From f868400b7a0dcf464538393ad9a68c37ec7ed709 Mon Sep 17 00:00:00 2001 From: plm Date: Wed, 8 Jan 2025 23:05:38 +0100 Subject: [PATCH] Integrating front and workspace service --- opencloud/dev-values.yaml | 29 ++++++++++++-- opencloud/templates/oc-auth/deployment.yaml | 10 ++--- opencloud/templates/oc-auth/ingress.yaml | 13 ++++-- opencloud/templates/oc-front/config.yaml | 20 ++++++++++ opencloud/templates/oc-front/deployment.yaml | 40 +++++++++++++++++++ opencloud/templates/oc-front/ingress.yaml | 17 ++++++++ opencloud/templates/oc-front/service.yaml | 17 ++++++++ .../templates/oc-workspace/deployment.yaml | 35 ++++++++++++++++ opencloud/templates/oc-workspace/ingress.yaml | 29 ++++++++++++++ opencloud/templates/oc-workspace/service.yaml | 17 ++++++++ opencloud/templates/openCLoudConf.yaml | 40 +++++++++---------- 11 files changed, 236 insertions(+), 31 deletions(-) create mode 100644 opencloud/templates/oc-front/config.yaml create mode 100644 opencloud/templates/oc-front/deployment.yaml create mode 100644 opencloud/templates/oc-front/ingress.yaml create mode 100644 opencloud/templates/oc-front/service.yaml create mode 100644 opencloud/templates/oc-workspace/deployment.yaml create mode 100644 opencloud/templates/oc-workspace/ingress.yaml create mode 100644 opencloud/templates/oc-workspace/service.yaml diff --git a/opencloud/dev-values.yaml b/opencloud/dev-values.yaml index bf5246b..0f123eb 100644 --- a/opencloud/dev-values.yaml +++ b/opencloud/dev-values.yaml @@ -1,5 +1,6 @@ env: dev # For storage class provisioning -host: localhost # For reverse proxy rule +host: beta.opencloud.com # For reverse proxy rule +scheme: http # For reverse proxy rule mongo-express: enabled: true @@ -253,11 +254,33 @@ ocAuth: resources: limits: cpu: "128m" - memory: "128Mi" + memory: "256Mi" requests: cpu: "128m" memory: "256Mi" - + +ocFront: + enabled: true + image: oc/oc-front:0.0.1 + resources: + limits: + cpu: "128m" + memory: "256Mi" + requests: + cpu: "128m" + memory: "256Mi" + +ocWorkspace: + enabled: true + image: oc/oc-workspace:0.0.1 + resources: + limits: + cpu: "128m" + memory: "256Mi" + requests: + cpu: "128m" + memory: "256Mi" + loki: enabled: false diff --git a/opencloud/templates/oc-auth/deployment.yaml b/opencloud/templates/oc-auth/deployment.yaml index 23b44d8..8cf1478 100644 --- a/opencloud/templates/oc-auth/deployment.yaml +++ b/opencloud/templates/oc-auth/deployment.yaml @@ -39,13 +39,13 @@ spec: name: opencloud-config ports: - name: http - containerPort: 80 + containerPort: 8080 protocol: TCP resources: limits: - cpu: "{{ .Values.ldapUserManager.resources.limits.cpu }}" - memory: "{{ .Values.ldapUserManager.resources.limits.memory }}" + cpu: "{{ .Values.ocFront.resources.limits.cpu }}" + memory: "{{ .Values.ocFront.resources.limits.memory }}" requests: - cpu: "{{ .Values.ldapUserManager.resources.requests.cpu }}" - memory: "{{ .Values.ldapUserManager.resources.requests.memory }}" + cpu: "{{ .Values.ocFront.resources.requests.cpu }}" + memory: "{{ .Values.ocFront.resources.requests.memory }}" {{- end }} \ No newline at end of file diff --git a/opencloud/templates/oc-auth/ingress.yaml b/opencloud/templates/oc-auth/ingress.yaml index 7d9742e..0f13b04 100644 --- a/opencloud/templates/oc-auth/ingress.yaml +++ b/opencloud/templates/oc-auth/ingress.yaml @@ -13,8 +13,15 @@ spec: services: - kind: Service name: oc-auth-svc - passHostHeader: true port: 8094 - middlewares: - - name: forwardauth +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: strip-auth-prefix +spec: + stripPrefix: + prefixes: + - "/auth" + {{- end }} \ No newline at end of file diff --git a/opencloud/templates/oc-front/config.yaml b/opencloud/templates/oc-front/config.yaml new file mode 100644 index 0000000..b593fab --- /dev/null +++ b/opencloud/templates/oc-front/config.yaml @@ -0,0 +1,20 @@ +{{- if index .Values.ocFront.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: front-config +data: + config.json: | + { + "WORKSPACE_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/workspace/oc", + "WORKFLOW_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/workflow/oc", + "ITEM_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/item/oc", + "SCHEDULER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/scheduler/oc", + "LOGS_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/logs", + "PEER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/peers/oc", + "DATACENTER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/datacenter/oc", + "COLLABORATIVE_AREA_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/collaborative/oc", + "HOST": "{{ .Values.scheme }}://{{ .Values.host }}/oc", + "AUTH_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/auth/oc" + } +{{- end }} diff --git a/opencloud/templates/oc-front/deployment.yaml b/opencloud/templates/oc-front/deployment.yaml new file mode 100644 index 0000000..344607a --- /dev/null +++ b/opencloud/templates/oc-front/deployment.yaml @@ -0,0 +1,40 @@ +{{- if index .Values.ocFront.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: oc-front + name: {{ .Release.Name }}-oc-front +spec: + replicas: 1 + selector: + matchLabels: + app: oc-front + template: + metadata: + labels: + app: oc-front + spec: + volumes: + - name: config-volume + configMap: + name: front-config + containers: + - image: "{{ .Values.ocFront.image }}" + name: oc-front + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + limits: + cpu: "{{ .Values.ocFront.resources.limits.cpu }}" + memory: "{{ .Values.ocFront.resources.limits.memory }}" + requests: + cpu: "{{ .Values.ocFront.resources.requests.cpu }}" + memory: "{{ .Values.ocFront.resources.requests.memory }}" + volumeMounts: + - name: config-volume + mountPath: /usr/share/nginx/html/assets/assets/config/front.json + subPath: config.json +{{- end }} \ No newline at end of file diff --git a/opencloud/templates/oc-front/ingress.yaml b/opencloud/templates/oc-front/ingress.yaml new file mode 100644 index 0000000..081ce4b --- /dev/null +++ b/opencloud/templates/oc-front/ingress.yaml @@ -0,0 +1,17 @@ +{{- if index .Values.ocFront.enabled }} +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: oc-front-ingress +spec: + entryPoints: + - web + routes: + - kind: Rule + match: Host(`{{ .Values.host }}`) && PathPrefix(`/`) + priority: 10 + services: + - kind: Service + name: oc-front-svc + port: 8080 +{{- end }} \ No newline at end of file diff --git a/opencloud/templates/oc-front/service.yaml b/opencloud/templates/oc-front/service.yaml new file mode 100644 index 0000000..3c849bd --- /dev/null +++ b/opencloud/templates/oc-front/service.yaml @@ -0,0 +1,17 @@ +{{- if index .Values.ocFront.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: oc-front-svc + labels: + app: oc-front-svc +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 80 + selector: + app: oc-front + type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/opencloud/templates/oc-workspace/deployment.yaml b/opencloud/templates/oc-workspace/deployment.yaml new file mode 100644 index 0000000..643914e --- /dev/null +++ b/opencloud/templates/oc-workspace/deployment.yaml @@ -0,0 +1,35 @@ +{{- if index .Values.ocWorkspace.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: oc-workspace + name: {{ .Release.Name }}-oc-workspace +spec: + replicas: 1 + selector: + matchLabels: + app: oc-workspace + template: + metadata: + labels: + app: oc-workspace + spec: + containers: + - image: "{{ .Values.ocWorkspace.image }}" + name: oc-workspace + envFrom: + - configMapRef: + name: opencloud-config + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: + limits: + cpu: "{{ .Values.ocWorkspace.resources.limits.cpu }}" + memory: "{{ .Values.ocWorkspace.resources.limits.memory }}" + requests: + cpu: "{{ .Values.ocWorkspace.resources.requests.cpu }}" + memory: "{{ .Values.ocWorkspace.resources.requests.memory }}" + {{- end }} \ No newline at end of file diff --git a/opencloud/templates/oc-workspace/ingress.yaml b/opencloud/templates/oc-workspace/ingress.yaml new file mode 100644 index 0000000..e66b8ae --- /dev/null +++ b/opencloud/templates/oc-workspace/ingress.yaml @@ -0,0 +1,29 @@ +{{- if index .Values.ocWorkspace.enabled }} +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: oc-workspace-ingress +spec: + entryPoints: + - web + routes: + - kind: Rule + match: Host(`{{ .Values.host }}`) && PathPrefix(`/workspace`) + priority: 10 + services: + - kind: Service + name: oc-workspace-svc + port: 8080 + middlewares: + - name: strip-workspace-prefix + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: strip-workspace-prefix +spec: + stripPrefix: + prefixes: + - "/workspace" +{{- end }} \ No newline at end of file diff --git a/opencloud/templates/oc-workspace/service.yaml b/opencloud/templates/oc-workspace/service.yaml new file mode 100644 index 0000000..668440d --- /dev/null +++ b/opencloud/templates/oc-workspace/service.yaml @@ -0,0 +1,17 @@ +{{- if index .Values.ocWorkspace.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: oc-workspace-svc + labels: + app: oc-workspace-svc +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: oc-workspace + type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/opencloud/templates/openCLoudConf.yaml b/opencloud/templates/openCLoudConf.yaml index 3072d53..ff96c1e 100644 --- a/opencloud/templates/openCLoudConf.yaml +++ b/opencloud/templates/openCLoudConf.yaml @@ -3,23 +3,23 @@ kind: ConfigMap metadata: name: opencloud-config data: - OCAUTH_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}" - OCAUTH_PUBLIC_KEY_PATH: "/keys/public/public.pem" - OCAUTH_PRIVATE_KEY_PATH: "/keys/private/private.pem" - OCAUTH_CLIENT_SECRET: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}" - OCAUTH_AUTH: "{{ .Values.ocAuth.authType }}" - OCAUTH_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}" - OCAUTH_AUTH_CONNECTOR_PORT: "4444" - OCAUTH_AUTH_CONNECTOR_ADMIN_PORT: "4445" - OCAUTH_PERMISSION_CONNECTOR_HOST: "{{ .Release.Name }}-keto-write.{{ .Release.Namespace }}" - OCAUTH_PERMISSION_CONNECTOR_PORT: "80" - OCAUTH_PERMISSION_CONNECTOR_ADMIN_PORT: "80" - OCAUTH_LDAP_ENDPOINTS: "{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local:389" - OCAUTH_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}" - OCAUTH_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}" - OCAUTH_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}" - OCAUTH_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}" - OCAUTH_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.usernames 0 }}:{{ index .Values.mongodb.auth.passwords 0 }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}" - OCAUTH_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}" - OCAUTH_NATS_URL: "nats://dev-nats.{{ .Release.Namespace }}.svc.cluster.local:4222" - OCAUTH_LOKI_URL: "{{ .Values.SERVER_PATH }}" + OC_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}" + OC_PUBLIC_KEY_PATH: "/keys/public/public.pem" + OC_PRIVATE_KEY_PATH: "/keys/private/private.pem" + OC_CLIENT_SECRET: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}" + OC_AUTH: "{{ .Values.ocAuth.authType }}" + OC_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}" + OC_AUTH_CONNECTOR_PORT: "4444" + OC_AUTH_CONNECTOR_ADMIN_PORT: "4445" + OC_PERMISSION_CONNECTOR_HOST: "{{ .Release.Name }}-keto-write.{{ .Release.Namespace }}" + OC_PERMISSION_CONNECTOR_PORT: "80" + OC_PERMISSION_CONNECTOR_ADMIN_PORT: "80" + OC_LDAP_ENDPOINTS: "{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local:389" + OC_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}" + OC_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}" + OC_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}" + OC_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}" + OC_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.usernames 0 }}:{{ index .Values.mongodb.auth.passwords 0 }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}" + OC_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}" + OC_NATS_URL: "nats://dev-nats.{{ .Release.Namespace }}.svc.cluster.local:4222" + OC_LOKI_URL: "{{ .Values.SERVER_PATH }}"