diff --git a/api-gateway/src/main/resources/application-dev.yml b/api-gateway/src/main/resources/application-dev.yml index ad621419de..1900aec152 100644 --- a/api-gateway/src/main/resources/application-dev.yml +++ b/api-gateway/src/main/resources/application-dev.yml @@ -1,13 +1,23 @@ gateway: backend: url: http://localhost:5800 + backend-cosv: + url: http://localhost:5700 frontend: # In the "dev" environment, the front-end uses TCP port 8080 when run using `webpack-dev-server` (i.e. `browserDevelopmentRun` or `run` Gradle task). url: http://localhost:8080 + frontend-cosv: + # In the "dev" environment, the frontend-cosv uses TCP port 8081 when run using `webpack-dev-server` (i.e. `browserDevelopmentRun` or `run` Gradle task). + url: http://localhost:8081 demo: url: http://localhost:5421 demo-cpg: url: http://localhost:5500 +# for local test add additional lines in hosts file in your OS +# then you can access application using :5300 +hosts: + save: save.local.test + cosv: cosv.local.test spring: security: oauth2: diff --git a/api-gateway/src/main/resources/application.yml b/api-gateway/src/main/resources/application.yml index c268bf988c..cee958d482 100644 --- a/api-gateway/src/main/resources/application.yml +++ b/api-gateway/src/main/resources/application.yml @@ -5,8 +5,12 @@ server: gateway: backend: url: http://backend:5800 + backend-cosv: + url: http://backend-cosv:5700 frontend: url: http://frontend:5810 + frontend-cosv: + url: http://frontend-cosv:5820 demo: url: http://demo:5421 demo-cpg: @@ -43,6 +47,16 @@ spring: - id: api_route uri: ${gateway.backend.url} predicates: + - Host=**.${hosts.save}:5300 + - Path=/api/** + filters: + # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it + - RemoveRequestHeader=Cookie + - AuthorizationHeaders= + - id: cosv_api_route + uri: ${gateway.backend-cosv.url} + predicates: + - Host=**.${hosts.cosv}:5300 - Path=/api/** filters: # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it @@ -57,6 +71,7 @@ spring: - id: resource_route uri: ${gateway.frontend.url} predicates: + - Host=**.${hosts.save}:5300 - Path=/*.html,/*.js*,/*.css,/img/**,/*.ico,/*.png filters: # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it @@ -64,6 +79,23 @@ spring: - id: index_route uri: ${gateway.frontend.url}/index.html predicates: + - Host=**.${hosts.save}:5300 + - Path=/** + filters: + # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it + - RemoveRequestHeader=Cookie + - id: resource_route_cosv + uri: ${gateway.frontend-cosv.url} + predicates: + - Host=**.${hosts.cosv}:5300 + - Path=/*.html,/*.js*,/*.css,/img/**,/*.ico,/*.png + filters: + # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it + - RemoveRequestHeader=Cookie + - id: index_route_cosv + uri: ${gateway.frontend-cosv.url}/index.html + predicates: + - Host=**.${hosts.cosv}:5300 - Path=/** filters: # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it diff --git a/save-cloud-charts/save-cloud/templates/agent-backend-cosv-service.yaml b/save-cloud-charts/save-cloud/templates/agent-backend-cosv-service.yaml new file mode 100644 index 0000000000..64e2afa50a --- /dev/null +++ b/save-cloud-charts/save-cloud/templates/agent-backend-cosv-service.yaml @@ -0,0 +1,14 @@ +{{ if .Values.agentNamespace }} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.backend_cosv.name }} + namespace: {{ .Values.agentNamespace }} +spec: + type: ExternalName + externalName: {{ .Values.backend_cosv.name }}.{{ .Values.namespace }}.svc.cluster.local + ports: + - port: {{ .Values.backend_cosv.containerPort }} + +{{ end }} diff --git a/save-cloud-charts/save-cloud/templates/agent-network-policy-general.yaml b/save-cloud-charts/save-cloud/templates/agent-network-policy-general.yaml index cd9a2cbc39..c553faa31a 100644 --- a/save-cloud-charts/save-cloud/templates/agent-network-policy-general.yaml +++ b/save-cloud-charts/save-cloud/templates/agent-network-policy-general.yaml @@ -15,6 +15,7 @@ spec: cidr: 0.0.0.0/0 # Forbid private IP ranges effectively allowing only egress to the Internet except: + # - 12.0.0.0/8 - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 diff --git a/save-cloud-charts/save-cloud/templates/agent-network-policy-orchestrator.yaml b/save-cloud-charts/save-cloud/templates/agent-network-policy-orchestrator.yaml index c01ab713d0..b82e0d9e43 100644 --- a/save-cloud-charts/save-cloud/templates/agent-network-policy-orchestrator.yaml +++ b/save-cloud-charts/save-cloud/templates/agent-network-policy-orchestrator.yaml @@ -35,3 +35,14 @@ spec: ports: - protocol: TCP port: {{ .Values.backend.containerPort }} + - to: + # Allow traffic to save-backend-cosv + - namespaceSelector: + matchLabels: + name: {{ .Values.namespace }} + - podSelector: + matchLabels: + io.kompose.service: backend-cosv + ports: + - protocol: TCP + port: {{ .Values.backend_cosv.containerPort }} \ No newline at end of file diff --git a/save-cloud-charts/save-cloud/templates/backend-cosv-configmap.yaml b/save-cloud-charts/save-cloud/templates/backend-cosv-configmap.yaml new file mode 100644 index 0000000000..5cde5a005d --- /dev/null +++ b/save-cloud-charts/save-cloud/templates/backend-cosv-configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.backend_cosv.name }}-config +data: + application.properties: | + backend.preprocessor-url=http://preprocessor + backend.orchestrator-url=http://orchestrator + backend.demo-url=http://demo + backend.loki.url=http://loki:3100 + backend.loki.labels.agent-container-name=pod + backend.loki.labels.application-name=app + backend.agent-settings.backend-url=http://{{ .Values.backend_cosv.name }} + server.shutdown=graceful + management.endpoints.web.exposure.include=* + management.server.port={{ .Values.backend_cosv.managementPort }} + spring.datasource.url=${spring.datasource.backend-cosv-url} + logging.level.org.springframework=DEBUG + logging.level.com.saveourtool=DEBUG diff --git a/save-cloud-charts/save-cloud/templates/backend-cosv-deployment.yaml b/save-cloud-charts/save-cloud/templates/backend-cosv-deployment.yaml new file mode 100644 index 0000000000..5c82095fb8 --- /dev/null +++ b/save-cloud-charts/save-cloud/templates/backend-cosv-deployment.yaml @@ -0,0 +1,138 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend-cosv + labels: + {{- include "common.labels" (merge (dict "service" .Values.backend_cosv) .) | nindent 4 }} +spec: + selector: + matchLabels: + io.kompose.service: backend-cosv + strategy: + # Because of shared volume with multi-attach problem + type: Recreate + template: + metadata: + labels: + {{- include "pod.common.labels" (merge (dict "service" .Values.backend_cosv ) .) | nindent 8 }} + annotations: + {{- include "pod.common.annotations" (dict "service" .Values.backend_cosv ) | nindent 8 }} + spec: + restartPolicy: Always + {{- include "cnb.securityContext" . | nindent 6 }} + containers: + - name: backend-cosv + {{- include "spring-boot.common" (merge (dict "service" .Values.backend_cosv) .) | nindent 10 }} + env: + {{- include "spring-boot.common.env" (merge (dict "service" .Values.backend_cosv) .) | nindent 12 }} + - name: DATABASE_SECRETS_PATH + value: {{ .Values.mysql.dbPasswordFile }} + - name: S3_SECRETS_PATH + value: {{ .Values.s3.secretFile }} + - name: JAVA_TOOL_OPTIONS + value: -XX:ReservedCodeCacheSize=48M + volumeMounts: + - {{ include "spring-boot.config-volume-mount" . | indent 14 | trim }} + - name: database-secret + mountPath: {{ .Values.mysql.dbPasswordFile }} + - name: s3-secrets + mountPath: {{ .Values.s3.secretFile }} + {{- include "spring-boot.management" .Values.backend_cosv | nindent 10 }} + resources: + limits: + memory: 2G + requests: + memory: 1G + {{ if .Values.mysql.migrations.enabled }} + initContainers: + - name: git-cloner + image: alpine/git + env: + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} + args: + - clone + - --progress + - --verbose + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} + - --single-branch + - --branch + - {{ .Values.mysql.migrations.branch | default "master" }} + - -- + - https://github.com/saveourtool/save-cloud.git + - /data + volumeMounts: + - mountPath: /data + name: migrations-data + - name: liquibase-runner + image: liquibase/liquibase:4.20 + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + args: + - --url=$(DB_URL)?createDatabaseIfNotExist=true + - --changeLogFile=db/db.changelog-master.xml + - --username=$(DB_USERNAME) + - --password=$(DB_PASSWORD) + - --log-level=info + - --contexts={{ .Values.profile }} + - update + resources: + requests: + memory: 100M + limits: + memory: 300M + env: + # See https://hub.docker.com/r/liquibase/liquibase, section 'Notice for MySQL Users' + - name: INSTALL_MYSQL + value: 'true' + - name: DB_URL + valueFrom: + secretKeyRef: + name: db-secrets + key: spring.datasource.backend-url + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: db-secrets + key: spring.datasource.username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: db-secrets + key: spring.datasource.password + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} + volumeMounts: + - mountPath: /liquibase/changelog + name: migrations-data + - mountPath: {{ .Values.mysql.dbPasswordFile }} + name: database-secret + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: ca-certs + subPath: cert-check.crt + readOnly: false + {{ end }} + volumes: + - {{ include "spring-boot.config-volume" (dict "service" .Values.backend_cosv) | indent 10 | trim }} + - name: database-secret + secret: + secretName: db-secrets + - name: s3-secrets + secret: + secretName: s3-secrets + - name: migrations-data + emptyDir: {} + - name: ca-certs + configMap: + name: ca-certs \ No newline at end of file diff --git a/save-cloud-charts/save-cloud/templates/backend-cosv-service.yaml b/save-cloud-charts/save-cloud/templates/backend-cosv-service.yaml new file mode 100644 index 0000000000..3b91491acd --- /dev/null +++ b/save-cloud-charts/save-cloud/templates/backend-cosv-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: +{{- include "service.common.metadata" (dict "service" .Values.backend_cosv) | nindent 2 }} +spec: + {{ if .Values.backend_cosv.clusterIP }} + clusterIP: {{ .Values.backend_cosv.clusterIP }} + {{ end }} + ports: + {{- include "service.common.ports" (dict "service" .Values.backend_cosv) | nindent 4 }} + selector: + {{- include "service.common.selectors" (dict "service" .Values.backend_cosv) | nindent 4 }} diff --git a/save-cloud-charts/save-cloud/templates/frontend-cosv-deployment.yaml b/save-cloud-charts/save-cloud/templates/frontend-cosv-deployment.yaml new file mode 100644 index 0000000000..5689c1be8d --- /dev/null +++ b/save-cloud-charts/save-cloud/templates/frontend-cosv-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend-cosv + labels: + {{- include "common.labels" (merge (dict "service" .Values.frontend_cosv) .) | nindent 4 }} +spec: + selector: + matchLabels: + io.kompose.service: frontend-cosv + strategy: + type: RollingUpdate + template: + metadata: + labels: + {{- include "pod.common.labels" (merge (dict "service" .Values.frontend_cosv ) .) | nindent 8 }} + spec: + restartPolicy: Always + {{- include "cnb.securityContext" . | nindent 6 }} + containers: + - name: frontend-cosv + {{- include "spring-boot.common" (merge (dict "service" .Values.frontend_cosv) .) | nindent 10 }} + env: + - name: PORT + value: '{{ .Values.frontend_cosv.containerPort | toString }}' + resources: + limits: + memory: 200M + requests: + memory: 100M \ No newline at end of file diff --git a/save-cloud-charts/save-cloud/templates/frontend-cosv-service.yaml b/save-cloud-charts/save-cloud/templates/frontend-cosv-service.yaml new file mode 100644 index 0000000000..03927129bc --- /dev/null +++ b/save-cloud-charts/save-cloud/templates/frontend-cosv-service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: +{{- include "service.common.metadata" (dict "service" .Values.frontend_cosv) | nindent 2 }} +spec: + ports: + {{- include "service.common.ports" (dict "service" .Values.frontend_cosv) | nindent 4 }} + selector: + {{- include "service.common.selectors" (dict "service" .Values.frontend_cosv) | nindent 4 }} \ No newline at end of file diff --git a/save-cloud-charts/save-cloud/values-minikube.yaml b/save-cloud-charts/save-cloud/values-minikube.yaml index bbd5e41648..385ee6f5a6 100644 --- a/save-cloud-charts/save-cloud/values-minikube.yaml +++ b/save-cloud-charts/save-cloud/values-minikube.yaml @@ -5,6 +5,8 @@ ingress: enabled: false backend: profile: dev,secure,kubernetes +backend-cosv: + profile: dev,secure,kubernetes gateway: profile: dev,kubernetes applicationProperties: |+ diff --git a/save-cloud-charts/save-cloud/values.yaml b/save-cloud-charts/save-cloud/values.yaml index bf1830bb90..e35f22b0dd 100644 --- a/save-cloud-charts/save-cloud/values.yaml +++ b/save-cloud-charts/save-cloud/values.yaml @@ -18,10 +18,21 @@ backend: # Fixed ClusterIP can be assigned to make it easier to query backend from services outside Kubernetes. # Should be chosen depending on cluster's network configuration: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address. clusterIP: null +backend_cosv: + name: backend-cosv + profile: dev,secure,kubernetes + imageName: save-cosv + containerPort: 5700 + managementPort: 5701 + clusterIP: null frontend: name: frontend imageName: save-frontend containerPort: 5810 +frontend_cosv: + name: frontend-cosv + imageName: save-cosv-frontend + containerPort: 5820 orchestrator: name: orchestrator imageName: save-orchestrator @@ -38,8 +49,9 @@ preprocessor: # Fixed ClusterIP can be assigned to make it easier to query preprocessor from services outside Kubernetes clusterIP: null gateway: + # Additional certs installation for internal CA case initCerts: - enabled: true + enabled: false name: gateway profile: dev,kubernetes imageName: api-gateway diff --git a/save-cosv-frontend/webpack.config.d/dev-server.js b/save-cosv-frontend/webpack.config.d/dev-server.js index 04cad715c5..ff3706777d 100644 --- a/save-cosv-frontend/webpack.config.d/dev-server.js +++ b/save-cosv-frontend/webpack.config.d/dev-server.js @@ -2,6 +2,7 @@ config.devServer = Object.assign( {}, config.devServer || {}, { + port: 8081, setupMiddlewares: (middlewares, devServer) => { devServer.app.get("/sec/oauth-providers", (req, res) => { return res.send([]); }); return middlewares; diff --git a/save-deploy/README.md b/save-deploy/README.md index 4eee066d87..34620608e4 100644 --- a/save-deploy/README.md +++ b/save-deploy/README.md @@ -76,6 +76,13 @@ preprocessor: ## Database The service is designed to work with MySQL database. Migrations are applied with liquibase. They expect event scheduler to be enabled on the DB. +## Provide Hostname (Domain name) +In the file `/home/saveu/configs/gateway/application.properties` the following properties should be provided: +* `hosts.save` +* `hosts.cosv` + +It is needed because the 'save' and 'cosv' services have been divided, and now all the routing determines whether you are trying to visit the 'save' app (i.e., save.example.com) or the 'cosv' app (i.e., cosv.example.com) + ## Enabling api-gateway with external OAuth providers In the file `/home/saveu/configs/gateway/application.properties` the following properties should be provided: * `spring.security.oauth2.client.provider..issuer-uri` diff --git a/save-frontend/webpack.config.d/dev-server.js b/save-frontend/webpack.config.d/dev-server.js index 79ba953645..5392821c92 100644 --- a/save-frontend/webpack.config.d/dev-server.js +++ b/save-frontend/webpack.config.d/dev-server.js @@ -2,6 +2,7 @@ config.devServer = Object.assign( {}, config.devServer || {}, { + port: 8080, setupMiddlewares: (middlewares, devServer) => { devServer.app.get("/sec/oauth-providers", (req, res) => { return res.send([]); }); return middlewares;