Compare commits
No commits in common. "main" and "oc-auth" have entirely different histories.
@ -1,6 +1,5 @@
|
||||
env: dev # For storage class provisioning
|
||||
host: beta.opencloud.com # For reverse proxy rule
|
||||
scheme: http # For reverse proxy rule
|
||||
host: localhost # For reverse proxy rule
|
||||
|
||||
mongo-express:
|
||||
enabled: true
|
||||
@ -254,40 +253,7 @@ ocAuth:
|
||||
resources:
|
||||
limits:
|
||||
cpu: "128m"
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: "128m"
|
||||
memory: "256Mi"
|
||||
|
||||
ocFront:
|
||||
enabled: true
|
||||
image: oc/oc-front:0.0.1
|
||||
resources:
|
||||
limits:
|
||||
cpu: "128m"
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: "128m"
|
||||
memory: "256Mi"
|
||||
|
||||
ocWorkspace:
|
||||
enabled: true
|
||||
image: oc/oc-workspace:0.0.1
|
||||
resources:
|
||||
limits:
|
||||
cpu: "128m"
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: "128m"
|
||||
memory: "256Mi"
|
||||
|
||||
ocShared:
|
||||
enabled: true
|
||||
image: oc/oc-shared:0.0.1
|
||||
resources:
|
||||
limits:
|
||||
cpu: "128m"
|
||||
memory: "256Mi"
|
||||
memory: "128Mi"
|
||||
requests:
|
||||
cpu: "128m"
|
||||
memory: "256Mi"
|
||||
|
@ -39,13 +39,13 @@ spec:
|
||||
name: opencloud-config
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: "{{ .Values.ocFront.resources.limits.cpu }}"
|
||||
memory: "{{ .Values.ocFront.resources.limits.memory }}"
|
||||
cpu: "{{ .Values.ldapUserManager.resources.limits.cpu }}"
|
||||
memory: "{{ .Values.ldapUserManager.resources.limits.memory }}"
|
||||
requests:
|
||||
cpu: "{{ .Values.ocFront.resources.requests.cpu }}"
|
||||
memory: "{{ .Values.ocFront.resources.requests.memory }}"
|
||||
cpu: "{{ .Values.ldapUserManager.resources.requests.cpu }}"
|
||||
memory: "{{ .Values.ldapUserManager.resources.requests.memory }}"
|
||||
{{- end }}
|
@ -13,15 +13,8 @@ spec:
|
||||
services:
|
||||
- kind: Service
|
||||
name: oc-auth-svc
|
||||
passHostHeader: true
|
||||
port: 8094
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: strip-auth-prefix
|
||||
spec:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/auth"
|
||||
|
||||
middlewares:
|
||||
- name: forwardauth
|
||||
{{- end }}
|
@ -1,20 +0,0 @@
|
||||
{{- if index .Values.ocFront.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: front-config
|
||||
data:
|
||||
config.json: |
|
||||
{
|
||||
"WORKSPACE_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/workspace/oc",
|
||||
"WORKFLOW_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/workflow/oc",
|
||||
"ITEM_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/item/oc",
|
||||
"SCHEDULER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/scheduler/oc",
|
||||
"LOGS_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/logs",
|
||||
"PEER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/peers/oc",
|
||||
"DATACENTER_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/datacenter/oc",
|
||||
"COLLABORATIVE_AREA_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/shared/oc",
|
||||
"HOST": "{{ .Values.scheme }}://{{ .Values.host }}/oc",
|
||||
"AUTH_HOST": "{{ .Values.scheme }}://{{ .Values.host }}/auth/oc"
|
||||
}
|
||||
{{- end }}
|
@ -1,40 +0,0 @@
|
||||
{{- if index .Values.ocFront.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: oc-front
|
||||
name: {{ .Release.Name }}-oc-front
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: oc-front
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: oc-front
|
||||
spec:
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: front-config
|
||||
containers:
|
||||
- image: "{{ .Values.ocFront.image }}"
|
||||
name: oc-front
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: "{{ .Values.ocFront.resources.limits.cpu }}"
|
||||
memory: "{{ .Values.ocFront.resources.limits.memory }}"
|
||||
requests:
|
||||
cpu: "{{ .Values.ocFront.resources.requests.cpu }}"
|
||||
memory: "{{ .Values.ocFront.resources.requests.memory }}"
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /usr/share/nginx/html/assets/assets/config/front.json
|
||||
subPath: config.json
|
||||
{{- end }}
|
@ -1,17 +0,0 @@
|
||||
{{- if index .Values.ocFront.enabled }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: oc-front-ingress
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- kind: Rule
|
||||
match: Host(`{{ .Values.host }}`) && PathPrefix(`/`)
|
||||
priority: 5
|
||||
services:
|
||||
- kind: Service
|
||||
name: oc-front-svc
|
||||
port: 8080
|
||||
{{- end }}
|
@ -1,17 +0,0 @@
|
||||
{{- if index .Values.ocFront.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: oc-front-svc
|
||||
labels:
|
||||
app: oc-front-svc
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 8080
|
||||
protocol: TCP
|
||||
targetPort: 80
|
||||
selector:
|
||||
app: oc-front
|
||||
type: ClusterIP
|
||||
{{- end }}
|
@ -1,35 +0,0 @@
|
||||
{{- if index .Values.ocShared.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: oc-shared
|
||||
name: {{ .Release.Name }}-oc-shared
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: oc-shared
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: oc-shared
|
||||
spec:
|
||||
containers:
|
||||
- image: "{{ .Values.ocShared.image }}"
|
||||
name: oc-shared
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: opencloud-config
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: "{{ .Values.ocShared.resources.limits.cpu }}"
|
||||
memory: "{{ .Values.ocShared.resources.limits.memory }}"
|
||||
requests:
|
||||
cpu: "{{ .Values.ocShared.resources.requests.cpu }}"
|
||||
memory: "{{ .Values.ocShared.resources.requests.memory }}"
|
||||
{{- end }}
|
@ -1,29 +0,0 @@
|
||||
{{- if index .Values.ocShared.enabled }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: oc-shared-ingress
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- kind: Rule
|
||||
match: Host(`{{ .Values.host }}`) && PathPrefix(`/shared`)
|
||||
priority: 10
|
||||
services:
|
||||
- kind: Service
|
||||
name: oc-shared-svc
|
||||
port: 8080
|
||||
middlewares:
|
||||
- name: strip-shared-prefix
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: strip-shared-prefix
|
||||
spec:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/shared"
|
||||
{{- end }}
|
@ -1,17 +0,0 @@
|
||||
{{- if index .Values.ocShared.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: oc-shared-svc
|
||||
labels:
|
||||
app: oc-shared-svc
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 8080
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: oc-shared
|
||||
type: ClusterIP
|
||||
{{- end }}
|
@ -1,35 +0,0 @@
|
||||
{{- if index .Values.ocWorkspace.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: oc-workspace
|
||||
name: {{ .Release.Name }}-oc-workspace
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: oc-workspace
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: oc-workspace
|
||||
spec:
|
||||
containers:
|
||||
- image: "{{ .Values.ocWorkspace.image }}"
|
||||
name: oc-workspace
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: opencloud-config
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: "{{ .Values.ocWorkspace.resources.limits.cpu }}"
|
||||
memory: "{{ .Values.ocWorkspace.resources.limits.memory }}"
|
||||
requests:
|
||||
cpu: "{{ .Values.ocWorkspace.resources.requests.cpu }}"
|
||||
memory: "{{ .Values.ocWorkspace.resources.requests.memory }}"
|
||||
{{- end }}
|
@ -1,29 +0,0 @@
|
||||
{{- if index .Values.ocWorkspace.enabled }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: oc-workspace-ingress
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- kind: Rule
|
||||
match: Host(`{{ .Values.host }}`) && PathPrefix(`/workspace`)
|
||||
priority: 10
|
||||
services:
|
||||
- kind: Service
|
||||
name: oc-workspace-svc
|
||||
port: 8080
|
||||
middlewares:
|
||||
- name: strip-workspace-prefix
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: strip-workspace-prefix
|
||||
spec:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/workspace"
|
||||
{{- end }}
|
@ -1,17 +0,0 @@
|
||||
{{- if index .Values.ocWorkspace.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: oc-workspace-svc
|
||||
labels:
|
||||
app: oc-workspace-svc
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 8080
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: oc-workspace
|
||||
type: ClusterIP
|
||||
{{- end }}
|
@ -3,23 +3,23 @@ kind: ConfigMap
|
||||
metadata:
|
||||
name: opencloud-config
|
||||
data:
|
||||
OC_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}"
|
||||
OC_PUBLIC_KEY_PATH: "/keys/public/public.pem"
|
||||
OC_PRIVATE_KEY_PATH: "/keys/private/private.pem"
|
||||
OC_CLIENT_SECRET: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}"
|
||||
OC_AUTH: "{{ .Values.ocAuth.authType }}"
|
||||
OC_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}"
|
||||
OC_AUTH_CONNECTOR_PORT: "4444"
|
||||
OC_AUTH_CONNECTOR_ADMIN_PORT: "4445"
|
||||
OC_PERMISSION_CONNECTOR_HOST: "{{ .Release.Name }}-keto-write.{{ .Release.Namespace }}"
|
||||
OC_PERMISSION_CONNECTOR_PORT: "80"
|
||||
OC_PERMISSION_CONNECTOR_ADMIN_PORT: "80"
|
||||
OC_LDAP_ENDPOINTS: "{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local:389"
|
||||
OC_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}"
|
||||
OC_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}"
|
||||
OC_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}"
|
||||
OC_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
|
||||
OC_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.usernames 0 }}:{{ index .Values.mongodb.auth.passwords 0 }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}"
|
||||
OC_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}"
|
||||
OC_NATS_URL: "nats://dev-nats.{{ .Release.Namespace }}.svc.cluster.local:4222"
|
||||
OC_LOKI_URL: "{{ .Values.SERVER_PATH }}"
|
||||
OCAUTH_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}"
|
||||
OCAUTH_PUBLIC_KEY_PATH: "/keys/public/public.pem"
|
||||
OCAUTH_PRIVATE_KEY_PATH: "/keys/private/private.pem"
|
||||
OCAUTH_CLIENT_SECRET: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}"
|
||||
OCAUTH_AUTH: "{{ .Values.ocAuth.authType }}"
|
||||
OCAUTH_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}"
|
||||
OCAUTH_AUTH_CONNECTOR_PORT: "4444"
|
||||
OCAUTH_AUTH_CONNECTOR_ADMIN_PORT: "4445"
|
||||
OCAUTH_PERMISSION_CONNECTOR_HOST: "{{ .Release.Name }}-keto-write.{{ .Release.Namespace }}"
|
||||
OCAUTH_PERMISSION_CONNECTOR_PORT: "80"
|
||||
OCAUTH_PERMISSION_CONNECTOR_ADMIN_PORT: "80"
|
||||
OCAUTH_LDAP_ENDPOINTS: "{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local:389"
|
||||
OCAUTH_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}"
|
||||
OCAUTH_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}"
|
||||
OCAUTH_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}"
|
||||
OCAUTH_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
|
||||
OCAUTH_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.usernames 0 }}:{{ index .Values.mongodb.auth.passwords 0 }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}"
|
||||
OCAUTH_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}"
|
||||
OCAUTH_NATS_URL: "nats://dev-nats.{{ .Release.Namespace }}.svc.cluster.local:4222"
|
||||
OCAUTH_LOKI_URL: "{{ .Values.SERVER_PATH }}"
|
||||
|
Loading…
Reference in New Issue
Block a user