Skip to content

Commit

Permalink
feat: dedicated admin service/ingress for repository-service-0
Browse files Browse the repository at this point in the history
  • Loading branch information
thomschke committed Nov 27, 2024
1 parent e4a1c59 commit 7183b18
Show file tree
Hide file tree
Showing 8 changed files with 316 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,18 @@
</fileSet>
</fileSets>
</module>
<module dir="kubectl"
id="${rootArtifactId}-deploy-docker-build-kubectl"
name="${rootArtifactId}-deploy-docker-build-kubectl">
<fileSets>
<fileSet encoding="UTF-8">
<directory>src</directory>
<includes>
<include>**/*</include>
</includes>
</fileSet>
</fileSets>
</module>
<module dir="mailcatcher"
id="${rootArtifactId}-deploy-docker-build-mailcatcher"
name="${rootArtifactId}-deploy-docker-build-mailcatcher">
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>${groupId}</groupId>
<artifactId>${rootArtifactId}-deploy-docker-build</artifactId>
<version>${version}</version>
<relativePath>../pom.xml</relativePath>
</parent>

<artifactId>${artifactId}</artifactId>
<packaging>jar</packaging>

<name>${artifactId}</name>

<build>

<plugins>

<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<executions>
<execution>
<id>build</id>
<goals>
<goal>build</goal>
</goals>
<phase>install</phase>
</execution>
<execution>
<id>push</id>
<goals>
<goal>push</goal>
</goals>
<phase>deploy</phase>
</execution>
</executions>
<configuration>
<images>
<image>
<name>${docker.repository}/${docker.prefix}-deploy-docker-build-kubectl:${docker.tag}</name>
</image>
</images>
</configuration>
</plugin>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<phase>package</phase>
</execution>
</executions>
</plugin>

</plugins>

</build>

</project>
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
FROM ${docker.from.kubectl}

########################################################################################################################

LABEL git.branch=${git.branch}
LABEL git.closest.tag.name=${git.closest.tag.fixed}
LABEL git.commit.id=${git.commit.id}
LABEL git.dirty=${git.dirty}
LABEL mvn.project.artifactId=${project.artifactId}
LABEL mvn.project.groupId=${project.groupId}
LABEL mvn.project.version=${project.version}
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@
<docker.from.minideb>
dockerio.mirror.docker.edu-sharing.com/bitnami/bitnami-shell:11
</docker.from.minideb>
<docker.from.kubectl>
dockerio.mirror.docker.edu-sharing.com/bitnami/kubectl:1.24
</docker.from.kubectl>
<docker.from.openjdk.8>
dockerio.mirror.docker.edu-sharing.com/openjdk:8-jdk
</docker.from.openjdk.8>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,125 @@
{{- if not .Values.global.cluster.istio.enabled }}
{{- if .Values.ingress.admin.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "edusharing_repository_service.name" . }}-admin-exact
labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
{{- with merge .Values.ingress.annotations .Values.global.cluster.cert.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.cluster.ingress.ingressClassName }}
ingressClassName: {{ .Values.global.cluster.ingress.ingressClassName | quote }}
{{- end }}
{{- with .Values.ingress.admin.tls }}
tls: {{ toYaml . | nindent 4 }}
{{- end }}
rules:
{{- range .Values.ingress.admin.hosts }}
- host: {{ . }}
http:
paths:
- path: /
pathType: Exact
backend:
service:
name: {{ include "edusharing_repository_service.name" $ }}-admin
port:
number: {{ $.Values.service.port.api.external }}
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "edusharing_repository_service.name" . }}-admin-prefix
labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
{{- with merge .Values.ingress.annotations .Values.global.cluster.cert.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.cluster.ingress.ingressClassName }}
ingressClassName: {{ .Values.global.cluster.ingress.ingressClassName | quote }}
{{- end }}
{{- with .Values.ingress.admin.tls }}
tls: {{ toYaml . | nindent 4 }}
{{- end }}
rules:
{{- range .Values.ingress.admin.hosts }}
- host: {{ . }}
http:
paths:
{{- range $.Values.ingress.paths }}
- path: {{ . }}
pathType: Prefix
backend:
service:
name: {{ include "edusharing_repository_service.name" $ }}-admin
port:
number: {{ $.Values.service.port.api.external }}
{{- end }}
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "edusharing_repository_service.name" . }}-worker-exact
labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
{{- with merge .Values.ingress.annotations .Values.global.cluster.cert.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.cluster.ingress.ingressClassName }}
ingressClassName: {{ .Values.global.cluster.ingress.ingressClassName | quote }}
{{- end }}
{{- with .Values.ingress.tls }}
tls: {{ toYaml . | nindent 4 }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: /
pathType: Exact
backend:
service:
name: {{ include "edusharing_repository_service.name" $ }}-worker
port:
number: {{ $.Values.service.port.api.external }}
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "edusharing_repository_service.name" . }}-worker-prefix
labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
{{- with merge .Values.ingress.annotations .Values.global.cluster.cert.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.cluster.ingress.ingressClassName }}
ingressClassName: {{ .Values.global.cluster.ingress.ingressClassName | quote }}
{{- end }}
{{- with .Values.ingress.tls }}
tls: {{ toYaml . | nindent 4 }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
{{- range $.Values.ingress.paths }}
- path: {{ . }}
pathType: Prefix
backend:
service:
name: {{ include "edusharing_repository_service.name" $ }}-worker
port:
number: {{ $.Values.service.port.api.external }}
{{- end }}
{{- end }}
{{- else }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
Expand Down Expand Up @@ -58,4 +179,5 @@ spec:
number: {{ $.Values.service.port.api.external }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
Original file line number Diff line number Diff line change
@@ -1,3 +1,38 @@
{{- if .Values.ingress.admin.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "edusharing_repository_service.name" . }}-admin
labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
spec:
type: ClusterIP
selector: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
role: admin
ports:
- name: http-api-external
port: {{ .Values.service.port.api.external }}
targetPort: api-{{ if .Values.proxy.enabled }}proxy{{ else }}external{{ end }}
- name: http-api-internal
port: {{ .Values.service.port.api.internal }}
targetPort: api-internal
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "edusharing_repository_service.name" . }}-worker
labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
spec:
type: ClusterIP
selector: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
role: worker
ports:
- name: http-api-external
port: {{ .Values.service.port.api.external }}
targetPort: api-{{ if .Values.proxy.enabled }}proxy{{ else }}external{{ end }}
- name: http-api-internal
port: {{ .Values.service.port.api.internal }}
targetPort: api-internal
{{- else }}
apiVersion: v1
kind: Service
metadata:
Expand All @@ -13,6 +48,7 @@ spec:
- name: http-api-internal
port: {{ .Values.service.port.api.internal }}
targetPort: api-internal
{{- end }}
---
apiVersion: v1
kind: Service
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if (default .Values.global.cluster.storage.share.permission .Values.persistence.share.permission) }}
{{- if (or (default .Values.global.cluster.storage.share.permission .Values.persistence.share.permission) .Values.ingress.admin.enabled) }}
initContainers:
{{- if (default .Values.global.cluster.storage.share.permission .Values.persistence.share.permission) }}
- name: {{ include "edusharing_repository_service.name" . }}-init-permission
image: {{ include "edusharing_repository_service.image" . }}{{ .Values.image.prefix }}-deploy-docker-build-minideb:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
Expand Down Expand Up @@ -75,6 +76,37 @@ spec:
securityContext: {{ toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.ingress.admin.enabled }}
- name: {{ include "edusharing_repository_service.name" . }}-init-label
image: {{ include "edusharing_repository_service.image" . }}{{ .Values.image.prefix }}-deploy-docker-build-kubectl:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
command:
- "/bin/bash"
- "-ec"
- |
if [[ "${POD_NAME##*-}" == "0" ]]; then
export POD_ROLE="admin"
else
export POD_ROLE="worker"
fi
kubectl label pod ${POD_NAME} role=${POD_ROLE} -n ${POD_NAMESPACE} --server=kubernetes.default --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) --certificate-authority=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt)
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- with .Values.init.label.resources }}
resources: {{ toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.init.label.securityContext }}
securityContext: {{ toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}
containers:
- name: {{ include "edusharing_repository_service.name" . }}-server
image: {{ include "edusharing_repository_service.image" . }}{{ .Values.image.prefix }}-deploy-docker-repository-build-service:{{ .Values.image.tag }}
Expand Down Expand Up @@ -342,6 +374,9 @@ spec:
{{- with merge .Values.podSecurityContext .Values.global.security }}
securityContext: {{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.serviceAccountName }}
serviceAccountName: {{ . }}
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{ toYaml . | nindent 8 }}
{{- end }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,18 @@ ingress:
paths:
- /edu-sharing

admin:

enabled: false

hosts:
- admin.repository.127.0.0.1.nip.io

tls: []
# - secretName: admin-edusharing-repository-tls
# hosts:
# - admin.repository.127.0.0.1.nip.io

########################################################################################################################

proxy:
Expand Down Expand Up @@ -371,6 +383,8 @@ securityContext:
- ALL
runAsUser: 1000

# serviceAccountName: default

########################################################################################################################

terminationGracePeriod: 120
Expand Down Expand Up @@ -428,6 +442,21 @@ init:

runAsUser: 0

label:

resources:

limits:
cpu: 125m
memory: 512Mi
requests:
cpu: 125m
memory: 512Mi

securityContext:

runAsUser: 1001

########################################################################################################################

sidecar:
Expand Down

0 comments on commit 7183b18

Please sign in to comment.