From c3099f49a5bd9d23de2535a2edf82a9a6fc6865c Mon Sep 17 00:00:00 2001
From: Bruce Schultz <bschultz013@gmail.com>
Date: Thu, 17 Oct 2024 14:31:51 +0200
Subject: [PATCH] build(helm): update templates

---
 helm/node-ui/templates/_helpers.tpl           | 67 +++++++++++++++++--
 .../node-ui/templates/node-ui-deployment.yaml | 42 +++++++-----
 helm/node-ui/templates/node-ui-ingress.yaml   |  8 ++-
 helm/node-ui/values.yaml                      | 33 +++++++--
 4 files changed, 121 insertions(+), 29 deletions(-)

diff --git a/helm/node-ui/templates/_helpers.tpl b/helm/node-ui/templates/_helpers.tpl
index b1db971..e465fee 100644
--- a/helm/node-ui/templates/_helpers.tpl
+++ b/helm/node-ui/templates/_helpers.tpl
@@ -1,3 +1,49 @@
+{{/*
+Set the hostname of the Node UI. Assumes if global ingress enabled then global hostname is supplied
+*/}}
+{{- define "ui.ingress.hostname" -}}
+{{- if .Values.global.node.ingress.enabled  -}}
+    {{- if .Values.global.node.ingress.hostname -}}
+        {{- if not (hasPrefix "http" .Values.global.node.ingress.hostname) -}}
+            {{- printf "https://%s" .Values.global.node.ingress.hostname -}}
+        {{- else -}}
+            {{- print .Values.global.node.ingress.hostname -}}
+        {{- end -}}
+    {{- else -}}
+        {{- print "http://localhost:3000" -}}
+    {{- end -}}
+{{- else if .Values.ingress.enabled  -}}
+    {{- if .Values.ingress.hostname -}}
+        {{- if not (hasPrefix "http" .Values.ingress.hostname) -}}
+            {{- printf "https://%s" .Values.ingress.hostname -}}
+        {{- else -}}
+            {{- print .Values.ingress.hostname -}}
+        {{- end -}}
+    {{- else -}}
+        {{- print "http://localhost:3000" -}}
+    {{- end -}}
+{{- else -}}
+    {{- print "http://localhost:3000" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the hub adapter endpoint
+*/}}
+{{- define "ui.adapter.endpoint" -}}
+{{- if .Values.node.adapter -}}
+    {{- .Values.node.adapter -}}
+{{- else if and .Values.global.node.ingress.enabled .Values.global.node.ingress.hostname -}}
+    {{- if hasPrefix "http" .Values.global.node.ingress.hostname -}}
+        {{- printf "%s/api" .Values.global.node.ingress.hostname -}}
+    {{- else -}}
+        {{- printf "http://%s/api" .Values.global.node.ingress.hostname -}}
+    {{- end -}}
+{{- else -}}
+    {{- print "http://localhost:5000" -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return the secret containing the Keycloak client secret
 */}}
@@ -49,12 +95,25 @@ Generate a random clientSecret value for the node-ui client in keycloak if none
 {{- end -}}
 
 {{/*
-Return the Keycloak endpoint
+Return the Keycloak service endpoint
+*/}}
+{{- define "ui.keycloak.service.endpoint" -}}
+{{- $realmSuffix := printf "/realms/%s" .Values.idp.realm -}}
+{{- if .Values.idp.service -}}
+    {{- printf "http://%s%s" .Values.idp.service $realmSuffix -}}
+{{- else -}}
+    {{- printf "http://%s-keycloak:80%s" .Release.Name $realmSuffix -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Keycloak frontend endpoint
 */}}
-{{- define "ui.keycloak.endpoint" -}}
+{{- define "ui.keycloak.frontend.endpoint" -}}
+{{- $realmSuffix := printf "/realms/%s" .Values.idp.realm -}}
 {{- if .Values.idp.host -}}
-    {{- .Values.idp.host -}}
+    {{- printf "http://%s%s" .Values.idp.host $realmSuffix -}}
 {{- else -}}
-    {{- printf "http://%s-keycloak-headless:8080" .Release.Name -}}
+    {{- printf "http://localhost:8080%s" $realmSuffix -}}
 {{- end -}}
 {{- end -}}
diff --git a/helm/node-ui/templates/node-ui-deployment.yaml b/helm/node-ui/templates/node-ui-deployment.yaml
index 91713eb..e0ec152 100644
--- a/helm/node-ui/templates/node-ui-deployment.yaml
+++ b/helm/node-ui/templates/node-ui-deployment.yaml
@@ -18,25 +18,40 @@ spec:
     spec:
       containers:
         - name: node-ui
+          {{ if eq .Values.env "production" }}
+          image: ghcr.io/privateaim/node-ui:prod
+          {{ else }}
           image: ghcr.io/privateaim/node-ui:latest
+          {{ end }}
           imagePullPolicy: Always  # Maybe "Always" during debug
           ports:
             - containerPort: 3000
               name: ui
-{{/*          readinessProbe:*/}}
-{{/*            initialDelaySeconds: 45*/}}
-{{/*            httpGet:*/}}
-{{/*              path: /healthz*/}}
-{{/*              port: healthcp*/}}
           env:
             - name: NODE_ENV
-              value: {{ .Values.env | default "development" | quote }}
+              value: {{ .Values.env | default "production" | quote }}
             - name: NUXT_PUBLIC_BASE_URL
-              value: {{ .Values.url | default "http://localhost:3000" | quote }}
+              value: {{ include "ui.ingress.hostname" . }}
             - name: NUXT_PUBLIC_HUB_ADAPTER_URL
-              value: {{ .Values.node.adapter | default "http://localhost:5000" | quote }}
-            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL
-              value: {{ include "ui.keycloak.endpoint" . }}
+              value: {{ include "ui.adapter.endpoint" . }}
+            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_REDIRECT_URI
+              value: {{ printf "%s/auth/keycloak/callback" (include "ui.ingress.hostname" .) }}
+            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_AUTHORIZATION_URL
+              value: {{ printf "%s/protocol/openid-connect/auth" (include "ui.keycloak.frontend.endpoint" .) }}
+            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_TOKEN_URL
+              value: {{ printf "%s/protocol/openid-connect/token" (include "ui.keycloak.service.endpoint" .) }}
+            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_USERINFO_URL
+              value: {{ printf "%s/protocol/openid-connect/userinfo" (include "ui.keycloak.service.endpoint" .) }}
+            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_OPEN_ID_CONFIGURATION
+              value: {{ printf "%s/.well-known/openid-configuration" (include "ui.keycloak.frontend.endpoint" .) }}
+            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_LOGOUT_URL
+              value: {{ printf "%s/protocol/openid-connect/logout" (include "ui.keycloak.frontend.endpoint" .) }}
+            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_LOGOUT_REDIRECT_URI
+              value: {{ include "ui.ingress.hostname" . }}
+            - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_VALIDATE_ACCESS_TOKEN
+              {{ if hasPrefix "http://localhost" (include "ui.ingress.hostname" .) }}value: "false"
+              {{ else }}value: "true"
+              {{ end }}
             - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID
               value: {{ .Values.idp.clientId | default "node-ui" | quote }}
             - name: NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET
@@ -50,10 +65,3 @@ spec:
               value: {{ randAlphaNum 48 | quote }}
             - name: NUXT_OIDC_AUTH_SESSION_SECRET
               value: {{ randAlphaNum 48 | quote }}
-{{/*          livenessProbe:*/}}
-{{/*            httpGet:*/}}
-{{/*              path: /healthz*/}}
-{{/*              port: healthcp*/}}
-{{/*            failureThreshold: 3*/}}
-{{/*            periodSeconds: 60*/}}
-{{/*            initialDelaySeconds: 60*/}}
diff --git a/helm/node-ui/templates/node-ui-ingress.yaml b/helm/node-ui/templates/node-ui-ingress.yaml
index 26be2f9..459ecd1 100644
--- a/helm/node-ui/templates/node-ui-ingress.yaml
+++ b/helm/node-ui/templates/node-ui-ingress.yaml
@@ -1,3 +1,4 @@
+{{- if or .Values.global.node.ingress.enabled .Values.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -8,13 +9,14 @@ metadata:
     deployment-id:  {{ .Release.Name }}
 spec:
   rules:
-    - host: {{ .Values.ingress.domain }}
+    - host: {{ regexReplaceAll "^https?://(.*)" (include "ui.ingress.hostname" .) "${1}" }}
       http:
         paths:
-          - path: /
-            pathType: Prefix
+          - path: {{ .Values.ingress.path }}
+            pathType: {{ .Values.ingress.pathType }}
             backend:
               service:
                 name: {{ .Release.Name }}-node-ui-service
                 port:
                   number: 3000
+{{- end }}
diff --git a/helm/node-ui/values.yaml b/helm/node-ui/values.yaml
index f5d865f..f0b836d 100644
--- a/helm/node-ui/values.yaml
+++ b/helm/node-ui/values.yaml
@@ -1,9 +1,28 @@
+## Global variables
+global:
+  node:
+    ingress:
+      ## @param global.node.ingress.enabled Toggle whether ingress should be enabled
+      enabled: false
+      ## @param global.node.ingress.enabled Host name to be assigned to the Node UI (/) and Hub Adapter API (/api)
+      hostname: ""
+
+env: production
+
 ## For defining ingress specific metadata
 ingress:
-  domain: localhost
-
-env: development
-url: http://localhost:3000
+  ## @param ingress.enabled Enable ingress record generation for the Node UI
+  ##
+  enabled: false
+  ## @param ingress.hostname Default host for the ingress record (evaluated as template)
+  ##
+  hostname: ""
+  ## @param ingress.pathType Ingress path type
+  ##
+  pathType: ImplementationSpecific
+  ## @param ingress.path Default file path for the ingress hostname
+  ##
+  path: "/"
 
 ## Keycloak related information
 idp:
@@ -25,8 +44,12 @@ idp:
   ## @param idp.host URL to keycloak service
   ## Will be inferred using the Release.Name if not defined
   host: ""
+  ## @param idp.service Service name of keycloak
+  ## Will be inferred using the Release.Name if not defined
+  service: ""
 
 ## Downstream node services
 node:
-  ## @param node.adapter Hub adapter endpoint
+  ## @param node.adapter Hub adapter endpoint.
+  ## This will overwrite the global.node.ingress.host generated path if provided!
   adapter: ""