diff --git a/README.md b/README.md index d90777f..3a3ff42 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,14 @@ TODO | dex.service.ports.http.port | int | `8000` | | | dex.service.type | string | `"NodePort"` | | | diracx.csVolumeName | string | `"pv-cs-store"` | | +| diracx.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | | +| diracx.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | +| diracx.ingress.className | string | `"nginx"` | | +| diracx.ingress.enabled | bool | `true` | | +| diracx.ingress.hosts[0].paths[0].backend.service.port.number | int | `8000` | | +| diracx.ingress.hosts[0].paths[0].path | string | `"/api(/|$)(.*)"` | | +| diracx.ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| diracx.ingress.tls | list | `[]` | | | diracx.manageOSIndices | bool | `true` | | | diracx.manageSQLSchema | bool | `true` | | | diracx.mysqlDatabases[0] | string | `"AuthDB"` | | @@ -106,18 +114,23 @@ TODO | diracx.settings.DIRACX_CONFIG_BACKEND_URL | string | `"git+file:///cs_store/initialRepo"` | | | diracx.settings.DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS | string | `"[\"http://anything:8000/docs/oauth2-redirect\"]"` | | | diracx.settings.DIRACX_SERVICE_AUTH_TOKEN_KEY | string | `"file:///signing-key/rs256.key"` | | +| diracxWeb.image.pullPolicy | string | `"IfNotPresent"` | | +| diracxWeb.image.repository | string | `"ghcr.io/diracgrid/diracx-web/client"` | | +| diracxWeb.image.tag | string | `"latest"` | | +| diracxWeb.ingress.className | string | `"nginx"` | | +| diracxWeb.ingress.enabled | bool | `true` | | +| diracxWeb.ingress.hosts[0].paths[0].backend.service.port.number | int | `3000` | | +| diracxWeb.ingress.hosts[0].paths[0].path | string | `"/"` | | +| diracxWeb.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | +| diracxWeb.ingress.tls | list | `[]` | | +| diracxWeb.service.port | int | `3000` | | +| diracxWeb.service.type | string | `"ClusterIP"` | | +| diracxWeb.settings.DEFAULT_SCOPE | string | `"vo:diracAdmin"` | | +| diracxWeb.settings.DIRACX_CLIENT_ID | string | `"myDIRACClientID"` | | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/diracgrid/diracx/server"` | | | image.tag | string | `"latest"` | | -| ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | -| ingress.className | string | `"nginx"` | | -| ingress.enabled | bool | `true` | | -| ingress.hosts[0].paths[0].backend.service.name | string | `"diracx-demo"` | | -| ingress.hosts[0].paths[0].backend.service.port.number | int | `8000` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | -| ingress.tls | list | `[]` | | | minio.consoleIngress.enabled | bool | `false` | | | minio.consoleService.type | string | `"NodePort"` | | | minio.enabled | bool | `true` | | diff --git a/demo/demo_cluster_conf.tpl.yaml b/demo/demo_cluster_conf.tpl.yaml index 8171cbd..f807ac6 100644 --- a/demo/demo_cluster_conf.tpl.yaml +++ b/demo/demo_cluster_conf.tpl.yaml @@ -24,6 +24,9 @@ nodes: - containerPort: 80 hostPort: 8000 protocol: TCP + - containerPort: 3000 + hostPort: 3000 + protocol: TCP - containerPort: 32000 hostPort: 32000 protocol: TCP diff --git a/demo/values.tpl.yaml b/demo/values.tpl.yaml index 53e9ce3..92c6e8c 100644 --- a/demo/values.tpl.yaml +++ b/demo/values.tpl.yaml @@ -1,6 +1,7 @@ developer: urls: - diracx: http://{{ hostname }}:8000 + diracx: http://{{ hostname }}:8000/api + diracx-web: http://{{ hostname }}:8000 minio: http://{{ hostname }}:32000 dex: http://{{ hostname }}:32002 demoDir: {{ demo_dir }} @@ -8,11 +9,16 @@ developer: diracx: settings: - DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS: '["http://{{ hostname }}:8000/docs/oauth2-redirect"]' + DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS: '["http://localhost:8000/api/docs/oauth2-redirect", "http://localhost:8000/dashboard/#authentication-callback"]' DIRACX_SANDBOX_STORE_BUCKET_NAME: demo-sandboxes DIRACX_SANDBOX_STORE_S3_CLIENT_KWARGS: '{"endpoint_url": "http://{{ hostname }}:32000", "aws_access_key_id": "console", "aws_secret_access_key": "console123"}' DIRACX_SANDBOX_STORE_AUTO_CREATE_BUCKET: "true" +diracxWeb: + settings: + REDIRECT_URI: http://localhost:8000/dashboard/#authentication-callback + NEXT_PUBLIC_DIRACX_URL: http://{{ hostname }}:8000/api + minio: environment: MINIO_BROWSER_REDIRECT_URL: http://{{ hostname }}:32001/ @@ -26,8 +32,8 @@ dex: public: true name: 'CLI app' redirectURIs: - - 'http://{{ hostname }}:8000/auth/device/complete' - - http://{{ hostname }}:8000/auth/authorize/complete + - 'http://{{ hostname }}:8000/api/auth/device/complete' + - http://{{ hostname }}:8000/api/auth/authorize/complete staticPasswords: - email: "admin@example.com" diff --git a/diracx/templates/NOTES.txt b/diracx/templates/NOTES.txt index 72a232f..26c19a1 100644 --- a/diracx/templates/NOTES.txt +++ b/diracx/templates/NOTES.txt @@ -7,7 +7,7 @@ first following environment variables: export KUBECONFIG={{ .Values.developer.demoDir }}/kube.conf export HELM_DATA_HOME={{ .Values.developer.demoDir }}/helm_data - export PATH=\${PATH}:{{ .Values.developer.demoDir }} + export PATH=${PATH}:{{ .Values.developer.demoDir }} Then see the chart README for more information on how to use kubectl/helm. diff --git a/diracx/templates/_helpers.tpl b/diracx/templates/_helpers.tpl index e4b2903..1d123c3 100644 --- a/diracx/templates/_helpers.tpl +++ b/diracx/templates/_helpers.tpl @@ -49,6 +49,10 @@ Selector labels app.kubernetes.io/name: {{ include "diracx.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{- define "diracxWeb.selectorLabels" -}} +app.kubernetes.io/name: {{ include "diracx.name" . }}-web +app.kubernetes.io/instance: {{ .Release.Name }}-web +{{- end }} {{/* Create the name of the service account to use diff --git a/diracx/templates/deployment.yaml b/diracx/templates/deployment.yaml index 715887b..406c363 100644 --- a/diracx/templates/deployment.yaml +++ b/diracx/templates/deployment.yaml @@ -146,14 +146,14 @@ spec: - name: http containerPort: {{ .Values.service.port }} protocol: TCP - livenessProbe: - httpGet: - path: /docs/ - port: http - readinessProbe: - httpGet: - path: /docs/ - port: http + # livenessProbe: + # httpGet: + # path: /api/docs/ + # port: http + # readinessProbe: + # httpGet: + # path: /api/docs/ + # port: http command: ["bash", "/entrypoint.sh"] args: - uvicorn diff --git a/diracx/templates/ingress.yaml b/diracx/templates/ingress.yaml index f7279cf..6a39290 100644 --- a/diracx/templates/ingress.yaml +++ b/diracx/templates/ingress.yaml @@ -1,9 +1,8 @@ -{{- if .Values.ingress.enabled -}} {{- $fullName := include "diracx.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} +{{- if .Values.diracx.ingress.enabled -}} +{{- if and .Values.diracx.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.diracx.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.diracx.ingress.annotations "kubernetes.io/ingress.class" .Values.diracx.ingress.className}} {{- end }} {{- end }} {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} @@ -18,17 +17,17 @@ metadata: name: {{ $fullName }} labels: {{- include "diracx.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + {{- with .Values.diracx.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} + {{- if and .Values.diracx.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.diracx.ingress.className }} {{- end }} - {{- if .Values.ingress.tls }} + {{- if .Values.diracx.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.diracx.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -37,7 +36,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.diracx.ingress.hosts }} - host: {{ .host | quote }} http: paths: @@ -51,10 +50,70 @@ spec: service: name: {{ $fullName }} port: - number: {{ $svcPort }} + number: {{ .backend.service.port.number }} {{- else }} serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} + servicePort: {{ .backend.service.port.number }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{ if .Values.diracxWeb.ingress.enabled -}} +--- +{{ if and .Values.diracxWeb.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.diracxWeb.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.diracxWeb.ingress.annotations "kubernetes.io/ingress.class" .Values.diracxWeb.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-web + labels: + {{- include "diracx.labels" . | nindent 4 }} + {{- with .Values.diracxWeb.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.diracxWeb.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.diracxWeb.ingress.className }} + {{- end }} + {{- if .Values.diracxWeb.ingress.tls }} + tls: + {{- range .Values.diracxWeb.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.diracxWeb.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-web + port: + number: {{ .backend.service.port.number }} + {{- else }} + serviceName: {{ $fullName }}-web + servicePort: {{ .backend.service.port.number }} {{- end }} {{- end }} {{- end }} diff --git a/diracx/templates/secrets.yaml b/diracx/templates/secrets.yaml index de4c038..a0744a3 100644 --- a/diracx/templates/secrets.yaml +++ b/diracx/templates/secrets.yaml @@ -15,6 +15,13 @@ stringData: {{- end }} {{- end }} --- +apiVersion: v1 +kind: Secret +metadata: + name: diracx-web-secrets +stringData: +{{ .Values.diracxWeb.settings | toYaml | indent 2 }} +--- {{- if .Values.diracx.manageSQLSchema }} apiVersion: v1 kind: Secret diff --git a/diracx/templates/web-deployment.yaml b/diracx/templates/web-deployment.yaml new file mode 100644 index 0000000..afd68eb --- /dev/null +++ b/diracx/templates/web-deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "diracx.fullname" . }}-web + labels: + {{- include "diracx.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "diracxWeb.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "diracxWeb.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "diracx.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + volumes: + {{- if and .Values.developer.enabled }} + - name: diracx-web-code-mount + persistentVolumeClaim: + claimName: pvc-diracx-code + {{- end }} + + containers: + - name: {{ .Chart.Name }}-web + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.diracxWeb.image.repository }}:{{ .Values.diracxWeb.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.diracxWeb.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.diracxWeb.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + {{- if .Values.developer.enabled }} + command: ["npm", "run", "dev"] + volumeMounts: + - mountPath: /diracxweb_source + name: diracx-web-code-mount + readOnly: true + {{- else }} + command: ["npm", "start"] + {{- end }} + envFrom: + - secretRef: + name: diracx-web-secrets + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/diracx/templates/web-service.yaml b/diracx/templates/web-service.yaml new file mode 100644 index 0000000..49f35c5 --- /dev/null +++ b/diracx/templates/web-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "diracx.fullname" . }}-web + labels: + {{- include "diracx.labels" . | nindent 4 }} +spec: + type: {{ .Values.diracxWeb.service.type }} + ports: + - port: {{ .Values.diracxWeb.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "diracxWeb.selectorLabels" . | nindent 4 }} diff --git a/diracx/values.yaml b/diracx/values.yaml index 1cc9f01..dd34ad4 100644 --- a/diracx/values.yaml +++ b/diracx/values.yaml @@ -83,6 +83,53 @@ diracx: # Which DiracX OpenSearch DBs are used? osDatabases: - JobParametersDB + ingress: + enabled: true + className: "nginx" + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # Needed if you want to use a base path different from / + # #Use rewrite rules https://kubernetes.github.io/ingress-nginx/examples/rewrite/ + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + hosts: + - paths: + - path: /api(/|$)(.*) + pathType: ImplementationSpecific + backend: + service: + port: + number: 8000 + +diracxWeb: + image: + repository: ghcr.io/diracgrid/diracx-web/client + pullPolicy: IfNotPresent + tag: latest + settings: + # This corresponds to the basic .env file + DIRACX_CLIENT_ID: "myDIRACClientID" + DEFAULT_SCOPE: "vo:diracAdmin" + service: + type: ClusterIP + port: 3000 + ingress: + enabled: true + className: "nginx" + tls: [] + hosts: + - paths: + - path: / + pathType: Prefix + backend: + service: + port: + number: 3000 ########################## @@ -201,31 +248,6 @@ service: type: ClusterIP port: 8000 -ingress: - enabled: true - className: "nginx" - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # Needed if you want to use a base path different from / - # #Use rewrite rules https://kubernetes.github.io/ingress-nginx/examples/rewrite/ - nginx.ingress.kubernetes.io/use-regex: "true" - # nginx.ingress.kubernetes.io/rewrite-target: "/$2" - hosts: - - paths: - - path: / - pathType: Prefix - backend: - service: - name: diracx-demo - port: - number: 8000 - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little