From 3ea102c69c05660f23b2580c9cb1c3e530406c71 Mon Sep 17 00:00:00 2001 From: danielscholl Date: Wed, 2 Oct 2024 21:01:02 -0500 Subject: [PATCH] Admin UI (#213) --- bicep/main.bicep | 2 + bicep/main.parameters.json | 1 + bicep/modules/blade_service.bicep | 24 +++ bicep/modules/script-share-csvdag/main.bicep | 1 + charts/osdu-admin-ui/Chart.yaml | 9 + charts/osdu-admin-ui/templates/_helpers.tpl | 64 ++++++ charts/osdu-admin-ui/templates/code.yaml | 29 +++ charts/osdu-admin-ui/templates/job.yaml | 190 ++++++++++++++++++ charts/osdu-admin-ui/templates/storage.yaml | 15 ++ charts/osdu-admin-ui/templates/web-site.yaml | 70 +++++++ charts/osdu-admin-ui/values.yaml | 1 + .../osdu-experimental/admin-ui.yaml | 54 +++++ .../applications/osdu-experimental/base.yaml | 28 +++ .../osdu-experimental/namespace.yaml | 7 + .../osdu-experimental/vault-secrets.yaml | 35 ++++ software/components/global/disk.yaml | 12 ++ software/components/mesh-ingress/gateway.yaml | 54 +---- software/components/mesh-ingress/role.yaml | 23 +++ software/experimental/admin-ui/README.md | 29 +++ software/experimental/admin-ui/ingress.yaml | 23 +++ software/experimental/admin-ui/release.yaml | 53 +++++ .../experimental-base/namespace.yaml | 7 + .../experimental-base/osdu-base.yaml | 28 +++ .../experimental-base/vault-secrets.yaml | 35 ++++ stamp/applications/kustomize.yaml | 2 +- stamp/components/kustomize.yaml | 22 ++ stamp/experimental/kustomize.yaml | 42 ++++ 27 files changed, 806 insertions(+), 54 deletions(-) create mode 100644 charts/osdu-admin-ui/Chart.yaml create mode 100644 charts/osdu-admin-ui/templates/_helpers.tpl create mode 100644 charts/osdu-admin-ui/templates/code.yaml create mode 100644 charts/osdu-admin-ui/templates/job.yaml create mode 100644 charts/osdu-admin-ui/templates/storage.yaml create mode 100644 charts/osdu-admin-ui/templates/web-site.yaml create mode 100644 charts/osdu-admin-ui/values.yaml create mode 100644 software/applications/osdu-experimental/admin-ui.yaml create mode 100644 software/applications/osdu-experimental/base.yaml create mode 100644 software/applications/osdu-experimental/namespace.yaml create mode 100644 software/applications/osdu-experimental/vault-secrets.yaml create mode 100644 software/components/global/disk.yaml create mode 100644 software/components/mesh-ingress/role.yaml create mode 100644 software/experimental/admin-ui/README.md create mode 100644 software/experimental/admin-ui/ingress.yaml create mode 100644 software/experimental/admin-ui/release.yaml create mode 100644 software/experimental/experimental-base/namespace.yaml create mode 100644 software/experimental/experimental-base/osdu-base.yaml create mode 100644 software/experimental/experimental-base/vault-secrets.yaml create mode 100644 stamp/experimental/kustomize.yaml diff --git a/bicep/main.bicep b/bicep/main.bicep index 09d3bfc1..6803ae30 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -76,6 +76,7 @@ param clusterSoftware object = { enable: true osduCore: true osduReference: true + adminUI: true osduVersion: '' repository: '' branch: '' @@ -402,6 +403,7 @@ module serviceBlade 'modules/blade_service.bicep' = { enableSoftwareLoad: clusterSoftware.enable == 'false' ? false : true enableOsduCore: clusterSoftware.osduCore == 'false' ? false : true enableOsdureference: clusterSoftware.osduReference == 'false' ? false : true + enableAdminUI: clusterSoftware.adminUI == 'false' ? false : true emailAddress: emailAddress applicationClientId: applicationClientId diff --git a/bicep/main.parameters.json b/bicep/main.parameters.json index ab5f6204..9bcf7f6e 100644 --- a/bicep/main.parameters.json +++ b/bicep/main.parameters.json @@ -62,6 +62,7 @@ "osduVersion": "${SOFTWARE_VERSION}", "osduCore": "${ENABLE_OSDU_CORE}", "osduReference": "${ENABLE_OSDU_REFERENCE}", + "adminUI": "${ENABLE_ADMIN_UI}", "repository": "${SOFTWARE_REPOSITORY}", "branch": "${SOFTWARE_BRANCH}", "tag": "${SOFTWARE_TAG}" diff --git a/bicep/modules/blade_service.bicep b/bicep/modules/blade_service.bicep index 7ef5e0fd..5c853dfa 100644 --- a/bicep/modules/blade_service.bicep +++ b/bicep/modules/blade_service.bicep @@ -89,6 +89,9 @@ param enableOsduCore bool = true @description('Feature Flag to Load OSDU Reference.') param enableOsdureference bool = true +@description('Feature Flag to Load Admin UI.') +param enableAdminUI bool = true + @allowed([ 'release-0-24' 'release-0-25' @@ -161,6 +164,7 @@ var serviceLayerConfig = { tag: softwareTag == '' && softwareBranch == '' ? version.release : softwareTag components: './stamp/components' applications: './stamp/applications' + experimental: './stamp/experimental' } } @@ -416,6 +420,10 @@ var federatedIdentityCredentials = [ name: 'federated-ns_osdu-reference' subject: 'system:serviceaccount:osdu-reference:workload-identity-sa' } + { + name: 'federated-ns_osdu-experimental' + subject: 'system:serviceaccount:osdu-experimental:workload-identity-sa' + } ] @batchSize(1) @@ -532,6 +540,12 @@ var osdu_applications = [ contentType: 'text/plain' label: 'configmap-osdu-applications' } + { + name: 'adminUIEnabled' + value: toLower(string(enableAdminUI)) + contentType: 'text/plain' + label: 'configmap-osdu-applications' + } { name: 'osduVersion' value: toLower(string(osduVersion)) @@ -737,6 +751,16 @@ module fluxConfiguration 'br/public:avm/res/kubernetes-configuration/flux-config retryIntervalInSeconds: 300 prune: true } + experimental: { + path: serviceLayerConfig.gitops.experimental + dependsOn: [ + 'applications' + ] + timeoutInSeconds: 300 + syncIntervalInSeconds: 300 + retryIntervalInSeconds: 300 + prune: true + } } } dependsOn: [ diff --git a/bicep/modules/script-share-csvdag/main.bicep b/bicep/modules/script-share-csvdag/main.bicep index bf45aa1c..87919720 100644 --- a/bicep/modules/script-share-csvdag/main.bicep +++ b/bicep/modules/script-share-csvdag/main.bicep @@ -53,6 +53,7 @@ param insightsKey string @description('Client Id for the service principal') param clientId string +@secure() @description('Client Secret for the service principal') param clientSecret string diff --git a/charts/osdu-admin-ui/Chart.yaml b/charts/osdu-admin-ui/Chart.yaml new file mode 100644 index 00000000..8041e7d3 --- /dev/null +++ b/charts/osdu-admin-ui/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: osdu-admin-ui +type: application +description: Installs the OSDU Admin UI +version: 0.0.1 +appVersion: 0.0.1 +maintainers: + - name: danielscholl + url: https://github.com/azure/osdu-developer \ No newline at end of file diff --git a/charts/osdu-admin-ui/templates/_helpers.tpl b/charts/osdu-admin-ui/templates/_helpers.tpl new file mode 100644 index 00000000..13eaa1ca --- /dev/null +++ b/charts/osdu-admin-ui/templates/_helpers.tpl @@ -0,0 +1,64 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "osdu-admin-ui.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "osdu-admin-ui.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "osdu-admin-ui.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "osdu-admin-ui.labels" -}} +helm.sh/chart: {{ include "osdu-admin-ui.chart" . }} +{{ include "osdu-admin-ui.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "osdu-admin-ui.selectorLabels" -}} +app.kubernetes.io/name: {{ include "osdu-admin-ui.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Determine if the installation is enabled +*/}} +{{- define "osdu-admin-ui.isEnabled" -}} +{{- if .Values.enabled }} +{{- true -}} +{{- else -}} +{{- false -}} +{{- end -}} +{{- end }} + diff --git a/charts/osdu-admin-ui/templates/code.yaml b/charts/osdu-admin-ui/templates/code.yaml new file mode 100644 index 00000000..adf326a2 --- /dev/null +++ b/charts/osdu-admin-ui/templates/code.yaml @@ -0,0 +1,29 @@ +{{- if (include "osdu-admin-ui.isEnabled" .) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: environment-ts + namespace: {{ .Release.Namespace }} +data: + environment.ts: | + import json from '../config/config.json'; + import { Environment } from './environment.model'; + + export const environment: Environment = json as Environment; + + export const scopeProctedURLs: () => any = () => { + const splittedScopes = environment.settings.idp.scope.split(' '); + + const osdu_api = Object.values(environment.settings.api_endpoints).map( + (url) => [url, splittedScopes] + ); + + const graphAPI = [ + environment.settings.api_endpoints.graphAPI_endpoint, + ['User.Read'], + ]; + + return [...osdu_api, graphAPI]; + }; +{{- end }} diff --git a/charts/osdu-admin-ui/templates/job.yaml b/charts/osdu-admin-ui/templates/job.yaml new file mode 100644 index 00000000..92b14b7d --- /dev/null +++ b/charts/osdu-admin-ui/templates/job.yaml @@ -0,0 +1,190 @@ +{{- if (include "osdu-admin-ui.isEnabled" .) }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-build + namespace: {{ .Release.Namespace }} +spec: + ttlSecondsAfterFinished: 120 + template: + spec: + serviceAccountName: workload-identity-sa + volumes: + - name: script + configMap: + name: admin-ui-build-script + defaultMode: 0500 + - name: app-module-ts + configMap: + name: admin-ui-app-module-ts + defaultMode: 0500 + - name: {{ .Release.Name }}-storage + persistentVolumeClaim: + claimName: {{ .Release.Name }}-pvc + - name: environment-ts + configMap: + name: environment-ts + initContainers: + - name: data-seed + image: mcr.microsoft.com/cbl-mariner/base/nodejs:18 + command: ["/bin/sh"] + args: + - -c + - | + tdnf install -y curl jq tar && \ + /script/init.sh + volumeMounts: + - name: script + mountPath: "/script" + - name: {{ .Release.Name }}-storage + mountPath: "/dist" + - name: environment-ts + mountPath: "/code/environment.ts" + subPath: environment.ts + env: + - name: APP_INSIGHTS + value: {{ .Values.insightsKey | quote }} + - name: AZURE_TENANT_ID + value: {{ .Values.tenantId | quote }} + - name: AZURE_CLIENT_ID + value: {{ .Values.clientId | quote }} + - name: DATA_DOMAIN + value: ".dataservices.energy" + - name: DATA_PARTITION + value: 'opendes' + - name: REDIRECT_URI + value: {{ .Values.redirectUri | quote }} + - name: URL + value: https://community.opengroup.org/osdu/ui/admin-ui-group/admin-ui-totalenergies/admin-ui-totalenergies/-/archive/main/admin-ui-totalenergies-main.tar.gz + - name: NODE_OPTIONS + value: "--max-old-space-size=4096" + resources: + requests: + memory: "4Gi" + cpu: "500m" + limits: + memory: "4Gi" + cpu: "1" + containers: + - name: sleep + image: istio/base + command: ["/bin/sleep", "30"] + volumeMounts: + - name: script + mountPath: "/script" + restartPolicy: Never +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: admin-ui-build-script + namespace: {{ .Release.Namespace }} +data: + init.sh: | + #!/usr/bin/env sh + set -euo pipefail + set -o nounset + + echo "==================================================================" + echo " Installing Kubectl " + echo "==================================================================" + + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + mv kubectl /usr/local/bin/ + kubectl version --client + + echo "==================================================================" + echo " Waiting for IstioGateway External IP " + echo "==================================================================" + + SERVICE_NAME="istio-ingress-external" + NAMESPACE="istio-system" + + while true; do + EXTERNAL_IP=$(kubectl get svc $SERVICE_NAME -n $NAMESPACE -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + if [ -n "$EXTERNAL_IP" ]; then + echo "External IP is $EXTERNAL_IP" + break + else + echo "External IP not assigned yet. Retrying in 10 seconds..." + sleep 10 + fi + done + + echo "==================================================================" + echo " Downloading Admin UI Source Code " + echo "==================================================================" + + url_basename=$(basename ${URL}) + echo "Derived filename from URL: ${url_basename}" + + # Download the file using curl + echo "Downloading file from ${URL} to ${url_basename}" + curl -so ${url_basename} ${URL} + + # Extract the tar.gz file + mkdir -p extracted_files + tar -xzf ${url_basename} --strip-components=1 -C extracted_files + cd extracted_files/OSDUApp + + # Install Packages + npm install -g @angular/cli && npm install && npm ci + + # Copy custom Files + echo "Copying the custom code." + cp /code/environment.ts ./src/environments/environment.ts + cp providers/azure/routing.ts ./src/app/ + cp src/config/config.azure.json ./src/config/config.json && rm src/config/config.*.json + + # Remove trailing % from APP_INSIGHTS if present + APP_INSIGHTS=$(echo "$APP_INSIGHTS" | sed 's/%$//') + ENDPOINT=$(echo "http://$EXTERNAL_IP/api") + echo "APP_INSIGHTS: $APP_INSIGHTS" + echo "AZURE_CLIENT_ID: $AZURE_CLIENT_ID" + echo "DATA_DOMAIN: $DATA_DOMAIN" + echo "DATA_PARTITION: $DATA_PARTITION" + echo "AZURE_TENANT_ID: $AZURE_TENANT_ID" + echo "REDIRECT_URI: $REDIRECT_URI" + echo "ENDPOINT: $ENDPOINT" + + # Perform JQ replace here + jq \ + --arg client "$AZURE_CLIENT_ID" \ + --arg domain "$DATA_DOMAIN" \ + --arg partition "$DATA_PARTITION" \ + --arg tenant "$AZURE_TENANT_ID" \ + --arg redirect "$REDIRECT_URI" \ + --arg endpoint "$ENDPOINT" \ + '.settings.data_partition = $partition | + .settings.domain_name = $domain | + .settings.idp.tenant_id = $tenant | + .settings.idp.client_id = $client | + .settings.idp.scope = $client + "/.default" | + .settings.idp.redirect_uri = $redirect | + .settings.api_endpoints.entitlement_endpoint = $endpoint | + .settings.api_endpoints.storage_endpoint = $endpoint | + .settings.api_endpoints.search_endpoint = $endpoint | + .settings.api_endpoints.legal_endpoint = $endpoint | + .settings.api_endpoints.schema_endpoint = $endpoint | + .settings.api_endpoints.file_endpoint = $endpoint | + .settings.api_endpoints.graphAPI_endpoint = "https://graph.microsoft.com/v1.0/" | + .settings.api_endpoints.workflow_endpoint = $endpoint | + .settings.api_endpoints.secrets_endpoint = $endpoint | + .settings.api_endpoints.wddms_endpoint = $endpoint' \ + src/config/config.json > src/config/tmp.json && mv src/config/tmp.json src/config/config.json + + cat src/config/config.json + + # Building Angular code + echo "Building Angular code." + ng build + + # Copy to share + echo "Copying the build to the share." + # mkdir -p /dist/adminui + cp -r dist/OSDUApp/* /dist + + exit 0 +{{- end }} diff --git a/charts/osdu-admin-ui/templates/storage.yaml b/charts/osdu-admin-ui/templates/storage.yaml new file mode 100644 index 00000000..7f224399 --- /dev/null +++ b/charts/osdu-admin-ui/templates/storage.yaml @@ -0,0 +1,15 @@ +{{- if (include "osdu-admin-ui.isEnabled" .) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-pvc + namespace: {{ .Release.Namespace }} +spec: + storageClassName: osdu-managed-disk + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi +{{- end }} diff --git a/charts/osdu-admin-ui/templates/web-site.yaml b/charts/osdu-admin-ui/templates/web-site.yaml new file mode 100644 index 00000000..d3b3e32e --- /dev/null +++ b/charts/osdu-admin-ui/templates/web-site.yaml @@ -0,0 +1,70 @@ +{{- if (include "osdu-admin-ui.isEnabled" .) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-nginx-config + namespace: {{ .Release.Namespace }} +data: + nginx.conf: | + server { + listen 80; + server_name localhost; + root /usr/share/nginx/html; + index index.html; + } +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + selector: + app: {{ .Release.Name }} + ports: + - protocol: TCP + port: 80 + targetPort: 80 # Changed to 80 for nginx +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }} + spec: + initContainers: + - name: wait-for-build + image: mcr.microsoft.com/cbl-mariner/base/core:2.0 + command: ['sh', '-c', 'until [ -f /usr/share/nginx/html/index.html ]; do echo "Waiting for build to complete..."; sleep 5; done'] + volumeMounts: + - name: adminui-storage # Changed to match the name in job.yaml + mountPath: /usr/share/nginx/html + containers: + - name: {{ .Release.Name }} + image: nginx:latest # Changed to nginx image + ports: + - containerPort: 80 # Changed to 80 for nginx + volumeMounts: + - name: adminui-storage # Changed to match the name in job.yaml + mountPath: /usr/share/nginx/html + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: nginx.conf + volumes: + - name: adminui-storage # Changed to match the name in job.yaml + persistentVolumeClaim: + claimName: {{ .Release.Name }}-pvc + - name: nginx-config + configMap: + name: {{ .Release.Name }}-nginx-config +{{- end }} \ No newline at end of file diff --git a/charts/osdu-admin-ui/values.yaml b/charts/osdu-admin-ui/values.yaml new file mode 100644 index 00000000..66c37296 --- /dev/null +++ b/charts/osdu-admin-ui/values.yaml @@ -0,0 +1 @@ +share: admin-ui \ No newline at end of file diff --git a/software/applications/osdu-experimental/admin-ui.yaml b/software/applications/osdu-experimental/admin-ui.yaml new file mode 100644 index 00000000..45565f66 --- /dev/null +++ b/software/applications/osdu-experimental/admin-ui.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: admin-ui + namespace: osdu-experimental + annotations: + clusterconfig.azure.com/use-managed-source: "true" + fluxcd.io/retrigger: "initial" # Update this to a new value each time +spec: + dependsOn: + - name: osdu-developer-base-experimental + namespace: default + targetNamespace: osdu-experimental + chart: + spec: + chart: ./charts/osdu-admin-ui + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + interval: 5m0s + install: + remediation: + retries: 3 + timeout: 15m # Add this line to increase the timeout to 15 minutes + values: + installationType: adminUI + jobs: + adminUI: true + valuesFrom: + - kind: ConfigMap + name: configmap-software + valuesKey: value.yaml + - kind: ConfigMap + name: configmap-services + targetPath: clientId + valuesKey: client_id + - kind: ConfigMap + name: configmap-services + targetPath: tenantId + valuesKey: tenant_id + - kind: ConfigMap + name: configmap-services + targetPath: msi_client_id + valuesKey: azure_msi_client_id + - kind: Secret + name: adminui-secrets + targetPath: storageAccount + valuesKey: azurestorageaccountname + - kind: Secret + name: adminui-secrets + targetPath: insightsKey + valuesKey: azureinsightskey diff --git a/software/applications/osdu-experimental/base.yaml b/software/applications/osdu-experimental/base.yaml new file mode 100644 index 00000000..120cf456 --- /dev/null +++ b/software/applications/osdu-experimental/base.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: osdu-developer-base-experimental + namespace: default + annotations: + clusterconfig.azure.com/use-managed-source: "true" +spec: + targetNamespace: osdu-experimental + chart: + spec: + chart: ./charts/osdu-developer-base + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + interval: 5m0s + install: + remediation: + retries: 3 + valuesFrom: + - kind: ConfigMap + name: config-map-values + valuesKey: values.yaml + values: + azure: + enabled: true \ No newline at end of file diff --git a/software/applications/osdu-experimental/namespace.yaml b/software/applications/osdu-experimental/namespace.yaml new file mode 100644 index 00000000..0ce48538 --- /dev/null +++ b/software/applications/osdu-experimental/namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: osdu-experimental + labels: + toolkit.fluxcd.io/tenant: dev-team + istio-injection: false \ No newline at end of file diff --git a/software/applications/osdu-experimental/vault-secrets.yaml b/software/applications/osdu-experimental/vault-secrets.yaml new file mode 100644 index 00000000..027eef22 --- /dev/null +++ b/software/applications/osdu-experimental/vault-secrets.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: azure-keyvault-experimental + namespace: default + annotations: + clusterconfig.azure.com/use-managed-source: "true" +spec: + targetNamespace: osdu-experimental + releaseName: keyvault-experimental + chart: + spec: + chart: ./charts/keyvault-secrets + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + interval: 5m0s + install: + remediation: + retries: 3 + valuesFrom: + - kind: ConfigMap + name: config-map-values + valuesKey: values.yaml + values: + identity: false + secrets: + - secretName: experimental-secrets + data: + - key: azurestorageaccountname + vaultSecret: system-storage + - key: azureinsightskey + vaultSecret: insights-key diff --git a/software/components/global/disk.yaml b/software/components/global/disk.yaml new file mode 100644 index 00000000..d24f2fe7 --- /dev/null +++ b/software/components/global/disk.yaml @@ -0,0 +1,12 @@ +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: osdu-managed-disk + namespace: default +provisioner: file.csi.azure.com +allowVolumeExpansion: true +parameters: + skuName: Standard_LRS # Changed from StandardSSD_LRS to Standard_LRS +reclaimPolicy: Retain +volumeBindingMode: Immediate \ No newline at end of file diff --git a/software/components/mesh-ingress/gateway.yaml b/software/components/mesh-ingress/gateway.yaml index 6bf47605..115da545 100644 --- a/software/components/mesh-ingress/gateway.yaml +++ b/software/components/mesh-ingress/gateway.yaml @@ -21,56 +21,4 @@ spec: valuesFrom: - kind: ConfigMap name: config-map-values - valuesKey: values.yaml -# --- -# apiVersion: networking.istio.io/v1alpha3 -# kind: Gateway -# metadata: -# name: internal-gateway -# namespace: istio-system -# spec: -# selector: -# istio: ingress-internal -# servers: -# - port: -# name: http2 -# number: 80 -# protocol: HTTP2 -# hosts: -# - "*" -# # tls: -# # httpsRedirect: true # sends 301 redirect for http requests -# - port: -# name: https -# number: 443 -# protocol: HTTPS -# hosts: -# - "*" -# tls: -# mode: SIMPLE -# credentialName: wild-card-tls -# --- -# apiVersion: networking.istio.io/v1alpha3 -# kind: Gateway -# metadata: -# name: external-gateway -# namespace: istio-system -# spec: -# selector: -# istio: ingress-external -# servers: -# - port: -# name: http2 -# number: 80 -# protocol: HTTP2 -# hosts: -# - "*" -# - port: -# name: https -# number: 443 -# protocol: HTTPS -# hosts: -# - "*" -# tls: -# mode: SIMPLE -# credentialName: wild-card-tls \ No newline at end of file + valuesKey: values.yaml \ No newline at end of file diff --git a/software/components/mesh-ingress/role.yaml b/software/components/mesh-ingress/role.yaml new file mode 100644 index 00000000..c80f18e9 --- /dev/null +++ b/software/components/mesh-ingress/role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: service-reader + namespace: istio-system +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: service-reader-binding + namespace: istio-system +subjects: +- kind: ServiceAccount + name: workload-identity-sa + namespace: osdu-experimental +roleRef: + kind: Role + name: service-reader + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/software/experimental/admin-ui/README.md b/software/experimental/admin-ui/README.md new file mode 100644 index 00000000..a90133a1 --- /dev/null +++ b/software/experimental/admin-ui/README.md @@ -0,0 +1,29 @@ +# Sequence Diagram of Admin UI process + +```mermaid +sequenceDiagram + actor Helm + participant Storage as Storage (Persistent Volume Claim) + participant ConfigMap + participant Job + participant Deployment + participant K8s as Kubernetes API + participant OSDU as OSDU Repository + Helm->>Storage: Create Storage + Helm->>ConfigMap: Create ConfigMap for custom code files + Helm->>ConfigMap: Create ConfigMap for NGINX configuration + Helm->>Job: Start Job to Build App + Job->>Storage: Mount the Storage + Job->>ConfigMap: Mount custom code files + Job->>Job: Install dependencies (Node, Angular CLI) + Job->>OSDU: Download Admin UI code + Job->>ConfigMap: Copy /code/environment.ts to build directory + Job->>K8s: Query Kubernetes API for Ingress IP + K8s-->>Job: Return Ingress IP + Job->>Job: JQ replace config.json elements with variables and Ingress IP + Job->>Job: Build Angular code + Job->>Storage: Copy build to Storage + Job->>Deployment: Trigger NGINX Pod to start + Deployment->>Storage: Serve Angular App from Storage + Job-->>Helm: Job Success +``` \ No newline at end of file diff --git a/software/experimental/admin-ui/ingress.yaml b/software/experimental/admin-ui/ingress.yaml new file mode 100644 index 00000000..b1540fd4 --- /dev/null +++ b/software/experimental/admin-ui/ingress.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: admin-ui + namespace: osdu-experimental +spec: + hosts: + - "*" + gateways: + - istio-system/internal-gateway + - istio-system/external-gateway + http: + - match: + - uri: + prefix: "/adminui" + rewrite: + uri: "/" + route: + - destination: + host: "osdu-experimental-admin-ui.osdu-experimental.svc.cluster.local" + port: + number: 80 diff --git a/software/experimental/admin-ui/release.yaml b/software/experimental/admin-ui/release.yaml new file mode 100644 index 00000000..70674623 --- /dev/null +++ b/software/experimental/admin-ui/release.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: admin-ui + namespace: osdu-experimental + annotations: + clusterconfig.azure.com/use-managed-source: "true" + fluxcd.io/retrigger: "initial" # Update this to a new value each time +spec: + dependsOn: + - name: osdu-developer-base-experimental + namespace: default + targetNamespace: osdu-experimental + chart: + spec: + chart: ./charts/osdu-admin-ui + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + interval: 5m0s + install: + remediation: + retries: 3 + timeout: 15m # Add this line to increase the timeout to 15 minutes + values: + enabled: true + redirectUri: "http://localhost:8080" + valuesFrom: + - kind: ConfigMap + name: configmap-software + valuesKey: value.yaml + - kind: ConfigMap + name: configmap-services + targetPath: clientId + valuesKey: client_id + - kind: ConfigMap + name: configmap-services + targetPath: tenantId + valuesKey: tenant_id + - kind: ConfigMap + name: configmap-services + targetPath: msi_client_id + valuesKey: azure_msi_client_id + - kind: Secret + name: experimental-secrets + targetPath: storageAccount + valuesKey: azurestorageaccountname + - kind: Secret + name: experimental-secrets + targetPath: insightsKey + valuesKey: azureinsightskey diff --git a/software/experimental/experimental-base/namespace.yaml b/software/experimental/experimental-base/namespace.yaml new file mode 100644 index 00000000..0ce48538 --- /dev/null +++ b/software/experimental/experimental-base/namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: osdu-experimental + labels: + toolkit.fluxcd.io/tenant: dev-team + istio-injection: false \ No newline at end of file diff --git a/software/experimental/experimental-base/osdu-base.yaml b/software/experimental/experimental-base/osdu-base.yaml new file mode 100644 index 00000000..120cf456 --- /dev/null +++ b/software/experimental/experimental-base/osdu-base.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: osdu-developer-base-experimental + namespace: default + annotations: + clusterconfig.azure.com/use-managed-source: "true" +spec: + targetNamespace: osdu-experimental + chart: + spec: + chart: ./charts/osdu-developer-base + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + interval: 5m0s + install: + remediation: + retries: 3 + valuesFrom: + - kind: ConfigMap + name: config-map-values + valuesKey: values.yaml + values: + azure: + enabled: true \ No newline at end of file diff --git a/software/experimental/experimental-base/vault-secrets.yaml b/software/experimental/experimental-base/vault-secrets.yaml new file mode 100644 index 00000000..027eef22 --- /dev/null +++ b/software/experimental/experimental-base/vault-secrets.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: azure-keyvault-experimental + namespace: default + annotations: + clusterconfig.azure.com/use-managed-source: "true" +spec: + targetNamespace: osdu-experimental + releaseName: keyvault-experimental + chart: + spec: + chart: ./charts/keyvault-secrets + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + interval: 5m0s + install: + remediation: + retries: 3 + valuesFrom: + - kind: ConfigMap + name: config-map-values + valuesKey: values.yaml + values: + identity: false + secrets: + - secretName: experimental-secrets + data: + - key: azurestorageaccountname + vaultSecret: system-storage + - key: azureinsightskey + vaultSecret: insights-key diff --git a/stamp/applications/kustomize.yaml b/stamp/applications/kustomize.yaml index 9e929dd1..dea7b724 100644 --- a/stamp/applications/kustomize.yaml +++ b/stamp/applications/kustomize.yaml @@ -124,4 +124,4 @@ spec: namespace: osdu-reference - kind: Deployment name: crs-conversion - namespace: osdu-reference \ No newline at end of file + namespace: osdu-reference diff --git a/stamp/components/kustomize.yaml b/stamp/components/kustomize.yaml index 42bcc797..2d707034 100644 --- a/stamp/components/kustomize.yaml +++ b/stamp/components/kustomize.yaml @@ -1,3 +1,23 @@ +###################### +## GLOBAL Component +###################### +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: global + namespace: flux-system +spec: + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/components/global + prune: true + wait: true + ###################### ## Cert Component ###################### @@ -8,6 +28,8 @@ metadata: name: component-certs namespace: flux-system spec: + dependsOn: + - name: global interval: 1h retryInterval: 1m timeout: 5m diff --git a/stamp/experimental/kustomize.yaml b/stamp/experimental/kustomize.yaml new file mode 100644 index 00000000..28bec298 --- /dev/null +++ b/stamp/experimental/kustomize.yaml @@ -0,0 +1,42 @@ +###################### +## OSDU Experimental Base +###################### +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: experimental-base + namespace: flux-system +spec: + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/experimental/experimental-base + prune: true + wait: true + + +###################### +## OSDU Admin UI +###################### +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: experimental-admin-ui + namespace: flux-system +spec: + dependsOn: + - name: experimental-base + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/experimental/admin-ui + prune: true + wait: true \ No newline at end of file