feat: integrate diracx-web

README.md

@@ -95,6 +95,14 @@ TODO
 | dex.service.ports.http.port | int | `8000` |  |
 | dex.service.type | string | `"NodePort"` |  |
 | diracx.csVolumeName | string | `"pv-cs-store"` |  |
+| diracx.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` |  |
+| diracx.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` |  |
+| diracx.ingress.className | string | `"nginx"` |  |
+| diracx.ingress.enabled | bool | `true` |  |
+| diracx.ingress.hosts[0].paths[0].backend.service.port.number | int | `8000` |  |
+| diracx.ingress.hosts[0].paths[0].path | string | `"/api(/|$)(.*)"` |  |
+| diracx.ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| diracx.ingress.tls | list | `[]` |  |
 | diracx.manageOSIndices | bool | `true` |  |
 | diracx.manageSQLSchema | bool | `true` |  |
 | diracx.mysqlDatabases[0] | string | `"AuthDB"` |  |
@@ -106,18 +114,23 @@ TODO
 | diracx.settings.DIRACX_CONFIG_BACKEND_URL | string | `"git+file:///cs_store/initialRepo"` |  |
 | diracx.settings.DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS | string | `"[\"http://anything:8000/docs/oauth2-redirect\"]"` |  |
 | diracx.settings.DIRACX_SERVICE_AUTH_TOKEN_KEY | string | `"file:///signing-key/rs256.key"` |  |
+| diracxWeb.image.pullPolicy | string | `"IfNotPresent"` |  |
+| diracxWeb.image.repository | string | `"ghcr.io/diracgrid/diracx-web/client"` |  |
+| diracxWeb.image.tag | string | `"latest"` |  |
+| diracxWeb.ingress.className | string | `"nginx"` |  |
+| diracxWeb.ingress.enabled | bool | `true` |  |
+| diracxWeb.ingress.hosts[0].paths[0].backend.service.port.number | int | `3000` |  |
+| diracxWeb.ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| diracxWeb.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
+| diracxWeb.ingress.tls | list | `[]` |  |
+| diracxWeb.service.port | int | `3000` |  |
+| diracxWeb.service.type | string | `"ClusterIP"` |  |
+| diracxWeb.settings.DEFAULT_SCOPE | string | `"vo:diracAdmin"` |  |
+| diracxWeb.settings.DIRACX_CLIENT_ID | string | `"myDIRACClientID"` |  |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/diracgrid/diracx/server"` |  |
 | image.tag | string | `"latest"` |  |
-| ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` |  |
-| ingress.className | string | `"nginx"` |  |
-| ingress.enabled | bool | `true` |  |
-| ingress.hosts[0].paths[0].backend.service.name | string | `"diracx-demo"` |  |
-| ingress.hosts[0].paths[0].backend.service.port.number | int | `8000` |  |
-| ingress.hosts[0].paths[0].path | string | `"/"` |  |
-| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
-| ingress.tls | list | `[]` |  |
 | minio.consoleIngress.enabled | bool | `false` |  |
 | minio.consoleService.type | string | `"NodePort"` |  |
 | minio.enabled | bool | `true` |  |

demo/demo_cluster_conf.tpl.yaml

@@ -24,6 +24,9 @@ nodes:
   - containerPort: 80
     hostPort: 8000
     protocol: TCP
+  - containerPort: 3000
+    hostPort: 3000
+    protocol: TCP
   - containerPort: 32000
     hostPort: 32000
     protocol: TCP

demo/values.tpl.yaml

@@ -1,18 +1,24 @@
 developer:
   urls:
-    diracx: http://{{ hostname }}:8000
+    diracx: http://{{ hostname }}:8000/api
+    diracx-web: http://{{ hostname }}:8000
     minio: http://{{ hostname }}:32000
     dex: http://{{ hostname }}:32002
   demoDir: {{ demo_dir }}
   modulesToInstall: {{ modules_to_mount }}
 
 diracx:
   settings:
-    DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS: '["http://{{ hostname }}:8000/docs/oauth2-redirect"]'
+    DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS: '["http://localhost:8000/api/docs/oauth2-redirect", "http://localhost:8000/dashboard/#authentication-callback"]'
     DIRACX_SANDBOX_STORE_BUCKET_NAME: demo-sandboxes
     DIRACX_SANDBOX_STORE_S3_CLIENT_KWARGS: '{"endpoint_url": "http://{{ hostname }}:32000", "aws_access_key_id": "console", "aws_secret_access_key": "console123"}'
     DIRACX_SANDBOX_STORE_AUTO_CREATE_BUCKET: "true"
 
+diracxWeb:
+  settings:
+    REDIRECT_URI: http://localhost:8000/dashboard/#authentication-callback
+    NEXT_PUBLIC_DIRACX_URL: http://{{ hostname }}:8000/api
+
 minio:
   environment:
     MINIO_BROWSER_REDIRECT_URL: http://{{ hostname }}:32001/
@@ -26,8 +32,8 @@ dex:
       public: true
       name: 'CLI app'
       redirectURIs:
-        - 'http://{{ hostname }}:8000/auth/device/complete'
-        - http://{{ hostname }}:8000/auth/authorize/complete
+        - 'http://{{ hostname }}:8000/api/auth/device/complete'
+        - http://{{ hostname }}:8000/api/auth/authorize/complete
 
     staticPasswords:
       - email: "[email protected]"

diracx/templates/NOTES.txt

@@ -7,7 +7,7 @@ first following environment variables:
 
   export KUBECONFIG={{ .Values.developer.demoDir }}/kube.conf
   export HELM_DATA_HOME={{ .Values.developer.demoDir }}/helm_data
-  export PATH=\${PATH}:{{ .Values.developer.demoDir }}
+  export PATH=${PATH}:{{ .Values.developer.demoDir }}
 
 Then see the chart README for more information on how to use kubectl/helm.
 

diracx/templates/_helpers.tpl

@@ -49,6 +49,10 @@ Selector labels
 app.kubernetes.io/name: {{ include "diracx.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+{{- define "diracxWeb.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "diracx.name" . }}-web
+app.kubernetes.io/instance: {{ .Release.Name }}-web
+{{- end }}
 
 {{/*
 Create the name of the service account to use

diracx/templates/deployment.yaml

@@ -146,14 +146,14 @@ spec:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /docs/
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /docs/
-              port: http
+          # livenessProbe:
+          #   httpGet:
+          #     path: /api/docs/
+          #     port: http
+          # readinessProbe:
+          #   httpGet:
+          #     path: /api/docs/
+          #     port: http
           command: ["bash", "/entrypoint.sh"]
           args:
             - uvicorn

diracx/templates/ingress.yaml

@@ -1,9 +1,8 @@
-{{- if .Values.ingress.enabled -}}
 {{- $fullName := include "diracx.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+{{- if .Values.diracx.ingress.enabled -}}
+{{- if and .Values.diracx.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.diracx.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.diracx.ingress.annotations "kubernetes.io/ingress.class" .Values.diracx.ingress.className}}
   {{- end }}
 {{- end }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -18,17 +17,17 @@ metadata:
   name: {{ $fullName }}
   labels:
     {{- include "diracx.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
+  {{- with .Values.diracx.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.className }}
+  {{- if and .Values.diracx.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.diracx.ingress.className }}
   {{- end }}
-  {{- if .Values.ingress.tls }}
+  {{- if .Values.diracx.ingress.tls }}
   tls:
-    {{- range .Values.ingress.tls }}
+    {{- range .Values.diracx.ingress.tls }}
     - hosts:
         {{- range .hosts }}
         - {{ . | quote }}
@@ -37,7 +36,7 @@ spec:
     {{- end }}
   {{- end }}
   rules:
-    {{- range .Values.ingress.hosts }}
+    {{- range .Values.diracx.ingress.hosts }}
     - host: {{ .host | quote }}
       http:
         paths:
@@ -51,10 +50,70 @@ spec:
               service:
                 name: {{ $fullName }}
                 port:
-                  number: {{ $svcPort }}
+                  number: {{ .backend.service.port.number }}
               {{- else }}
               serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
+              servicePort: {{ .backend.service.port.number }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
+{{ if .Values.diracxWeb.ingress.enabled -}}
+---
+{{ if and .Values.diracxWeb.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.diracxWeb.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.diracxWeb.ingress.annotations "kubernetes.io/ingress.class" .Values.diracxWeb.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-web
+  labels:
+    {{- include "diracx.labels" . | nindent 4 }}
+  {{- with .Values.diracxWeb.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.diracxWeb.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.diracxWeb.ingress.className }}
+  {{- end }}
+  {{- if .Values.diracxWeb.ingress.tls }}
+  tls:
+    {{- range .Values.diracxWeb.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.diracxWeb.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-web
+                port:
+                  number: {{ .backend.service.port.number }}
+              {{- else }}
+              serviceName: {{ $fullName }}-web
+              servicePort: {{ .backend.service.port.number }}
               {{- end }}
           {{- end }}
     {{- end }}

diracx/templates/secrets.yaml

@@ -15,6 +15,13 @@ stringData:
   {{- end }}
 {{- end }}
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: diracx-web-secrets
+stringData:
+{{ .Values.diracxWeb.settings | toYaml | indent 2 }}
+---
 {{- if .Values.diracx.manageSQLSchema }}
 apiVersion: v1
 kind: Secret

diracx/templates/web-deployment.yaml

@@ -0,0 +1,80 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "diracx.fullname" . }}-web
+  labels:
+    {{- include "diracx.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "diracxWeb.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "diracxWeb.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "diracx.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      volumes:
+        {{- if and .Values.developer.enabled }}
+        - name: diracx-web-code-mount
+          persistentVolumeClaim:
+            claimName: pvc-diracx-code
+        {{- end }}
+
+      containers:
+        - name: {{ .Chart.Name }}-web
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.diracxWeb.image.repository }}:{{ .Values.diracxWeb.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.diracxWeb.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.diracxWeb.service.port }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          {{- if .Values.developer.enabled }}
+          command: ["npm", "run", "dev"]
+          volumeMounts:
+            - mountPath: /diracxweb_source
+              name: diracx-web-code-mount
+              readOnly: true
+          {{- else }}
+          command: ["npm", "start"]
+          {{- end }}
+          envFrom:
+            - secretRef:
+                name: diracx-web-secrets
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

diracx/templates/web-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "diracx.fullname" . }}-web
+  labels:
+    {{- include "diracx.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.diracxWeb.service.type }}
+  ports:
+    - port: {{ .Values.diracxWeb.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "diracxWeb.selectorLabels" . | nindent 4 }}