm $i | true
+done
+
+cd ../..
+
+REPOS=(
+    "oc-auth"
+    "oc-catalog"
+    "oc-datacenter"
+    "oc-monitord"
+    "oc-peer"
+    "oc-shared"
+    "oc-scheduler"
+    "oc-schedulerd"
+    "oc-workflow"
+    "oc-workspace"
+    "oc-front"
+)
+for i in "${REPOS[@]}"
+do
+   echo "kill $i"
+   docker kill $i | true
+   docker rm $i | true
+   cd ./$i 
+   make purge | true
+   cd ..
+done
+

vanilla/tools/docker-compose.dev.yml

@@ -0,0 +1,104 @@
+version: '3.4'
+
+services:
+  mongo:
+    image: 'mongo:latest'
+    networks: 
+      - oc
+    ports:
+      - 27017:27017
+    container_name: mongo
+    volumes: 
+      - oc-data:/data/db
+      - oc-data:/data/configdb
+  
+  mongo-express:
+    image: "mongo-express:latest"
+    restart: always
+    depends_on: 
+      - mongo
+    networks: 
+      - oc
+    ports:
+      - 8081:8081
+    environment:
+      - ME_CONFIG_BASICAUTH_USERNAME=test
+      - ME_CONFIG_BASICAUTH_PASSWORD=test
+  nats:
+    image: 'nats:latest'
+    container_name: nats
+    ports:
+      - 4222:4222
+    command:
+      - "--debug"
+    networks: 
+      - oc
+  loki:
+    image: 'grafana/loki'
+    container_name: loki
+    labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.loki.entrypoints=web"
+        - "traefik.http.routers.loki.rule=PathPrefix(`/tools/loki`)"
+        - "traefik.http.services.loki.loadbalancer.server.port=3100"
+        - "traefik.http.middlewares.loki-stripprefix.stripprefix.prefixes=/tools/loki"
+        - "traefik.http.routers.loki.middlewares=loki-stripprefix"
+        - "traefik.http.middlewares.loki.forwardauth.address=http://localhost:8094/oc/forward"
+    ports : 
+      - "3100:3100"
+    networks:
+      - oc
+  grafana:
+    image: 'grafana/grafana'
+    container_name: grafana
+    ports:
+      - '3000:3000'
+    labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.grafana.entrypoints=web"
+        - "traefik.http.routers.grafana.rule=PathPrefix(`/tools/grafana`)"
+        - "traefik.http.services.grafana.loadbalancer.server.port=3000"
+        - "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/tools/grafana"
+        - "traefik.http.routers.grafana.middlewares=grafana-stripprefix"
+        - "traefik.http.middlewares.grafana.forwardauth.address=http://localhost:8094/oc/forward"
+    networks:
+      - oc
+    volumes:
+      - ./conf/grafana_data_source.yml:/etc/grafana/provisioning/datasources/datasource.yml
+    environment:
+      - GF_SECURITY_ADMIN_PASSWORD=pfnirt                   # Change this to anything but admin to not have a password change page at startup
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_DISABLE_INITIAL_ADMIN_PASSWORD_CHANGE=true
+  ldap:
+    image: pgarrett/ldap-alpine
+    container_name: ldap
+    volumes:  
+      - "./ldap.ldif:/ldif/ldap.ldif"
+    networks:
+      - oc
+    ports:
+      - "390:389"
+    deploy:
+      restart_policy:
+        condition: on-failure
+  keto:
+    image: oryd/keto:v0.7.0-alpha.1-sqlite
+    ports:
+      - "4466:4466"
+      - "4467:4467"
+    command: serve -c /home/ory/keto.yml
+    restart: on-failure
+    volumes:
+      - type: bind
+        source: .
+        target: /home/ory
+    container_name: keto
+    networks: 
+      - oc
+
+volumes:
+  oc-data:
+
+networks: 
+  oc:
+    external: true

vanilla/tools/keto.yml

@@ -0,0 +1,18 @@
+version: v0.6.0-alpha.1
+
+log:
+  level: debug
+
+namespaces:
+  - id: 0
+    name: open-cloud
+
+dsn: memory
+
+serve:
+  read:
+    host: 0.0.0.0
+    port: 4466
+  write:
+    host: 0.0.0.0
+    port: 4467

vanilla/tools/ldap.ldif

@@ -0,0 +1,24 @@
+dn: uid=admin,ou=Users,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Admin
+sn: Istrator
+uid: admin
+userPassword: admin
+mail: admin@example.com
+ou: Users
+
+dn: ou=AppRoles,dc=example,dc=com
+objectClass: organizationalunit
+ou: AppRoles
+description: AppRoles
+
+dn: ou=App1,ou=AppRoles,dc=example,dc=com
+objectClass: organizationalunit
+ou: App1
+description: App1
+
+dn: cn=traveler,ou=App1,ou=AppRoles,dc=example,dc=com
+objectClass: groupofnames
+cn: traveler
+description: traveler
+member: uid=admin,ou=Users,dc=example,dc=com