diff --git a/.github/workflows/build_push_latest.yaml b/.github/workflows/build_push_latest.yaml
index 4903fea9..7ef8da7d 100644
--- a/.github/workflows/build_push_latest.yaml
+++ b/.github/workflows/build_push_latest.yaml
@@ -85,3 +85,32 @@ jobs:
sbom: true
provenance: mode=max
tags: ${{ env.DOCKERHUB_ORG }}/${{ env.IMAGE_NAME }}:${{ env.VERSION_BUILD }}-${{ github.run_number }}
+
+ publish_helm:
+ name: "Publish helm chart"
+ needs: build
+ runs-on: [self-hosted, linux, X64]
+
+ steps:
+ - name: get helm
+ uses: azure/setup-helm@v4
+
+ - name: login to Helm registry
+ run: helm registry login registry-1.docker.io -u starwit -p ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: run helm update
+ working-directory: apigateway/target/helm/dave-frontend
+ run: helm dep update
+
+ - name: run helm package
+ working-directory: apigateway/target/helm
+ run: helm package dave-frontend
+
+ - name: get version number
+ working-directory: apigateway/target/helm/dave-frontend
+ run: |
+ echo "HELM_VERSION=$(grep version: Chart.yaml | head -1 | awk '{print $2}')" >> $GITHUB_ENV
+
+ - name: run helm push
+ working-directory: apigateway/target/helm
+ run: helm push dave-frontend-chart-${{ env.HELM_VERSION }}.tgz oci://registry-1.docker.io/starwitorg
diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml
index 7044ab68..5a9d3236 100644
--- a/.github/workflows/pr_build.yaml
+++ b/.github/workflows/pr_build.yaml
@@ -28,7 +28,7 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- build-maven:
+ build:
needs: compliance
runs-on: [self-hosted, linux, X64]
steps:
@@ -61,4 +61,21 @@ jobs:
run: mvn clean -B install --file pom.xml
env:
CI: false
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ check_helm:
+ name: "Check if Helm chart is correct"
+ needs: build
+ runs-on: [self-hosted, linux, X64]
+
+ steps:
+ - name: get helm
+ uses: azure/setup-helm@v4
+
+ - name: run helm dependency update
+ working-directory: apigateway/target/helm/dave-frontend
+ run: helm dep update
+
+ - name: run helm template
+ working-directory: apigateway/target/helm
+ run: helm template dave-frontend
\ No newline at end of file
diff --git a/apigateway/pom.xml b/apigateway/pom.xml
index a0c6c437..39f116af 100644
--- a/apigateway/pom.xml
+++ b/apigateway/pom.xml
@@ -247,6 +247,41 @@
+
+
+
+ maven-resources-plugin
+
+
+ resources-helm-deployment
+ validate
+
+ copy-resources
+
+
+ ${project.basedir}/target/helm
+
+ ${*}
+
+ false
+
+
+
+ ${project.basedir}/../stack/helm
+
+ true
+
+ **/*.txt
+ **/*.yaml
+ **/*.yml
+ **/*.tpl
+
+
+
+
+
+
+
diff --git a/apigateway/src/main/resources/logback-spring.xml b/apigateway/src/main/resources/logback-spring.xml
index 7a6cbfae..d3cc6ec4 100644
--- a/apigateway/src/main/resources/logback-spring.xml
+++ b/apigateway/src/main/resources/logback-spring.xml
@@ -4,76 +4,52 @@
have priority over the log level maintained in this file. -->
-
-
-
-
-
-
- %date{yyyy.MM.dd HH:mm:ss.SSS} | ${springAppName} | TraceId: %X{traceId:-} | SpanId: %X{spanId:-}] |
- %level | [%thread] | %logger{0} | [%file : %line] - %msg%n
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 8192
- sun\.reflect\..*\.invoke.*
- net\.sf\.cglib\.proxy\.MethodProxy\.invoke
- true
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+ %date{yyyy.MM.dd HH:mm:ss.SSS} | ${springAppName} | TraceId: %X{traceId:-} | SpanId:
+ %X{spanId:-}] |
+ %level | [%thread] | %logger{0} | [%file : %line] - %msg%n
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/stack/helm/dave-frontend/Chart.yaml b/stack/helm/dave-frontend/Chart.yaml
new file mode 100755
index 00000000..eb83c7b2
--- /dev/null
+++ b/stack/helm/dave-frontend/Chart.yaml
@@ -0,0 +1,16 @@
+apiVersion: v2
+name: dave-frontend-chart
+description: DAVe traffic counting plattform, frontend
+type: application
+version: ${project.version}
+appVersion: "${project.version}"
+maintainers:
+ - name: klml
+ email: klml@muenchen.de
+ - name: Starwit Technologies GmbH
+ email: foss@starwit.de
+home: https://github.com/it-at-m/helm-charts/tree/main/charts/dave/charts/admin-portal
+#icon: https://raw.githubusercontent.com/it-at-m/helm-charts/main/images/logo.png
+sources:
+ - "https://github.com/it-at-m/helm-charts"
+ - "https://github.com/it-at-m/dave-admin-portal"
diff --git a/stack/helm/dave-frontend/templates/_helpers.tpl b/stack/helm/dave-frontend/templates/_helpers.tpl
new file mode 100644
index 00000000..6041fde7
--- /dev/null
+++ b/stack/helm/dave-frontend/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "daveFrontend.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "daveFrontend.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "daveFrontend.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "daveFrontend.labels" -}}
+helm.sh/chart: {{ include "daveFrontend.chart" . }}
+{{ include "daveFrontend.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "daveFrontend.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "daveFrontend.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "daveFrontend.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "daveFrontend.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/stack/helm/dave-frontend/templates/configmap.yaml b/stack/helm/dave-frontend/templates/configmap.yaml
new file mode 100644
index 00000000..66a253a3
--- /dev/null
+++ b/stack/helm/dave-frontend/templates/configmap.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "daveFrontend.fullname" . }}
+ labels:
+ {{- include "daveFrontend.labels" . | nindent 4 }}
+data:
+ {{- with .Values.extraEnvVars }}
+ {{- toYaml . | nindent 12 }}
+ {{- end}}
diff --git a/stack/helm/dave-frontend/templates/deployment.yaml b/stack/helm/dave-frontend/templates/deployment.yaml
new file mode 100644
index 00000000..8024d82d
--- /dev/null
+++ b/stack/helm/dave-frontend/templates/deployment.yaml
@@ -0,0 +1,129 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "daveFrontend.fullname" . }}
+ labels:
+ {{- include "daveFrontend.labels" . | nindent 4 }}
+ {{- with .Values.deploymentAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if not .Values.autoscaling.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "daveFrontend.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- with .Values.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "daveFrontend.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: dave-hazelcast
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ volumes:
+ - name: config
+ configMap:
+ {{- if .Values.existingConfigMap }}
+ name: {{ .Values.existingConfigMap }}
+ {{- else }}
+ name: {{ include "daveFrontend.fullname" . }}
+ {{- end }}
+ defaultMode: 420
+ {{- with .Values.extraVolumes }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ initContainers:
+ {{- with .Values.initContainers }}
+ {{- toYaml . | nindent 8}}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: SERVER_PORT
+ value: {{ .Values.app.server.port | quote}}
+ - name: SPRING_PROFILES_ACTIVE
+ value: {{ .Values.app.spring.profile.active }}
+ - name: LOG_LEVEL_ROOT
+ value: {{ .Values.app.log.level.root }}
+ - name: SPRING_CLOUD_GATEWAY_ACTUATOR_VERBOSE_ENABLED
+ value: {{ .Values.app.spring.cloud.gateway.actuator.verbose.enabled | quote }}
+ {{- if .Values.app.auth.enabled }}
+ - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_PROVIDER
+ value: {{ .Values.app.auth.client.registration.keycloak.provider }}
+ - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_AUTHORIZATION_GRANT_TYPE
+ value: {{ .Values.app.auth.client.registration.keycloak.authorization_grant_type }}
+ - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_CLIENT_ID
+ value: {{ .Values.app.auth.client.registration.keycloak.client_id }}
+ - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_CLIENT_SECRET
+ value: {{ .Values.app.auth.client.registration.keycloak.client_secret }}
+ - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_SCOPE
+ value: {{ .Values.app.auth.client.registration.keycloak.scope }}
+ - name: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_MYKEYCLOAK_ISSUER_URI
+ value: {{ .Values.app.auth.client.provider.mykeycloak.issuer_uri }}
+ {{- else }}
+ - name: SPRING_AUTOCONFIGURE_EXCLUDE
+ value: org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration
+ {{- end }}
+ {{- with .Values.app.spring.routes }}
+ {{- range $name, $value := . }}
+ - name: {{ $name }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.app.spring.hazelcast }}
+ {{- range $name, $value := . }}
+ - name: {{ $name }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.extraEnvVars }}
+ {{- range $name, $value := . }}
+ - name: {{ $name }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "daveFrontend.fullname" . }}
+ ports:
+ {{- range .Values.service.ports }}
+ - name: {{ .name }}
+ containerPort: {{ .port }}
+ protocol: {{ .protocol }}
+ {{- end }}
+ volumeMounts:
+ - name: config
+ mountPath: /deployments/config
+ {{- with .Values.extraVolumeMounts }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/stack/helm/dave-frontend/templates/ingress.yaml b/stack/helm/dave-frontend/templates/ingress.yaml
new file mode 100755
index 00000000..648083a6
--- /dev/null
+++ b/stack/helm/dave-frontend/templates/ingress.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "daveFrontend.fullname" . -}}
+# Determine the service port named "service"
+{{- $svcPort := 8080 }}
+{{- range .Values.service.ports }}
+ {{- if eq .name "service" }}
+ {{- $svcPort = .port }}
+ {{- end }}
+{{- end }}
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "daveFrontend.labels" . | nindent 4 }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ ingressClassName: {{ .Values.ingress.className }}
+ {{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ .path }}
+ pathType: {{ .pathType }}
+ backend:
+ service:
+ name: frontend
+ port:
+ number: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/stack/helm/dave-frontend/templates/service.yaml b/stack/helm/dave-frontend/templates/service.yaml
new file mode 100644
index 00000000..c525c00f
--- /dev/null
+++ b/stack/helm/dave-frontend/templates/service.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: frontend
+ labels:
+ {{- include "daveFrontend.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ ports:
+ {{- range .Values.service.ports }}
+ - port: {{ .port }}
+ targetPort: {{ .targetPort }}
+ protocol: {{ .protocol }}
+ name: {{ .name }}
+ {{- end }}
+
+ selector:
+ {{- include "daveFrontend.selectorLabels" . | nindent 4 }}
diff --git a/stack/helm/dave-frontend/values.yaml b/stack/helm/dave-frontend/values.yaml
new file mode 100755
index 00000000..0218bd34
--- /dev/null
+++ b/stack/helm/dave-frontend/values.yaml
@@ -0,0 +1,153 @@
+# Default values for dave frontend.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ repository: starwitorg/dave-frontend
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ #tag: ${project.version}
+
+imagePullSecrets: []
+# nameOverride: ""
+# fullnameOverride: ""
+
+app:
+ server:
+ port: 8080
+ spring:
+ profile:
+ active: prod
+ cloud:
+ gateway:
+ actuator:
+ verbose:
+ enabled: true
+
+ routes:
+ SPRING_CLOUD_GATEWAY_ROUTES_0_ID: sso
+ SPRING_CLOUD_GATEWAY_ROUTES_0_URI: http://keycloak:8080/
+ SPRING_CLOUD_GATEWAY_ROUTES_0_PREDICATES_0: Path=/api/sso/userinfo
+ SPRING_CLOUD_GATEWAY_ROUTES_0_FILTERS_0: RewritePath=/api/sso/userinfo, /auth/realms//protocol/openid-connect/userinfo
+ SPRING_CLOUD_GATEWAY_ROUTES_1_ID: backend
+ SPRING_CLOUD_GATEWAY_ROUTES_1_URI: http://backend:8080/
+ SPRING_CLOUD_GATEWAY_ROUTES_1_PREDICATES_0: Path=/api/dave-backend-service/**
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_NAME: Retry
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_RETRIES: "2"
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_METHODS: GET,POST
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_BACKOFF_FIRSTBACKOFF: 10ms
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_BACKOFF_MAXBACKOFF: 50ms
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_BACKOFF_FACTOR: "2"
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_BACKOFF_BASEDONPREVIOUSVALUE: "false"
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_1: RewritePath=/api/dave-backend-service/(?.*), /$\{urlsegments}
+ SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_2: RemoveResponseHeader=WWW-Authenticate
+ SPRING_CLOUD_GATEWAY_ROUTES_2_ID: eai
+ SPRING_CLOUD_GATEWAY_ROUTES_2_URI: http://dave-eai-service:8080/
+ SPRING_CLOUD_GATEWAY_ROUTES_2_PREDICATES_0: Path=/api/dave-eai-service/**
+ SPRING_CLOUD_GATEWAY_ROUTES_2_METADATA_RESPONSETIMEOUT: "1800000"
+ SPRING_CLOUD_GATEWAY_ROUTES_2_FILTERS_0: RewritePath=/api/dave-eai-service/(?.*), /$\{urlsegments}
+ SPRING_CLOUD_GATEWAY_ROUTES_2_FILTERS_1: RemoveResponseHeader=WWW-Authenticate
+ SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_0: RemoveResponseHeader=Expires
+ SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_1: RemoveRequestHeader=cookie
+ SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_2: RemoveRequestHeader=x-xsrf-token
+ SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_3: TokenRelay=
+ hazelcast:
+ HAZELCAST_GROUP_NAME: dave-frontend-apigateway-service-session_replication_group
+ HAZELCAST_INSTANCE: dave-frontend-apigateway-service-hazl_instance
+ HAZELCAST_OPENSHIFT_SERVICE_NAME: dave-frontend-apigateway-service
+
+ auth:
+ enabled: true
+ client:
+ registration:
+ keycloak:
+ scope: openid
+ authorization_grant_type: authorization_code
+ provider: mykeycloak
+ client_secret: test
+ client_id: dave
+ provider:
+ mykeycloak:
+ issuer_uri: http://auth.cluster.local/auth/realms/realmname
+
+ log:
+ level:
+ root: info
+
+ingress:
+ enabled: true
+ className: ""
+ annotations: {}
+ hosts:
+ - host: dave-frontend.cluster.local
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls: []
+ # - secretName: dave-frontend.cluster.local
+ # hosts:
+ # - dave-frontend.cluster.local
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: "dave-frontend"
+
+podAnnotations: {}
+
+deploymentAnnotations: {}
+
+podSecurityContext: {}
+
+
+securityContext: {}
+
+service:
+ type: ClusterIP
+ ports:
+ - port: 8080
+ targetPort: 8080
+ protocol: TCP
+ name: service
+ - port: 5701
+ targetPort: 5701
+ protocol: TCP
+ name: hazelcast
+
+resources: {}
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+extraEnvVars:
+# - name: "TZ"
+# value: "Europe/Berlin"
+
+extraVolumeMounts: []
+
+extraVolumes: []
+
+initContainers: []
+
+credentials:
+ # secret must contain keys USER_DN and PASSWORD for ldap authentication
+ existingSecret: ""
+
+serviceMonitor:
+ enabled: false