Add Volume

2026-01-15 15:48:10 +01:00
parent 8098a86dae
commit 1b77b8b6cf
55 changed files with 246 additions and 72 deletions
--- a/utils/assets/templates/hydra.yaml
+++ b/utils/assets/templates/hydra.yaml
@@ -9,10 +9,9 @@ spec:
  routes:                           
    - kind: Rule
      match:  Host(`{{ .Values.host }}`) &&  PathPrefix(`/hydra`)
-      priority: 10                    
      services:
      - kind: Service
-        name: {{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}
+        name: {{ .Release.Name }}-hydra-public
        passHostHeader: true
        port: 4444
 ---
--- a/utils/assets/templates/ldapUserManager.yaml
+++ b/utils/assets/templates/ldapUserManager.yaml
@@ -104,7 +104,6 @@ spec:
  routes:                           
    - kind: Rule
      match:  Host(`{{ .Values.host }}`) &&  PathPrefix(`/users`)
-      priority: 10                    
      services:
      - kind: Service
        name: {{ .Release.Name }}-ldap-user-manager-svc
--- a/utils/assets/templates/mongo.yaml
+++ b/utils/assets/templates/mongo.yaml
@@ -11,5 +11,5 @@ spec:
  resources:
    requests:
      storage: {{ .Values.mongodb.persistence.size }}
-  storageClassName: {{ .Values.mongodb.persistence.storageClass }}
+  storageClassName: {{ .Values.mongodb.global.storageClass }}
 {{- end }}
--- a/utils/assets/templates/mongoExpress.yaml
+++ b/utils/assets/templates/mongoExpress.yaml
@@ -9,10 +9,9 @@ spec:
  routes:                           
    - kind: Rule
      match:  Host(`{{ .Values.host }}`) &&  PathPrefix(`/mongoexpress`)
-      priority: 10                    
      services:
      - kind: Service
-        name: {{ .Release.Name }}-mongo-express.{{ .Release.Namespace }}
+        name: {{ .Release.Name }}-mongo-express
        passHostHeader: true
        port: 8081
 {{- end }}
--- a/utils/assets/templates/oc-auth/deployment.yaml
+++ b/utils/assets/templates/oc-auth/deployment.yaml
@@ -16,6 +16,10 @@ spec:
        app: oc-auth
    spec:
      volumes:
+        - name: oc-pem
+          secret:
+            secretName: oc-peer-pem
+            optional: true
        - name: public-key-volume
          secret:
            secretName: public-key-secret
@@ -37,6 +41,9 @@ spec:
          - name: private-key-volume
            mountPath: /keys/private/private.pem
            subPath: private.pem
+          - name: oc-pem
+            mountPath: /app/pem
+            readOnly: true
        envFrom:
        - configMapRef:
            name: opencloud-config
--- a/utils/assets/templates/oc-catalog/deployment.yaml
+++ b/utils/assets/templates/oc-catalog/deployment.yaml
@@ -15,6 +15,11 @@ spec:
      labels:
        app: oc-catalog
    spec:
+      volumes:
+        - name: oc-pem
+          secret:
+            secretName: oc-peer-pem
+            optional: true
      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
      imagePullSecrets:
        - name: regcred
@@ -42,4 +47,8 @@ spec:
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 30    
+        volumeMounts:
+          - name: oc-pem
+            mountPath: /app/pem
+            readOnly: true
 {{- end }}
--- a/utils/assets/templates/oc-datacenter/deployment.yaml
+++ b/utils/assets/templates/oc-datacenter/deployment.yaml
@@ -19,9 +19,18 @@ spec:
      imagePullSecrets:
        - name: regcred
      {{- end }}
+      volumes:
+        - name: oc-pem
+          secret:
+            secretName: oc-peer-pem
+            optional: true
      containers:
      - image: "{{ .Values.ocDatacenter.image }}"
        name: oc-datacenter
+        volumeMounts:
+          - name: oc-pem
+            mountPath: /app/pem
+            readOnly: true
        envFrom:
        - configMapRef:
            name: opencloud-config
--- a/utils/assets/templates/oc-front/config.yaml
+++ b/utils/assets/templates/oc-front/config.yaml
@@ -0,0 +1,18 @@
+{{- if index .Values.ocFront.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: front-config
+data:
+  config.json: |
+    {
+      "WORKSPACE_HOST": "workspace",
+      "WORKFLOW_HOST": "workflow",
+      "CATALOG_HOST": "catalog",
+      "SCHEDULER_HOST": "scheduler",
+      "PEER_HOST": "peers",
+      "DATACENTER_HOST": "datacenter",
+      "COLLABORATIVE_AREA_HOST": "shared",
+      "HOST": "{{ .Values.scheme }}://{{ .Values.host }}",
+    }
+{{- end }}
--- a/utils/assets/templates/oc-front/deployment.yaml
+++ b/utils/assets/templates/oc-front/deployment.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.ocFront.enabled }}
+{{- if index .Values.ocFront.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -6,7 +6,7 @@ metadata:
    app: oc-front
  name: {{ .Release.Name }}-oc-front
 spec:
-  replicas: {{ .Values.ocFront.replicas }}
+  replicas: 1
  selector:
    matchLabels:
      app: oc-front
@@ -28,14 +28,8 @@ spec:
        name: oc-front
        ports:
          - name: http
-            containerPort: 80
+            containerPort: 8080
            protocol: TCP
-        livenessProbe:
-            httpGet:
-              path: /
-              port: 80
-            initialDelaySeconds: 10
-            periodSeconds: 30   
        resources:
          limits:
            cpu: "{{ .Values.ocFront.resources.limits.cpu }}"
--- a/utils/assets/templates/oc-front/service.yaml
+++ b/utils/assets/templates/oc-front/service.yaml
@@ -10,7 +10,7 @@ spec:
  - name: http
    port: 8080
    protocol: TCP
-    targetPort: 80
+    targetPort: 8080
  selector:
    app: oc-front
  type: ClusterIP
--- a/utils/assets/templates/oc-peer/deployment.yaml
+++ b/utils/assets/templates/oc-peer/deployment.yaml
@@ -19,12 +19,21 @@ spec:
      imagePullSecrets:
        - name: regcred
      {{- end }}
+      volumes:
+        - name: oc-pem
+          secret:
+            secretName: oc-peer-pem
+            optional: true
      containers:
      - image: "{{ .Values.ocPeer.image }}"
        name: oc-peer
        envFrom:
        - configMapRef:
            name: opencloud-config
+        volumeMounts:
+          - name: oc-pem
+            mountPath: /app/pem
+            readOnly: true
        livenessProbe:
            httpGet:
              path: /oc/version
--- a/utils/assets/templates/oc-scheduler/deployment.yaml
+++ b/utils/assets/templates/oc-scheduler/deployment.yaml
@@ -15,6 +15,11 @@ spec:
      labels:
        app: oc-scheduler
    spec:
+      volumes:
+          - name: oc-pem
+            secret:
+              secretName: oc-peer-pem
+              optional: true
      serviceAccountName: scheduler-sa
      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
      imagePullSecrets:
@@ -23,6 +28,10 @@ spec:
      containers:
      - image: "{{ .Values.ocScheduler.image }}"
        name: oc-scheduler
+        volumeMounts:
+          - name: oc-pem
+            mountPath: /app/pem
+            readOnly: true
        envFrom:
        - configMapRef:
            name: opencloud-config
--- a/utils/assets/templates/oc-shared/deployment.yaml
+++ b/utils/assets/templates/oc-shared/deployment.yaml
@@ -19,9 +19,18 @@ spec:
      imagePullSecrets:
        - name: regcred
      {{- end }}
+      volumes:
+          - name: oc-pem
+            secret:
+              secretName: oc-peer-pem
+              optional: true
      containers:
      - image: "{{ .Values.ocShared.image }}"
        name: oc-shared
+        volumeMounts:
+          - name: oc-pem
+            mountPath: /app/pem
+            readOnly: true
        envFrom:
        - configMapRef:
            name: opencloud-config
--- a/utils/assets/templates/oc-workflow/deployment.yaml
+++ b/utils/assets/templates/oc-workflow/deployment.yaml
@@ -19,9 +19,18 @@ spec:
      imagePullSecrets:
        - name: regcred
      {{- end }}
+      volumes:
+          - name: oc-pem
+            secret:
+              secretName: oc-peer-pem
+              optional: true
      containers:
      - image: "{{ .Values.ocWorkflow.image }}"
        name: oc-shared
+        volumeMounts:
+          - name: oc-pem
+            mountPath: /app/pem
+            readOnly: true
        envFrom:
        - configMapRef:
            name: opencloud-config
--- a/utils/assets/templates/oc-workspace/deployment.yaml
+++ b/utils/assets/templates/oc-workspace/deployment.yaml
@@ -15,9 +15,18 @@ spec:
      labels:
        app: oc-workspace
    spec:
+      volumes:
+        - name: oc-pem
+          secret:
+            secretName: oc-peer-pem
+            optional: true
      containers:
      - image: "{{ .Values.ocWorkspace.image }}"
        name: oc-workspace
+        volumeMounts:
+          - name: oc-pem
+            mountPath: /app/pem
+            readOnly: true
        envFrom:
        - configMapRef:
            name: opencloud-config
--- a/utils/assets/templates/prometheus.yaml
+++ b/utils/assets/templates/prometheus.yaml
@@ -9,10 +9,9 @@ spec:
  routes:                           
    - kind: Rule
      match:  Host(`{{ .Values.host }}`) &&  PathPrefix(`/monitor`)
-      priority: 10                    
      services:
      - kind: Service
-        name: {{ .Release.Name }}-monitor.{{ .Release.Namespace }}
+        name: {{ .Release.Name }}-prometheus-server
        passHostHeader: true
-        port: 9090
+        port: 80
 {{- end }}
--- a/utils/assets/templates/registry/docker-registry.yaml
+++ b/utils/assets/templates/registry/docker-registry.yaml
@@ -25,7 +25,6 @@ spec:
  routes:
  - kind: Rule
    match: Host(`{{ .Values.registryHost }}`)
-    priority: 5
    services:
    - kind: Service
      name:  {{ .Values.env }}-docker-registry-ui-registry-server
@@ -43,7 +42,6 @@ spec:
  routes:
  - kind: Rule
    match: Host(`{{ .Values.registryHost }}`) && PathPrefix(`/ui`)
-    priority: 10
    services:
    - kind: Service
      name:  {{ .Values.env }}-docker-registry-ui-user-interface
--- a/utils/assets/templates/traefik/traefik.yaml
+++ b/utils/assets/templates/traefik/traefik.yaml
@@ -1,3 +1,4 @@
+{{- if index .Values.traefik.enabled }}
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
@@ -6,3 +7,4 @@ spec:
  forwardAuth:
    address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward"
    trustForwardHeader: true
+{{- end }}
--- a/utils/assets/values.yaml.template
+++ b/utils/assets/values.yaml.template
@@ -1,5 +1,6 @@
 env: ${RELEASE:-prod} # For storage class provisioning
-name: ${CLUSTER_NAME:-opencloud}
+clusterName: ${CLUSTER_NAME:-opencloud}
+hostNetwork: true
 host: ${HOST:-beta.opencloud.com}
 registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule
 scheme: https # For reverse proxy rule
@@ -20,8 +21,8 @@ mongo-express:
 mongodb:
  enabled: ${OC_MONGO_ENABLED:-true}
  global:
-    defaultStorageClass: ${OC_MONGO_STORAGE:-""}
-    storageClass: ${OC_MONGO_STORAGE:-""}
+    defaultStorageClass: ${OC_MONGO_STORAGE:-"standard"}
+    storageClass: ${OC_MONGO_STORAGE:-"standard"}
  architecture: standalone
  useStatefulSet: false
  auth:
@@ -37,7 +38,7 @@ mongodb:
    enabled: true
    create: false            # do not auto-create
    existingClaim: ${OC_MONGO_PVC:-mongo-pvc}
-    storageClassName: ${OC_MONGO_STORAGE:-""}
+    storageClassName: ${OC_MONGO_STORAGE:-"standard"}
    accessModes: 
      - ReadWriteOnce
    size: ${OC_MONGO_SIZE:-5000Mi}
@@ -242,7 +243,6 @@ traefik:
  ports:
    web:
      nodePort: 30950
-
 hydra:
  enabled: ${OC_HYDRA_ENABLED:-true}
  maester:
@@ -287,6 +287,7 @@ loki:
    commonConfig:
      replication_factor: 1
    storage:
+      storageClassName: standard 
      type: filesystem
      filesystem:
        chunks_directory: /var/loki/chunks
@@ -325,7 +326,7 @@ loki:
      enabled: false # Deactivate loki auto provisioning, rely on existing PVC
      accessMode: ReadWriteOnce
      size: ${OC_LOKI_SIZE:-1Gi}
-      storageClassName: ${OC_LOKI_STORAGE:-""}
+      storageClassName: ${OC_LOKI_STORAGE:-"standard"}
      create: false 
      claimName: ${OC_LOKI_PVC:-loki-pvc} 

@@ -607,7 +608,8 @@ docker-registry-ui:
        claimName: docker-registry-pvc
    persistence:
      create: false
+      storageClassName: standard 
      existingClaim: docker-registry-pvc
      accessMode: ReadWriteOnce
      storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}
-      storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-""}
+      storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-"standard"}