Integrating front and workspace service

This commit is contained in:
plm 2025-01-08 23:05:38 +01:00
parent 10b01fdc40
commit f868400b7a
11 changed files with 236 additions and 31 deletions

View File

@ -1,5 +1,6 @@
env: dev # For storage class provisioning
host: localhost # For reverse proxy rule
host: beta.opencloud.com # For reverse proxy rule
scheme: http # For reverse proxy rule
mongo-express:
enabled: true
@ -253,7 +254,29 @@ ocAuth:
resources:
limits:
cpu: "128m"
memory: "128Mi"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocFront:
enabled: true
image: oc/oc-front:0.0.1
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocWorkspace:
enabled: true
image: oc/oc-workspace:0.0.1
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"

View File

@ -39,13 +39,13 @@ spec:
name: opencloud-config
ports:
- name: http
containerPort: 80
containerPort: 8080
protocol: TCP
resources:
limits:
cpu: "{{ .Values.ldapUserManager.resources.limits.cpu }}"
memory: "{{ .Values.ldapUserManager.resources.limits.memory }}"
cpu: "{{ .Values.ocFront.resources.limits.cpu }}"
memory: "{{ .Values.ocFront.resources.limits.memory }}"
requests:
cpu: "{{ .Values.ldapUserManager.resources.requests.cpu }}"
memory: "{{ .Values.ldapUserManager.resources.requests.memory }}"
cpu: "{{ .Values.ocFront.resources.requests.cpu }}"
memory: "{{ .Values.ocFront.resources.requests.memory }}"
{{- end }}

View File

@ -13,8 +13,15 @@ spec:
services:
- kind: Service
name: oc-auth-svc
passHostHeader: true
port: 8094
middlewares:
- name: forwardauth
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: strip-auth-prefix
spec:
stripPrefix:
prefixes:
- "/auth"
{{- end }}

View File

@ -0,0 +1,20 @@
{{- if index .Values.ocFront.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: front-config
data:
config.json: |
{
"WORKSPACE_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/workspace/oc",
"WORKFLOW_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/workflow/oc",
"ITEM_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/item/oc",
"SCHEDULER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/scheduler/oc",
"LOGS_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/logs",
"PEER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/peers/oc",
"DATACENTER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/datacenter/oc",
"COLLABORATIVE_AREA_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/collaborative/oc",
"HOST": "{{ .Values.scheme }}://{{ .Values.host }}/oc",
"AUTH_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/auth/oc"
}
{{- end }}

View File

@ -0,0 +1,40 @@
{{- if index .Values.ocFront.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: oc-front
name: {{ .Release.Name }}-oc-front
spec:
replicas: 1
selector:
matchLabels:
app: oc-front
template:
metadata:
labels:
app: oc-front
spec:
volumes:
- name: config-volume
configMap:
name: front-config
containers:
- image: "{{ .Values.ocFront.image }}"
name: oc-front
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
limits:
cpu: "{{ .Values.ocFront.resources.limits.cpu }}"
memory: "{{ .Values.ocFront.resources.limits.memory }}"
requests:
cpu: "{{ .Values.ocFront.resources.requests.cpu }}"
memory: "{{ .Values.ocFront.resources.requests.memory }}"
volumeMounts:
- name: config-volume
mountPath: /usr/share/nginx/html/assets/assets/config/front.json
subPath: config.json
{{- end }}

View File

@ -0,0 +1,17 @@
{{- if index .Values.ocFront.enabled }}
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: oc-front-ingress
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/`)
priority: 10
services:
- kind: Service
name: oc-front-svc
port: 8080
{{- end }}

View File

@ -0,0 +1,17 @@
{{- if index .Values.ocFront.enabled }}
apiVersion: v1
kind: Service
metadata:
name: oc-front-svc
labels:
app: oc-front-svc
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 80
selector:
app: oc-front
type: ClusterIP
{{- end }}

View File

@ -0,0 +1,35 @@
{{- if index .Values.ocWorkspace.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: oc-workspace
name: {{ .Release.Name }}-oc-workspace
spec:
replicas: 1
selector:
matchLabels:
app: oc-workspace
template:
metadata:
labels:
app: oc-workspace
spec:
containers:
- image: "{{ .Values.ocWorkspace.image }}"
name: oc-workspace
envFrom:
- configMapRef:
name: opencloud-config
ports:
- name: http
containerPort: 8080
protocol: TCP
resources:
limits:
cpu: "{{ .Values.ocWorkspace.resources.limits.cpu }}"
memory: "{{ .Values.ocWorkspace.resources.limits.memory }}"
requests:
cpu: "{{ .Values.ocWorkspace.resources.requests.cpu }}"
memory: "{{ .Values.ocWorkspace.resources.requests.memory }}"
{{- end }}

View File

@ -0,0 +1,29 @@
{{- if index .Values.ocWorkspace.enabled }}
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: oc-workspace-ingress
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/workspace`)
priority: 10
services:
- kind: Service
name: oc-workspace-svc
port: 8080
middlewares:
- name: strip-workspace-prefix
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: strip-workspace-prefix
spec:
stripPrefix:
prefixes:
- "/workspace"
{{- end }}

View File

@ -0,0 +1,17 @@
{{- if index .Values.ocWorkspace.enabled }}
apiVersion: v1
kind: Service
metadata:
name: oc-workspace-svc
labels:
app: oc-workspace-svc
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: oc-workspace
type: ClusterIP
{{- end }}

View File

@ -3,23 +3,23 @@ kind: ConfigMap
metadata:
name: opencloud-config
data:
OCAUTH_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}"
OCAUTH_PUBLIC_KEY_PATH: "/keys/public/public.pem"
OCAUTH_PRIVATE_KEY_PATH: "/keys/private/private.pem"
OCAUTH_CLIENT_SECRET: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}"
OCAUTH_AUTH: "{{ .Values.ocAuth.authType }}"
OCAUTH_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}"
OCAUTH_AUTH_CONNECTOR_PORT: "4444"
OCAUTH_AUTH_CONNECTOR_ADMIN_PORT: "4445"
OCAUTH_PERMISSION_CONNECTOR_HOST: "{{ .Release.Name }}-keto-write.{{ .Release.Namespace }}"
OCAUTH_PERMISSION_CONNECTOR_PORT: "80"
OCAUTH_PERMISSION_CONNECTOR_ADMIN_PORT: "80"
OCAUTH_LDAP_ENDPOINTS: "{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local:389"
OCAUTH_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}"
OCAUTH_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}"
OCAUTH_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}"
OCAUTH_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
OCAUTH_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.usernames 0 }}:{{ index .Values.mongodb.auth.passwords 0 }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}"
OCAUTH_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}"
OCAUTH_NATS_URL: "nats://dev-nats.{{ .Release.Namespace }}.svc.cluster.local:4222"
OCAUTH_LOKI_URL: "{{ .Values.SERVER_PATH }}"
OC_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}"
OC_PUBLIC_KEY_PATH: "/keys/public/public.pem"
OC_PRIVATE_KEY_PATH: "/keys/private/private.pem"
OC_CLIENT_SECRET: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}"
OC_AUTH: "{{ .Values.ocAuth.authType }}"
OC_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}"
OC_AUTH_CONNECTOR_PORT: "4444"
OC_AUTH_CONNECTOR_ADMIN_PORT: "4445"
OC_PERMISSION_CONNECTOR_HOST: "{{ .Release.Name }}-keto-write.{{ .Release.Namespace }}"
OC_PERMISSION_CONNECTOR_PORT: "80"
OC_PERMISSION_CONNECTOR_ADMIN_PORT: "80"
OC_LDAP_ENDPOINTS: "{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local:389"
OC_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}"
OC_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}"
OC_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}"
OC_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
OC_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.usernames 0 }}:{{ index .Values.mongodb.auth.passwords 0 }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}"
OC_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}"
OC_NATS_URL: "nats://dev-nats.{{ .Release.Namespace }}.svc.cluster.local:4222"
OC_LOKI_URL: "{{ .Values.SERVER_PATH }}"