diff --git a/archetypes/project/src/main/resources/META-INF/maven/archetype-metadata.xml b/archetypes/project/src/main/resources/META-INF/maven/archetype-metadata.xml
index 546f57c6..5ac41a6b 100644
--- a/archetypes/project/src/main/resources/META-INF/maven/archetype-metadata.xml
+++ b/archetypes/project/src/main/resources/META-INF/maven/archetype-metadata.xml
@@ -117,6 +117,18 @@
+
+
+
+ src
+
+ **/*
+
+
+
+
diff --git a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/build/kubectl/pom.xml b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/build/kubectl/pom.xml
new file mode 100644
index 00000000..c3c0a672
--- /dev/null
+++ b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/build/kubectl/pom.xml
@@ -0,0 +1,67 @@
+
+
+
+ 4.0.0
+
+
+ ${groupId}
+ ${rootArtifactId}-deploy-docker-build
+ ${version}
+ ../pom.xml
+
+
+ ${artifactId}
+ jar
+
+ ${artifactId}
+
+
+
+
+
+
+ io.fabric8
+ docker-maven-plugin
+
+
+ build
+
+ build
+
+ install
+
+
+ push
+
+ push
+
+ deploy
+
+
+
+
+
+ ${docker.repository}/${docker.prefix}-deploy-docker-build-kubectl:${docker.tag}
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+
+
+
+ jar
+
+ package
+
+
+
+
+
+
+
+
+
diff --git a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/build/kubectl/src/main/build/Dockerfile b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/build/kubectl/src/main/build/Dockerfile
new file mode 100644
index 00000000..ca96c595
--- /dev/null
+++ b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/build/kubectl/src/main/build/Dockerfile
@@ -0,0 +1,11 @@
+FROM ${docker.from.kubectl}
+
+########################################################################################################################
+
+LABEL git.branch=${git.branch}
+LABEL git.closest.tag.name=${git.closest.tag.fixed}
+LABEL git.commit.id=${git.commit.id}
+LABEL git.dirty=${git.dirty}
+LABEL mvn.project.artifactId=${project.artifactId}
+LABEL mvn.project.groupId=${project.groupId}
+LABEL mvn.project.version=${project.version}
diff --git a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/pom.xml b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/pom.xml
index d3aa989c..3769143e 100644
--- a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/pom.xml
+++ b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/pom.xml
@@ -30,6 +30,9 @@
dockerio.mirror.docker.edu-sharing.com/bitnami/bitnami-shell:11
+
+ dockerio.mirror.docker.edu-sharing.com/bitnami/kubectl:1.24
+
dockerio.mirror.docker.edu-sharing.com/openjdk:8-jdk
diff --git a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/ingress.yaml b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/ingress.yaml
index 1f42e2ae..d36a1a05 100644
--- a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/ingress.yaml
+++ b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/ingress.yaml
@@ -1,4 +1,125 @@
{{- if not .Values.global.cluster.istio.enabled }}
+{{- if .Values.ingress.admin.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "edusharing_repository_service.name" . }}-admin-exact
+ labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
+ {{- with merge .Values.ingress.annotations .Values.global.cluster.cert.annotations }}
+ annotations: {{ toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.global.cluster.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.global.cluster.ingress.ingressClassName | quote }}
+ {{- end }}
+ {{- with .Values.ingress.admin.tls }}
+ tls: {{ toYaml . | nindent 4 }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.admin.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: /
+ pathType: Exact
+ backend:
+ service:
+ name: {{ include "edusharing_repository_service.name" $ }}-admin
+ port:
+ number: {{ $.Values.service.port.api.external }}
+ {{- end }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "edusharing_repository_service.name" . }}-admin-prefix
+ labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
+ {{- with merge .Values.ingress.annotations .Values.global.cluster.cert.annotations }}
+ annotations: {{ toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.global.cluster.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.global.cluster.ingress.ingressClassName | quote }}
+ {{- end }}
+ {{- with .Values.ingress.admin.tls }}
+ tls: {{ toYaml . | nindent 4 }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.admin.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ {{- range $.Values.ingress.paths }}
+ - path: {{ . }}
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ include "edusharing_repository_service.name" $ }}-admin
+ port:
+ number: {{ $.Values.service.port.api.external }}
+ {{- end }}
+ {{- end }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "edusharing_repository_service.name" . }}-worker-exact
+ labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
+ {{- with merge .Values.ingress.annotations .Values.global.cluster.cert.annotations }}
+ annotations: {{ toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.global.cluster.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.global.cluster.ingress.ingressClassName | quote }}
+ {{- end }}
+ {{- with .Values.ingress.tls }}
+ tls: {{ toYaml . | nindent 4 }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: /
+ pathType: Exact
+ backend:
+ service:
+ name: {{ include "edusharing_repository_service.name" $ }}-worker
+ port:
+ number: {{ $.Values.service.port.api.external }}
+ {{- end }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "edusharing_repository_service.name" . }}-worker-prefix
+ labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
+ {{- with merge .Values.ingress.annotations .Values.global.cluster.cert.annotations }}
+ annotations: {{ toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.global.cluster.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.global.cluster.ingress.ingressClassName | quote }}
+ {{- end }}
+ {{- with .Values.ingress.tls }}
+ tls: {{ toYaml . | nindent 4 }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ {{- range $.Values.ingress.paths }}
+ - path: {{ . }}
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ include "edusharing_repository_service.name" $ }}-worker
+ port:
+ number: {{ $.Values.service.port.api.external }}
+ {{- end }}
+ {{- end }}
+{{- else }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -58,4 +179,5 @@ spec:
number: {{ $.Values.service.port.api.external }}
{{- end }}
{{- end }}
+{{- end }}
{{- end }}
\ No newline at end of file
diff --git a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/service.yaml b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/service.yaml
index 887e929c..d1c1bbd1 100644
--- a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/service.yaml
+++ b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/service.yaml
@@ -1,3 +1,38 @@
+{{- if .Values.ingress.admin.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "edusharing_repository_service.name" . }}-admin
+ labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
+spec:
+ type: ClusterIP
+ selector: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
+ role: admin
+ ports:
+ - name: http-api-external
+ port: {{ .Values.service.port.api.external }}
+ targetPort: api-{{ if .Values.proxy.enabled }}proxy{{ else }}external{{ end }}
+ - name: http-api-internal
+ port: {{ .Values.service.port.api.internal }}
+ targetPort: api-internal
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "edusharing_repository_service.name" . }}-worker
+ labels: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
+spec:
+ type: ClusterIP
+ selector: {{ include "edusharing_repository_service.labels.app" . | nindent 4 }}
+ role: worker
+ ports:
+ - name: http-api-external
+ port: {{ .Values.service.port.api.external }}
+ targetPort: api-{{ if .Values.proxy.enabled }}proxy{{ else }}external{{ end }}
+ - name: http-api-internal
+ port: {{ .Values.service.port.api.internal }}
+ targetPort: api-internal
+{{- else }}
apiVersion: v1
kind: Service
metadata:
@@ -13,6 +48,7 @@ spec:
- name: http-api-internal
port: {{ .Values.service.port.api.internal }}
targetPort: api-internal
+{{- end }}
---
apiVersion: v1
kind: Service
diff --git a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/statefulset.yaml b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/statefulset.yaml
index 19e222f2..a5546646 100644
--- a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/statefulset.yaml
+++ b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/templates/statefulset.yaml
@@ -34,8 +34,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
- {{- if (default .Values.global.cluster.storage.share.permission .Values.persistence.share.permission) }}
+ {{- if (or (default .Values.global.cluster.storage.share.permission .Values.persistence.share.permission) .Values.ingress.admin.enabled) }}
initContainers:
+ {{- if (default .Values.global.cluster.storage.share.permission .Values.persistence.share.permission) }}
- name: {{ include "edusharing_repository_service.name" . }}-init-permission
image: {{ include "edusharing_repository_service.image" . }}{{ .Values.image.prefix }}-deploy-docker-build-minideb:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
@@ -75,6 +76,37 @@ spec:
securityContext: {{ toYaml . | nindent 10 }}
{{- end }}
{{- end }}
+ {{- if .Values.ingress.admin.enabled }}
+ - name: {{ include "edusharing_repository_service.name" . }}-init-label
+ image: {{ include "edusharing_repository_service.image" . }}{{ .Values.image.prefix }}-deploy-docker-build-kubectl:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.image.pullPolicy }}
+ command:
+ - "/bin/bash"
+ - "-ec"
+ - |
+ if [[ "${POD_NAME##*-}" == "0" ]]; then
+ export POD_ROLE="admin"
+ else
+ export POD_ROLE="worker"
+ fi
+ kubectl label pod ${POD_NAME} role=${POD_ROLE} -n ${POD_NAMESPACE} --server=kubernetes.default --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) --certificate-authority=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt)
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- with .Values.init.label.resources }}
+ resources: {{ toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .Values.init.label.securityContext }}
+ securityContext: {{ toYaml . | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
containers:
- name: {{ include "edusharing_repository_service.name" . }}-server
image: {{ include "edusharing_repository_service.image" . }}{{ .Values.image.prefix }}-deploy-docker-repository-build-service:{{ .Values.image.tag }}
@@ -342,6 +374,9 @@ spec:
{{- with merge .Values.podSecurityContext .Values.global.security }}
securityContext: {{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
{{- with .Values.tolerations }}
tolerations: {{ toYaml . | nindent 8 }}
{{- end }}
diff --git a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/values.yaml b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/values.yaml
index bfa991e9..4004e851 100644
--- a/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/values.yaml
+++ b/archetypes/project/src/main/resources/archetype-resources/deploy/docker/repository/helm/service/src/main/chart/values.yaml
@@ -117,6 +117,18 @@ ingress:
paths:
- /edu-sharing
+ admin:
+
+ enabled: false
+
+ hosts:
+ - admin.repository.127.0.0.1.nip.io
+
+ tls: []
+ # - secretName: admin-edusharing-repository-tls
+ # hosts:
+ # - admin.repository.127.0.0.1.nip.io
+
########################################################################################################################
proxy:
@@ -371,6 +383,8 @@ securityContext:
- ALL
runAsUser: 1000
+# serviceAccountName: default
+
########################################################################################################################
terminationGracePeriod: 120
@@ -428,6 +442,21 @@ init:
runAsUser: 0
+ label:
+
+ resources:
+
+ limits:
+ cpu: 125m
+ memory: 512Mi
+ requests:
+ cpu: 125m
+ memory: 512Mi
+
+ securityContext:
+
+ runAsUser: 1001
+
########################################################################################################################
sidecar: