core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Volume

Browse Source
This commit is contained in:
mr
2026-01-15 15:48:10 +01:00
parent 8098a86dae
commit 1b77b8b6cf
55 changed files with 246 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/main.go
View File

@@ -38,7 +38,7 @@ func action() error {
if len(os.Args) > 2 { if len(os.Args) > 2 {
args = os.Args[2:] args = os.Args[2:]
} }
internal.Start(args...) internal.Stop(args...)
case "extract": case "extract":
what := os.Args[2] what := os.Args[2]
switch what { switch what {

BIN
cmd/oc-k8s
View File

Binary file not shown.

2
cmd/opencloud-chart/Chart.lock
View File

@@ -36,4 +36,4 @@ dependencies:
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 27.45.0 version: 27.45.0
digest: sha256:11c96ddd86e2857872d7dafaa48b545870bef019169b0cc1c00ed3fb9f32b9ac digest: sha256:11c96ddd86e2857872d7dafaa48b545870bef019169b0cc1c00ed3fb9f32b9ac
generated: "2026-01-08T21:09:54.004802973+01:00" generated: "2026-01-15T15:35:28.283016654+01:00"

3
cmd/opencloud-chart/templates/hydra.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/hydra`) match: Host(`{{ .Values.host }}`) && PathPrefix(`/hydra`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Release.Name }}-hydra-public.{{ .Release.Namespace }} name: {{ .Release.Name }}-hydra-public
passHostHeader: true passHostHeader: true
port: 4444 port: 4444
--- ---

1
cmd/opencloud-chart/templates/ldapUserManager.yaml
View File

@@ -104,7 +104,6 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/users`) match: Host(`{{ .Values.host }}`) && PathPrefix(`/users`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Release.Name }}-ldap-user-manager-svc name: {{ .Release.Name }}-ldap-user-manager-svc

2
cmd/opencloud-chart/templates/mongo.yaml
View File

@@ -11,5 +11,5 @@ spec:
resources: resources:
requests: requests:
storage: {{ .Values.mongodb.persistence.size }} storage: {{ .Values.mongodb.persistence.size }}
storageClassName: {{ .Values.mongodb.persistence.storageClass }} storageClassName: {{ .Values.mongodb.global.storageClass }}
{{- end }} {{- end }}

3
cmd/opencloud-chart/templates/mongoExpress.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/mongoexpress`) match: Host(`{{ .Values.host }}`) && PathPrefix(`/mongoexpress`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Release.Name }}-mongo-express.{{ .Release.Namespace }} name: {{ .Release.Name }}-mongo-express
passHostHeader: true passHostHeader: true
port: 8081 port: 8081
{{- end }} {{- end }}

18
cmd/opencloud-chart/templates/oc-front/config.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if index .Values.ocFront.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: front-config
data:
config.json: |
{
"WORKSPACE_HOST": "workspace",
"WORKFLOW_HOST": "workflow",
"CATALOG_HOST": "catalog",
"SCHEDULER_HOST": "scheduler",
"PEER_HOST": "peers",
"DATACENTER_HOST": "datacenter",
"COLLABORATIVE_AREA_HOST": "shared",
"HOST": "{{ .Values.scheme }}://{{ .Values.host }}",
}
{{- end }}

10
cmd/opencloud-chart/templates/oc-front/deployment.yaml
View File

@@ -1,4 +1,4 @@
{{- if .Values.ocFront.enabled }} {{- if index .Values.ocFront.enabled }}
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@@ -6,7 +6,7 @@ metadata:
app: oc-front app: oc-front
name: {{ .Release.Name }}-oc-front name: {{ .Release.Name }}-oc-front
spec: spec:
replicas: {{ .Values.ocFront.replicas }} replicas: 1
selector: selector:
matchLabels: matchLabels:
app: oc-front app: oc-front
@@ -30,12 +30,6 @@ spec:
- name: http - name: http
containerPort: 80 containerPort: 80
protocol: TCP protocol: TCP
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
resources: resources:
limits: limits:
cpu: "{{ .Values.ocFront.resources.limits.cpu }}" cpu: "{{ .Values.ocFront.resources.limits.cpu }}"

5
cmd/opencloud-chart/templates/prometheus.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/monitor`) match: Host(`{{ .Values.host }}`) && PathPrefix(`/monitor`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Release.Name }}-monitor.{{ .Release.Namespace }} name: {{ .Release.Name }}-prometheus-server
passHostHeader: true passHostHeader: true
port: 9090 port: 80
{{- end }} {{- end }}

2
cmd/opencloud-chart/templates/registry/docker-registry.yaml
View File

@@ -25,7 +25,6 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.registryHost }}`) match: Host(`{{ .Values.registryHost }}`)
priority: 5
services: services:
- kind: Service - kind: Service
name: {{ .Values.env }}-docker-registry-ui-registry-server name: {{ .Values.env }}-docker-registry-ui-registry-server
@@ -43,7 +42,6 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.registryHost }}`) && PathPrefix(`/ui`) match: Host(`{{ .Values.registryHost }}`) && PathPrefix(`/ui`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Values.env }}-docker-registry-ui-user-interface name: {{ .Values.env }}-docker-registry-ui-user-interface

2
cmd/opencloud-chart/templates/traefik.yaml → cmd/opencloud-chart/templates/traefik/traefik.yaml
View File

@@ -1,3 +1,4 @@
{{- if index .Values.traefik.enabled }}
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
@@ -6,3 +7,4 @@ spec:
forwardAuth: forwardAuth:
address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward" address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward"
trustForwardHeader: true trustForwardHeader: true
{{- end }}

BIN
cmd/opencloud-chart/tmpcharts-699769/mongodb-16.3.1.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-699769/nats-1.2.6.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-699769/openldap-2.0.4.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-699769/traefik-33.0.0.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/mongo-express-6.5.2.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/mongodb-16.3.1.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/nats-1.2.6.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/openldap-2.0.4.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/traefik-33.0.0.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/hydra-0.50.6.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/keto-0.50.2.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/loki-6.23.0.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/mongo-express-6.5.2.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/mongodb-16.3.1.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/nats-1.2.6.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/openldap-2.0.4.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/traefik-33.0.0.tgz
View File

Binary file not shown.

16
cmd/opencloud-chart/values.yaml.template
View File

@@ -1,5 +1,6 @@
env: ${RELEASE:-prod} # For storage class provisioning env: ${RELEASE:-prod} # For storage class provisioning
name: ${CLUSTER_NAME:-opencloud} clusterName: ${CLUSTER_NAME:-opencloud}
hostNetwork: true
host: ${HOST:-beta.opencloud.com} host: ${HOST:-beta.opencloud.com}
registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule
scheme: https # For reverse proxy rule scheme: https # For reverse proxy rule
@@ -20,8 +21,8 @@ mongo-express:
mongodb: mongodb:
enabled: ${OC_MONGO_ENABLED:-true} enabled: ${OC_MONGO_ENABLED:-true}
global: global:
defaultStorageClass: ${OC_MONGO_STORAGE:-""} defaultStorageClass: ${OC_MONGO_STORAGE:-"standard"}
storageClass: ${OC_MONGO_STORAGE:-""} storageClass: ${OC_MONGO_STORAGE:-"standard"}
architecture: standalone architecture: standalone
useStatefulSet: false useStatefulSet: false
auth: auth:
@@ -37,7 +38,7 @@ mongodb:
enabled: true enabled: true
create: false # do not auto-create create: false # do not auto-create
existingClaim: ${OC_MONGO_PVC:-mongo-pvc} existingClaim: ${OC_MONGO_PVC:-mongo-pvc}
storageClassName: ${OC_MONGO_STORAGE:-""} storageClassName: ${OC_MONGO_STORAGE:-"standard"}
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
size: ${OC_MONGO_SIZE:-5000Mi} size: ${OC_MONGO_SIZE:-5000Mi}
@@ -242,7 +243,6 @@ traefik:
ports: ports:
web: web:
nodePort: 30950 nodePort: 30950
hydra: hydra:
enabled: ${OC_HYDRA_ENABLED:-true} enabled: ${OC_HYDRA_ENABLED:-true}
maester: maester:
@@ -287,6 +287,7 @@ loki:
commonConfig: commonConfig:
replication_factor: 1 replication_factor: 1
storage: storage:
storageClassName: standard
type: filesystem type: filesystem
filesystem: filesystem:
chunks_directory: /var/loki/chunks chunks_directory: /var/loki/chunks
@@ -325,7 +326,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: ${OC_LOKI_SIZE:-1Gi} size: ${OC_LOKI_SIZE:-1Gi}
storageClassName: ${OC_LOKI_STORAGE:-""} storageClassName: ${OC_LOKI_STORAGE:-"standard"}
create: false create: false
claimName: ${OC_LOKI_PVC:-loki-pvc} claimName: ${OC_LOKI_PVC:-loki-pvc}
@@ -607,7 +608,8 @@ docker-registry-ui:
claimName: docker-registry-pvc claimName: docker-registry-pvc
persistence: persistence:
create: false create: false
storageClassName: standard
existingClaim: docker-registry-pvc existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi} storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}
storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-""} storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-"standard"}

24
cmd/test-values.yaml
View File

@@ -1,12 +1,12 @@
env: sqsdq # For storage class provisioning env: test # For storage class provisioning
clusterName: opencloud clusterName: opencloud
host: beta.opencloud.com host: beta.opencloud.com
registryHost: oc # For reverse proxy rule registryHost: oc # For reverse proxy rule
scheme: https # For reverse proxy rule scheme: https # For reverse proxy rule
mongo-express: mongo-express:
enabled: true enabled: true
mongodbServer: "sqsdq-mongodb.sqsdq" # TO LOOK AFTER mongodbServer: "test-mongodb.test" # TO LOOK AFTER
mongodbPort: 27017 mongodbPort: 27017
mongodbEnableAdmin: true mongodbEnableAdmin: true
mongodbAdminUsername: admin mongodbAdminUsername: admin
@@ -20,8 +20,8 @@ mongo-express:
mongodb: mongodb:
enabled: true enabled: true
global: global:
defaultStorageClass: "" defaultStorageClass: "standard"
storageClass: "" storageClass: "standard"
architecture: standalone architecture: standalone
useStatefulSet: false useStatefulSet: false
auth: auth:
@@ -37,7 +37,7 @@ mongodb:
enabled: true enabled: true
create: false # do not auto-create create: false # do not auto-create
existingClaim: mongo-pvc existingClaim: mongo-pvc
storageClassName: "" storageClassName: "standard"
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
size: 5000Mi size: 5000Mi
@@ -53,7 +53,7 @@ mongodb:
enabled: true enabled: true
nats: nats:
enabled: false enabled: true
extraEnv: extraEnv:
- name: NATS_MAX_FILE_DESCRIPTORS - name: NATS_MAX_FILE_DESCRIPTORS
value: "65536" value: "65536"
@@ -78,7 +78,7 @@ nats:
name: nats-jetstream name: nats-jetstream
openldap: openldap:
enabled: false enabled: true
test: test:
enabled: false enabled: false
ltb-passwd: ltb-passwd:
@@ -261,7 +261,7 @@ hydra:
# consent: https://localhost-consent/consent/consent # consent: https://localhost-consent/consent/consent
# logout: https://localhost-logout/authentication/logout # logout: https://localhost-logout/authentication/logout
self: self:
issuer: "http://sqsdq-hydra-public.sqsdq:4444/" issuer: "http://test-hydra-public.test:4444/"
keto: keto:
enabled: true enabled: true
@@ -325,7 +325,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
storageClassName: "" storageClassName: "standard"
create: false create: false
claimName: loki-pvc claimName: loki-pvc
@@ -598,7 +598,7 @@ docker-registry-ui:
ui: ui:
title: "opencloud docker registry" title: "opencloud docker registry"
proxy: true proxy: true
dockerRegistryUrl: "http://sqsdq-docker-registry-ui-registry-server.sqsdq.svc.cluster.local:5000" dockerRegistryUrl: "http://test-docker-registry-ui-registry-server.test.svc.cluster.local:5000"
registry: registry:
secretName: regcred secretName: regcred
enabled: true enabled: true
@@ -610,4 +610,4 @@ docker-registry-ui:
existingClaim: docker-registry-pvc existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
storage: 5Gi storage: 5Gi
storageClassName: "" storageClassName: "standard"

60
cmd/tmp.json Normal file
View File

@@ -0,0 +1,60 @@
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"creationTimestamp": "2026-01-14T12:21:46Z",
"deletionTimestamp": "2026-01-15T07:35:29Z",
"labels": {
"kubernetes.io/metadata.name": "test",
"name": "test"
},
"name": "test",
"resourceVersion": "55940",
"uid": "4b990a37-71e7-44d8-9e70-cbaf10b8ed52"
},
"spec": {
"finalizers": [
"kubernetes"
]
},
"status": {
"conditions": [
{
"lastTransitionTime": "2026-01-15T13:06:55Z",
"message": "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: stale GroupVersion discovery: metrics.k8s.io/v1beta1",
"reason": "DiscoveryFailed",
"status": "True",
"type": "NamespaceDeletionDiscoveryFailure"
},
{
"lastTransitionTime": "2026-01-15T07:35:35Z",
"message": "All legacy kube types successfully parsed",
"reason": "ParsedGroupVersions",
"status": "False",
"type": "NamespaceDeletionGroupVersionParsingFailure"
},
{
"lastTransitionTime": "2026-01-15T07:35:35Z",
"message": "All content successfully deleted, may be waiting on finalization",
"reason": "ContentDeleted",
"status": "False",
"type": "NamespaceDeletionContentFailure"
},
{
"lastTransitionTime": "2026-01-15T07:36:19Z",
"message": "Some resources are remaining: oauth2clients.hydra.ory.sh has 1 resource instances",
"reason": "SomeResourcesRemain",
"status": "True",
"type": "NamespaceContentRemaining"
},
{
"lastTransitionTime": "2026-01-15T07:36:19Z",
"message": "Some content in the namespace has finalizers remaining: finalizer.ory.hydra.sh in 1 resource instances",
"reason": "SomeFinalizersRemain",
"status": "True",
"type": "NamespaceFinalizersRemaining"
}
],
"phase": "Terminating"
}
}

5
internal/cluster.go
View File

@@ -44,7 +44,6 @@ func Delete_Cluster(args ...string) error {
} }
func Create_Cluster(args ...string) error { func Create_Cluster(args ...string) error {
Delete_Cluster(args...)
folder := "." folder := "."
env := "dev" env := "dev"
if len(args) > 0 { if len(args) > 0 {
@@ -109,5 +108,9 @@ containerdConfigPatches:
if err := utils.Exec("kubectl config use-context kind-opencloud"); err != nil { if err := utils.Exec("kubectl config use-context kind-opencloud"); err != nil {
return err return err
} }
if err := utils.Exec("docker start opencloud-control-plane"); err != nil {
return err
}
return nil return nil
} }

2
internal/func.go
View File

@@ -42,6 +42,8 @@ Usage:
func Start(args ...string) error { func Start(args ...string) error {
utils.Exec("sudo sysctl -w fs.inotify.max_user_instances=256") utils.Exec("sudo sysctl -w fs.inotify.max_user_instances=256")
utils.Exec("sudo sysctl -w fs.inotify.max_user_watches=65536")
utils.Exec("sudo /etc/init.d/apache2 stop") utils.Exec("sudo /etc/init.d/apache2 stop")
utils.Exec("sudo nginx -s stop") utils.Exec("sudo nginx -s stop")
Create_Cluster(args...) Create_Cluster(args...)

24
internal/helm.go
View File

@@ -53,11 +53,11 @@ func Delete_Helm(args ...string) error {
func Create_Helm(args ...string) error { func Create_Helm(args ...string) error {
tmp := "./opencloud-chart" tmp := "./opencloud-chart"
utils.Exec("sudo rm -rf " + tmp)
if err := os.MkdirAll(tmp, os.ModePerm); err != nil { if err := os.MkdirAll(tmp, os.ModePerm); err != nil {
fmt.Println(err) fmt.Println(err)
return err return err
} }
defer os.RemoveAll(tmp)
ExtractTrees("assets", tmp) ExtractTrees("assets", tmp)
folder := "." folder := "."
@@ -77,22 +77,40 @@ func Create_Helm(args ...string) error {
if len(args) > 2 { if len(args) > 2 {
namespace = args[2] namespace = args[2]
} }
fmt.Println("set up helm")
if err := utils.Exec("helm dependency update " + tmp); err != nil { if err := utils.Exec("helm dependency update " + tmp); err != nil {
return err return err
} }
fmt.Println("set up deps")
for name, repo := range utils.ExtractRepo() { for name, repo := range utils.ExtractRepo() {
utils.Exec("helm repo add " + name + " " + repo) utils.Exec("helm repo add " + name + " " + repo)
} }
if err := utils.Exec("helm dependency build " + tmp); err != nil { if err := utils.Exec("helm dependency build " + tmp); err != nil {
return err return err
} }
utils.Exec("kubectl delete sc longhorn-nor1") utils.Exec("sudo ulimit -n 1000000")
if err := utils.Exec("helm install " + release + " " + tmp + " -n " + namespace + " --create-namespace -f " + folder + "/" + release + "-values.yaml --debug"); err != nil {
utils.Exec("helm repo add jetstack https://charts.jetstack.io")
utils.Exec("helm repo update")
utils.Exec("kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.crds.yaml")
utils.Exec("helm repo add jetstack https://charts.jetstack.io")
utils.Exec("helm repo update")
utils.Exec("helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.14.0")
utils.Exec("helm install admiralty oci://public.ecr.aws/admiralty/admiralty --namespace admiralty --create-namespace --version 0.17.0 --wait")
utils.Exec("helm repo add argo https://argoproj.github.io/argo-helm")
utils.Exec("helm repo update")
utils.Exec("helm install argo-workflows argo/argo-workflows --namespace argo --create-namespace")
if err := utils.Exec("helm upgrade --install " + release + " " + tmp + " -n " + namespace + " --create-namespace -f " + folder + "/" + release + "-values.yaml --debug"); err != nil {
return err return err
} }
utils.Exec("kind get kubeconfig --name " + clusterName + " > ./deployed_config") utils.Exec("kind get kubeconfig --name " + clusterName + " > ./deployed_config")
utils.Exec("kind export logs ./kind-logs") utils.Exec("kind export logs ./kind-logs")
utils.Exec("sudo rm -rf " + tmp)
return nil return nil
} }

1
internal/values.go
View File

@@ -58,6 +58,7 @@ func generateConfig(confFile string, release string, output_folder string) error
if err != nil { if err != nil {
return err return err
} }
confs["RELEASE"] = release
rendered := renderTemplate(string(content), confs) rendered := renderTemplate(string(content), confs)

3
utils/assets/templates/hydra.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/hydra`) match: Host(`{{ .Values.host }}`) && PathPrefix(`/hydra`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Release.Name }}-hydra-public.{{ .Release.Namespace }} name: {{ .Release.Name }}-hydra-public
passHostHeader: true passHostHeader: true
port: 4444 port: 4444
--- ---

1
utils/assets/templates/ldapUserManager.yaml
View File

@@ -104,7 +104,6 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/users`) match: Host(`{{ .Values.host }}`) && PathPrefix(`/users`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Release.Name }}-ldap-user-manager-svc name: {{ .Release.Name }}-ldap-user-manager-svc

2
utils/assets/templates/mongo.yaml
View File

@@ -11,5 +11,5 @@ spec:
resources: resources:
requests: requests:
storage: {{ .Values.mongodb.persistence.size }} storage: {{ .Values.mongodb.persistence.size }}
storageClassName: {{ .Values.mongodb.persistence.storageClass }} storageClassName: {{ .Values.mongodb.global.storageClass }}
{{- end }} {{- end }}

3
utils/assets/templates/mongoExpress.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/mongoexpress`) match: Host(`{{ .Values.host }}`) && PathPrefix(`/mongoexpress`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Release.Name }}-mongo-express.{{ .Release.Namespace }} name: {{ .Release.Name }}-mongo-express
passHostHeader: true passHostHeader: true
port: 8081 port: 8081
{{- end }} {{- end }}

7
utils/assets/templates/oc-auth/deployment.yaml
View File

@@ -16,6 +16,10 @@ spec:
app: oc-auth app: oc-auth
spec: spec:
volumes: volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
- name: public-key-volume - name: public-key-volume
secret: secret:
secretName: public-key-secret secretName: public-key-secret
@@ -37,6 +41,9 @@ spec:
- name: private-key-volume - name: private-key-volume
mountPath: /keys/private/private.pem mountPath: /keys/private/private.pem
subPath: private.pem subPath: private.pem
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom: envFrom:
- configMapRef: - configMapRef:
name: opencloud-config name: opencloud-config

9
utils/assets/templates/oc-catalog/deployment.yaml
View File

@@ -15,6 +15,11 @@ spec:
labels: labels:
app: oc-catalog app: oc-catalog
spec: spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
{{- if or (eq .Values.env "prod") (eq .Values.env "staging") }} {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred
@@ -42,4 +47,8 @@ spec:
port: 8080 port: 8080
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 30 periodSeconds: 30
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
{{- end }} {{- end }}

9
utils/assets/templates/oc-datacenter/deployment.yaml
View File

@@ -19,9 +19,18 @@ spec:
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred
{{- end }} {{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers: containers:
- image: "{{ .Values.ocDatacenter.image }}" - image: "{{ .Values.ocDatacenter.image }}"
name: oc-datacenter name: oc-datacenter
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom: envFrom:
- configMapRef: - configMapRef:
name: opencloud-config name: opencloud-config

18
utils/assets/templates/oc-front/config.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if index .Values.ocFront.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: front-config
data:
config.json: |
{
"WORKSPACE_HOST": "workspace",
"WORKFLOW_HOST": "workflow",
"CATALOG_HOST": "catalog",
"SCHEDULER_HOST": "scheduler",
"PEER_HOST": "peers",
"DATACENTER_HOST": "datacenter",
"COLLABORATIVE_AREA_HOST": "shared",
"HOST": "{{ .Values.scheme }}://{{ .Values.host }}",
}
{{- end }}

12
utils/assets/templates/oc-front/deployment.yaml
View File

@@ -1,4 +1,4 @@
{{- if .Values.ocFront.enabled }} {{- if index .Values.ocFront.enabled }}
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@@ -6,7 +6,7 @@ metadata:
app: oc-front app: oc-front
name: {{ .Release.Name }}-oc-front name: {{ .Release.Name }}-oc-front
spec: spec:
replicas: {{ .Values.ocFront.replicas }} replicas: 1
selector: selector:
matchLabels: matchLabels:
app: oc-front app: oc-front
@@ -28,14 +28,8 @@ spec:
name: oc-front name: oc-front
ports: ports:
- name: http - name: http
containerPort: 80 containerPort: 8080
protocol: TCP protocol: TCP
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
resources: resources:
limits: limits:
cpu: "{{ .Values.ocFront.resources.limits.cpu }}" cpu: "{{ .Values.ocFront.resources.limits.cpu }}"

2
utils/assets/templates/oc-front/service.yaml
View File

@@ -10,7 +10,7 @@ spec:
- name: http - name: http
port: 8080 port: 8080
protocol: TCP protocol: TCP
targetPort: 80 targetPort: 8080
selector: selector:
app: oc-front app: oc-front
type: ClusterIP type: ClusterIP

9
utils/assets/templates/oc-peer/deployment.yaml
View File

@@ -19,12 +19,21 @@ spec:
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred
{{- end }} {{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers: containers:
- image: "{{ .Values.ocPeer.image }}" - image: "{{ .Values.ocPeer.image }}"
name: oc-peer name: oc-peer
envFrom: envFrom:
- configMapRef: - configMapRef:
name: opencloud-config name: opencloud-config
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /oc/version path: /oc/version

9
utils/assets/templates/oc-scheduler/deployment.yaml
View File

@@ -15,6 +15,11 @@ spec:
labels: labels:
app: oc-scheduler app: oc-scheduler
spec: spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
serviceAccountName: scheduler-sa serviceAccountName: scheduler-sa
{{- if or (eq .Values.env "prod") (eq .Values.env "staging") }} {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
imagePullSecrets: imagePullSecrets:
@@ -23,6 +28,10 @@ spec:
containers: containers:
- image: "{{ .Values.ocScheduler.image }}" - image: "{{ .Values.ocScheduler.image }}"
name: oc-scheduler name: oc-scheduler
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom: envFrom:
- configMapRef: - configMapRef:
name: opencloud-config name: opencloud-config

9
utils/assets/templates/oc-shared/deployment.yaml
View File

@@ -19,9 +19,18 @@ spec:
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred
{{- end }} {{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers: containers:
- image: "{{ .Values.ocShared.image }}" - image: "{{ .Values.ocShared.image }}"
name: oc-shared name: oc-shared
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom: envFrom:
- configMapRef: - configMapRef:
name: opencloud-config name: opencloud-config

9
utils/assets/templates/oc-workflow/deployment.yaml
View File

@@ -19,9 +19,18 @@ spec:
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred
{{- end }} {{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers: containers:
- image: "{{ .Values.ocWorkflow.image }}" - image: "{{ .Values.ocWorkflow.image }}"
name: oc-shared name: oc-shared
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom: envFrom:
- configMapRef: - configMapRef:
name: opencloud-config name: opencloud-config

9
utils/assets/templates/oc-workspace/deployment.yaml
View File

@@ -15,9 +15,18 @@ spec:
labels: labels:
app: oc-workspace app: oc-workspace
spec: spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers: containers:
- image: "{{ .Values.ocWorkspace.image }}" - image: "{{ .Values.ocWorkspace.image }}"
name: oc-workspace name: oc-workspace
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom: envFrom:
- configMapRef: - configMapRef:
name: opencloud-config name: opencloud-config

5
utils/assets/templates/prometheus.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/monitor`) match: Host(`{{ .Values.host }}`) && PathPrefix(`/monitor`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Release.Name }}-monitor.{{ .Release.Namespace }} name: {{ .Release.Name }}-prometheus-server
passHostHeader: true passHostHeader: true
port: 9090 port: 80
{{- end }} {{- end }}

2
utils/assets/templates/registry/docker-registry.yaml
View File

@@ -25,7 +25,6 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.registryHost }}`) match: Host(`{{ .Values.registryHost }}`)
priority: 5
services: services:
- kind: Service - kind: Service
name: {{ .Values.env }}-docker-registry-ui-registry-server name: {{ .Values.env }}-docker-registry-ui-registry-server
@@ -43,7 +42,6 @@ spec:
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.registryHost }}`) && PathPrefix(`/ui`) match: Host(`{{ .Values.registryHost }}`) && PathPrefix(`/ui`)
priority: 10
services: services:
- kind: Service - kind: Service
name: {{ .Values.env }}-docker-registry-ui-user-interface name: {{ .Values.env }}-docker-registry-ui-user-interface

2
utils/assets/templates/traefik.yaml → utils/assets/templates/traefik/traefik.yaml
View File

@@ -1,3 +1,4 @@
{{- if index .Values.traefik.enabled }}
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
@@ -6,3 +7,4 @@ spec:
forwardAuth: forwardAuth:
address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward" address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward"
trustForwardHeader: true trustForwardHeader: true
{{- end }}

16
utils/assets/values.yaml.template
View File

@@ -1,5 +1,6 @@
env: ${RELEASE:-prod} # For storage class provisioning env: ${RELEASE:-prod} # For storage class provisioning
name: ${CLUSTER_NAME:-opencloud} clusterName: ${CLUSTER_NAME:-opencloud}
hostNetwork: true
host: ${HOST:-beta.opencloud.com} host: ${HOST:-beta.opencloud.com}
registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule
scheme: https # For reverse proxy rule scheme: https # For reverse proxy rule
@@ -20,8 +21,8 @@ mongo-express:
mongodb: mongodb:
enabled: ${OC_MONGO_ENABLED:-true} enabled: ${OC_MONGO_ENABLED:-true}
global: global:
defaultStorageClass: ${OC_MONGO_STORAGE:-""} defaultStorageClass: ${OC_MONGO_STORAGE:-"standard"}
storageClass: ${OC_MONGO_STORAGE:-""} storageClass: ${OC_MONGO_STORAGE:-"standard"}
architecture: standalone architecture: standalone
useStatefulSet: false useStatefulSet: false
auth: auth:
@@ -37,7 +38,7 @@ mongodb:
enabled: true enabled: true
create: false # do not auto-create create: false # do not auto-create
existingClaim: ${OC_MONGO_PVC:-mongo-pvc} existingClaim: ${OC_MONGO_PVC:-mongo-pvc}
storageClassName: ${OC_MONGO_STORAGE:-""} storageClassName: ${OC_MONGO_STORAGE:-"standard"}
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
size: ${OC_MONGO_SIZE:-5000Mi} size: ${OC_MONGO_SIZE:-5000Mi}
@@ -242,7 +243,6 @@ traefik:
ports: ports:
web: web:
nodePort: 30950 nodePort: 30950
hydra: hydra:
enabled: ${OC_HYDRA_ENABLED:-true} enabled: ${OC_HYDRA_ENABLED:-true}
maester: maester:
@@ -287,6 +287,7 @@ loki:
commonConfig: commonConfig:
replication_factor: 1 replication_factor: 1
storage: storage:
storageClassName: standard
type: filesystem type: filesystem
filesystem: filesystem:
chunks_directory: /var/loki/chunks chunks_directory: /var/loki/chunks
@@ -325,7 +326,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: ${OC_LOKI_SIZE:-1Gi} size: ${OC_LOKI_SIZE:-1Gi}
storageClassName: ${OC_LOKI_STORAGE:-""} storageClassName: ${OC_LOKI_STORAGE:-"standard"}
create: false create: false
claimName: ${OC_LOKI_PVC:-loki-pvc} claimName: ${OC_LOKI_PVC:-loki-pvc}
@@ -607,7 +608,8 @@ docker-registry-ui:
claimName: docker-registry-pvc claimName: docker-registry-pvc
persistence: persistence:
create: false create: false
storageClassName: standard
existingClaim: docker-registry-pvc existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi} storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}
storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-""} storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-"standard"}