Skip to content

Commit

Permalink
clowderize
Browse files Browse the repository at this point in the history
  • Loading branch information
@lindgrenj6
lindgrenj6 committed Jan 5, 2024
1 parent 965bc4b commit 497fbd7
Show file tree
Hide file tree
Showing 7 changed files with 314 additions and 10 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Build the manager binary
FROM registry.access.redhat.com/ubi8/go-toolset:1.18.4-8 as builder
FROM registry.access.redhat.com/ubi8/go-toolset:1.20 as builder

WORKDIR /workspace
# Copy the Go Modules manifests
Expand Down
262 changes: 262 additions & 0 deletions deployments/clowdapp.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
apiVersion: v1
kind: Template
metadata:
name: mbop
objects:
- apiVersion: cloud.redhat.com/v1alpha1
kind: ClowdApp
metadata:
name: mbop
spec:
envName: ${ENV_NAME}
deployments:
- name: svc
minReplicas: ${{MIN_REPLICAS}}
webServices:
public:
enabled: true
podSpec:
image: ${IMAGE}:${IMAGE_TAG}
env:
- name: JWK_URL
value: "${JWK_URL}"
- name: JWT_MODULE
value: "${JWT_MODULE}"
- name: KEYCLOAK_SERVER
value: "${KEYCLOAK_SCHEME}://${KEYCLOAK_HOST}:${KEYCLOAK_PORT}${KEYCLOAK_PATH}"
- name: COGNITO_APP_CLIENT_ID
valueFrom:
secretKeyRef:
name: ocm-app-client
key: client_id
optional: true
- name: COGNITO_APP_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: ocm-app-client
key: client_secret
optional: true
- name: OAUTH_TOKEN_URL
value: ${OAUTH_TOKEN_URL}
- name: AMS_URL
value: ${AMS_URL}
- name: COGNITO_SCOPE
value: ${COGNITO_SCOPE}
- name: USERS_MODULE
value: ${USERS_MODULE}
- name: SES_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-ses
key: aws_access_key_id
optional: true
- name: SES_SECRET_KEY
valueFrom:
secretKeyRef:
name: aws-ses
key: aws_secret_access_key
optional: true
- name: SES_REGION
valueFrom:
secretKeyRef:
name: aws-ses
key: aws_region
optional: true
- name: MAILER_MODULE
value: "${MAILER_MODULE}"
- name: FROM_EMAIL
value: "${FROM_EMAIL}"
- name: TOKEN_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: rsa-token-gen
key: private-key
optional: true
- name: TOKEN_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: rsa-token-gen
key: public-key
optional: true
- name: TOKEN_KID
valueFrom:
secretKeyRef:
name: rsa-token-gen
key: kid
optional: true
- name: TOKEN_TTL_DURATION
value: ${TOKEN_TTL_DURATION}
- name: STORE_BACKEND
value: ${STORE_BACKEND}
- name: DISABLE_CATCHALL
value: ${DISABLE_CATCHALL}
- name: IS_INTERNAL_LABEL
value: ${IS_INTERNAL_LABEL}
- name: DEBUG
value: ${DEBUG}
- name: KEYCLOAK_HOST
value: ${KEYCLOAK_HOST}
- name: KEYCLOAK_PORT
value: ${KEYCLOAK_PORT}
- name: KEYCLOAK_TIMEOUT
value: ${KEYCLOAK_TIMEOUT}
- name: KEYCLOAK_SCHEME
value: ${KEYCLOAK_SCHEME}
- name: KEYCLOAK_USER_SERVICE_HOST
value: ${KEYCLOAK_USER_SERVICE_HOST}
- name: KEYCLOAK_USER_SERVICE_PORT
value: ${KEYCLOAK_USER_SERVICE_PORT}
- name: KEYCLOAK_USER_SERVICE_SCHEME
value: ${KEYCLOAK_USER_SERVICE_SCHEME}
- name: KEYCLOAK_USER_SERVICE_TIMEOUT
value: ${KEYCLOAK_USER_SERVICE_TIMEOUT}
- name: KEYCLOAK_TOKEN_URL
value: ${KEYCLOAK_TOKEN_URL}
- name: KEYCLOAK_TOKEN_PATH
value: ${KEYCLOAK_TOKEN_PATH}
- name: KEYCLOAK_TOKEN_GRANT_TYPE
value: ${KEYCLOAK_TOKEN_GRANT_TYPE}
- name: KEYCLOAK_TOKEN_USERNAME
valueFrom:
secretKeyRef:
name: keycloak
key: username
optional: true
- name: KEYCLOAK_TOKEN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak
key: password
optional: true
- name: KEYCLOAK_TOKEN_CLIENT_ID
valueFrom:
secretKeyRef:
name: keycloak
key: client_id
optional: true
resources:
limits:
cpu: ${CPU_LIMIT}
memory: ${MEMORY_LIMIT}
requests:
cpu: ${CPU_REQUEST}
memory: ${MEMORY_REQUEST}
readinessProbe:
httpGet:
path: /
port: 8000
initialDelaySeconds: 3
livenessProbe:
httpGet:
path: /
port: 8000
initialDelaySeconds: 10
database:
name: mbop
version: 14
inMemoryDb: false
featureFlags: false
parameters:
- name: MIN_REPLICAS
description: The number of replicas to use in the deployment
value: '1'
- name: IMAGE_TAG
description: Image tag
required: true
value: latest
- name: IMAGE
description: Image
required: true
value: quay.io/cloudservices/mbop
- name: KEYCLOAK_SCHEME
description: keycloak's scheme (http/s)
value: http
- name: KEYCLOAK_HOST
description: keycloak's host
value: 192.168.x.x
- name: KEYCLOAK_PORT
description: keycloak's port
value: "12345"
- name: KEYCLOAK_PATH
description: keycloak's path if behind a reverse proxy
value: ""
- name: KEYCLOAK_TIMEOUT
description: keycloak client's timeout value
value: "10"
- name: KEYCLOAK_USER_SERVICE_HOST
description: keycloak userservice's host
value: "localhost"
- name: KEYCLOAK_USER_SERVICE_PORT
description: keycloak userservice's post
value: "8000"
- name: KEYCLOAK_USER_SERVICE_SCHEME
description: keycloak userservice's scheme
value: "http"
- name: KEYCLOAK_USER_SERVICE_TIMEOUT
description: keycloak userservice's timeout
value: "60"
- name: KEYCLOAK_TOKEN_URL
description: host for keycloak token request
value: "http://localhost:8080/"
- name: KEYCLOAK_TOKEN_PATH
description: path for keycloak token request
value: "realms/master/protocol/openid-connect/token"
- name: KEYCLOAK_TOKEN_GRANT_TYPE
description: grant type value for keycloak token request
value: password
- name: MEMORY_LIMIT
description: memory limit for mbop pod
value: 512Mi
- name: MEMORY_REQUEST
description: memory request for mbop pod
value: 128Mi
- name: CPU_LIMIT
description: cpu limit for mbop pod
value: "1"
- name: CPU_REQUEST
description: cpu request for mbop pod
value: "0.5"
- name: JWT_MODULE
description: optional JWT endpoint module override
value: ""
- name: JWK_URL
description: optional JWK endpoint for use in JWT_MODULE implementations
value: ""
- name: OAUTH_TOKEN_URL
description: AMS token url
value: ""
- name: AMS_URL
description: AMS base url
value: ""
- name: COGNITO_SCOPE
description: cognito scope value
value: ""
- name: USERS_MODULE
description: optional USERS module override
value: ""
- name: MAILER_MODULE
description: which module to use to send emails
value: "print"
- name: FROM_EMAIL
description: where to send emails from via SES
value: "[email protected]"
- name: STORE_BACKEND
description: which store to use for satellite registrations
value: "memory"
- name: TOKEN_TTL_DURATION
description: duration string (30s, 5m, 1h, etc) for token TTL
value: ""
- name: DISABLE_CATCHALL
description: disable fallthrough to catchall handler
value: "false"
- name: IS_INTERNAL_LABEL
description: OCM label to inform whether or not an account is internal
value: ""
- name: DEBUG
description: Debug flag
value: "false"
- name: CERT_DIR
description: the base directory where ssl certs are stored
value: "/certs"
- name: ENV_NAME
required: true
1 change: 1 addition & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ require (
github.com/jackc/pgconn v1.12.0
github.com/openshift-online/ocm-sdk-go v0.1.311
github.com/pkg/errors v0.9.1
github.com/redhatinsights/app-common-go v1.6.7
github.com/redhatinsights/platform-go-middlewares v0.20.1-0.20230119152702-e3779317d1aa
github.com/stretchr/testify v1.8.4
go.uber.org/zap v1.21.0
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1080,6 +1080,8 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/redhatinsights/app-common-go v1.6.7 h1:cXWW0F6ZW53RLRr54gn7Azo9CLTysYOmFDR0D0Qd0Fs=
github.com/redhatinsights/app-common-go v1.6.7/go.mod h1:6gzRyg8ZyejwMCksukeAhh2ZXOB3uHSmBsbP06fG2PQ=
github.com/redhatinsights/platform-go-middlewares v0.20.1-0.20230119152702-e3779317d1aa h1:noqA6UChsLTI+OQzWzzc+ASnAKb3RYlUfMHiJmY2rjM=
github.com/redhatinsights/platform-go-middlewares v0.20.1-0.20230119152702-e3779317d1aa/go.mod h1:i5gVDZJ/quCQhs5AW5CwkRPXlz1HfDBvyNtXHnlXZfM=
github.com/remyoudompheng/bigfft v0.0.0-20190728182440-6a916e37a237/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
Expand Down
53 changes: 46 additions & 7 deletions internal/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ package config
import (
"os"
"strconv"

clowder "github.com/redhatinsights/app-common-go/pkg/api/v1"
)

type MbopConfig struct {
Expand Down Expand Up @@ -42,7 +44,7 @@ type MbopConfig struct {

StoreBackend string
DatabaseHost string
DatabasePort string
DatabasePort int
DatabaseUser string
DatabasePassword string
DatabaseName string
Expand All @@ -51,6 +53,7 @@ type MbopConfig struct {
TLSPort string
UseTLS bool
CertDir string
TLSPath string
}

var conf *MbopConfig
Expand All @@ -66,12 +69,47 @@ func Get() *MbopConfig {
keyCloakTimeout, _ := strconv.ParseInt(fetchWithDefault("KEYCLOAK_TIMEOUT", "60"), 0, 64)
userServiceTimeout, _ := strconv.ParseInt(fetchWithDefault("KEYCLOAK_USER_SERVICE_TIMEOUT", "60"), 0, 64)

// old tls system, just using the cert provided by OCP
var tls bool
_, err := os.Stat(certDir + "/tls.crt")
if err == nil {
tls = true
}

// declaring these outside since clowder provides them
var (
dbHost string
dbPort int
dbUser string
dbPassword string
dbName string

listenerPort int
tlsPath string
)

if clowder.IsClowderEnabled() {
cfg := clowder.LoadedConfig
dbHost = cfg.Database.Hostname
dbPort = cfg.Database.Port
dbUser = cfg.Database.Username
dbPassword = cfg.Database.Password
dbName = cfg.Database.Name

listenerPort = *cfg.PublicPort
if cfg.TlsCAPath != nil {
tlsPath = *cfg.TlsCAPath
}
} else {
dbHost = fetchWithDefault("DATABASE_HOST", "localhost")
dbPort, _ = strconv.Atoi(fetchWithDefault("DATABASE_PORT", "5432"))
dbUser = fetchWithDefault("DATABASE_USER", "postgres")
dbPassword = fetchWithDefault("DATABASE_PASSWORD", "")
dbName = fetchWithDefault("DATABASE_NAME", "mbop")

listenerPort, _ = strconv.Atoi(fetchWithDefault("PORT", "8090"))
}

c := &MbopConfig{
UsersModule: fetchWithDefault("USERS_MODULE", ""),
JwtModule: fetchWithDefault("JWT_MODULE", ""),
Expand All @@ -84,11 +122,11 @@ func Get() *MbopConfig {
SESSecretKey: fetchWithDefault("SES_SECRET_KEY", ""),
DisableCatchall: disableCatchAll,

DatabaseHost: fetchWithDefault("DATABASE_HOST", "localhost"),
DatabasePort: fetchWithDefault("DATABASE_PORT", "5432"),
DatabaseUser: fetchWithDefault("DATABASE_USER", "postgres"),
DatabasePassword: fetchWithDefault("DATABASE_PASSWORD", ""),
DatabaseName: fetchWithDefault("DATABASE_NAME", "mbop"),
DatabaseHost: dbHost,
DatabasePort: dbPort,
DatabaseUser: dbUser,
DatabasePassword: dbPassword,
DatabaseName: dbName,
StoreBackend: fetchWithDefault("STORE_BACKEND", "memory"),

CognitoAppClientID: fetchWithDefault("COGNITO_APP_CLIENT_ID", ""),
Expand All @@ -115,10 +153,11 @@ func Get() *MbopConfig {
KeyCloakTokenGrantType: fetchWithDefault("KEYCLOAK_TOKEN_GRANT_TYPE", "password"),
KeyCloakTokenClientID: fetchWithDefault("KEYCLOAK_TOKEN_CLIENT_ID", "admin-cli"),

Port: fetchWithDefault("PORT", "8090"),
Port: strconv.Itoa(listenerPort),
TLSPort: fetchWithDefault("TLS_PORT", "8890"),
UseTLS: tls,
CertDir: certDir,
TLSPath: tlsPath,
}

conf = c
Expand Down
2 changes: 1 addition & 1 deletion internal/store/migrator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func migrateDatabase() error {
}

c := config.Get()
connStr := fmt.Sprintf("pgx://%s:%s@%s:%s/%s?sslmode=prefer",
connStr := fmt.Sprintf("pgx://%s:%s@%s:%d/%s?sslmode=prefer",
c.DatabaseUser, c.DatabasePassword, c.DatabaseHost, c.DatabasePort, c.DatabaseName)

m, err := migrate.NewWithSourceInstance("iofs", fs, connStr)
Expand Down
Loading

0 comments on commit 497fbd7

Please sign in to comment.