Commit 99ab3800 authored by st4sik's avatar st4sik
Browse files

Merge remote-tracking branch 'origin/master' into anthos-int-test

# Conflicts:
#	devops/gcp/deploy/values.yaml
parents 24b8d4be b60dfd14
Pipeline #120973 failed with stages
in 21 minutes and 20 seconds
**/*.md
**/*.yml
**/*.yaml
**/Dockerfile*
.*
* text=auto eol=lf
<!--- Configmap -->
# Configmap helm chart
## Introduction
This chart bootstraps a configmap deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
## Prerequisites
The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
> It is possible to use other versions, but it hasn't been tested
### Operation system
The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
### Packages
Packages are only needed for installation from a local computer.
- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
## Installation
This Helm chart should be installed before [deploy Helm Chart](../deploy)
First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
### Common variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**logLevel** | logging level | string | INFO | yes
**springProfilesActive** | active spring profile | string | gcp | yes
### GCP variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**entitlementsHost** | entitlements service host address | string | `http://entitlements` | yes
**registerHost** | register service host address | string | `http://register` | yes
**partitionHost** | partition service host address | string | `http://partition` | yes
**googleAudiences** | your GCP client ID | string | - | yes
> googleAudiences: If you are connected to GCP console with `gcloud auth application-default login --no-browser` from your terminal, you can get your client_id using the command:
```console
cat ~/.config/gcloud/application_default_credentials.json | grep client_id
```
### Config variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**configmap** | configmap name | string | notification-config | yes
**appName** | name of the app | string | notification | yes
**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
### Install the helm chart
Run this command from within this directory:
```bash
helm install gcp-notification-configmap .
```
## Uninstalling the Chart
To uninstall the helm deployment:
```bash
helm uninstall gcp-notification-configmap
```
[Move-to-Top](#configmap-helm-chart)
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: "{{ .Values.conf.appName }}"
name: "{{ .Values.conf.configmap }}"
namespace: "{{ .Release.Namespace }}"
data:
LOG_LEVEL: "{{ .Values.data.logLevel }}"
SPRING_PROFILES_ACTIVE: "{{ .Values.data.springProfilesActive }}"
ENTITLEMENTS_HOST: "{{ .Values.data.entitlementsHost }}"
REGISTER_HOST: "{{ .Values.data.registerHost }}"
PARTITION_HOST: "{{ .Values.data.partitionHost }}"
{{- if not $.Values.conf.onPremEnabled }}
GOOGLE_AUDIENCES: "{{ .Values.data.googleAudiences }}"
{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: "{{ .Values.conf.app_name }}"
name: "{{ .Values.conf.configmap }}"
namespace: "{{ .Release.Namespace }}"
data:
LOG_LEVEL: "{{ .Values.data.log_level }}"
SPRING_PROFILES_ACTIVE: "{{ .Values.data.spring_profiles_active }}"
APP_ENTITLEMENTS: "{{ .Values.data.app_entitlements }}"
APP_REGISTER: "{{ .Values.data.app_register }}"
PARTITION_API: "{{ .Values.data.partition_api }}"
{{- if not .Values.conf.on_prem_enabled }}
GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}"
{{- end }}
data:
# common
log_level: "INFO"
spring_profiles_active: "gcp"
app_entitlements: "http://entitlements/api/entitlements/v2/"
app_register: "http://register/api/register/v1"
partition_api: "http://partition/api/partition/v1/"
logLevel: "INFO"
springProfilesActive: "gcp"
entitlementsHost: "http://entitlements"
registerHost: "http://register"
partitionHost: "http://partition"
# gcp
google_audiences: ""
googleAudiences: ""
conf:
configmap: "notification-config"
app_name: "notification"
on_prem_enabled: false
appName: "notification"
onPremEnabled: false
<!--- Deploy -->
# Deploy helm chart
## Introduction
This chart bootstraps a deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
## Prerequisites
The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
> It is possible to use other versions, but it hasn't been tested
### Operation system
The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
### Packages
Packages are only needed for installation from a local computer.
- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
## Installation
Before installing deploy Helm chart you need to install [configmap Helm chart](../configmap).
First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
### Common variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**image** | your image name | string | - | yes
**requestsCpu** | amount of requested CPU | string | 0.1 | yes
**requestsMemory** | amount of requested memory| string | 256M | yes
**limitsCpu** | CPU limit | string | 1 | yes
**limitsMemory** | memory limit | string | 1G | yes
**serviceAccountName** | name of your service account | string | notification | yes
**imagePullPolicy** | when to pull image | string | IfNotPresent | yes
**image** | service image | string | - | yes
### Config variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**domain** | your domain | string | - | yes
**appName** | name of the app | string | `notification` | yes
**configmap** | configmap to be used | string | `notification-config` | yes
**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
**rabbitmqSecretName** | secret for rabbitmq | string | `rabbitmq-secret` | yes
**openidSecretName** | secret for openid client | string | `notification-keycloak-secret` | yes
### Install the helm chart
Run this command from within this directory:
```console
helm install gcp-notification-deploy .
```
## Uninstalling the Chart
To uninstall the helm deployment:
```console
helm uninstall gcp-notification-deploy
```
[Move-to-Top](#deploy-helm-chart)
......@@ -2,33 +2,33 @@ apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: "{{ .Values.conf.app_name }}"
name: "{{ .Values.conf.app_name }}"
app: "{{ .Values.conf.appName }}"
name: "{{ .Values.conf.appName }}"
namespace: "{{ .Release.Namespace }}"
spec:
selector:
matchLabels:
app: "{{ .Values.conf.app_name }}"
app: "{{ .Values.conf.appName }}"
replicas: 1
template:
metadata:
labels:
app: "{{ .Values.conf.app_name }}"
app: "{{ .Values.conf.appName }}"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
spec:
containers:
- name: "{{ .Values.conf.app_name }}"
- name: "{{ .Values.conf.appName }}"
image: "{{ .Values.data.image }}"
imagePullPolicy: "{{ .Values.data.imagePullPolicy }}"
envFrom:
- configMapRef:
name: "{{ .Values.conf.configmap }}"
{{- if .Values.conf.on_prem_enabled }}
{{- if .Values.conf.onPremEnabled }}
- secretRef:
name: "{{ .Values.conf.rabbitmq_secret_name }}"
name: "{{ .Values.conf.rabbitmqSecretName }}"
- secretRef:
name: "{{ .Values.conf.openid_secret_name }}"
name: "{{ .Values.conf.openidSecretName }}"
{{- end }}
securityContext:
allowPrivilegeEscalation: false
......@@ -37,9 +37,9 @@ spec:
- containerPort: 8080
resources:
requests:
cpu: "{{ .Values.data.requests_cpu }}"
memory: "{{ .Values.data.requests_memory }}"
cpu: "{{ .Values.data.requestsCpu }}"
memory: "{{ .Values.data.requestsMemory }}"
limits:
cpu: "{{ .Values.data.limits_cpu }}"
memory: "{{ .Values.data.limits_memory }}"
cpu: "{{ .Values.data.limitsCpu }}"
memory: "{{ .Values.data.limitsMemory }}"
serviceAccountName: "{{ .Values.data.serviceAccountName }}"
{{- if .Values.conf.on_prem_enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ .Values.data.serviceAccountName }}"
namespace: "{{ .Release.Namespace }}"
{{- end }}
{{- if .Values.conf.onPremEnabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ .Values.data.serviceAccountName }}"
namespace: "{{ .Release.Namespace }}"
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: "{{ .Values.conf.app_name }}"
name: "{{ .Values.conf.appName }}"
annotations:
{{- if not .Values.conf.on_prem_enabled }}
{{- if not .Values.conf.onPremEnabled }}
cloud.google.com/neg: '{"ingress": true}'
{{- end }}
namespace: "{{ .Release.Namespace }}"
labels:
app: "{{ .Values.conf.app_name }}"
service: "{{ .Values.conf.app_name }}"
app: "{{ .Values.conf.appName }}"
service: "{{ .Values.conf.appName }}"
spec:
ports:
- protocol: TCP
......@@ -17,4 +17,4 @@ spec:
targetPort: 8080
name: http
selector:
app: "{{ .Values.conf.app_name }}"
app: "{{ .Values.conf.appName }}"
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "{{ .Values.conf.app_name }}"
name: "{{ .Values.conf.appName }}"
namespace: "{{ .Release.Namespace }}"
spec:
hosts:
{{- if .Values.conf.domain }}
{{- if and .Values.conf.domain .Values.conf.onPremEnabled }}
- {{ printf "osdu.%s" .Values.conf.domain | quote }}
{{- else if .Values.conf.domain }}
- {{ .Values.conf.domain | quote }}
{{- else }}
- "*"
{{- end }}
......@@ -20,4 +22,4 @@ spec:
- destination:
port:
number: 80
host: "{{ .Values.conf.app_name }}.{{ .Release.Namespace }}.svc.cluster.local"
host: "{{ .Values.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
......@@ -9,8 +9,8 @@ data:
conf:
configmap: "notification-config"
app_name: "notification"
rabbitmq_secret_name: "rabbitmq-secret"
openid_secret_name: "notification-keycloak-secret"
on_prem_enabled: false
appName: "notification"
rabbitmqSecretName: "rabbitmq-secret"
openidSecretName: "notification-keycloak-secret"
onPremEnabled: false
domain: ""
......@@ -28,4 +28,4 @@ COPY /provider/notification-aws/build-aws/ssl.sh /ssl.sh
COPY /provider/notification-aws/build-aws/entrypoint.sh /entrypoint.sh
EXPOSE 8080
ENTRYPOINT ["/bin/sh", "-c", ". /entrypoint.sh"]
\ No newline at end of file
ENTRYPOINT ["/bin/sh", "-c", ". /entrypoint.sh"]
#
# Copyright 2017-2020, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
FROM openjdk:8-slim
RUN apt-get update && apt-get install -y curl
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
EXPOSE 8080
ARG JAR_FILE
COPY ${JAR_FILE} app.jar
#
# Copyright 2017-2020, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
version: "3"
services:
os-notification-app:
build:
args:
JAR_FILE: target/notification-gcp-1.0.0-spring-boot.jar
context: ..
dockerfile: docker/Dockerfile
image: gcr.io/opendes/os-notification-app
ports:
- "8080:8080"
# Service Configuration for Anthos
## Table of Contents <a name="TOC"></a>
* [Environment variables](#Environment-variables)
* [Common properties for all environments](#Common-properties-for-all-environments)
* [For Mappers to activate drivers](#For-Mappers-to-activate-drivers)
* [Requirements for requests](#Requirements-for-requests)
* [Configuring mappers Datasources](#Configuring-mappers-Datasources)
* [For OQM RabbitMQ](#For-OQM-RabbitMQ)
* [Exchanges and queues configuration](#Exchanges-and-queues-configuration)
* [Interaction with message brokers](#Interaction-with-message-brokers)
* [Keycloak configuration](#Keycloak-configuration)
* [Service Configuration for Anthos](#service-configuration-for-anthos)
* [Table of Contents <a name="TOC"></a>](#table-of-contents-)
* [Environment variables](#environment-variables)
* [Common properties for all environments](#common-properties-for-all-environments)
* [For Mappers to activate drivers](#for-mappers-to-activate-drivers)
* [Requirements for requests](#requirements-for-requests)
* [Configuring mappers Datasources](#configuring-mappers-datasources)
* [For OQM RabbitMQ](#for-oqm-rabbitmq)
* [Exchanges and queues configuration](#exchanges-and-queues-configuration)
* [Interaction with message brokers](#interaction-with-message-brokers)
* [Specifics of work through PULL subscription](#specifics-of-work-through-pull-subscription)
* [Keycloak configuration](#keycloak-configuration)
## Environment variables
......@@ -99,7 +103,7 @@ Record identifiers cannot contain a space character. At the same time, they may
combined with subsequent numeric characters, may cause the application to misinterpret that combination. For example,
the "%20" combination will be interpreted as a space " " character. To correctly transfer such an identifier, you should
additionally perform the url-encode operation on it. This functionality can be built into the front-end application, or
you can use an online url-encoder tool ( eg.: https://www.urlencoder.org/). Thus, having ID "osdu:
you can use an online url-encoder tool ( eg.: <https://www.urlencoder.org/>). Thus, having ID "osdu:
work-product-component--WellboreMarkerSet:3D%20Kirchhoff%20DepthMigration" (with %20 combination)
you should url-encode it and request
"osdu%3Awork-product-component--WellboreMarkerSet%3A3D%2520Kirchhoff%2520DepthMigration" instead.
......@@ -114,8 +118,8 @@ PartitionInfo for each Tenant.
**prefix:** `oqm.rabbitmq`
It can be overridden by:
- through the Spring Boot property `oqm.rabbitmq.partition-properties-prefix`
- environment variable `OQM_RABBITMQ_PARTITION_PROPERTIES_PREFIX``
* through the Spring Boot property `oqm.rabbitmq.partition-properties-prefix`
* environment variable `OQM_RABBITMQ_PARTITION_PROPERTIES_PREFIX``
**PropertySet** (for two types of connection: messaging and admin operations):
......@@ -199,8 +203,8 @@ At RabbitMq should be created exchange with name:
It can be overridden by:
- through the Spring Boot property `oqm-register-subscriber-control-topic-name`
- environment variable `OQM_REGISTER_SUBSCRIBER_CONTROL_TOPIC_NAME`
* through the Spring Boot property `oqm-register-subscriber-control-topic-name`
* environment variable `OQM_REGISTER_SUBSCRIBER_CONTROL_TOPIC_NAME`
![Screenshot](./pics/rabbit.PNG)
......@@ -229,4 +233,4 @@ Each Client has embedded Service Account (SA) option. Enable SAs for Clients, ma
Add `partition-and-entitlements` scope to `Default Client Scopes` and generate Keys.
Give `client-id` and `client-secret` to services, which should be authorized within the platform.
\ No newline at end of file
Give `client-id` and `client-secret` to services, which should be authorized within the platform.
......@@ -24,11 +24,20 @@ app.maxCacheSize=10
server.error.whitelabel.enabled=false
# External services
app.entitlements=http://entitlements/api/entitlements/v2/
app.register=http://register/api/register/v1
partition.api=http://partition/api/partition/v1/
ENTITLEMENTS_PATH=/api/entitlements/v2/
ENTITLEMENTS_HOST=http://entitlements
app.entitlements=${ENTITLEMENTS_HOST}${ENTITLEMENTS_PATH}
REGISTER_PATH=/api/register/v1
REGISTER_HOST=http://register
app.register=${REGISTER_HOST}${REGISTER_PATH}
PARTITION_PATH=/api/partition/v1/
PARTITION_HOST=http://partition
PARTITION_API=${PARTITION_HOST}${PARTITION_PATH}
partition.api=${PARTITION_API}
# No profile defaults
service.token.provider=GCP
partition-auth-enabled=true
oqmDriver=pubsub
\ No newline at end of file
oqmDriver=pubsub
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.notification.provider.ibm;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.scheduling.annotation.EnableAsync;
@SpringBootApplication
@ComponentScan({"org.opengroup.osdu"})
@EnableAsync
public class Application {
public static void main(String[] args) {
SpringApplication.run(new Class[] { Application.class} , args);
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.notification.provider.ibm;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.scheduling.annotation.EnableAsync;
@SpringBootApplication
@ComponentScan({"org.opengroup.osdu"})
@EnableAsync
public class Application {
public static void main(String[] args) {
SpringApplication.run(new Class[] { Application.class} , args);
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.notification.provider.ibm.di;
import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
import org.opengroup.osdu.notification.provider.ibm.util.AppProperties;
import org.opengroup.osdu.notification.provider.ibm.util.ServiceAccountJwtIBMClientImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.springframework.stereotype.Component;
public class ServiceAccountJwtClientFactory extends AbstractFactoryBean<IServiceAccountJwtClient> {
@Override
public IServiceAccountJwtClient createInstance() throws Exception {
return new ServiceAccountJwtIBMClientImpl();
}
@Override
public Class<?> getObjectType() {
return IServiceAccountJwtClient.class;
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.notification.provider.ibm.di;
import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
import org.opengroup.osdu.notification.provider.ibm.util.AppProperties;
import org.opengroup.osdu.notification.provider.ibm.util.ServiceAccountJwtIBMClientImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.springframework.stereotype.Component;
public class ServiceAccountJwtClientFactory extends AbstractFactoryBean<IServiceAccountJwtClient> {
@Override
public IServiceAccountJwtClient createInstance() throws Exception {
return new ServiceAccountJwtIBMClientImpl();
}
@Override
public Class<?> getObjectType() {
return IServiceAccountJwtClient.class;
}