From 7a0f1a598c1d7af1dd9aaba17406ea8ce739d937 Mon Sep 17 00:00:00 2001 From: ztarbug Date: Wed, 14 Jan 2026 16:28:28 +0100 Subject: [PATCH 1/8] add Helm chart and build job --- .github/workflows/build_push_latest.yaml | 29 +++++ .github/workflows/pr_build.yaml | 21 ++- apigateway/pom.xml | 35 +++++ .../src/main/resources/logback-spring.xml | 122 +++++++----------- 4 files changed, 132 insertions(+), 75 deletions(-) diff --git a/.github/workflows/build_push_latest.yaml b/.github/workflows/build_push_latest.yaml index 4903fea9a..7ef8da7d2 100644 --- a/.github/workflows/build_push_latest.yaml +++ b/.github/workflows/build_push_latest.yaml @@ -85,3 +85,32 @@ jobs: sbom: true provenance: mode=max tags: ${{ env.DOCKERHUB_ORG }}/${{ env.IMAGE_NAME }}:${{ env.VERSION_BUILD }}-${{ github.run_number }} + + publish_helm: + name: "Publish helm chart" + needs: build + runs-on: [self-hosted, linux, X64] + + steps: + - name: get helm + uses: azure/setup-helm@v4 + + - name: login to Helm registry + run: helm registry login registry-1.docker.io -u starwit -p ${{ secrets.DOCKERHUB_TOKEN }} + + - name: run helm update + working-directory: apigateway/target/helm/dave-frontend + run: helm dep update + + - name: run helm package + working-directory: apigateway/target/helm + run: helm package dave-frontend + + - name: get version number + working-directory: apigateway/target/helm/dave-frontend + run: | + echo "HELM_VERSION=$(grep version: Chart.yaml | head -1 | awk '{print $2}')" >> $GITHUB_ENV + + - name: run helm push + working-directory: apigateway/target/helm + run: helm push dave-frontend-chart-${{ env.HELM_VERSION }}.tgz oci://registry-1.docker.io/starwitorg diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 7044ab68b..5a9d32369 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -28,7 +28,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - build-maven: + build: needs: compliance runs-on: [self-hosted, linux, X64] steps: @@ -61,4 +61,21 @@ jobs: run: mvn clean -B install --file pom.xml env: CI: false - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + check_helm: + name: "Check if Helm chart is correct" + needs: build + runs-on: [self-hosted, linux, X64] + + steps: + - name: get helm + uses: azure/setup-helm@v4 + + - name: run helm dependency update + working-directory: apigateway/target/helm/dave-frontend + run: helm dep update + + - name: run helm template + working-directory: apigateway/target/helm + run: helm template dave-frontend \ No newline at end of file diff --git a/apigateway/pom.xml b/apigateway/pom.xml index a0c6c4372..39f116af5 100644 --- a/apigateway/pom.xml +++ b/apigateway/pom.xml @@ -247,6 +247,41 @@ + + + + maven-resources-plugin + + + resources-helm-deployment + validate + + copy-resources + + + ${project.basedir}/target/helm + + ${*} + + false + + + + ${project.basedir}/../stack/helm + + true + + **/*.txt + **/*.yaml + **/*.yml + **/*.tpl + + + + + + + diff --git a/apigateway/src/main/resources/logback-spring.xml b/apigateway/src/main/resources/logback-spring.xml index 7a6cbfae1..d3cc6ec45 100644 --- a/apigateway/src/main/resources/logback-spring.xml +++ b/apigateway/src/main/resources/logback-spring.xml @@ -4,76 +4,52 @@ have priority over the log level maintained in this file. --> - - - - - - - %date{yyyy.MM.dd HH:mm:ss.SSS} | ${springAppName} | TraceId: %X{traceId:-} | SpanId: %X{spanId:-}] | - %level | [%thread] | %logger{0} | [%file : %line] - %msg%n - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8192 - sun\.reflect\..*\.invoke.* - net\.sf\.cglib\.proxy\.MethodProxy\.invoke - true - - - - - - - - - - - - + + + + + + %date{yyyy.MM.dd HH:mm:ss.SSS} | ${springAppName} | TraceId: %X{traceId:-} | SpanId: + %X{spanId:-}] | + %level | [%thread] | %logger{0} | [%file : %line] - %msg%n + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 463daaa95a400731419a0f7ef844a554aeeb530d Mon Sep 17 00:00:00 2001 From: ztarbug Date: Wed, 14 Jan 2026 16:31:29 +0100 Subject: [PATCH 2/8] Helm chart --- stack/helm/dave-frontend/Chart.yaml | 16 +++ .../helm/dave-frontend/templates/_helpers.tpl | 62 ++++++++ .../dave-frontend/templates/configmap.yaml | 10 ++ .../dave-frontend/templates/deployment.yaml | 108 ++++++++++++++ .../helm/dave-frontend/templates/ingress.yaml | 48 +++++++ .../helm/dave-frontend/templates/service.yaml | 23 +++ stack/helm/dave-frontend/values.yaml | 135 ++++++++++++++++++ 7 files changed, 402 insertions(+) create mode 100755 stack/helm/dave-frontend/Chart.yaml create mode 100644 stack/helm/dave-frontend/templates/_helpers.tpl create mode 100644 stack/helm/dave-frontend/templates/configmap.yaml create mode 100644 stack/helm/dave-frontend/templates/deployment.yaml create mode 100755 stack/helm/dave-frontend/templates/ingress.yaml create mode 100644 stack/helm/dave-frontend/templates/service.yaml create mode 100755 stack/helm/dave-frontend/values.yaml diff --git a/stack/helm/dave-frontend/Chart.yaml b/stack/helm/dave-frontend/Chart.yaml new file mode 100755 index 000000000..eb83c7b2c --- /dev/null +++ b/stack/helm/dave-frontend/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: dave-frontend-chart +description: DAVe traffic counting plattform, frontend +type: application +version: ${project.version} +appVersion: "${project.version}" +maintainers: + - name: klml + email: klml@muenchen.de + - name: Starwit Technologies GmbH + email: foss@starwit.de +home: https://github.com/it-at-m/helm-charts/tree/main/charts/dave/charts/admin-portal +#icon: https://raw.githubusercontent.com/it-at-m/helm-charts/main/images/logo.png +sources: + - "https://github.com/it-at-m/helm-charts" + - "https://github.com/it-at-m/dave-admin-portal" diff --git a/stack/helm/dave-frontend/templates/_helpers.tpl b/stack/helm/dave-frontend/templates/_helpers.tpl new file mode 100644 index 000000000..6041fde7f --- /dev/null +++ b/stack/helm/dave-frontend/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "daveFrontend.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "daveFrontend.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "daveFrontend.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "daveFrontend.labels" -}} +helm.sh/chart: {{ include "daveFrontend.chart" . }} +{{ include "daveFrontend.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "daveFrontend.selectorLabels" -}} +app.kubernetes.io/name: {{ include "daveFrontend.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "daveFrontend.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "daveFrontend.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/stack/helm/dave-frontend/templates/configmap.yaml b/stack/helm/dave-frontend/templates/configmap.yaml new file mode 100644 index 000000000..66a253a36 --- /dev/null +++ b/stack/helm/dave-frontend/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "daveFrontend.fullname" . }} + labels: + {{- include "daveFrontend.labels" . | nindent 4 }} +data: + {{- with .Values.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end}} diff --git a/stack/helm/dave-frontend/templates/deployment.yaml b/stack/helm/dave-frontend/templates/deployment.yaml new file mode 100644 index 000000000..7fef77fb5 --- /dev/null +++ b/stack/helm/dave-frontend/templates/deployment.yaml @@ -0,0 +1,108 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "daveFrontend.fullname" . }} + labels: + {{- include "daveFrontend.labels" . | nindent 4 }} + {{- with .Values.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "daveFrontend.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "daveFrontend.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "daveFrontend.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + volumes: + - name: config + configMap: + {{- if .Values.existingConfigMap }} + name: {{ .Values.existingConfigMap }} + {{- else }} + name: {{ include "daveFrontend.fullname" . }} + {{- end }} + defaultMode: 420 + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + {{- with .Values.initContainers }} + {{- toYaml . | nindent 8}} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: SERVER_PORT + value: {{ .Values.app.server.port | quote}} + - name: SPRING_PROFILES_ACTIVE + value: {{ .Values.app.spring.profile.active }} + - name: LOG_LEVEL_ROOT + value: {{ .Values.app.log.level.root }} + - name: SPRING_CLOUD_GATEWAY_ACTUATOR_VERBOSE_ENABLED + value: {{ .Values.app.spring.cloud.gateway.actuator.verbose.enabled | quote }} + - name: SPRING_AUTOCONFIGURE_EXCLUDE + value: org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration + {{- with .Values.app.spring.routes }} + {{- range $name, $value := . }} + - name: {{ $name }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with .Values.extraEnvVars }} + {{- range $name, $value := . }} + - name: {{ $name }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + envFrom: + - configMapRef: + name: {{ include "daveFrontend.fullname" . }} + ports: + {{- range .Values.service.ports }} + - name: {{ .name }} + containerPort: {{ .port }} + protocol: {{ .protocol }} + {{- end }} + volumeMounts: + - name: config + mountPath: /deployments/config + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/stack/helm/dave-frontend/templates/ingress.yaml b/stack/helm/dave-frontend/templates/ingress.yaml new file mode 100755 index 000000000..74f2cd22b --- /dev/null +++ b/stack/helm/dave-frontend/templates/ingress.yaml @@ -0,0 +1,48 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "daveFrontend.fullname" . -}} +# Determine the service port named "service" +{{- $svcPort := 8080 }} +{{- range .Values.service.ports }} + {{- if eq .name "service" }} + {{- $svcPort = .port }} + {{- end }} +{{- end }} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "daveFrontend.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ $fullName}} + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/stack/helm/dave-frontend/templates/service.yaml b/stack/helm/dave-frontend/templates/service.yaml new file mode 100644 index 000000000..5db393814 --- /dev/null +++ b/stack/helm/dave-frontend/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "daveFrontend.fullname" . }} + labels: + {{- include "daveFrontend.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + ports: + {{- range .Values.service.ports }} + - port: {{ .port }} + targetPort: {{ .targetPort }} + protocol: {{ .protocol }} + name: {{ .name }} + {{- end }} + + selector: + {{- include "daveFrontend.selectorLabels" . | nindent 4 }} diff --git a/stack/helm/dave-frontend/values.yaml b/stack/helm/dave-frontend/values.yaml new file mode 100755 index 000000000..5a3303ee5 --- /dev/null +++ b/stack/helm/dave-frontend/values.yaml @@ -0,0 +1,135 @@ +# Default values for dave frontend. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: starwitorg/dave-frontend + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: ${project.version} + +imagePullSecrets: [] +# nameOverride: "" +# fullnameOverride: "" + +app: + server: + port: 8080 + spring: + profile: + active: no-security, prod + cloud: + gateway: + actuator: + verbose: + enabled: true + + routes: + SPRING_CLOUD_GATEWAY_ROUTES_0_ID: sso + SPRING_CLOUD_GATEWAY_ROUTES_0_URI: http://keycloak:8080/ + SPRING_CLOUD_GATEWAY_ROUTES_0_PREDICATES_0: Path=/api/sso/userinfo + SPRING_CLOUD_GATEWAY_ROUTES_0_FILTERS_0: RewritePath=/api/sso/userinfo, /auth/realms//protocol/openid-connect/userinfo + SPRING_CLOUD_GATEWAY_ROUTES_1_ID: backend + SPRING_CLOUD_GATEWAY_ROUTES_1_URI: http://dave-backend-service:8080/ + SPRING_CLOUD_GATEWAY_ROUTES_1_PREDICATES_0: Path=/api/dave-backend-service/** + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_NAME: Retry + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_RETRIES: "2" + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_METHODS: GET,POST + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_BACKOFF_FIRSTBACKOFF: 10ms + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_BACKOFF_MAXBACKOFF: 50ms + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_BACKOFF_FACTOR: "2" + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_BACKOFF_BASEDONPREVIOUSVALUE: "false" + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_1: RewritePath=/api/dave-backend-service/(?.*), /$\{urlsegments} + SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_2: RemoveResponseHeader=WWW-Authenticate + SPRING_CLOUD_GATEWAY_ROUTES_2_ID: eai + SPRING_CLOUD_GATEWAY_ROUTES_2_URI: http://dave-eai-service:8080/ + SPRING_CLOUD_GATEWAY_ROUTES_2_PREDICATES_0: Path=/api/dave-eai-service/** + SPRING_CLOUD_GATEWAY_ROUTES_2_METADATA_RESPONSETIMEOUT: "1800000" + SPRING_CLOUD_GATEWAY_ROUTES_2_FILTERS_0: RewritePath=/api/dave-eai-service/(?.*), /$\{urlsegments} + SPRING_CLOUD_GATEWAY_ROUTES_2_FILTERS_1: RemoveResponseHeader=WWW-Authenticate + SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_0: RemoveResponseHeader=Expires + SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_1: RemoveRequestHeader=cookie + SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_2: RemoveRequestHeader=x-xsrf-token + SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_3: TokenRelay= + + log: + level: + root: info + +ingress: + enabled: true + className: "" + annotations: {} + hosts: + - host: dave-frontend.cluster.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: dave-frontend.cluster.local + # hosts: + # - dave-frontend.cluster.local + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +deploymentAnnotations: {} + +podSecurityContext: {} + + +securityContext: {} + +service: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: service + - port: 5701 + targetPort: 5701 + protocol: TCP + name: hazelcast + +resources: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +extraEnvVars: +# - name: "TZ" +# value: "Europe/Berlin" + +extraVolumeMounts: [] + +extraVolumes: [] + +initContainers: [] + +credentials: + # secret must contain keys USER_DN and PASSWORD for ldap authentication + existingSecret: "" + +serviceMonitor: + enabled: false From fcd24878d8c1935d4ba668274f92a795bcde5b58 Mon Sep 17 00:00:00 2001 From: ztarbug Date: Wed, 14 Jan 2026 19:59:55 +0100 Subject: [PATCH 3/8] work on Helm chart --- stack/helm/dave-frontend/Chart.yaml | 6 ++- .../dave-frontend/templates/deployment.yaml | 6 +++ .../helm/dave-frontend/templates/ingress.yaml | 2 +- .../templates/kubernetes-rbac.yaml | 48 +++++++++++++++++++ .../templates/service-account.yaml | 4 ++ .../helm/dave-frontend/templates/service.yaml | 2 +- stack/helm/dave-frontend/values.yaml | 12 +++-- 7 files changed, 72 insertions(+), 8 deletions(-) create mode 100644 stack/helm/dave-frontend/templates/kubernetes-rbac.yaml create mode 100644 stack/helm/dave-frontend/templates/service-account.yaml diff --git a/stack/helm/dave-frontend/Chart.yaml b/stack/helm/dave-frontend/Chart.yaml index eb83c7b2c..ad5d0ca6b 100755 --- a/stack/helm/dave-frontend/Chart.yaml +++ b/stack/helm/dave-frontend/Chart.yaml @@ -2,8 +2,10 @@ apiVersion: v2 name: dave-frontend-chart description: DAVe traffic counting plattform, frontend type: application -version: ${project.version} -appVersion: "${project.version}" +#version: ${project.version} +#appVersion: "${project.version}" +version: 3.0.1 +appVersion: "3.0.1-SNAPSHOT-2" maintainers: - name: klml email: klml@muenchen.de diff --git a/stack/helm/dave-frontend/templates/deployment.yaml b/stack/helm/dave-frontend/templates/deployment.yaml index 7fef77fb5..1143e9532 100644 --- a/stack/helm/dave-frontend/templates/deployment.yaml +++ b/stack/helm/dave-frontend/templates/deployment.yaml @@ -71,6 +71,12 @@ spec: value: {{ $value | quote }} {{- end }} {{- end }} + {{- with .Values.app.spring.hazelcast }} + {{- range $name, $value := . }} + - name: {{ $name }} + value: {{ $value | quote }} + {{- end }} + {{- end }} {{- with .Values.extraEnvVars }} {{- range $name, $value := . }} - name: {{ $name }} diff --git a/stack/helm/dave-frontend/templates/ingress.yaml b/stack/helm/dave-frontend/templates/ingress.yaml index 74f2cd22b..648083a62 100755 --- a/stack/helm/dave-frontend/templates/ingress.yaml +++ b/stack/helm/dave-frontend/templates/ingress.yaml @@ -40,7 +40,7 @@ spec: pathType: {{ .pathType }} backend: service: - name: {{ $fullName}} + name: frontend port: number: {{ $svcPort }} {{- end }} diff --git a/stack/helm/dave-frontend/templates/kubernetes-rbac.yaml b/stack/helm/dave-frontend/templates/kubernetes-rbac.yaml new file mode 100644 index 000000000..d1f357781 --- /dev/null +++ b/stack/helm/dave-frontend/templates/kubernetes-rbac.yaml @@ -0,0 +1,48 @@ +# These privileges are necessary to make Hazelcase session replication work + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: hazelcast-cluster-role +rules: + - apiGroups: + - "" + # Access to apps API is only required to support automatic cluster state management + # when persistence (hot-restart) is enabled. + - apps + resources: + - endpoints + - pods + - nodes + - services + # Access to statefulsets resource is only required to support automatic cluster state management + # when persistence (hot-restart) is enabled. + - statefulsets + verbs: + - get + - list + # Watching resources is only required to support automatic cluster state management + # when persistence (hot-restart) is enabled. + - watch + - apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: hazelcast-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: hazelcast-cluster-role +subjects: + - kind: ServiceAccount + name: {{ include "daveFrontend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/stack/helm/dave-frontend/templates/service-account.yaml b/stack/helm/dave-frontend/templates/service-account.yaml new file mode 100644 index 000000000..ce276d63f --- /dev/null +++ b/stack/helm/dave-frontend/templates/service-account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "daveFrontend.serviceAccountName" . }} \ No newline at end of file diff --git a/stack/helm/dave-frontend/templates/service.yaml b/stack/helm/dave-frontend/templates/service.yaml index 5db393814..c525c00f2 100644 --- a/stack/helm/dave-frontend/templates/service.yaml +++ b/stack/helm/dave-frontend/templates/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "daveFrontend.fullname" . }} + name: frontend labels: {{- include "daveFrontend.labels" . | nindent 4 }} spec: diff --git a/stack/helm/dave-frontend/values.yaml b/stack/helm/dave-frontend/values.yaml index 5a3303ee5..576823ccb 100755 --- a/stack/helm/dave-frontend/values.yaml +++ b/stack/helm/dave-frontend/values.yaml @@ -8,7 +8,7 @@ image: repository: starwitorg/dave-frontend pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: ${project.version} + #tag: ${project.version} imagePullSecrets: [] # nameOverride: "" @@ -32,7 +32,7 @@ app: SPRING_CLOUD_GATEWAY_ROUTES_0_PREDICATES_0: Path=/api/sso/userinfo SPRING_CLOUD_GATEWAY_ROUTES_0_FILTERS_0: RewritePath=/api/sso/userinfo, /auth/realms//protocol/openid-connect/userinfo SPRING_CLOUD_GATEWAY_ROUTES_1_ID: backend - SPRING_CLOUD_GATEWAY_ROUTES_1_URI: http://dave-backend-service:8080/ + SPRING_CLOUD_GATEWAY_ROUTES_1_URI: http://backend:8080/ SPRING_CLOUD_GATEWAY_ROUTES_1_PREDICATES_0: Path=/api/dave-backend-service/** SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_NAME: Retry SPRING_CLOUD_GATEWAY_ROUTES_1_FILTERS_0_ARGS_RETRIES: "2" @@ -53,6 +53,10 @@ app: SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_1: RemoveRequestHeader=cookie SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_2: RemoveRequestHeader=x-xsrf-token SPRING_CLOUD_GATEWAY_DEFAULTFILTERS_3: TokenRelay= + hazelcast: + HAZELCAST_GROUP_NAME: dave-frontend-apigateway-service-session_replication_group + HAZELCAST_INSTANCE: dave-frontend-apigateway-service-hazl_instance + HAZELCAST_OPENSHIFT_SERVICE_NAME: dave-frontend-apigateway-service log: level: @@ -74,12 +78,12 @@ ingress: serviceAccount: # Specifies whether a service account should be created - create: false + create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template - name: "" + name: "dave-frontend" podAnnotations: {} From 73b07af9092d2dc72de6162a5991606cdb662b8a Mon Sep 17 00:00:00 2001 From: ztarbug Date: Thu, 15 Jan 2026 13:25:00 +0100 Subject: [PATCH 4/8] remove hazelcast serviceaccount --- .../dave-frontend/templates/deployment.yaml | 2 +- .../templates/kubernetes-rbac.yaml | 48 ------------------- .../templates/service-account.yaml | 4 -- 3 files changed, 1 insertion(+), 53 deletions(-) delete mode 100644 stack/helm/dave-frontend/templates/kubernetes-rbac.yaml delete mode 100644 stack/helm/dave-frontend/templates/service-account.yaml diff --git a/stack/helm/dave-frontend/templates/deployment.yaml b/stack/helm/dave-frontend/templates/deployment.yaml index 1143e9532..21fddf7a1 100644 --- a/stack/helm/dave-frontend/templates/deployment.yaml +++ b/stack/helm/dave-frontend/templates/deployment.yaml @@ -29,7 +29,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "daveFrontend.serviceAccountName" . }} + serviceAccountName: dave-hazelcast securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: diff --git a/stack/helm/dave-frontend/templates/kubernetes-rbac.yaml b/stack/helm/dave-frontend/templates/kubernetes-rbac.yaml deleted file mode 100644 index d1f357781..000000000 --- a/stack/helm/dave-frontend/templates/kubernetes-rbac.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# These privileges are necessary to make Hazelcase session replication work - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: hazelcast-cluster-role -rules: - - apiGroups: - - "" - # Access to apps API is only required to support automatic cluster state management - # when persistence (hot-restart) is enabled. - - apps - resources: - - endpoints - - pods - - nodes - - services - # Access to statefulsets resource is only required to support automatic cluster state management - # when persistence (hot-restart) is enabled. - - statefulsets - verbs: - - get - - list - # Watching resources is only required to support automatic cluster state management - # when persistence (hot-restart) is enabled. - - watch - - apiGroups: - - "discovery.k8s.io" - resources: - - endpointslices - verbs: - - get - - list - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: hazelcast-cluster-role-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: hazelcast-cluster-role -subjects: - - kind: ServiceAccount - name: {{ include "daveFrontend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/stack/helm/dave-frontend/templates/service-account.yaml b/stack/helm/dave-frontend/templates/service-account.yaml deleted file mode 100644 index ce276d63f..000000000 --- a/stack/helm/dave-frontend/templates/service-account.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "daveFrontend.serviceAccountName" . }} \ No newline at end of file From 4b8ac1f86bd8bf2cf7c83068588540f9aca8a2a7 Mon Sep 17 00:00:00 2001 From: ztarbug Date: Thu, 15 Jan 2026 13:37:05 +0100 Subject: [PATCH 5/8] work on Helm chart --- .github/workflows/build_push_latest.yaml | 2 +- stack/helm/dave-frontend/Chart.yaml | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_push_latest.yaml b/.github/workflows/build_push_latest.yaml index 7ef8da7d2..9e8fa5e06 100644 --- a/.github/workflows/build_push_latest.yaml +++ b/.github/workflows/build_push_latest.yaml @@ -104,7 +104,7 @@ jobs: - name: run helm package working-directory: apigateway/target/helm - run: helm package dave-frontend + run: helm package dave-frontend-chart - name: get version number working-directory: apigateway/target/helm/dave-frontend diff --git a/stack/helm/dave-frontend/Chart.yaml b/stack/helm/dave-frontend/Chart.yaml index ad5d0ca6b..eb83c7b2c 100755 --- a/stack/helm/dave-frontend/Chart.yaml +++ b/stack/helm/dave-frontend/Chart.yaml @@ -2,10 +2,8 @@ apiVersion: v2 name: dave-frontend-chart description: DAVe traffic counting plattform, frontend type: application -#version: ${project.version} -#appVersion: "${project.version}" -version: 3.0.1 -appVersion: "3.0.1-SNAPSHOT-2" +version: ${project.version} +appVersion: "${project.version}" maintainers: - name: klml email: klml@muenchen.de From af6993894b21b85bf8c002f8bf13cd256c1923a8 Mon Sep 17 00:00:00 2001 From: ztarbug Date: Thu, 15 Jan 2026 13:48:27 +0100 Subject: [PATCH 6/8] work on Helm chart --- .github/workflows/build_push_latest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_push_latest.yaml b/.github/workflows/build_push_latest.yaml index 9e8fa5e06..7ef8da7d2 100644 --- a/.github/workflows/build_push_latest.yaml +++ b/.github/workflows/build_push_latest.yaml @@ -104,7 +104,7 @@ jobs: - name: run helm package working-directory: apigateway/target/helm - run: helm package dave-frontend-chart + run: helm package dave-frontend - name: get version number working-directory: apigateway/target/helm/dave-frontend From bd521c6c12c42617a4f213f2e2e5e20968f2c7f1 Mon Sep 17 00:00:00 2001 From: ztarbug Date: Mon, 19 Jan 2026 16:14:17 +0100 Subject: [PATCH 7/8] add auth to values --- .../helm/dave-frontend/templates/deployment.yaml | 15 +++++++++++++++ stack/helm/dave-frontend/values.yaml | 14 ++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/stack/helm/dave-frontend/templates/deployment.yaml b/stack/helm/dave-frontend/templates/deployment.yaml index 21fddf7a1..8024d82dd 100644 --- a/stack/helm/dave-frontend/templates/deployment.yaml +++ b/stack/helm/dave-frontend/templates/deployment.yaml @@ -63,8 +63,23 @@ spec: value: {{ .Values.app.log.level.root }} - name: SPRING_CLOUD_GATEWAY_ACTUATOR_VERBOSE_ENABLED value: {{ .Values.app.spring.cloud.gateway.actuator.verbose.enabled | quote }} + {{- if .Values.app.auth.enabled }} + - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_PROVIDER + value: {{ .Values.app.auth.client.registration.keycloak.provider }} + - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_AUTHORIZATION_GRANT_TYPE + value: {{ .Values.app.auth.client.registration.keycloak.authorization_grant_type }} + - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_CLIENT_ID + value: {{ .Values.app.auth.client.registration.keycloak.client_id }} + - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_CLIENT_SECRET + value: {{ .Values.app.auth.client.registration.keycloak.client_secret }} + - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_SCOPE + value: {{ .Values.app.auth.client.registration.keycloak.scope }} + - name: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_MYKEYCLOAK_ISSUER_URI + value: {{ .Values.app.auth.client.provider.mykeycloak.issuer_uri }} + {{- else }} - name: SPRING_AUTOCONFIGURE_EXCLUDE value: org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration + {{- end }} {{- with .Values.app.spring.routes }} {{- range $name, $value := . }} - name: {{ $name }} diff --git a/stack/helm/dave-frontend/values.yaml b/stack/helm/dave-frontend/values.yaml index 576823ccb..5bac74f9f 100755 --- a/stack/helm/dave-frontend/values.yaml +++ b/stack/helm/dave-frontend/values.yaml @@ -58,6 +58,20 @@ app: HAZELCAST_INSTANCE: dave-frontend-apigateway-service-hazl_instance HAZELCAST_OPENSHIFT_SERVICE_NAME: dave-frontend-apigateway-service + auth: + enabled: true + client: + registration: + keycloak: + scope: openid + authorization_grant_type: authorization_code + provider: mykeycloak + client_secret: test + client_id: dave + provider: + mykeycloak: + issuer_uri: http://auth.cluster.local/auth/realms/realmname + log: level: root: info From 6a122003c8710c13a990b51bb36ccab5eb9df17e Mon Sep 17 00:00:00 2001 From: ztarbug Date: Mon, 19 Jan 2026 17:59:35 +0100 Subject: [PATCH 8/8] work on helm chart --- stack/helm/dave-frontend/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/helm/dave-frontend/values.yaml b/stack/helm/dave-frontend/values.yaml index 5bac74f9f..0218bd34d 100755 --- a/stack/helm/dave-frontend/values.yaml +++ b/stack/helm/dave-frontend/values.yaml @@ -19,7 +19,7 @@ app: port: 8080 spring: profile: - active: no-security, prod + active: prod cloud: gateway: actuator: