Bugfix/kube deployment fixes

api-gateway/build.gradle.kts

@@ -9,7 +9,9 @@ dependencies {
     implementation(libs.spring.cloud.starter.gateway)
     implementation(libs.spring.boot.starter.security)
     implementation(libs.spring.boot.starter.oauth2.client)
-    implementation(libs.spring.cloud.starter.kubernetes.client.config)
+    implementation(libs.spring.cloud.starter.kubernetes.client.config) {
+        because("needed for kubernetes configs and secrets to be added as additional configurations")
+    }
     implementation(libs.spring.security.core)
     implementation(projects.authenticationService)
 

api-gateway/src/main/resources/application-kubernetes.properties

@@ -1,6 +1,7 @@
 gateway.backend.url=http://backend
 gateway.frontend.url=http://frontend
 gateway.demo-cpg.url=http://demo-cpg
+gateway.backend-cosv.url=http://backend-cosv
 gateway.frontend-cosv.url=http://frontend-cosv
 gateway.demo.url=http://demo
 server.shutdown=graceful

cosv-backend/build.gradle.kts

@@ -14,4 +14,7 @@ dependencies {
     implementation(libs.spring.security.core)
     implementation(libs.spring.data.jpa)
     implementation(libs.hibernate.jpa21.api)
+    implementation(libs.spring.cloud.starter.kubernetes.client.config) {
+        because("needed for kubernetes configs and secrets to be added as additional configurations")
+    }
 }

cosv-backend/src/main/resources/application-kubernetes.properties

@@ -1,13 +1,17 @@
-backend.preprocessor-url=http://preprocessor
-backend.orchestrator-url=http://orchestrator
-backend.demo-url=http://demo
-backend.loki.url=http://loki:3100
-backend.loki.labels.agent-container-name=pod
-backend.loki.labels.application-name=app
-backend.agent-settings.backend-cosv-url=http://backend-cosv
+cosv.preprocessor-url=http://preprocessor
+cosv.orchestrator-url=http://orchestrator
+cosv.demo-url=http://demo
+cosv.loki.url=http://loki:3100
+cosv.loki.labels.agent-container-name=pod
+cosv.loki.labels.application-name=app
+cosv.agent-settings.backend-cosv-url=http://backend-cosv
+cosv.gatewayUrl=http://gateway
 server.shutdown=graceful
 management.endpoints.web.exposure.include=*
 management.server.port=5701
 spring.datasource.url=${spring.datasource.backend-cosv-url}
+spring.second-datasource.jdbc-url=${spring.datasource.backend-url}
+spring.second-datasource.username=${spring.datasource.username}
+spring.second-datasource.password=${spring.datasource.password}
 logging.level.org.springframework=DEBUG
 logging.level.com.saveourtool=DEBUG

cosv-backend/src/main/resources/application.properties

@@ -16,3 +16,4 @@ cosv.s3-storage.bucketName=${s3-storage.bucketName}
 cosv.s3-storage.prefix=cnb/files
 cosv.s3-storage.credentials.accessKeyId=${s3-storage.credentials.accessKeyId}
 cosv.s3-storage.credentials.secretAccessKey=${s3-storage.credentials.secretAccessKey}
+cosv.working-dir=/home/cnb/cosv-working-dir

save-backend/build.gradle.kts

@@ -53,7 +53,9 @@ dependencies {
     implementation(libs.spring.boot.starter.security)
     implementation(libs.spring.security.core)
     implementation(libs.hibernate.micrometer)
-    implementation(libs.spring.cloud.starter.kubernetes.client.config)
+    implementation(libs.spring.cloud.starter.kubernetes.client.config) {
+        because("needed for kubernetes configs and secrets to be added as additional configurations")
+    }
     implementation(libs.reactor.extra)
     implementation(libs.arrow.kt.core)
     implementation(project.dependencies.platform(libs.aws.sdk.bom))

save-cloud-charts/save-cloud/templates/backend-cosv.yaml

@@ -77,7 +77,7 @@ spec:
             runAsGroup: 1001
           args:
             - --url=$(DB_URL)?createDatabaseIfNotExist=true
-            - --changeLogFile=db/db.changelog-master.xml
+            - --changeLogFile=cosv-backend/db/db.changelog-cosv.xml
             - --username=$(DB_USERNAME)
             - --password=$(DB_PASSWORD)
             - --log-level=info
@@ -96,7 +96,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: db-secrets
-                  key: spring.datasource.backend-url
+                  key: spring.datasource.backend-cosv-url
             - name: DB_USERNAME
               valueFrom:
                 secretKeyRef:
@@ -117,10 +117,12 @@ spec:
               name: migrations-data
             - mountPath: {{ .Values.mysql.dbPasswordFile }}
               name: database-secret
+            {{ if .Values.initCerts.enabled }}
             - name: ca-pemstore
               mountPath: /etc/ssl/certs/ca-certificates.crt
               subPath: ca-certificates.crt
               readOnly: false
+            {{ end }}
       volumes:
         - {{ include "spring-boot.config-volume" (dict "service" .Values.backend_cosv) | indent 10 | trim }}
         - name: database-secret
@@ -131,9 +133,11 @@ spec:
             secretName: s3-secrets
         - name: migrations-data
           emptyDir: {}
+        {{ if .Values.initCerts.enabled }}
         - name: ca-pemstore
           configMap:
             name: ca-pemstore
+        {{ end }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -156,4 +160,4 @@ spec:
   ports:
     {{- include "service.common.ports" (dict "service" .Values.backend_cosv) | nindent 4 }}
   selector:
-    {{- include "service.common.selectors" (dict "service" .Values.backend_cosv) | nindent 4 }}
+    {{- include "service.common.selectors" (dict "service" .Values.backend_cosv) | nindent 4 }}

save-cloud-charts/save-cloud/templates/backend.yaml

@@ -117,10 +117,12 @@ spec:
               name: migrations-data
             - mountPath: {{ .Values.mysql.dbPasswordFile }}
               name: database-secret
+            {{ if .Values.initCerts.enabled }}
             - name: ca-pemstore
               mountPath: /etc/ssl/certs/ca-certificates.crt
               subPath: ca-certificates.crt
               readOnly: false
+            {{ end }}
       volumes:
         - {{ include "spring-boot.config-volume" (dict "service" .Values.backend) | indent 10 | trim }}
         - name: database-secret
@@ -131,9 +133,21 @@ spec:
             secretName: s3-secrets
         - name: migrations-data
           emptyDir: {}
+        {{ if .Values.initCerts.enabled }}
         - name: ca-pemstore
           configMap:
             name: ca-pemstore
+        {{ end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.backend.name }}-config
+data:
+  application.properties: |
+    {{ if .Values.backend.applicationProperties }}
+    {{- .Values.backend.applicationProperties | nindent 4 }}
+    {{ end }}
 ---
 apiVersion: v1
 kind: Service
@@ -146,14 +160,4 @@ spec:
   ports:
     {{- include "service.common.ports" (dict "service" .Values.backend) | nindent 4 }}
   selector:
-    {{- include "service.common.selectors" (dict "service" .Values.backend) | nindent 4 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Values.backend.name }}-config
-data:
-  application.properties: |
-    {{ if .Values.backend.applicationProperties }}
-    {{- .Values.backend.applicationProperties | nindent 4 }}
-    {{ end }}
+    {{- include "service.common.selectors" (dict "service" .Values.backend) | nindent 4 }}

save-cloud-charts/save-cloud/templates/gateway.yaml

@@ -39,7 +39,7 @@ spec:
               name: cacerts
             - mountPath: /home/cnb/secrets/oauth
               name: oauth-credentials
-      {{ if .Values.gateway.initCerts.enabled }}
+      {{ if .Values.initCerts.enabled }}
       initContainers:
         - name: init-cacerts
           image: ghcr.io/saveourtool/api-gateway:0.4.0-alpha.0.408-9b56d61

save-cloud-charts/save-cloud/values.yaml

@@ -2,6 +2,9 @@ imageRegistry: ghcr.io/saveourtool
 # dockerTag: <TDB>  # this should be set explicitly during chart installation
 
 env: staging
+# Additional certs installation for internal CA case
+initCerts:
+  enabled: false
 # Unless overridden, this will be set as Spring profile of a component.
 profile: dev
 pullPolicy: IfNotPresent
@@ -57,9 +60,6 @@ preprocessor:
   # Additional properties for `application.properties` file that will be mounted as an optional property source.
   applicationProperties:
 gateway:
-  # Additional certs installation for internal CA case
-  initCerts:
-    enabled: false
   name: gateway
   profile: dev,kubernetes
   imageName: api-gateway

save-demo/build.gradle.kts

@@ -30,7 +30,9 @@ dependencies {
     api(projects.saveCloudCommon)
     implementation(libs.save.common.jvm)
 
-    implementation(libs.spring.cloud.starter.kubernetes.client.config)
+    implementation(libs.spring.cloud.starter.kubernetes.client.config) {
+        because("needed for kubernetes configs and secrets to be added as additional configurations")
+    }
 
     api(libs.ktor.client.auth)
     implementation(libs.ktor.client.core)

save-frontend/src/main/kotlin/com/saveourtool/save/frontend/components/views/index/IndexLogoButtons.kt

@@ -5,7 +5,6 @@
 package com.saveourtool.save.frontend.components.views.index
 
 import com.saveourtool.save.frontend.externals.i18next.useTranslation
-import com.saveourtool.save.validation.FrontendCosvRoutes
 import com.saveourtool.save.validation.FrontendRoutes
 import js.core.jso
 import react.ChildrenBuilder
@@ -41,7 +40,7 @@ val logoButtons: FC<Props> = FC {
 
         logo(
             "VULN",
-            "https://cosv.gitlink.org.cn/${FrontendCosvRoutes.VULN}",
+            "https://cosv.gitlink.org.cn",
             "Archive of 1-Day Vulnerabilities Aggregated from Various Sources".t(),
             "/img/vuln-logo-bg.png",
 

save-orchestrator/build.gradle.kts

@@ -22,7 +22,9 @@ dependencies {
     implementation(libs.commons.compress)
     implementation(libs.kotlinx.datetime)
     implementation(libs.zip4j)
-    implementation(libs.spring.cloud.starter.kubernetes.client.config)
+    implementation(libs.spring.cloud.starter.kubernetes.client.config) {
+        because("needed for kubernetes configs and secrets to be added as additional configurations")
+    }
     implementation(libs.fabric8.kubernetes.client) {
         exclude("org.slf4j", "slf4j-api")
     }