From f308d06efae4f152a7fd3e9ae4dc5fd9a604a1da Mon Sep 17 00:00:00 2001 From: sfdevops Date: Mon, 23 Sep 2024 20:21:02 +0530 Subject: [PATCH 01/53] auth0 changes added --- files/tenant-samples/silo/buildspec.yaml | 2 ++ files/tenant-samples/silo/terraform/tfvariables.txt | 1 + files/tenant-samples/silo/terraform/variables.tf | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 2d99ca1f..9a46c583 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -48,6 +48,7 @@ phases: - export TENANT_ADMIN_EMAIL=$(echo $tenant | jq -r '.contacts[] | select(.isPrimary == true) | .email') - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') + - export IdP=$(echo $tenant | jq -r '.IdPKey') - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Exporting Webhook Envs @@ -80,6 +81,7 @@ phases: - export TF_VAR_jwt_issuer="${KEY}" - export TF_VAR_rds_instance_allocated_storage="${POSTGRES_SIZE}" - export TF_VAR_karpenter_instance_category="${INSTANCE_CATEGORY}" + - export TF_VAR_IdP="${IdP}" - export TF_VAR_tenant_client_id="${KEY}"-$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_ID}" - export TF_VAR_tenant_client_secret=$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_SECRET}" - export ALB_DNS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[?Type==`application`] | [0].DNSName' --output text) diff --git a/files/tenant-samples/silo/terraform/tfvariables.txt b/files/tenant-samples/silo/terraform/tfvariables.txt index 0de6465d..33ac917c 100644 --- a/files/tenant-samples/silo/terraform/tfvariables.txt +++ b/files/tenant-samples/silo/terraform/tfvariables.txt @@ -18,6 +18,7 @@ user_callback_secret = "${TF_VAR_user_callback_secret}" rds_instance_allocated_storage = "${TF_VAR_rds_instance_allocated_storage}" karpenter_instance_category = "${TF_VAR_karpenter_instance_category}" tenant_tier = "${TF_VAR_tenant_tier}" +IdP = "${TF_VAR_IdP}" diff --git a/files/tenant-samples/silo/terraform/variables.tf b/files/tenant-samples/silo/terraform/variables.tf index 848b8db5..8fdeff0e 100644 --- a/files/tenant-samples/silo/terraform/variables.tf +++ b/files/tenant-samples/silo/terraform/variables.tf @@ -26,6 +26,10 @@ variable "tenant_id" { description = "Tenat unique ID" } +variable "IdP" { + type = string + description = "Tenant Identity Provider" +} ################################################################################## ## database ################################################################################## From 0591a68070f024aa6d714ac7588b8173dc594391 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Tue, 24 Sep 2024 19:00:36 +0530 Subject: [PATCH 02/53] auth0 changes added --- .../tenant-helm-chart/{ => auth0}/.helmignore | 0 .../tenant-helm-chart/{ => auth0}/Chart.yaml | 0 .../tenant-helm-chart/{ => auth0}/README.md | 0 .../{ => auth0}/templates/_helpers.tpl | 0 .../authentication-service-deployment.yaml | 0 .../templates/authorization-policy.yaml | 0 .../templates/cm-authentication-service.yaml | 0 .../templates/cm-feature-service.yaml | 0 .../templates/cm-frontend-service.yaml | 0 .../templates/cm-notification-service.yaml | 0 .../templates/cm-user-tenant-service.yaml | 0 .../cm-video-confrencing-service.yaml | 0 .../templates/feature-service-deployment.yaml | 0 .../frontend-service-deployment.yaml | 0 .../{ => auth0}/templates/gateway.yaml | 0 .../templates/hooks/migration-job.yaml | 0 .../templates/imagePullSecret.yaml | 0 .../templates/kuberhealhty-http-checker.yaml | 0 .../notification-service-deployment.yaml | 0 .../{ => auth0}/templates/provisioner.yaml | 0 .../secret-provider-class-and-sa.yaml | 0 .../user-tenant-service-deployment.yaml | 0 .../video-confrencing-service-deployment.yaml | 0 .../templates/virtual-service.yaml | 0 .../{ => auth0}/values.yaml.template | 0 .../tenant-helm-chart/cognito/.helmignore | 23 ++ .../silo/tenant-helm-chart/cognito/Chart.yaml | 24 ++ .../silo/tenant-helm-chart/cognito/README.md | 1 + .../cognito/templates/_helpers.tpl | 62 +++ .../authentication-service-deployment.yaml | 259 ++++++++++++ .../templates/authorization-policy.yaml | 14 + .../templates/cm-authentication-service.yaml | 18 + .../cognito/templates/cm-feature-service.yaml | 19 + .../templates/cm-frontend-service.yaml | 26 ++ .../templates/cm-notification-service.yaml | 16 + .../templates/cm-user-tenant-service.yaml | 19 + .../cm-video-confrencing-service.yaml | 17 + .../templates/feature-service-deployment.yaml | 214 ++++++++++ .../frontend-service-deployment.yaml | 129 ++++++ .../cognito/templates/gateway.yaml | 18 + .../templates/hooks/migration-job.yaml | 164 ++++++++ .../cognito/templates/imagePullSecret.yaml | 12 + .../templates/kuberhealhty-http-checker.yaml | 27 ++ .../notification-service-deployment.yaml | 229 +++++++++++ .../cognito/templates/provisioner.yaml | 64 +++ .../secret-provider-class-and-sa.yaml | 138 +++++++ .../user-tenant-service-deployment.yaml | 219 ++++++++++ .../video-confrencing-service-deployment.yaml | 219 ++++++++++ .../cognito/templates/virtual-service.yaml | 63 +++ .../cognito/values.yaml.template | 375 ++++++++++++++++++ .../tenant-samples/silo/terraform/cognito.tf | 5 +- files/tenant-samples/silo/terraform/data.tf | 4 + files/tenant-samples/silo/terraform/eks.tf | 99 ++++- .../silo/terraform/variables.tf | 5 + .../tenant-codebuilds/saas-repo-setup.sh | 5 +- 55 files changed, 2471 insertions(+), 16 deletions(-) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/.helmignore (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/Chart.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/README.md (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/_helpers.tpl (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/authentication-service-deployment.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/authorization-policy.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/cm-authentication-service.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/cm-feature-service.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/cm-frontend-service.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/cm-notification-service.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/cm-user-tenant-service.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/cm-video-confrencing-service.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/feature-service-deployment.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/frontend-service-deployment.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/gateway.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/hooks/migration-job.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/imagePullSecret.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/kuberhealhty-http-checker.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/notification-service-deployment.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/provisioner.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/secret-provider-class-and-sa.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/user-tenant-service-deployment.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/video-confrencing-service-deployment.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/templates/virtual-service.yaml (100%) rename files/tenant-samples/silo/tenant-helm-chart/{ => auth0}/values.yaml.template (100%) create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/.helmignore create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/Chart.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/README.md create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/_helpers.tpl create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/authorization-policy.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-feature-service.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-notification-service.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/gateway.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/imagePullSecret.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/kuberhealhty-http-checker.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/provisioner.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/video-confrencing-service-deployment.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/templates/virtual-service.yaml create mode 100644 files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template diff --git a/files/tenant-samples/silo/tenant-helm-chart/.helmignore b/files/tenant-samples/silo/tenant-helm-chart/auth0/.helmignore similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/.helmignore rename to files/tenant-samples/silo/tenant-helm-chart/auth0/.helmignore diff --git a/files/tenant-samples/silo/tenant-helm-chart/Chart.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/Chart.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/Chart.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/Chart.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/README.md b/files/tenant-samples/silo/tenant-helm-chart/auth0/README.md similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/README.md rename to files/tenant-samples/silo/tenant-helm-chart/auth0/README.md diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/_helpers.tpl b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/_helpers.tpl similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/_helpers.tpl rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/_helpers.tpl diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/authentication-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/authentication-service-deployment.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/authorization-policy.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authorization-policy.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/authorization-policy.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authorization-policy.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/cm-authentication-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/cm-authentication-service.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/cm-feature-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-feature-service.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/cm-feature-service.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-feature-service.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/cm-frontend-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/cm-frontend-service.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/cm-notification-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-notification-service.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/cm-notification-service.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-notification-service.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/cm-user-tenant-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/cm-user-tenant-service.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/cm-video-confrencing-service.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/feature-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/feature-service-deployment.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/frontend-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/frontend-service-deployment.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/gateway.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/gateway.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/gateway.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/gateway.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/hooks/migration-job.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/hooks/migration-job.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/imagePullSecret.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/imagePullSecret.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/imagePullSecret.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/imagePullSecret.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/kuberhealhty-http-checker.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/kuberhealhty-http-checker.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/kuberhealhty-http-checker.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/kuberhealhty-http-checker.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/notification-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/notification-service-deployment.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/provisioner.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/provisioner.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/provisioner.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/provisioner.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/user-tenant-service-deployment.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/video-confrencing-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/video-confrencing-service-deployment.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/video-confrencing-service-deployment.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/video-confrencing-service-deployment.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/templates/virtual-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/virtual-service.yaml similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/templates/virtual-service.yaml rename to files/tenant-samples/silo/tenant-helm-chart/auth0/templates/virtual-service.yaml diff --git a/files/tenant-samples/silo/tenant-helm-chart/values.yaml.template b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template similarity index 100% rename from files/tenant-samples/silo/tenant-helm-chart/values.yaml.template rename to files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/.helmignore b/files/tenant-samples/silo/tenant-helm-chart/cognito/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/Chart.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/Chart.yaml new file mode 100644 index 00000000..fc389922 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: helm +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/README.md b/files/tenant-samples/silo/tenant-helm-chart/cognito/README.md new file mode 100644 index 00000000..524ebf64 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/README.md @@ -0,0 +1 @@ +# ARC-SAAS Application Plane Helm \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/_helpers.tpl b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/_helpers.tpl new file mode 100644 index 00000000..69baf8f2 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm.labels" -}} +helm.sh/chart: {{ include "helm.chart" . }} +{{ include "helm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm.selectorLabels" -}} +app: {{ include "helm.name" . }} + +{{- end }} + + +{{/* +Configuring .dockerconfigjson +*/}} +{{- define "imagePullSecret" }} +{{- with .Values.imagePullSecret }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml new file mode 100644 index 00000000..3b1642ea --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml @@ -0,0 +1,259 @@ +{{- if .Values.authenticationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.authenticationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-authentication-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/authentication-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.authenticationService.pullPolicy }} + resources: + {{- toYaml .Values.authenticationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-authentication-service + image: {{ .Values.authenticationService.repository }}:{{ .Values.authenticationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-authentication-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: COGNITO_AUTH_CLIENT_DOMAIN + valueFrom: + secretKeyRef: + name: api-token + key: COGNITO_AUTH_CLIENT_DOMAIN + - name: COGNITO_AUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: api-token + key: COGNITO_AUTH_CLIENT_ID + - name: COGNITO_AUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: COGNITO_AUTH_CLIENT_SECRET +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + silo-node: {{ .Values.tier }}-{{ .Values.tenant }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.authenticationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.authenticationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-authentication-service + minReplicas: {{ .Values.authenticationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.authenticationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.authenticationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.authenticationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.authenticationService.service.type }} + ports: + - port: {{ .Values.authenticationService.service.port }} + targetPort: {{ .Values.authenticationService.service.targetPort }} + protocol: {{ .Values.authenticationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: authentication-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/authorization-policy.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/authorization-policy.yaml new file mode 100644 index 00000000..18c94518 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/authorization-policy.yaml @@ -0,0 +1,14 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: deny-traffic-from-cross-namespace + namespace: {{ .Values.namespace }} + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + action: ALLOW + rules: + - from: + - source: + namespaces: ["{{ .Values.namespace }}","kube-system","prometheus-node-exporter", "adot-collector-kubeprometheus", "istio-system", "karpenter", "kubecost", "kuberhealthy", "argocd", "argo-workflows"] \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml new file mode 100644 index 00000000..dc93b37f --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml @@ -0,0 +1,18 @@ +{{- if .Values.authenticationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.authenticationService.port }}' + NODE_ENV: '{{ .Values.authenticationService.node_env }}' + LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' + BASE_PATH: '{{ .Values.authenticationService.base_path }}' + DB_SSL: '{{ .Values.authenticationService.db_ssl }}' + COGNITO_AUTH_REGION: '{{ .Values.region }}' + COGNITO_AUTH_CALLBACK_URL: 'https://{{ .Values.hostname }}/authentication-service/auth/cognito-auth-redirect' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-feature-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-feature-service.yaml new file mode 100644 index 00000000..8d2d0191 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-feature-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.featureService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.featureService.port }}' + NODE_ENV: '{{ .Values.featureService.node_env }}' + LOG_LEVEL: '{{ .Values.featureService.log_level }}' + BASE_PATH: '{{ .Values.featureService.base_path }}' + DB_SSL: '{{ .Values.featureService.db_ssl}}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + TIMESTAMP_TOLERANCE: '{{ .Values.featureService.timestamp_tolerance}}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml new file mode 100644 index 00000000..13352de3 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.frontend.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + env: |- + { + "baseApiUrl": "https://{{ .Values.hostname }}", + "authApiBaseUrl": "https://{{ .Values.hostname }}/authentication-service", + "notificationApiBaseUrl" :"https://{{ .Values.hostname }}/notification-service", + "homePath": "{{ .Values.frontend.home_path }}", + "videoApiBaseUrl": "https://{{ .Values.hostname }}/video-confrencing-service", + "notificationChannelUuid": "9f7360f6-5c1a-4354-ad68-0e62b2a1200b", + "chatChannelUuid": "ad0cac27-972e-4b69-9188-3685f7eeb8bb", + "vonageApiKey": "47793071", + "logLevel": "{{ .Values.frontend.log_level }}", + "clientId": "{{ .Values.clientId }}", + "clientSecret": "{{ .Values.publicKey }}", + "loginTitle": "Welcome to the Telemed App" + } +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-notification-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-notification-service.yaml new file mode 100644 index 00000000..87d683da --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-notification-service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.notificationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.notificationService.port }}' + NODE_ENV: '{{ .Values.notificationService.node_env }}' + LOG_LEVEL: '{{ .Values.notificationService.log_level }}' + BASE_PATH: '{{ .Values.notificationService.base_path }}' + DB_SSL: '{{ .Values.notificationService.db_ssl }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml new file mode 100644 index 00000000..e429bc25 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.userTenantService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.userTenantService.port }}' + NODE_ENV: '{{ .Values.userTenantService.node_env }}' + LOG_LEVEL: '{{ .Values.userTenantService.log_level }}' + BASE_PATH: '{{ .Values.userTenantService.base_path }}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + DB_SSL: '{{ .Values.userTenantService.db_ssl }}' + AWS_REGION: '{{ .Values.region }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml new file mode 100644 index 00000000..df67fa42 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.videoConfrencingService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.videoConfrencingService.port }}' + NODE_ENV: '{{ .Values.videoConfrencingService.node_env }}' + LOG_LEVEL: '{{ .Values.videoConfrencingService.log_level }}' + BASE_PATH: '{{ .Values.videoConfrencingService.base_path }}' + DB_SSL: '{{ .Values.videoConfrencingService.db_ssl }}' + VONAGE_API_KEY: '47793071' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml new file mode 100644 index 00000000..139aabe7 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml @@ -0,0 +1,214 @@ +{{- if .Values.featureService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.featureService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-feature-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/feature-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.featureService.pullPolicy }} + resources: + {{- toYaml .Values.featureService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-feature-service + image: {{ .Values.featureService.repository }}:{{ .Values.featureService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-feature-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + silo-node: {{ .Values.tier }}-{{ .Values.tenant }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.featureService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.featureService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-feature-service + minReplicas: {{ .Values.featureService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.featureService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.featureService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.featureService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.featureService.service.type }} + ports: + - port: {{ .Values.featureService.service.port }} + targetPort: {{ .Values.featureService.service.targetPort }} + protocol: {{ .Values.featureService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: feature-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml new file mode 100644 index 00000000..e615d8ca --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml @@ -0,0 +1,129 @@ +--- +#Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-frontend-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/frontend/obf/metrics +{{- if .Values.frontend.extraAnnotations }} +{{ toYaml .Values.frontend.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: frontend + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.frontend.pullPolicy }} + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-frontend + image: {{ .Values.frontend.repository }}:{{ .Values.frontend.tag }} + ports: + - containerPort: 80 + volumeMounts: + - name: env-var + mountPath: /usr/share/nginx/html/config.json + subPath: config.json + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: pubnubPublishKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: pubnubSubscribeKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + silo-node: {{ .Values.tier }}-{{ .Values.tenant }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: env-var + configMap: + name: {{ include "helm.fullname" . }}-cm-frontend + items: + - key: env + path: config.json + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.frontend.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.frontend.Service.type }} + ports: + - port: {{ .Values.frontend.Service.port }} + targetPort: {{ .Values.frontend.Service.targetPort }} + protocol: {{ .Values.frontend.Service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: frontend +--- \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/gateway.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/gateway.yaml new file mode 100644 index 00000000..47f7909e --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - {{ .Values.hostname }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml new file mode 100644 index 00000000..db3b5e73 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml @@ -0,0 +1,164 @@ +{{- if .Values.migrationJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ template "helm.fullname" . }}-migration-job" + annotations: + argocd.argoproj.io/hook: PostSync +spec: + backoffLimit: 20 + activeDeadlineSeconds: 600 + ttlSecondsAfterFinished: 3600 + parallelism: 1 + completions: 1 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + restartPolicy: 'OnFailure' + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} + containers: + - name: init + image: {{ .Values.migrationJob.repository }}:{{ .Values.migrationJob.tag }} + imagePullPolicy: {{ .Values.migrationJob.pullPolicy }} + resources: +{{ toYaml .Values.migrationJob.resources | indent 10 }} + command: ["/bin/sh", "-c"] + args: ["cd packages/migrations; npm run db:migrate"] + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: AUTH_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: AUTH_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: AUTH_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: AUTH_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: AUTH_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: NOTIF_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: NOTIF_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: NOTIF_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: NOTIF_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: NOTIF_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: VIDEO_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: VIDEO_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: VIDEO_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: VIDEO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: VIDEO_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + + - name: TENANT_NAME + value: {{ .Values.tenantName }} + - name: TENANT_KEY + value: {{ .Values.tenantKey }} + - name: TENANT_SECRET + value: {{ .Values.tenantSecret }} + - name: TENANT_EMAIL + value: {{ .Values.tenantEmail }} + - name: TENANT_CLIENT_ID + value: {{ .Values.clientId }} + - name: TENANT_CLIENT_SECRET + value: {{ .Values.publicKey }} + - name: ADMIN_USER_TENANT_ID + value: {{ .Values.adminUserTenantId }} + - name: REDIRECT_URL + value: "https://{{ .Values.hostname }}/{{ .Values.frontend.home_path }}" + # - name: USERNAME + # value: {{ .Values.cognitoUser }} + # - name: USER_SUB + # value: {{ .Values.cognitoSub }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/imagePullSecret.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/imagePullSecret.yaml new file mode 100644 index 00000000..d40fa6ab --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/imagePullSecret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.imagePullSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.imagePullSecret.name }} + labels: + {{- include "helm.labels" . | nindent 4 }} + component: {{ include "helm.name" . }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/kuberhealhty-http-checker.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/kuberhealhty-http-checker.yaml new file mode 100644 index 00000000..b793f40d --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/kuberhealhty-http-checker.yaml @@ -0,0 +1,27 @@ +apiVersion: comcast.github.io/v1 +kind: KuberhealthyCheck +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-http-check + namespace: kuberhealthy + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + runInterval: 5m + timeout: 10m + podSpec: + containers: + - name: main + image: kuberhealthy/http-check:latest + imagePullPolicy: IfNotPresent + env: + - name: CHECK_URL + value: "https://{{ .Values.hostname }}/" + - name: COUNT + value: "5" + - name: SECONDS + value: "1" + - name: REQUEST_TYPE + value: "GET" + - name: PASSING + value: "80" \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml new file mode 100644 index 00000000..bc90435a --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml @@ -0,0 +1,229 @@ +{{- if .Values.notificationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.notificationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-notification-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/notification-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.notificationService.pullPolicy }} + resources: + {{- toYaml .Values.notificationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-notification-service + image: {{ .Values.notificationService.repository }}:{{ .Values.notificationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-notification-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: PUBNUB_PUBLISH_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: PUBNUB_SUBSCRIBE_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY + - name: PUBNUB_SECRET_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SECRET_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + silo-node: {{ .Values.tier }}-{{ .Values.tenant }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.notificationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.notificationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-notification-service + minReplicas: {{ .Values.notificationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.notificationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.notificationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.notificationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.notificationService.service.type }} + ports: + - port: {{ .Values.notificationService.service.port }} + targetPort: {{ .Values.notificationService.service.targetPort }} + protocol: {{ .Values.notificationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: notification-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/provisioner.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/provisioner.yaml new file mode 100644 index 00000000..365db940 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/provisioner.yaml @@ -0,0 +1,64 @@ +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "NodePool to restrict the number of cpus provisioned to 100" + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + template: + metadata: + labels: + silo-node: {{ .Values.tier }}-{{ .Values.tenant }} + spec: + requirements: + - key: kubernetes.io/arch + operator: In + values: ["amd64"] + - key: kubernetes.io/os + operator: In + values: ["linux"] + - key: karpenter.sh/capacity-type + operator: In + values: ["on-demand"] + - key: karpenter.k8s.aws/instance-category + operator: In + values: + - "{{ .Values.instance_category }}" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: ["2"] + nodeClassRef: + name: {{ .Values.tier }}-{{ .Values.tenant }} + taints: + - key: silo-node + value: {{ .Values.tenant }} + effect: NoSchedule + + limits: + cpu: 100 + memory: 1000Gi +--- +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "General purpose EC2NodeClass for running Amazon Linux 2 nodes" +spec: + amiFamily: AL2 # Amazon Linux 2 + role: {{ .Values.karpenterRoleName }} + subnetSelectorTerms: + - tags: + Type: "private" + securityGroupSelectorTerms: + - tags: + "aws:eks:cluster-name": {{ .Values.eksClusterName }} + tags: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + + + diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml new file mode 100644 index 00000000..9e6113f0 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml @@ -0,0 +1,138 @@ +--- +#namespace specific service account for +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + {{- include "helm.labels" . | nindent 4 }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.arn }} + +--- +#custom resource to fetch the secrets from paramter store +apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +kind: SecretProviderClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + labels: + {{- include "helm.labels" . | nindent 4 }} +spec: + provider: aws + secretObjects: + - secretName: api-token + type: Opaque + data: + - objectName: db_host + key: DB_HOST + - objectName: db_port + key: DB_PORT + - objectName: db_user + key: DB_USER + - objectName: db_password + key: DB_PASSWORD + - objectName: db_schema + key: DB_SCHEMA + - objectName: redis_host + key: REDIS_HOST + - objectName: redis_port + key: REDIS_PORT + - objectName: redis_database + key: REDIS_DATABASE + - objectName: jwt_secret + key: JWT_SECRET + - objectName: jwt_issuer + key: JWT_ISSUER + - objectName: authentication_service_db_database + key: AUTHENTICATION_SERVICE_DB_DATABASE + - objectName: feature_db_database + key: FEATURE_DB_DATABASE + - objectName: notification_service_db_database + key: NOTIFICATION_SERVICE_DB_DATABASE + - objectName: video_confrencing_service_db_database + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - objectName: cognito_domain_name + key: COGNITO_AUTH_CLIENT_DOMAIN + - objectName: cognito_client_id + key: COGNITO_AUTH_CLIENT_ID + - objectName: cognito_client_secret + key: COGNITO_AUTH_CLIENT_SECRET + - objectName: cognito_user_pool_id + key: COGNITO_USER_POOL_ID + - objectName: vonage-api-key-secret + key: VONAGE_API_KEY_SECRET + - objectName: pubnub-pub-key + key: PUBNUB_PUB_KEY + - objectName: pubnub-sub-key + key: PUBNUB_SUB_KEY + - objectName: pubnub-secret-key + key: PUBNUB_SECRET_KEY + parameters: +# region: us-west-2 + objects: | + - objectName: {{ .Values.dbhost }} + objectType: ssmparameter + objectAlias: db_host + - objectName: {{ .Values.dbport }} + objectType: ssmparameter + objectAlias: db_port + - objectName: {{ .Values.dbuser }} + objectType: ssmparameter + objectAlias: db_user + - objectName: {{ .Values.dbpassword }} + objectType: ssmparameter + objectAlias: db_password + - objectName: {{ .Values.dbschema }} + objectType: ssmparameter + objectAlias: db_schema + - objectName: {{ .Values.redishost }} + objectType: ssmparameter + objectAlias: redis_host + - objectName: {{ .Values.redisport }} + objectType: ssmparameter + objectAlias: redis_port + - objectName: {{ .Values.redisdatabase }} + objectType: ssmparameter + objectAlias: redis_database + - objectName: {{ .Values.jwtsecret }} + objectType: ssmparameter + objectAlias: jwt_secret + - objectName: {{ .Values.jwtissuer }} + objectType: ssmparameter + objectAlias: jwt_issuer + - objectName: {{ .Values.authenticationdbdatabase }} + objectType: ssmparameter + objectAlias: authentication_service_db_database + - objectName: {{ .Values.featuredbdatabase }} + objectType: ssmparameter + objectAlias: feature_db_database + - objectName: {{ .Values.notificationdbdatabase }} + objectType: ssmparameter + objectAlias: notification_service_db_database + - objectName: {{ .Values.videoconfrencingdbdatabase }} + objectType: ssmparameter + objectAlias: video_confrencing_service_db_database + - objectName: {{ .Values.cognitodomain }} + objectType: ssmparameter + objectAlias: cognito_domain_name + - objectName: {{ .Values.cognitoid }} + objectType: ssmparameter + objectAlias: cognito_client_id + - objectName: {{ .Values.cognitosecret }} + objectType: ssmparameter + objectAlias: cognito_client_secret + - objectName: {{ .Values.cognitoUserPoolID }} + objectType: ssmparameter + objectAlias: cognito_user_pool_id + - objectName: {{ .Values.vonageSecret }} + objectType: ssmparameter + objectAlias: vonage-api-key-secret + - objectName: {{ .Values.pubnubPubKey }} + objectType: ssmparameter + objectAlias: pubnub-pub-key + - objectName: {{ .Values.pubnubSubKey }} + objectType: ssmparameter + objectAlias: pubnub-sub-key + - objectName: {{ .Values.pubnubSecretKey }} + objectType: ssmparameter + objectAlias: pubnub-secret-key \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml new file mode 100644 index 00000000..eec7efd4 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml @@ -0,0 +1,219 @@ +{{- if .Values.userTenantService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.userTenantService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-user-tenant-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/user-tenant-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.userTenantService.pullPolicy }} + resources: + {{- toYaml .Values.userTenantService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-user-tenant-service + image: {{ .Values.userTenantService.repository }}:{{ .Values.userTenantService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: COGNITO_USER_POOL_ID + valueFrom: + secretKeyRef: + name: api-token + key: COGNITO_USER_POOL_ID +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + silo-node: {{ .Values.tier }}-{{ .Values.tenant }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.userTenantService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.userTenantService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-user-tenant-service + minReplicas: {{ .Values.userTenantService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.userTenantService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.userTenantService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.userTenantService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.userTenantService.service.type }} + ports: + - port: {{ .Values.userTenantService.service.port }} + targetPort: {{ .Values.userTenantService.service.targetPort }} + protocol: {{ .Values.userTenantService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: user-tenant-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/video-confrencing-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/video-confrencing-service-deployment.yaml new file mode 100644 index 00000000..db826e04 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/video-confrencing-service-deployment.yaml @@ -0,0 +1,219 @@ +{{- if .Values.videoConfrencingService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.videoConfrencingService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-video-confrencing-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/video-confrencing-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.videoConfrencingService.pullPolicy }} + resources: + {{- toYaml .Values.videoConfrencingService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-video-confrencing-service + image: {{ .Values.videoConfrencingService.repository }}:{{ .Values.videoConfrencingService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: VONAGE_API_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: VONAGE_API_KEY_SECRET +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + silo-node: {{ .Values.tier }}-{{ .Values.tenant }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.videoConfrencingService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.videoConfrencingService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-video-confrencing-service + minReplicas: {{ .Values.videoConfrencingService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.videoConfrencingService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.videoConfrencingService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.videoConfrencingService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.videoConfrencingService.service.type }} + ports: + - port: {{ .Values.videoConfrencingService.service.port }} + targetPort: {{ .Values.videoConfrencingService.service.targetPort }} + protocol: {{ .Values.videoConfrencingService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/virtual-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/virtual-service.yaml new file mode 100644 index 00000000..ce50fcbe --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/virtual-service.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + hosts: + - {{ .Values.hostname }} + gateways: + - {{ .Values.tier }}-{{ .Values.tenant }} #create gateway with name as tenant name + http: + - match: + - uri: + prefix: {{ .Values.app.basePath }}/authentication-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-authentication-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/feature-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-feature-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/notification-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-notification-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/user-tenant-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-user-tenant-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/video-confrencing-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-video-confrencing-service" + port: + number: 3000 + - match: + - uri: + prefix: / + route: + - destination: + host: "{{ include "helm.fullname" . }}-frontend" + port: + number: 80 \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template b/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template new file mode 100644 index 00000000..e186aa95 --- /dev/null +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template @@ -0,0 +1,375 @@ +# Default values for helm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +strategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 +app: + url: "" + basePath: "" +livenessProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 7 +readinessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + +frontend: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-ui + pullPolicy: Always + tag: "0.0.5" + log_level: "info" + home_path: "/home" + replicaCount: 1 + affinity: {} + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "2" + Service: + type: NodePort + port: 80 + targetPort: 80 + protocol: TCP + extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "false" + enabled: "1" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 20 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + + +#Services +#featureService +featureService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service + pullPolicy: Always + tag: "0.0.1" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + timestamp_tolerance: 300 + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /feature-service + +#authenticationService +authenticationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /authentication-service + +#notificationService +notificationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /notification-service + +#userTenantService +userTenantService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /user-tenant-service + +videoConfrencingService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service + pullPolicy: Always + tag: "0.0.1" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /video-confrencing-service + +#migrationJob +migrationJob: +#enable it when correct image has been provided + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-migration + pullPolicy: Always + tag: "0.0.1" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + +##Common env's + +#Common URL'S + +imagePullSecret: +#enable it and pass the correct parameters below + enabled: false + name: regcred + registry: https://index.docker.io/v1/ + username: '' + password: '' + email: sfdevops@sourcefuse.com + +nameOverride: "" + +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "true" + enabled: "1" + +nodeSelector: {} + +tolerations: + - effect: NoSchedule + key: silo-node + operator: Equal + value: ${TENANT_KEY} + +affinity: {} + +#Migration Job Variable +tenantKey: ${TENANT_KEY} +tenantName: ${TENANT_NAME} +tenantSecret: ${TENANT_SECRET} +tenantID: ${TENANT_ID} +tenantEmail: ${TENANT_EMAIL} +adminUserTenantId: "b439829b-57e7-49d8-bb23-8ccb2ca56435" +userCallbackSecret: ${USER_CALLBACK_SECRET} + +# Frontend variable +clientId: ${TENANT_CLIENT_ID} +publicKey: ${TENANT_CLIENT_SECRET} + +tier: ${TIER} +namespace: ${NAMESPACE} +region: ${REGION} +cognitodomain: ${COGNITO_DOMAIN} +cognitoid: ${COGNITO_ID} +cognitosecret: ${COGNITO_SECRET} +karpenterRoleName: ${KARPENTER_ROLE} +eksClusterName: ${EKS_CLUSTER_NAME} +hostname: ${TENANT_HOST_NAME} +tenant: ${TENANT_KEY} +arn: ${WEB_IDENTITY_ROLE_ARN} +dbhost: ${DB_HOST} +dbport: ${DB_PORT} +dbuser: ${DB_USER} +dbpassword: ${DB_PASSWORD} +dbschema: ${DB_SCHEMA} +redishost: ${REDIS_HOST} +redisport: ${REDIS_PORT} +redisdatabase: ${REDIS_DATABASE} +jwtsecret: ${JWT_SECRET} +jwtissuer: ${JWT_ISSUER} +authenticationdbdatabase: ${AUTH_DATABASE} +featuredbdatabase: ${FEATURE_DATABASE} +notificationdbdatabase: ${NOTIFICATION_DATABASE} +videoconfrencingdbdatabase: ${VIDEO_CONFRENCING_DATABASE} +instance_category: ${INSTANCE_CATEGORY} +cognitoUserPoolID: ${COGNITO_USER_POOL_ID} + +# pubnub config +vonageSecret: /pubnub/vonage-api-key-secret +pubnubPubKey: /pubnub/public-key +pubnubSubKey: /pubnub/subscribe-key +pubnubSecretKey: /pubnub/secret-key \ No newline at end of file diff --git a/files/tenant-samples/silo/terraform/cognito.tf b/files/tenant-samples/silo/terraform/cognito.tf index bab3cd55..aa11a8fa 100644 --- a/files/tenant-samples/silo/terraform/cognito.tf +++ b/files/tenant-samples/silo/terraform/cognito.tf @@ -2,6 +2,7 @@ ## random string ###################################################################### module "cognito_domain_string" { + count = var.IdP == "cognito" ? 1 : 0 source = "../modules/random-password" length = 6 is_special = false @@ -12,10 +13,9 @@ module "cognito_domain_string" { ## Cognito User Pool ###################################################################### module "aws_cognito_user_pool" { - + count = var.IdP == "cognito" ? 1 : 0 source = "lgallard/cognito-user-pool/aws" version = "0.24.0" - user_pool_name = "${var.namespace}-${var.environment}-${var.tenant_tier}-${var.tenant}-cognito-user-pool" alias_attributes = var.alias_attributes auto_verified_attributes = var.auto_verified_attributes @@ -115,6 +115,7 @@ module "aws_cognito_user_pool" { ## Store Congito output to SSM parameneter store ###################################################################### module "cognito_ssm_parameters" { + count = var.IdP == "cognito" ? 1 : 0 source = "../modules/ssm-parameter" ssm_parameters = [ { diff --git a/files/tenant-samples/silo/terraform/data.tf b/files/tenant-samples/silo/terraform/data.tf index a88aea3a..0e9c6cef 100644 --- a/files/tenant-samples/silo/terraform/data.tf +++ b/files/tenant-samples/silo/terraform/data.tf @@ -107,21 +107,25 @@ data "aws_route53_zone" "selected" { } data "aws_ssm_parameter" "cognito_domain" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_domain" depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_id" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_id" depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_secret" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_secret" depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_user_pool_id" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_user_pool_id" depends_on = [module.cognito_ssm_parameters] } diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index db5dc962..cb06bc70 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -103,21 +103,19 @@ resource "kubernetes_namespace" "my_namespace" { } } -# generate tenant specific helm values.yaml file +# generate tenant specific helm values.yaml file based on IdP configuration data "template_file" "helm_values_template" { - template = file("${path.module}/../tenant-helm-chart/values.yaml.template") + count = var.IdP == "cognito" ? 1 : 0 + template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { - NAMESPACE = local.kubernetes_ns - TENANT_NAME = var.tenant_name - TENANT_KEY = var.tenant - TENANT_EMAIL = var.tenant_email - TENANT_SECRET = var.tenant_secret - TENANT_ID = var.tenant_id - # COGNITO_USER = var.user_name - # COGNITO_USER_SUB = aws_cognito_user.cognito_user.sub - - TIER = var.tenant_tier + NAMESPACE = local.kubernetes_ns + TENANT_NAME = var.tenant_name + TENANT_KEY = var.tenant + TENANT_EMAIL = var.tenant_email + TENANT_SECRET = var.tenant_secret + TENANT_ID = var.tenant_id + TIER = var.tenant_tier TENANT_CLIENT_ID = var.tenant_client_id TENANT_CLIENT_SECRET = var.tenant_client_secret REGION = var.region @@ -148,6 +146,42 @@ data "template_file" "helm_values_template" { } } +data "template_file" "helm_values_template" { + count = var.IdP == "auth0" ? 1 : 0 + template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") + vars = { + NAMESPACE = local.kubernetes_ns + TENANT_NAME = var.tenant_name + TENANT_KEY = var.tenant + TENANT_EMAIL = var.tenant_email + TENANT_SECRET = var.tenant_secret + TENANT_ID = var.tenant_id + TIER = var.tenant_tier + TENANT_CLIENT_ID = var.tenant_client_id + TENANT_CLIENT_SECRET = var.tenant_client_secret + REGION = var.region + KARPENTER_ROLE = var.karpenter_role + EKS_CLUSTER_NAME = var.cluster_name + TENANT_HOST_NAME = var.tenant_host_domain + USER_CALLBACK_SECRET = var.user_callback_secret + WEB_IDENTITY_ROLE_ARN = module.tenant_iam_role.arn + DB_HOST = data.aws_ssm_parameter.db_host.name + DB_PORT = data.aws_ssm_parameter.db_port.name + DB_USER = data.aws_ssm_parameter.db_user.name + DB_PASSWORD = data.aws_ssm_parameter.db_password.name + DB_SCHEMA = data.aws_ssm_parameter.db_schema.name + REDIS_HOST = data.aws_ssm_parameter.redis_host.name + REDIS_PORT = data.aws_ssm_parameter.redis_port.name + REDIS_DATABASE = data.aws_ssm_parameter.redis_database.name + JWT_SECRET = data.aws_ssm_parameter.jwt_secret.name + JWT_ISSUER = data.aws_ssm_parameter.jwt_issuer.name + AUTH_DATABASE = data.aws_ssm_parameter.authenticationdbdatabase.name + FEATURE_DATABASE = data.aws_ssm_parameter.featuredbdatabase.name + NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name + VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name + INSTANCE_CATEGORY = var.karpenter_instance_category + } +} resource "local_file" "helm_values" { filename = "${path.module}/output/${var.tenant}-values.yaml" @@ -158,6 +192,7 @@ resource "local_file" "helm_values" { ## Register Tenant Helm App on ArgoCD ############################################################################################### resource "local_file" "argocd_application" { + count = var.IdP == "cognito" ? 1 : 0 content = <<-EOT apiVersion: argoproj.io/v1alpha1 kind: Application @@ -172,7 +207,7 @@ spec: namespace: ${var.tenant_tier}-${var.tenant} server: 'https://kubernetes.default.svc' source: - path: onboarded-tenants/silo/application + path: onboarded-tenants/silo/application/cognito repoURL: 'https://${data.aws_ssm_parameter.github_user.value}@github.com/${data.aws_ssm_parameter.github_repo.value}.git' targetRevision: main helm: @@ -195,6 +230,44 @@ spec: filename = "${path.module}/argocd-application.yaml" } +resource "local_file" "argocd_application" { + count = var.IdP == "auth0" ? 1 : 0 + content = <<-EOT +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ${var.tenant_tier}-${var.tenant} + namespace: argocd + labels: + Tenant: ${var.tenant} + Tenant_ID: ${var.tenant_id} +spec: + destination: + namespace: ${var.tenant_tier}-${var.tenant} + server: 'https://kubernetes.default.svc' + source: + path: onboarded-tenants/silo/application/auth0 + repoURL: 'https://${data.aws_ssm_parameter.github_user.value}@github.com/${data.aws_ssm_parameter.github_repo.value}.git' + targetRevision: main + helm: + valueFiles: + - ${var.tenant}-values.yaml + project: default + syncPolicy: + syncOptions: + - ApplyOutOfSyncOnly=true + retry: + limit: 2 + backoff: + duration: 5s + maxDuration: 3m0s + factor: 2 + automated: + prune: false + selfHeal: true + EOT + filename = "${path.module}/argocd-application.yaml" +} ####################################################################################### ## Register Tenant Terraform Workflow on Argo ####################################################################################### diff --git a/files/tenant-samples/silo/terraform/variables.tf b/files/tenant-samples/silo/terraform/variables.tf index 8fdeff0e..c9ad64e5 100644 --- a/files/tenant-samples/silo/terraform/variables.tf +++ b/files/tenant-samples/silo/terraform/variables.tf @@ -29,6 +29,11 @@ variable "tenant_id" { variable "IdP" { type = string description = "Tenant Identity Provider" + default = "cognito" + validation { + condition = contains(["cognito", "auth0", "keycloak"], var.idp) + error_message = "The idp must be either 'cognito', 'auth0', or 'keycloak'." + } } ################################################################################## ## database diff --git a/terraform/tenant-codebuilds/saas-repo-setup.sh b/terraform/tenant-codebuilds/saas-repo-setup.sh index a5e71570..d1483d70 100755 --- a/terraform/tenant-codebuilds/saas-repo-setup.sh +++ b/terraform/tenant-codebuilds/saas-repo-setup.sh @@ -74,6 +74,8 @@ create_directory "onboarded-tenants/bridge/application" create_directory "onboarded-tenants/bridge/infra" create_directory "onboarded-tenants/silo" create_directory "onboarded-tenants/silo/application" +create_directory "onboarded-tenants/silo/application/cognito" +create_directory "onboarded-tenants/silo/application/auth0" create_directory "onboarded-tenants/silo/infra" @@ -102,7 +104,8 @@ cp -r ../tenant-samples/bridge/modules onboarded-tenants/bridge/infra/ || { echo cp -r ../tenant-samples/bridge/terraform onboarded-tenants/bridge/infra/ || { echo "Failed to copy files"; exit 1; } rm -rf onboarded-tenants/bridge/application/values.yaml.template -cp -r ../tenant-samples/silo/tenant-helm-chart/* onboarded-tenants/silo/application/ || { echo "Failed to copy files"; exit 1; } +cp -r ../tenant-samples/silo/tenant-helm-chart/cognito/* onboarded-tenants/silo/application/cognito/ || { echo "Failed to copy files"; exit 1; } +cp -r ../tenant-samples/silo/tenant-helm-chart/auth0/* onboarded-tenants/silo/application/auth0/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/silo/tenant-helm-chart onboarded-tenants/silo/infra/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/silo/modules onboarded-tenants/silo/infra/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/silo/terraform onboarded-tenants/silo/infra/ || { echo "Failed to copy files"; exit 1; } From 612555156af26bf00e095f1d98ae780ecf02d10e Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 09:40:29 +0530 Subject: [PATCH 03/53] varibles.tf modified --- modules/github/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/github/variables.tf b/modules/github/variables.tf index 8b895a42..770a0563 100644 --- a/modules/github/variables.tf +++ b/modules/github/variables.tf @@ -22,7 +22,7 @@ variable "homepage_url" { variable "visibility" { type = string - default = "public" + default = "private" description = "(Optional) Visibility of the repository. Can be public, private or internal" validation { From c77cd4235f04fb5d943dcf5547a022c454ce8311 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 11:12:14 +0530 Subject: [PATCH 04/53] auth0 changes updated --- .../authentication-service-deployment.yaml | 15 -------------- .../templates/cm-authentication-service.yaml | 2 -- .../auth0/templates/hooks/migration-job.yaml | 4 ---- .../secret-provider-class-and-sa.yaml | 20 ------------------- .../user-tenant-service-deployment.yaml | 5 ----- .../auth0/values.yaml.template | 4 ---- 6 files changed, 50 deletions(-) diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml index 3b1642ea..e7fb1907 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml @@ -159,21 +159,6 @@ spec: secretKeyRef: name: api-token key: JWT_ISSUER - - name: COGNITO_AUTH_CLIENT_DOMAIN - valueFrom: - secretKeyRef: - name: api-token - key: COGNITO_AUTH_CLIENT_DOMAIN - - name: COGNITO_AUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: api-token - key: COGNITO_AUTH_CLIENT_ID - - name: COGNITO_AUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: api-token - key: COGNITO_AUTH_CLIENT_SECRET {{- if .Values.imagePullSecret.enabled }} imagePullSecrets: - name: {{ .Values.imagePullSecret.name }} diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml index dc93b37f..09ea6215 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml @@ -13,6 +13,4 @@ data: LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' BASE_PATH: '{{ .Values.authenticationService.base_path }}' DB_SSL: '{{ .Values.authenticationService.db_ssl }}' - COGNITO_AUTH_REGION: '{{ .Values.region }}' - COGNITO_AUTH_CALLBACK_URL: 'https://{{ .Values.hostname }}/authentication-service/auth/cognito-auth-redirect' {{- end}} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml index db3b5e73..41410f15 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml @@ -157,8 +157,4 @@ spec: value: {{ .Values.adminUserTenantId }} - name: REDIRECT_URL value: "https://{{ .Values.hostname }}/{{ .Values.frontend.home_path }}" - # - name: USERNAME - # value: {{ .Values.cognitoUser }} - # - name: USER_SUB - # value: {{ .Values.cognitoSub }} {{- end }} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml index 9e6113f0..47be4ea9 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml @@ -51,14 +51,6 @@ spec: key: NOTIFICATION_SERVICE_DB_DATABASE - objectName: video_confrencing_service_db_database key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE - - objectName: cognito_domain_name - key: COGNITO_AUTH_CLIENT_DOMAIN - - objectName: cognito_client_id - key: COGNITO_AUTH_CLIENT_ID - - objectName: cognito_client_secret - key: COGNITO_AUTH_CLIENT_SECRET - - objectName: cognito_user_pool_id - key: COGNITO_USER_POOL_ID - objectName: vonage-api-key-secret key: VONAGE_API_KEY_SECRET - objectName: pubnub-pub-key @@ -112,18 +104,6 @@ spec: - objectName: {{ .Values.videoconfrencingdbdatabase }} objectType: ssmparameter objectAlias: video_confrencing_service_db_database - - objectName: {{ .Values.cognitodomain }} - objectType: ssmparameter - objectAlias: cognito_domain_name - - objectName: {{ .Values.cognitoid }} - objectType: ssmparameter - objectAlias: cognito_client_id - - objectName: {{ .Values.cognitosecret }} - objectType: ssmparameter - objectAlias: cognito_client_secret - - objectName: {{ .Values.cognitoUserPoolID }} - objectType: ssmparameter - objectAlias: cognito_user_pool_id - objectName: {{ .Values.vonageSecret }} objectType: ssmparameter objectAlias: vonage-api-key-secret diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml index eec7efd4..1a0c5174 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml @@ -129,11 +129,6 @@ spec: secretKeyRef: name: api-token key: JWT_ISSUER - - name: COGNITO_USER_POOL_ID - valueFrom: - secretKeyRef: - name: api-token - key: COGNITO_USER_POOL_ID {{- if .Values.imagePullSecret.enabled }} imagePullSecrets: - name: {{ .Values.imagePullSecret.name }} diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template index e186aa95..f924db1f 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template @@ -343,9 +343,6 @@ publicKey: ${TENANT_CLIENT_SECRET} tier: ${TIER} namespace: ${NAMESPACE} region: ${REGION} -cognitodomain: ${COGNITO_DOMAIN} -cognitoid: ${COGNITO_ID} -cognitosecret: ${COGNITO_SECRET} karpenterRoleName: ${KARPENTER_ROLE} eksClusterName: ${EKS_CLUSTER_NAME} hostname: ${TENANT_HOST_NAME} @@ -366,7 +363,6 @@ featuredbdatabase: ${FEATURE_DATABASE} notificationdbdatabase: ${NOTIFICATION_DATABASE} videoconfrencingdbdatabase: ${VIDEO_CONFRENCING_DATABASE} instance_category: ${INSTANCE_CATEGORY} -cognitoUserPoolID: ${COGNITO_USER_POOL_ID} # pubnub config vonageSecret: /pubnub/vonage-api-key-secret From 86dc0740b1ef775951215bc4247e5299aee51e6f Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 11:21:06 +0530 Subject: [PATCH 05/53] buildspec.yaml updated --- files/tenant-samples/silo/buildspec.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 9a46c583..982f5852 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -48,7 +48,8 @@ phases: - export TENANT_ADMIN_EMAIL=$(echo $tenant | jq -r '.contacts[] | select(.isPrimary == true) | .email') - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') - - export IdP=$(echo $tenant | jq -r '.IdPKey') + #- export IdP=$(echo $tenant | jq -r '.IdPKey') + - export IdP="auth0" - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Exporting Webhook Envs From 9e9762fe1b2ee8a3ab342314ed567ab9db19c873 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 11:57:48 +0530 Subject: [PATCH 06/53] buildspec.yaml updated --- files/tenant-samples/silo/terraform/eks.tf | 10 +++++++++- .../silo/terraform/push-values.sh | 17 ++++++++++++++--- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index cb06bc70..b170d460 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -184,10 +184,18 @@ data "template_file" "helm_values_template" { } resource "local_file" "helm_values" { - filename = "${path.module}/output/${var.tenant}-values.yaml" + count = var.IdP == "cognito" ? 1 : 0 + filename = "${path.module}/output/cognito/${var.tenant}-values.yaml" content = data.template_file.helm_values_template.rendered } +resource "local_file" "helm_values" { + count = var.IdP == "auth0" ? 1 : 0 + filename = "${path.module}/output/auth0/${var.tenant}-values.yaml" + content = data.template_file.helm_values_template.rendered +} + + ############################################################################################### ## Register Tenant Helm App on ArgoCD ############################################################################################### diff --git a/files/tenant-samples/silo/terraform/push-values.sh b/files/tenant-samples/silo/terraform/push-values.sh index 1072bd3e..37e5d53a 100644 --- a/files/tenant-samples/silo/terraform/push-values.sh +++ b/files/tenant-samples/silo/terraform/push-values.sh @@ -43,10 +43,21 @@ git clone "${GITHUB_REPO_URL}" || { echo "Failed to clone GitHub repository"; ex cd "${NAMESPACE}-saas-management-repository" || { echo "Failed to change directory to cloned repository"; exit 1; } # Copy tenant values.yaml to silo directory -if [ -d "../output" ]; then - cp -r ../output/* onboarded-tenants/silo/application/ || { echo "Failed to copy files"; exit 1; } +# if [ -d "../output" ]; then +# cp -r ../output/* onboarded-tenants/silo/application/ || { echo "Failed to copy files"; exit 1; } +# else +# echo "'output' folder does not exist. Skipping file copy." +# fi +if [ -d "../output/cognito" ]; then + cp -r ../output/cognito/* onboarded-tenants/silo/application/cognito/ || { echo "Failed to copy cognito files"; exit 1; } else - echo "'output' folder does not exist. Skipping file copy." + echo "'cognito' folder does not exist. Skipping cognito file copy." +fi + +if [ -d "../output/auth0" ]; then + cp -r ../output/auth0/* onboarded-tenants/silo/application/auth0/ || { echo "Failed to copy auth0 files"; exit 1; } +else + echo "'auth0' folder does not exist. Skipping auth0 file copy." fi # Copy tenant specific terraform tfvars and config file to repository From 8e0a24bac71e78033e1d92c4a10cba57be1eaa3b Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 12:18:47 +0530 Subject: [PATCH 07/53] variables.tf updated --- files/tenant-samples/silo/terraform/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/tenant-samples/silo/terraform/variables.tf b/files/tenant-samples/silo/terraform/variables.tf index c9ad64e5..f7349dbf 100644 --- a/files/tenant-samples/silo/terraform/variables.tf +++ b/files/tenant-samples/silo/terraform/variables.tf @@ -31,7 +31,7 @@ variable "IdP" { description = "Tenant Identity Provider" default = "cognito" validation { - condition = contains(["cognito", "auth0", "keycloak"], var.idp) + condition = contains(["cognito", "auth0", "keycloak"], var.IdP) error_message = "The idp must be either 'cognito', 'auth0', or 'keycloak'." } } From 1ad29a80e4ba839c1e1f09f2c51d8defbdb56e15 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 12:24:21 +0530 Subject: [PATCH 08/53] variables.tf updated --- files/tenant-samples/silo/terraform/eks.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index b170d460..7571eced 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -105,7 +105,7 @@ resource "kubernetes_namespace" "my_namespace" { # generate tenant specific helm values.yaml file based on IdP configuration -data "template_file" "helm_values_template" { +data "template_file" "cognito_helm_values_template" { count = var.IdP == "cognito" ? 1 : 0 template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { @@ -146,7 +146,7 @@ data "template_file" "helm_values_template" { } } -data "template_file" "helm_values_template" { +data "template_file" "auth0_helm_values_template" { count = var.IdP == "auth0" ? 1 : 0 template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") vars = { @@ -186,20 +186,20 @@ data "template_file" "helm_values_template" { resource "local_file" "helm_values" { count = var.IdP == "cognito" ? 1 : 0 filename = "${path.module}/output/cognito/${var.tenant}-values.yaml" - content = data.template_file.helm_values_template.rendered + content = data.template_file.cognito_helm_values_template.rendered } resource "local_file" "helm_values" { count = var.IdP == "auth0" ? 1 : 0 filename = "${path.module}/output/auth0/${var.tenant}-values.yaml" - content = data.template_file.helm_values_template.rendered + content = data.template_file.auth0_helm_values_template.rendered } ############################################################################################### ## Register Tenant Helm App on ArgoCD ############################################################################################### -resource "local_file" "argocd_application" { +resource "local_file" "cognito_argocd_application" { count = var.IdP == "cognito" ? 1 : 0 content = <<-EOT apiVersion: argoproj.io/v1alpha1 @@ -238,7 +238,7 @@ spec: filename = "${path.module}/argocd-application.yaml" } -resource "local_file" "argocd_application" { +resource "local_file" "auth0_argocd_application" { count = var.IdP == "auth0" ? 1 : 0 content = <<-EOT apiVersion: argoproj.io/v1alpha1 From 642bafa374fdc0221be18102bf248d4c3a584204 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 12:30:10 +0530 Subject: [PATCH 09/53] variables.tf updated --- files/tenant-samples/silo/terraform/eks.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index 7571eced..ced4f447 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -183,13 +183,13 @@ data "template_file" "auth0_helm_values_template" { } } -resource "local_file" "helm_values" { +resource "local_file" "cognito_helm_values" { count = var.IdP == "cognito" ? 1 : 0 filename = "${path.module}/output/cognito/${var.tenant}-values.yaml" content = data.template_file.cognito_helm_values_template.rendered } -resource "local_file" "helm_values" { +resource "local_file" "auth0_helm_values" { count = var.IdP == "auth0" ? 1 : 0 filename = "${path.module}/output/auth0/${var.tenant}-values.yaml" content = data.template_file.auth0_helm_values_template.rendered From e500da4ba65031b31d9c95d9f557759aafdfd2eb Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 12:56:51 +0530 Subject: [PATCH 10/53] variables.tf updated --- files/tenant-samples/silo/buildspec.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 982f5852..3d85e053 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -83,6 +83,7 @@ phases: - export TF_VAR_rds_instance_allocated_storage="${POSTGRES_SIZE}" - export TF_VAR_karpenter_instance_category="${INSTANCE_CATEGORY}" - export TF_VAR_IdP="${IdP}" + - echo "${TF_VAR_IdP}" - export TF_VAR_tenant_client_id="${KEY}"-$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_ID}" - export TF_VAR_tenant_client_secret=$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_SECRET}" - export ALB_DNS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[?Type==`application`] | [0].DNSName' --output text) @@ -108,7 +109,7 @@ phases: - export TF_KEY=${KEY}/${KEY}.tfstate - envsubst < config.txt > config.${KEY}.hcl - envsubst ${KEY}.tfvars - + - cat ${KEY}.tfvars # Run Terraform to create infra and apply helm - terraform init --backend-config=config.${KEY}.hcl - terraform apply --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards From 148d02aae937fca1b366d73d7a645f6f97daebe2 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 13:01:58 +0530 Subject: [PATCH 11/53] variables.tf updated --- files/tenant-samples/silo/terraform/cognito.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/tenant-samples/silo/terraform/cognito.tf b/files/tenant-samples/silo/terraform/cognito.tf index aa11a8fa..721284d5 100644 --- a/files/tenant-samples/silo/terraform/cognito.tf +++ b/files/tenant-samples/silo/terraform/cognito.tf @@ -13,7 +13,7 @@ module "cognito_domain_string" { ## Cognito User Pool ###################################################################### module "aws_cognito_user_pool" { - count = var.IdP == "cognito" ? 1 : 0 + enabled = var.IdP == "cognito" ? true : false source = "lgallard/cognito-user-pool/aws" version = "0.24.0" user_pool_name = "${var.namespace}-${var.environment}-${var.tenant_tier}-${var.tenant}-cognito-user-pool" From 11330b14a5b45f1cac1faf3283f87d2e241da7ab Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 13:15:12 +0530 Subject: [PATCH 12/53] variables.tf updated --- files/tenant-samples/silo/terraform/cognito.tf | 1 - files/tenant-samples/silo/terraform/eks.tf | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/files/tenant-samples/silo/terraform/cognito.tf b/files/tenant-samples/silo/terraform/cognito.tf index 721284d5..16383051 100644 --- a/files/tenant-samples/silo/terraform/cognito.tf +++ b/files/tenant-samples/silo/terraform/cognito.tf @@ -2,7 +2,6 @@ ## random string ###################################################################### module "cognito_domain_string" { - count = var.IdP == "cognito" ? 1 : 0 source = "../modules/random-password" length = 6 is_special = false diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index ced4f447..f15adcf6 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -186,13 +186,13 @@ data "template_file" "auth0_helm_values_template" { resource "local_file" "cognito_helm_values" { count = var.IdP == "cognito" ? 1 : 0 filename = "${path.module}/output/cognito/${var.tenant}-values.yaml" - content = data.template_file.cognito_helm_values_template.rendered + content = data.template_file.cognito_helm_values_template[count.index].rendered } resource "local_file" "auth0_helm_values" { count = var.IdP == "auth0" ? 1 : 0 filename = "${path.module}/output/auth0/${var.tenant}-values.yaml" - content = data.template_file.auth0_helm_values_template.rendered + content = data.template_file.auth0_helm_values_template[count.index].rendered } From 84c2618e82c00b1f8c1ce6260c5965bc411c805e Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 13:36:41 +0530 Subject: [PATCH 13/53] variables.tf updated --- files/tenant-samples/silo/terraform/eks.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index f15adcf6..2a68c470 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -119,9 +119,9 @@ data "template_file" "cognito_helm_values_template" { TENANT_CLIENT_ID = var.tenant_client_id TENANT_CLIENT_SECRET = var.tenant_client_secret REGION = var.region - COGNITO_DOMAIN = data.aws_ssm_parameter.cognito_domain.name - COGNITO_ID = data.aws_ssm_parameter.cognito_id.name - COGNITO_SECRET = data.aws_ssm_parameter.cognito_secret.name + COGNITO_DOMAIN = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_domain[0].name : null + COGNITO_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_id[0].name : null + COGNITO_SECRET = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_secret[0].name : null KARPENTER_ROLE = var.karpenter_role EKS_CLUSTER_NAME = var.cluster_name TENANT_HOST_NAME = var.tenant_host_domain @@ -142,7 +142,7 @@ data "template_file" "cognito_helm_values_template" { NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name INSTANCE_CATEGORY = var.karpenter_instance_category - COGNITO_USER_POOL_ID = data.aws_ssm_parameter.cognito_user_pool_id.name + COGNITO_USER_POOL_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_user_pool_id[0].name : null } } From 399030db7af97e8353e011b27ff1481a5c5201e9 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 13:37:20 +0530 Subject: [PATCH 14/53] variables.tf updated --- files/tenant-samples/silo/terraform/eks.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index 2a68c470..9dc12344 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -119,9 +119,9 @@ data "template_file" "cognito_helm_values_template" { TENANT_CLIENT_ID = var.tenant_client_id TENANT_CLIENT_SECRET = var.tenant_client_secret REGION = var.region - COGNITO_DOMAIN = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_domain[0].name : null - COGNITO_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_id[0].name : null - COGNITO_SECRET = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_secret[0].name : null + COGNITO_DOMAIN = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_domain.name : null + COGNITO_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_id.name : null + COGNITO_SECRET = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_secret.name : null KARPENTER_ROLE = var.karpenter_role EKS_CLUSTER_NAME = var.cluster_name TENANT_HOST_NAME = var.tenant_host_domain From 2a4fe62a2fbd3342b3a5095808f7e870e35c0042 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 13:40:35 +0530 Subject: [PATCH 15/53] variables.tf updated --- files/tenant-samples/silo/terraform/eks.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index 9dc12344..cb7f83e2 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -138,11 +138,11 @@ data "template_file" "cognito_helm_values_template" { JWT_SECRET = data.aws_ssm_parameter.jwt_secret.name JWT_ISSUER = data.aws_ssm_parameter.jwt_issuer.name AUTH_DATABASE = data.aws_ssm_parameter.authenticationdbdatabase.name - FEATURE_DATABASE = data.aws_ssm_parameter.featuredbdatabase.name + FEATURE_DATABASE = data.aws_ssm_parameter.featuredbdatabase.name NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name - INSTANCE_CATEGORY = var.karpenter_instance_category - COGNITO_USER_POOL_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_user_pool_id[0].name : null + INSTANCE_CATEGORY = var.karpenter_instance_category + COGNITO_USER_POOL_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_user_pool_id.name : null } } From 184c8fb19b633a8ae465cacc3f2cac8b6c12fe51 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 13:49:11 +0530 Subject: [PATCH 16/53] variables.tf updated --- files/tenant-samples/silo/terraform/eks.tf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index cb7f83e2..6bbb0165 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -106,7 +106,6 @@ resource "kubernetes_namespace" "my_namespace" { # generate tenant specific helm values.yaml file based on IdP configuration data "template_file" "cognito_helm_values_template" { - count = var.IdP == "cognito" ? 1 : 0 template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns @@ -147,7 +146,6 @@ data "template_file" "cognito_helm_values_template" { } data "template_file" "auth0_helm_values_template" { - count = var.IdP == "auth0" ? 1 : 0 template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns @@ -186,13 +184,13 @@ data "template_file" "auth0_helm_values_template" { resource "local_file" "cognito_helm_values" { count = var.IdP == "cognito" ? 1 : 0 filename = "${path.module}/output/cognito/${var.tenant}-values.yaml" - content = data.template_file.cognito_helm_values_template[count.index].rendered + content = data.template_file.cognito_helm_values_template.rendered } resource "local_file" "auth0_helm_values" { count = var.IdP == "auth0" ? 1 : 0 filename = "${path.module}/output/auth0/${var.tenant}-values.yaml" - content = data.template_file.auth0_helm_values_template[count.index].rendered + content = data.template_file.auth0_helm_values_template.rendered } From 11899a00833f266a61343383fe1e1a5776e401bb Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 14:17:04 +0530 Subject: [PATCH 17/53] variables.tf updated --- files/tenant-samples/silo/terraform/data.tf | 3 +-- files/tenant-samples/silo/terraform/eks.tf | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/files/tenant-samples/silo/terraform/data.tf b/files/tenant-samples/silo/terraform/data.tf index 0e9c6cef..b2d925ab 100644 --- a/files/tenant-samples/silo/terraform/data.tf +++ b/files/tenant-samples/silo/terraform/data.tf @@ -107,8 +107,7 @@ data "aws_route53_zone" "selected" { } data "aws_ssm_parameter" "cognito_domain" { - count = var.IdP == "cognito" ? 1 : 0 - name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_domain" + name = var.IdP == "cognito" ? "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_domain": null depends_on = [module.cognito_ssm_parameters] } diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index 6bbb0165..8534450a 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -141,7 +141,7 @@ data "template_file" "cognito_helm_values_template" { NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name INSTANCE_CATEGORY = var.karpenter_instance_category - COGNITO_USER_POOL_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_user_pool_id.name : null + COGNITO_USER_POOL_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_user_pool_id.name : null } } From 73278cdffc8953a2182f041fbff6bdde244b30b6 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 14:17:18 +0530 Subject: [PATCH 18/53] variables.tf updated --- files/tenant-samples/silo/terraform/data.tf | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/files/tenant-samples/silo/terraform/data.tf b/files/tenant-samples/silo/terraform/data.tf index b2d925ab..378e8158 100644 --- a/files/tenant-samples/silo/terraform/data.tf +++ b/files/tenant-samples/silo/terraform/data.tf @@ -112,20 +112,17 @@ data "aws_ssm_parameter" "cognito_domain" { } data "aws_ssm_parameter" "cognito_id" { - count = var.IdP == "cognito" ? 1 : 0 - name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_id" + name = var.IdP == "cognito" ? "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_id": null depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_secret" { - count = var.IdP == "cognito" ? 1 : 0 - name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_secret" + name = var.IdP == "cognito" ? "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_secret": null depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_user_pool_id" { - count = var.IdP == "cognito" ? 1 : 0 - name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_user_pool_id" + name = var.IdP == "cognito" ? "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_user_pool_id": null depends_on = [module.cognito_ssm_parameters] } From 102202d89639007a13a0d824c1dc781b4581a2bf Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 14:34:39 +0530 Subject: [PATCH 19/53] variables.tf updated --- files/tenant-samples/silo/terraform/data.tf | 12 ++++++++---- files/tenant-samples/silo/terraform/eks.tf | 8 ++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/files/tenant-samples/silo/terraform/data.tf b/files/tenant-samples/silo/terraform/data.tf index 378e8158..0e9c6cef 100644 --- a/files/tenant-samples/silo/terraform/data.tf +++ b/files/tenant-samples/silo/terraform/data.tf @@ -107,22 +107,26 @@ data "aws_route53_zone" "selected" { } data "aws_ssm_parameter" "cognito_domain" { - name = var.IdP == "cognito" ? "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_domain": null + count = var.IdP == "cognito" ? 1 : 0 + name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_domain" depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_id" { - name = var.IdP == "cognito" ? "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_id": null + count = var.IdP == "cognito" ? 1 : 0 + name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_id" depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_secret" { - name = var.IdP == "cognito" ? "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_secret": null + count = var.IdP == "cognito" ? 1 : 0 + name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_secret" depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_user_pool_id" { - name = var.IdP == "cognito" ? "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_user_pool_id": null + count = var.IdP == "cognito" ? 1 : 0 + name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/cognito_user_pool_id" depends_on = [module.cognito_ssm_parameters] } diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index 8534450a..b44bcf73 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -118,9 +118,9 @@ data "template_file" "cognito_helm_values_template" { TENANT_CLIENT_ID = var.tenant_client_id TENANT_CLIENT_SECRET = var.tenant_client_secret REGION = var.region - COGNITO_DOMAIN = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_domain.name : null - COGNITO_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_id.name : null - COGNITO_SECRET = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_secret.name : null + COGNITO_DOMAIN = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_domain[0].name : null + COGNITO_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_id.name[0] : null + COGNITO_SECRET = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_secret.name[0] : null KARPENTER_ROLE = var.karpenter_role EKS_CLUSTER_NAME = var.cluster_name TENANT_HOST_NAME = var.tenant_host_domain @@ -141,7 +141,7 @@ data "template_file" "cognito_helm_values_template" { NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name INSTANCE_CATEGORY = var.karpenter_instance_category - COGNITO_USER_POOL_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_user_pool_id.name : null + COGNITO_USER_POOL_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_user_pool_id.name[0] : null } } From caca1d755597025f99488fee3fb5479612c20a2f Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 14:44:16 +0530 Subject: [PATCH 20/53] variables.tf updated --- files/tenant-samples/silo/terraform/eks.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index b44bcf73..22d9a24a 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -118,9 +118,9 @@ data "template_file" "cognito_helm_values_template" { TENANT_CLIENT_ID = var.tenant_client_id TENANT_CLIENT_SECRET = var.tenant_client_secret REGION = var.region - COGNITO_DOMAIN = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_domain[0].name : null - COGNITO_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_id.name[0] : null - COGNITO_SECRET = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_secret.name[0] : null + COGNITO_DOMAIN = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_domain) > 0 ? data.aws_ssm_parameter.cognito_domain[0].name : null + COGNITO_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_id) > 0 ? data.aws_ssm_parameter.cognito_id[0].name : null + COGNITO_SECRET = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_secret) > 0 ? data.aws_ssm_parameter.cognito_secret[0].name : null KARPENTER_ROLE = var.karpenter_role EKS_CLUSTER_NAME = var.cluster_name TENANT_HOST_NAME = var.tenant_host_domain @@ -141,7 +141,7 @@ data "template_file" "cognito_helm_values_template" { NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name INSTANCE_CATEGORY = var.karpenter_instance_category - COGNITO_USER_POOL_ID = var.IdP == "cognito" ? data.aws_ssm_parameter.cognito_user_pool_id.name[0] : null + COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[0].name : null } } From 85fcf088abcc4d08b285f27aadde9c160e61ff4c Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 15:11:12 +0530 Subject: [PATCH 21/53] variables.tf updated --- files/tenant-samples/silo/terraform/eks.tf | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index 22d9a24a..88e35276 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -106,6 +106,7 @@ resource "kubernetes_namespace" "my_namespace" { # generate tenant specific helm values.yaml file based on IdP configuration data "template_file" "cognito_helm_values_template" { + count = var.IdP == "cognito" ? 1 : 0 template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns @@ -118,9 +119,9 @@ data "template_file" "cognito_helm_values_template" { TENANT_CLIENT_ID = var.tenant_client_id TENANT_CLIENT_SECRET = var.tenant_client_secret REGION = var.region - COGNITO_DOMAIN = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_domain) > 0 ? data.aws_ssm_parameter.cognito_domain[0].name : null - COGNITO_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_id) > 0 ? data.aws_ssm_parameter.cognito_id[0].name : null - COGNITO_SECRET = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_secret) > 0 ? data.aws_ssm_parameter.cognito_secret[0].name : null + COGNITO_DOMAIN = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_domain) > 0 ? data.aws_ssm_parameter.cognito_domain[count.index].name : null + COGNITO_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_id) > 0 ? data.aws_ssm_parameter.cognito_id[count.index].name : null + COGNITO_SECRET = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_secret) > 0 ? data.aws_ssm_parameter.cognito_secret[count.index].name : null KARPENTER_ROLE = var.karpenter_role EKS_CLUSTER_NAME = var.cluster_name TENANT_HOST_NAME = var.tenant_host_domain @@ -141,11 +142,12 @@ data "template_file" "cognito_helm_values_template" { NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name INSTANCE_CATEGORY = var.karpenter_instance_category - COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[0].name : null + COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[count.index].name : null } } data "template_file" "auth0_helm_values_template" { + count = var.IdP == "auth0" ? 1 : 0 template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns @@ -184,13 +186,13 @@ data "template_file" "auth0_helm_values_template" { resource "local_file" "cognito_helm_values" { count = var.IdP == "cognito" ? 1 : 0 filename = "${path.module}/output/cognito/${var.tenant}-values.yaml" - content = data.template_file.cognito_helm_values_template.rendered + content = data.template_file.cognito_helm_values_template[count.index].rendered } resource "local_file" "auth0_helm_values" { count = var.IdP == "auth0" ? 1 : 0 filename = "${path.module}/output/auth0/${var.tenant}-values.yaml" - content = data.template_file.auth0_helm_values_template.rendered + content = data.template_file.auth0_helm_values_template[count.index].rendered } From 2d94613f5a201a962ded52a5d8dbec518a7c01df Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 15:25:40 +0530 Subject: [PATCH 22/53] variables.tf updated --- files/tenant-samples/silo/buildspec.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 3d85e053..4053e972 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -49,7 +49,7 @@ phases: - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') #- export IdP=$(echo $tenant | jq -r '.IdPKey') - - export IdP="auth0" + - export IdP="cognito" - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Exporting Webhook Envs From f3d50c104bad7e0328492d33632401c80df7350c Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 15:53:18 +0530 Subject: [PATCH 23/53] variables.tf updated --- files/tenant-samples/silo/buildspec.yaml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 4053e972..224b17dd 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -83,7 +83,6 @@ phases: - export TF_VAR_rds_instance_allocated_storage="${POSTGRES_SIZE}" - export TF_VAR_karpenter_instance_category="${INSTANCE_CATEGORY}" - export TF_VAR_IdP="${IdP}" - - echo "${TF_VAR_IdP}" - export TF_VAR_tenant_client_id="${KEY}"-$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_ID}" - export TF_VAR_tenant_client_secret=$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_SECRET}" - export ALB_DNS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[?Type==`application`] | [0].DNSName' --output text) @@ -109,16 +108,15 @@ phases: - export TF_KEY=${KEY}/${KEY}.tfstate - envsubst < config.txt > config.${KEY}.hcl - envsubst ${KEY}.tfvars - - cat ${KEY}.tfvars # Run Terraform to create infra and apply helm - terraform init --backend-config=config.${KEY}.hcl - - terraform apply --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards - - chmod +x push-values.sh - - ./push-values.sh # push values to tenant management gitops repository - - kubectl apply -f argocd-application.yaml --namespace argocd || true - - sleep 240 # waiting time to spin up tenant pods - - terraform apply -auto-approve --refresh=false # refresh is false to avoid API hitting - - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true + #- terraform apply --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards + #- chmod +x push-values.sh + #- ./push-values.sh # push values to tenant management gitops repository + #- kubectl apply -f argocd-application.yaml --namespace argocd || true + #- sleep 240 # waiting time to spin up tenant pods + - terraform destroy -auto-approve --refresh=false # refresh is false to avoid API hitting + #- kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true finally: - node $WEBHOOK_PATH @@ -127,8 +125,8 @@ phases: commands: - export CODEBUILD_BUILD_POSTBUILD=1 - export CREATE_USER=0 - - node $WEBHOOK_PATH - - python push_to_dynamodb.py # pushing tenant config to dynamodb based on tenant_id mapping + #- node $WEBHOOK_PATH + #- python push_to_dynamodb.py # pushing tenant config to dynamodb based on tenant_id mapping From a08afe1da6c13be435042785641e4fda564900a5 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 26 Sep 2024 16:32:33 +0530 Subject: [PATCH 24/53] variables.tf updated --- files/tenant-samples/silo/buildspec.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 224b17dd..4dda5b1c 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -49,7 +49,7 @@ phases: - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') #- export IdP=$(echo $tenant | jq -r '.IdPKey') - - export IdP="cognito" + - export IdP="auth0" - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Exporting Webhook Envs From 33a2168de44de105b20fb870cc94c8c1e1a545d5 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Mon, 30 Sep 2024 10:40:19 +0530 Subject: [PATCH 25/53] auth0 changes updated --- files/tenant-samples/bridge/buildspec.yaml | 3 + .../bridge/terraform/cognito-client.tf | 2 + files/tenant-samples/bridge/terraform/data.tf | 4 + files/tenant-samples/bridge/terraform/eks.tf | 107 ++++++++++++++--- .../terraform/pool-infra/tfvariables.txt | 3 +- .../bridge/terraform/pool-infra/variables.tf | 10 ++ .../bridge/terraform/push-values.sh | 17 ++- .../bridge/terraform/tfvariables.txt | 1 + .../bridge/terraform/variables.tf | 10 ++ files/tenant-samples/pooled/buildspec.yaml | 3 + .../pooled/terraform/cognito-client.tf | 2 + files/tenant-samples/pooled/terraform/data.tf | 4 + files/tenant-samples/pooled/terraform/eks.tf | 108 +++++++++++++++--- .../terraform/pool-infra/tfvariables.txt | 3 +- .../pooled/terraform/pool-infra/variables.tf | 10 ++ .../pooled/terraform/push-values.sh | 17 ++- .../pooled/terraform/tfvariables.txt | 1 + .../pooled/terraform/variables.tf | 10 ++ files/tenant-samples/silo/buildspec.yaml | 20 ++-- .../tenant-codebuilds/saas-repo-setup.sh | 21 ++-- 20 files changed, 305 insertions(+), 51 deletions(-) diff --git a/files/tenant-samples/bridge/buildspec.yaml b/files/tenant-samples/bridge/buildspec.yaml index 854c0ecc..43ba85ac 100644 --- a/files/tenant-samples/bridge/buildspec.yaml +++ b/files/tenant-samples/bridge/buildspec.yaml @@ -45,6 +45,8 @@ phases: - export TENANT_ADMIN_EMAIL=$(echo $tenant | jq -r '.contacts[] | select(.isPrimary == true) | .email') - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') + #- export IdP=$(echo $tenant | jq -r '.IdPKey') + - export IdP="cognito" - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Webhook Envs @@ -75,6 +77,7 @@ phases: - export TF_VAR_karpenter_role="${KARPENTER_ROLE}" - export TF_VAR_tenant_host_domain="${KEY}.${DOMAIN_NAME}" - export TF_VAR_jwt_issuer="${KEY}" + - export TF_VAR_IdP="${IdP}" - export TF_VAR_rds_instance_allocated_storage="${POSTGRES_SIZE}" - export TF_VAR_tenant_client_id="${KEY}"-$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_ID}" - export TF_VAR_tenant_client_secret=$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_SECRET}" diff --git a/files/tenant-samples/bridge/terraform/cognito-client.tf b/files/tenant-samples/bridge/terraform/cognito-client.tf index aa2b4a95..c19555fd 100644 --- a/files/tenant-samples/bridge/terraform/cognito-client.tf +++ b/files/tenant-samples/bridge/terraform/cognito-client.tf @@ -15,6 +15,7 @@ ## Cognito App Client ##################################################################################### resource "aws_cognito_user_pool_client" "app_client" { + count = var.IdP == "cognito" ? 1 : 0 name = var.tenant user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id.value allowed_oauth_flows = ["code"] @@ -54,6 +55,7 @@ resource "aws_cognito_user_pool_client" "app_client" { ## Store Congito output to SSM parameneter store ###################################################################### module "cognito_ssm_parameters" { + count = var.IdP == "cognito" ? 1 : 0 source = "../modules/ssm-parameter" ssm_parameters = [ { diff --git a/files/tenant-samples/bridge/terraform/data.tf b/files/tenant-samples/bridge/terraform/data.tf index 4176fd94..0e0f78e7 100644 --- a/files/tenant-samples/bridge/terraform/data.tf +++ b/files/tenant-samples/bridge/terraform/data.tf @@ -107,19 +107,23 @@ data "aws_route53_zone" "selected" { } data "aws_ssm_parameter" "cognito_user_pool_id" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_user_pool_id" } data "aws_ssm_parameter" "cognito_domain" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_domain" } data "aws_ssm_parameter" "cognito_id" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_id" depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_secret" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_secret" depends_on = [module.cognito_ssm_parameters] } diff --git a/files/tenant-samples/bridge/terraform/eks.tf b/files/tenant-samples/bridge/terraform/eks.tf index 4b3ae9ed..31297caa 100644 --- a/files/tenant-samples/bridge/terraform/eks.tf +++ b/files/tenant-samples/bridge/terraform/eks.tf @@ -102,8 +102,9 @@ resource "kubernetes_namespace" "my_namespace" { # generate tenant specific helm values.yaml -data "template_file" "helm_values_template" { - template = file("${path.module}/../tenant-helm-chart/values.yaml.template") +data "template_file" "cognito_helm_values_template" { + count = var.IdP == "cognito" ? 1 : 0 + template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns TENANT_NAME = var.tenant_name @@ -111,16 +112,13 @@ data "template_file" "helm_values_template" { TENANT_EMAIL = var.tenant_email TENANT_SECRET = var.tenant_secret TENANT_ID = var.tenant_id - # COGNITO_USER = var.user_name - # COGNITO_USER_SUB = aws_cognito_user.cognito_user.sub - TIER = var.tenant_tier TENANT_CLIENT_ID = var.tenant_client_id TENANT_CLIENT_SECRET = var.tenant_client_secret REGION = var.region - COGNITO_DOMAIN = data.aws_ssm_parameter.cognito_domain.name - COGNITO_ID = data.aws_ssm_parameter.cognito_id.name - COGNITO_SECRET = data.aws_ssm_parameter.cognito_secret.name + COGNITO_DOMAIN = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_domain) > 0 ? data.aws_ssm_parameter.cognito_domain[count.index].name : null + COGNITO_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_id) > 0 ? data.aws_ssm_parameter.cognito_id[count.index].name : null + COGNITO_SECRET = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_secret) > 0 ? data.aws_ssm_parameter.cognito_secret[count.index].name : null KARPENTER_ROLE = var.karpenter_role EKS_CLUSTER_NAME = var.cluster_name TENANT_HOST_NAME = var.tenant_host_domain @@ -141,18 +139,63 @@ data "template_file" "helm_values_template" { NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name COGNITO_USER_POOL_ID = data.aws_ssm_parameter.cognito_user_pool_id.name + COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[count.index].name : null + + } +} + +data "template_file" "auth0_helm_values_template" { + count = var.IdP == "auth0" ? 1 : 0 + template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") + vars = { + NAMESPACE = local.kubernetes_ns + TENANT_NAME = var.tenant_name + TENANT_KEY = var.tenant + TENANT_EMAIL = var.tenant_email + TENANT_SECRET = var.tenant_secret + TENANT_ID = var.tenant_id + TIER = var.tenant_tier + TENANT_CLIENT_ID = var.tenant_client_id + TENANT_CLIENT_SECRET = var.tenant_client_secret + REGION = var.region + KARPENTER_ROLE = var.karpenter_role + EKS_CLUSTER_NAME = var.cluster_name + TENANT_HOST_NAME = var.tenant_host_domain + USER_CALLBACK_SECRET = var.user_callback_secret + WEB_IDENTITY_ROLE_ARN = module.tenant_iam_role.arn + DB_HOST = data.aws_ssm_parameter.db_host.name + DB_PORT = data.aws_ssm_parameter.db_port.name + DB_USER = data.aws_ssm_parameter.db_user.name + DB_PASSWORD = data.aws_ssm_parameter.db_password.name + DB_SCHEMA = data.aws_ssm_parameter.db_schema.name + REDIS_HOST = data.aws_ssm_parameter.redis_host.name + REDIS_PORT = data.aws_ssm_parameter.redis_port.name + REDIS_DATABASE = data.aws_ssm_parameter.redis_database.name + JWT_SECRET = data.aws_ssm_parameter.jwt_secret.name + JWT_ISSUER = data.aws_ssm_parameter.jwt_issuer.name + AUTH_DATABASE = data.aws_ssm_parameter.authenticationdbdatabase.name + FEATURE_DATABASE = data.aws_ssm_parameter.featuredbdatabase.name + NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name + VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name } } -resource "local_file" "helm_values" { - filename = "${path.module}/output/${var.tenant}-values.yaml" - content = data.template_file.helm_values_template.rendered +resource "local_file" "cognito_helm_values" { + count = var.IdP == "cognito" ? 1 : 0 + filename = "${path.module}/output/cognito/${var.tenant}-values.yaml" + content = data.template_file.cognito_helm_values_template[count.index].rendered } +resource "local_file" "auth0_helm_values" { + count = var.IdP == "auth0" ? 1 : 0 + filename = "${path.module}/output/auth0/${var.tenant}-values.yaml" + content = data.template_file.auth0_helm_values_template[count.index].rendered +} ############################################################################################### ## Register Tenant Helm App on ArgoCD ############################################################################################### -resource "local_file" "argocd_application" { +resource "local_file" "cognito_argocd_application" { + count = var.IdP == "cognito" ? 1 : 0 content = <<-EOT apiVersion: argoproj.io/v1alpha1 kind: Application @@ -167,7 +210,7 @@ spec: namespace: ${var.tenant_tier}-${var.tenant} server: 'https://kubernetes.default.svc' source: - path: onboarded-tenants/bridge/application + path: onboarded-tenants/bridge/application/cognito repoURL: 'https://${data.aws_ssm_parameter.github_user.value}@github.com/${data.aws_ssm_parameter.github_repo.value}.git' targetRevision: main helm: @@ -190,6 +233,44 @@ spec: filename = "${path.module}/argocd-application.yaml" } +resource "local_file" "auth0_argocd_application" { + count = var.IdP == "auth0" ? 1 : 0 + content = <<-EOT +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ${var.tenant_tier}-${var.tenant} + namespace: argocd + labels: + Tenant: ${var.tenant} + Tenant_ID: ${var.tenant_id} +spec: + destination: + namespace: ${var.tenant_tier}-${var.tenant} + server: 'https://kubernetes.default.svc' + source: + path: onboarded-tenants/bridge/application/auth0 + repoURL: 'https://${data.aws_ssm_parameter.github_user.value}@github.com/${data.aws_ssm_parameter.github_repo.value}.git' + targetRevision: main + helm: + valueFiles: + - ${var.tenant}-values.yaml + project: default + syncPolicy: + syncOptions: + - ApplyOutOfSyncOnly=true + retry: + limit: 2 + backoff: + duration: 5s + maxDuration: 3m0s + factor: 2 + automated: + prune: false + selfHeal: true + EOT + filename = "${path.module}/argocd-application.yaml" +} ####################################################################################### ## Register Pooled Terraform Workflow on Argo ####################################################################################### diff --git a/files/tenant-samples/bridge/terraform/pool-infra/tfvariables.txt b/files/tenant-samples/bridge/terraform/pool-infra/tfvariables.txt index 0e4121f5..cd54794c 100644 --- a/files/tenant-samples/bridge/terraform/pool-infra/tfvariables.txt +++ b/files/tenant-samples/bridge/terraform/pool-infra/tfvariables.txt @@ -15,4 +15,5 @@ jwt_issuer = "${TF_VAR_jwt_issuer}" tenant_client_id = "${TF_VAR_tenant_client_id}" tenant_client_secret = "${TF_VAR_tenant_client_secret}" alb_url = "${TF_VAR_alb_url}" -tenant_tier = "${TF_VAR_tenant_tier}" \ No newline at end of file +tenant_tier = "${TF_VAR_tenant_tier}" +IdP = "${TF_VAR_IdP}" \ No newline at end of file diff --git a/files/tenant-samples/bridge/terraform/pool-infra/variables.tf b/files/tenant-samples/bridge/terraform/pool-infra/variables.tf index 1f816a46..5257f782 100644 --- a/files/tenant-samples/bridge/terraform/pool-infra/variables.tf +++ b/files/tenant-samples/bridge/terraform/pool-infra/variables.tf @@ -16,6 +16,16 @@ variable "namespace" { description = "Namespace for the resources." } +variable "IdP" { + type = string + description = "Tenant Identity Provider" + default = "cognito" + validation { + condition = contains(["cognito", "auth0", "keycloak"], var.IdP) + error_message = "The idp must be either 'cognito', 'auth0', or 'keycloak'." + } +} + variable "tenant_tier" { type = string description = "Tenant Tier" diff --git a/files/tenant-samples/bridge/terraform/push-values.sh b/files/tenant-samples/bridge/terraform/push-values.sh index 5fc3f06d..cd69c809 100644 --- a/files/tenant-samples/bridge/terraform/push-values.sh +++ b/files/tenant-samples/bridge/terraform/push-values.sh @@ -43,12 +43,23 @@ git clone "${GITHUB_REPO_URL}" || { echo "Failed to clone GitHub repository"; ex cd "${NAMESPACE}-saas-management-repository" || { echo "Failed to change directory to cloned repository"; exit 1; } # Copy tenant values.yaml to silo directory -if [ -d "../output" ]; then - cp -r ../output/* onboarded-tenants/bridge/application/ || { echo "Failed to copy files"; exit 1; } +# if [ -d "../output" ]; then +# cp -r ../output/* onboarded-tenants/bridge/application/ || { echo "Failed to copy files"; exit 1; } +# else +# echo "'output' folder does not exist. Skipping file copy." +# fi + +if [ -d "../output/cognito" ]; then + cp -r ../output/cognito/* onboarded-tenants/bridge/application/cognito/ || { echo "Failed to copy cognito files"; exit 1; } else - echo "'output' folder does not exist. Skipping file copy." + echo "'cognito' folder does not exist. Skipping cognito file copy." fi +if [ -d "../output/auth0" ]; then + cp -r ../output/auth0/* onboarded-tenants/bridge/application/auth0/ || { echo "Failed to copy auth0 files"; exit 1; } +else + echo "'auth0' folder does not exist. Skipping auth0 file copy." +fi # Copy tenant specific tfvars and config file to repository cp -r ../*.tfvars onboarded-tenants/bridge/infra/terraform/ || { echo "Failed to copy files"; exit 1; } diff --git a/files/tenant-samples/bridge/terraform/tfvariables.txt b/files/tenant-samples/bridge/terraform/tfvariables.txt index b2a18540..1908a0a1 100644 --- a/files/tenant-samples/bridge/terraform/tfvariables.txt +++ b/files/tenant-samples/bridge/terraform/tfvariables.txt @@ -17,6 +17,7 @@ alb_url = "${TF_VAR_alb_url}" user_callback_secret = "${TF_VAR_user_callback_secret}" rds_instance_allocated_storage = "${TF_VAR_rds_instance_allocated_storage}" tenant_tier = "${TF_VAR_tenant_tier}" +IdP = "${TF_VAR_IdP}" diff --git a/files/tenant-samples/bridge/terraform/variables.tf b/files/tenant-samples/bridge/terraform/variables.tf index 95e34407..a31b56eb 100644 --- a/files/tenant-samples/bridge/terraform/variables.tf +++ b/files/tenant-samples/bridge/terraform/variables.tf @@ -26,6 +26,16 @@ variable "tenant_id" { description = "Tenat unique ID" } +variable "IdP" { + type = string + description = "Tenant Identity Provider" + default = "cognito" + validation { + condition = contains(["cognito", "auth0", "keycloak"], var.IdP) + error_message = "The idp must be either 'cognito', 'auth0', or 'keycloak'." + } +} + variable "domain_name" { description = "Enter Defeault Redirect URL" type = string diff --git a/files/tenant-samples/pooled/buildspec.yaml b/files/tenant-samples/pooled/buildspec.yaml index 7e849965..2bc7911a 100644 --- a/files/tenant-samples/pooled/buildspec.yaml +++ b/files/tenant-samples/pooled/buildspec.yaml @@ -45,6 +45,8 @@ phases: - export TENANT_ADMIN_EMAIL=$(echo $tenant | jq -r '.contacts[] | select(.isPrimary == true) | .email') - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') + #- export IdP=$(echo $tenant | jq -r '.IdPKey') + - export IdP="cognito" - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Webhook Envs @@ -75,6 +77,7 @@ phases: - export TF_VAR_karpenter_role="${KARPENTER_ROLE}" - export TF_VAR_tenant_host_domain="${KEY}.${DOMAIN_NAME}" - export TF_VAR_jwt_issuer="${KEY}" + - export TF_VAR_IdP="${IdP}" - export TF_VAR_tenant_client_id="${KEY}"-$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_ID}" - export TF_VAR_tenant_client_secret=$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_SECRET}" - export ALB_DNS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[?Type==`application`] | [0].DNSName' --output text) diff --git a/files/tenant-samples/pooled/terraform/cognito-client.tf b/files/tenant-samples/pooled/terraform/cognito-client.tf index aa2b4a95..c19555fd 100644 --- a/files/tenant-samples/pooled/terraform/cognito-client.tf +++ b/files/tenant-samples/pooled/terraform/cognito-client.tf @@ -15,6 +15,7 @@ ## Cognito App Client ##################################################################################### resource "aws_cognito_user_pool_client" "app_client" { + count = var.IdP == "cognito" ? 1 : 0 name = var.tenant user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id.value allowed_oauth_flows = ["code"] @@ -54,6 +55,7 @@ resource "aws_cognito_user_pool_client" "app_client" { ## Store Congito output to SSM parameneter store ###################################################################### module "cognito_ssm_parameters" { + count = var.IdP == "cognito" ? 1 : 0 source = "../modules/ssm-parameter" ssm_parameters = [ { diff --git a/files/tenant-samples/pooled/terraform/data.tf b/files/tenant-samples/pooled/terraform/data.tf index e5dfa447..b4a14ea0 100644 --- a/files/tenant-samples/pooled/terraform/data.tf +++ b/files/tenant-samples/pooled/terraform/data.tf @@ -94,19 +94,23 @@ data "aws_route53_zone" "selected" { } data "aws_ssm_parameter" "cognito_user_pool_id" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_user_pool_id" } data "aws_ssm_parameter" "cognito_domain" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_domain" } data "aws_ssm_parameter" "cognito_id" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_id" depends_on = [module.cognito_ssm_parameters] } data "aws_ssm_parameter" "cognito_secret" { + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_secret" depends_on = [module.cognito_ssm_parameters] } diff --git a/files/tenant-samples/pooled/terraform/eks.tf b/files/tenant-samples/pooled/terraform/eks.tf index 7d3c67bb..79a14f43 100644 --- a/files/tenant-samples/pooled/terraform/eks.tf +++ b/files/tenant-samples/pooled/terraform/eks.tf @@ -102,8 +102,9 @@ resource "kubernetes_namespace" "my_namespace" { # generate tenant specific helm values.yaml -data "template_file" "helm_values_template" { - template = file("${path.module}/../tenant-helm-chart/values.yaml.template") +data "template_file" "cognito_helm_values_template" { + count = var.IdP == "cognito" ? 1 : 0 + template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns TENANT_NAME = var.tenant_name @@ -111,16 +112,51 @@ data "template_file" "helm_values_template" { TENANT_EMAIL = var.tenant_email TENANT_SECRET = var.tenant_secret TENANT_ID = var.tenant_id - # COGNITO_USER = var.user_name - # COGNITO_USER_SUB = aws_cognito_user.cognito_user.sub + TIER = var.tenant_tier + TENANT_CLIENT_ID = var.tenant_client_id + TENANT_CLIENT_SECRET = var.tenant_client_secret + REGION = var.region + COGNITO_DOMAIN = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_domain) > 0 ? data.aws_ssm_parameter.cognito_domain[count.index].name : null + COGNITO_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_id) > 0 ? data.aws_ssm_parameter.cognito_id[count.index].name : null + COGNITO_SECRET = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_secret) > 0 ? data.aws_ssm_parameter.cognito_secret[count.index].name : null + KARPENTER_ROLE = var.karpenter_role + EKS_CLUSTER_NAME = var.cluster_name + TENANT_HOST_NAME = var.tenant_host_domain + USER_CALLBACK_SECRET = var.user_callback_secret + WEB_IDENTITY_ROLE_ARN = module.tenant_iam_role.arn + DB_HOST = data.aws_ssm_parameter.db_host.name + DB_PORT = data.aws_ssm_parameter.db_port.name + DB_USER = data.aws_ssm_parameter.db_user.name + DB_PASSWORD = data.aws_ssm_parameter.db_password.name + DB_SCHEMA = data.aws_ssm_parameter.db_schema.name + REDIS_HOST = data.aws_ssm_parameter.redis_host.name + REDIS_PORT = data.aws_ssm_parameter.redis_port.name + REDIS_DATABASE = data.aws_ssm_parameter.redis_database.name + JWT_SECRET = data.aws_ssm_parameter.jwt_secret.name + JWT_ISSUER = data.aws_ssm_parameter.jwt_issuer.name + AUTH_DATABASE = data.aws_ssm_parameter.authenticationdbdatabase.name + FEATURE_DATABASE = data.aws_ssm_parameter.featuredbdatabase.name + NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name + VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name + COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[count.index].name : null + } +} + +data "template_file" "auth0_helm_values_template" { + count = var.IdP == "auth0" ? 1 : 0 + template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") + vars = { + NAMESPACE = local.kubernetes_ns + TENANT_NAME = var.tenant_name + TENANT_KEY = var.tenant + TENANT_EMAIL = var.tenant_email + TENANT_SECRET = var.tenant_secret + TENANT_ID = var.tenant_id TIER = var.tenant_tier TENANT_CLIENT_ID = var.tenant_client_id TENANT_CLIENT_SECRET = var.tenant_client_secret REGION = var.region - COGNITO_DOMAIN = data.aws_ssm_parameter.cognito_domain.name - COGNITO_ID = data.aws_ssm_parameter.cognito_id.name - COGNITO_SECRET = data.aws_ssm_parameter.cognito_secret.name KARPENTER_ROLE = var.karpenter_role EKS_CLUSTER_NAME = var.cluster_name TENANT_HOST_NAME = var.tenant_host_domain @@ -140,19 +176,27 @@ data "template_file" "helm_values_template" { FEATURE_DATABASE = data.aws_ssm_parameter.featuredbdatabase.name NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name - COGNITO_USER_POOL_ID = data.aws_ssm_parameter.cognito_user_pool_id.name + } } -resource "local_file" "helm_values" { - filename = "${path.module}/output/${var.tenant}-values.yaml" - content = data.template_file.helm_values_template.rendered +resource "local_file" "cognito_helm_values" { + count = var.IdP == "cognito" ? 1 : 0 + filename = "${path.module}/output/cognito/${var.tenant}-values.yaml" + content = data.template_file.cognito_helm_values_template[count.index].rendered +} + +resource "local_file" "auth0_helm_values" { + count = var.IdP == "auth0" ? 1 : 0 + filename = "${path.module}/output/auth0/${var.tenant}-values.yaml" + content = data.template_file.auth0_helm_values_template[count.index].rendered } ############################################################################################### ## Register Tenant Helm App on ArgoCD ############################################################################################### -resource "local_file" "argocd_application" { +resource "local_file" "cognito_argocd_application" { + count = var.IdP == "cognito" ? 1 : 0 content = <<-EOT apiVersion: argoproj.io/v1alpha1 kind: Application @@ -167,7 +211,7 @@ spec: namespace: ${var.tenant_tier}-${var.tenant} server: 'https://kubernetes.default.svc' source: - path: onboarded-tenants/pooled/application + path: onboarded-tenants/pooled/application/cognito repoURL: 'https://${data.aws_ssm_parameter.github_user.value}@github.com/${data.aws_ssm_parameter.github_repo.value}.git' targetRevision: main helm: @@ -190,6 +234,44 @@ spec: filename = "${path.module}/argocd-application.yaml" } +resource "local_file" "auth0_argocd_application" { + count = var.IdP == "auth0" ? 1 : 0 + content = <<-EOT +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ${var.tenant_tier}-${var.tenant} + namespace: argocd + labels: + Tenant: ${var.tenant} + Tenant_ID: ${var.tenant_id} +spec: + destination: + namespace: ${var.tenant_tier}-${var.tenant} + server: 'https://kubernetes.default.svc' + source: + path: onboarded-tenants/pooled/application/auth0 + repoURL: 'https://${data.aws_ssm_parameter.github_user.value}@github.com/${data.aws_ssm_parameter.github_repo.value}.git' + targetRevision: main + helm: + valueFiles: + - ${var.tenant}-values.yaml + project: default + syncPolicy: + syncOptions: + - ApplyOutOfSyncOnly=true + retry: + limit: 2 + backoff: + duration: 5s + maxDuration: 3m0s + factor: 2 + automated: + prune: false + selfHeal: true + EOT + filename = "${path.module}/argocd-application.yaml" +} ####################################################################################### ## Register Pooled Terraform Workflow on Argo ####################################################################################### diff --git a/files/tenant-samples/pooled/terraform/pool-infra/tfvariables.txt b/files/tenant-samples/pooled/terraform/pool-infra/tfvariables.txt index 0e4121f5..1df2525a 100644 --- a/files/tenant-samples/pooled/terraform/pool-infra/tfvariables.txt +++ b/files/tenant-samples/pooled/terraform/pool-infra/tfvariables.txt @@ -15,4 +15,5 @@ jwt_issuer = "${TF_VAR_jwt_issuer}" tenant_client_id = "${TF_VAR_tenant_client_id}" tenant_client_secret = "${TF_VAR_tenant_client_secret}" alb_url = "${TF_VAR_alb_url}" -tenant_tier = "${TF_VAR_tenant_tier}" \ No newline at end of file +tenant_tier = "${TF_VAR_tenant_tier}" +IdP = "${TF_VAR_IdP}" \ No newline at end of file diff --git a/files/tenant-samples/pooled/terraform/pool-infra/variables.tf b/files/tenant-samples/pooled/terraform/pool-infra/variables.tf index 3c38f9d7..9c47fcb3 100644 --- a/files/tenant-samples/pooled/terraform/pool-infra/variables.tf +++ b/files/tenant-samples/pooled/terraform/pool-infra/variables.tf @@ -21,6 +21,16 @@ variable "tenant_tier" { description = "Tenant Tier" } +variable "IdP" { + type = string + description = "Tenant Identity Provider" + default = "cognito" + validation { + condition = contains(["cognito", "auth0", "keycloak"], var.IdP) + error_message = "The idp must be either 'cognito', 'auth0', or 'keycloak'." + } +} + ################################################################################## ## database ################################################################################## diff --git a/files/tenant-samples/pooled/terraform/push-values.sh b/files/tenant-samples/pooled/terraform/push-values.sh index 8c39281a..bea8c43e 100644 --- a/files/tenant-samples/pooled/terraform/push-values.sh +++ b/files/tenant-samples/pooled/terraform/push-values.sh @@ -43,12 +43,23 @@ git clone "${GITHUB_REPO_URL}" || { echo "Failed to clone GitHub repository"; ex cd "${NAMESPACE}-saas-management-repository" || { echo "Failed to change directory to cloned repository"; exit 1; } # Copy tenant values.yaml to silo directory -if [ -d "../output" ]; then - cp -r ../output/* onboarded-tenants/pooled/application/ || { echo "Failed to copy files"; exit 1; } +# if [ -d "../output" ]; then +# cp -r ../output/* onboarded-tenants/pooled/application/ || { echo "Failed to copy files"; exit 1; } +# else +# echo "'output' folder does not exist. Skipping file copy." +# fi + +if [ -d "../output/cognito" ]; then + cp -r ../output/cognito/* onboarded-tenants/pooled/application/cognito/ || { echo "Failed to copy cognito files"; exit 1; } else - echo "'output' folder does not exist. Skipping file copy." + echo "'cognito' folder does not exist. Skipping cognito file copy." fi +if [ -d "../output/auth0" ]; then + cp -r ../output/auth0/* onboarded-tenants/pooled/application/auth0/ || { echo "Failed to copy auth0 files"; exit 1; } +else + echo "'auth0' folder does not exist. Skipping auth0 file copy." +fi # Copy tenant specific tfvars and config file to repository cp -r ../*.tfvars onboarded-tenants/pooled/infra/terraform/ || { echo "Failed to copy files"; exit 1; } diff --git a/files/tenant-samples/pooled/terraform/tfvariables.txt b/files/tenant-samples/pooled/terraform/tfvariables.txt index eab15fce..dcbab025 100644 --- a/files/tenant-samples/pooled/terraform/tfvariables.txt +++ b/files/tenant-samples/pooled/terraform/tfvariables.txt @@ -16,6 +16,7 @@ tenant_client_secret = "${TF_VAR_tenant_client_secret}" alb_url = "${TF_VAR_alb_url}" user_callback_secret = "${TF_VAR_user_callback_secret}" tenant_tier = "${TF_VAR_tenant_tier}" +IdP = "${TF_VAR_IdP}" diff --git a/files/tenant-samples/pooled/terraform/variables.tf b/files/tenant-samples/pooled/terraform/variables.tf index 64e4b7f1..111d6504 100644 --- a/files/tenant-samples/pooled/terraform/variables.tf +++ b/files/tenant-samples/pooled/terraform/variables.tf @@ -26,6 +26,16 @@ variable "tenant_id" { description = "Tenat unique ID" } +variable "IdP" { + type = string + description = "Tenant Identity Provider" + default = "cognito" + validation { + condition = contains(["cognito", "auth0", "keycloak"], var.IdP) + error_message = "The idp must be either 'cognito', 'auth0', or 'keycloak'." + } +} + variable "domain_name" { description = "Enter Defeault Redirect URL" type = string diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 4dda5b1c..79789a24 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -49,7 +49,7 @@ phases: - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') #- export IdP=$(echo $tenant | jq -r '.IdPKey') - - export IdP="auth0" + - export IdP="cognito" - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Exporting Webhook Envs @@ -110,13 +110,13 @@ phases: - envsubst ${KEY}.tfvars # Run Terraform to create infra and apply helm - terraform init --backend-config=config.${KEY}.hcl - #- terraform apply --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards - #- chmod +x push-values.sh - #- ./push-values.sh # push values to tenant management gitops repository - #- kubectl apply -f argocd-application.yaml --namespace argocd || true - #- sleep 240 # waiting time to spin up tenant pods - - terraform destroy -auto-approve --refresh=false # refresh is false to avoid API hitting - #- kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true + - terraform apply --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards + - chmod +x push-values.sh + - ./push-values.sh # push values to tenant management gitops repository + - kubectl apply -f argocd-application.yaml --namespace argocd || true + - sleep 240 # waiting time to spin up tenant pods + - terraform apply -auto-approve --refresh=false # refresh is false to avoid API hitting + - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true finally: - node $WEBHOOK_PATH @@ -125,8 +125,8 @@ phases: commands: - export CODEBUILD_BUILD_POSTBUILD=1 - export CREATE_USER=0 - #- node $WEBHOOK_PATH - #- python push_to_dynamodb.py # pushing tenant config to dynamodb based on tenant_id mapping + - node $WEBHOOK_PATH + - python push_to_dynamodb.py # pushing tenant config to dynamodb based on tenant_id mapping diff --git a/terraform/tenant-codebuilds/saas-repo-setup.sh b/terraform/tenant-codebuilds/saas-repo-setup.sh index d1483d70..69b66e70 100755 --- a/terraform/tenant-codebuilds/saas-repo-setup.sh +++ b/terraform/tenant-codebuilds/saas-repo-setup.sh @@ -67,10 +67,12 @@ create_directory "tenant-templates/bridge" create_directory "onboarded-tenants" create_directory "control-plane" create_directory "onboarded-tenants/pooled" -create_directory "onboarded-tenants/pooled/application" +create_directory "onboarded-tenants/pooled/application/cognito" +create_directory "onboarded-tenants/pooled/application/auth0" create_directory "onboarded-tenants/pooled/infra" create_directory "onboarded-tenants/bridge" -create_directory "onboarded-tenants/bridge/application" +create_directory "onboarded-tenants/bridge/application/cognito" +create_directory "onboarded-tenants/bridge/application/auth0" create_directory "onboarded-tenants/bridge/infra" create_directory "onboarded-tenants/silo" create_directory "onboarded-tenants/silo/application" @@ -92,24 +94,29 @@ cp -r ../tenant-samples/silo/* tenant-templates/silo/ || { echo "Failed to copy cp -r ../control-plane/control-plane-helm-chart/* control-plane/ || { echo "Failed to copy files"; exit 1; } rm -rf control-plane/values.yaml.template -cp -r ../tenant-samples/pooled/tenant-helm-chart/* onboarded-tenants/pooled/application/ || { echo "Failed to copy files"; exit 1; } +cp -r ../tenant-samples/pooled/tenant-helm-chart/cognito/* onboarded-tenants/pooled/application/cognito/ || { echo "Failed to copy files"; exit 1; } +cp -r ../tenant-samples/pooled/tenant-helm-chart/auth0/* onboarded-tenants/pooled/application/auth0/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/pooled/tenant-helm-chart onboarded-tenants/pooled/infra/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/pooled/modules onboarded-tenants/pooled/infra/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/pooled/terraform onboarded-tenants/pooled/infra/ || { echo "Failed to copy files"; exit 1; } -rm -rf onboarded-tenants/pooled/application/values.yaml.template +rm -rf onboarded-tenants/pooled/application/cognito/values.yaml.template +rm -rf onboarded-tenants/pooled/application/auth0/values.yaml.template -cp -r ../tenant-samples/bridge/tenant-helm-chart/* onboarded-tenants/bridge/application/ || { echo "Failed to copy files"; exit 1; } +cp -r ../tenant-samples/bridge/tenant-helm-chart/cognito/* onboarded-tenants/bridge/application/cognito/ || { echo "Failed to copy files"; exit 1; } +cp -r ../tenant-samples/bridge/tenant-helm-chart/auth0/* onboarded-tenants/bridge/application/auth0/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/bridge/tenant-helm-chart onboarded-tenants/bridge/infra/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/bridge/modules onboarded-tenants/bridge/infra/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/bridge/terraform onboarded-tenants/bridge/infra/ || { echo "Failed to copy files"; exit 1; } -rm -rf onboarded-tenants/bridge/application/values.yaml.template +rm -rf onboarded-tenants/bridge/application/cognito/values.yaml.template +rm -rf onboarded-tenants/bridge/application/auth0/values.yaml.template cp -r ../tenant-samples/silo/tenant-helm-chart/cognito/* onboarded-tenants/silo/application/cognito/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/silo/tenant-helm-chart/auth0/* onboarded-tenants/silo/application/auth0/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/silo/tenant-helm-chart onboarded-tenants/silo/infra/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/silo/modules onboarded-tenants/silo/infra/ || { echo "Failed to copy files"; exit 1; } cp -r ../tenant-samples/silo/terraform onboarded-tenants/silo/infra/ || { echo "Failed to copy files"; exit 1; } -rm -rf onboarded-tenants/silo/application/values.yaml.template +rm -rf onboarded-tenants/silo/application/cognito/values.yaml.template +rm -rf onboarded-tenants/silo/application/auth0/values.yaml.template # Configure Git with user details From 857518e4ca77c1244af8d4a21c6cbaed0aee4b15 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Tue, 1 Oct 2024 19:08:17 +0530 Subject: [PATCH 26/53] auth0 changes added --- .../control-plane-helm-chart/values.yaml.template | 10 +++++----- files/tenant-samples/bridge/buildspec.yaml | 4 ++-- .../bridge/tenant-helm-chart/values.yaml.template | 10 +++++----- files/tenant-samples/pooled/buildspec.yaml | 4 ++-- .../pooled/tenant-helm-chart/values.yaml.template | 10 +++++----- files/tenant-samples/silo/buildspec.yaml | 3 +-- .../silo/tenant-helm-chart/auth0/values.yaml.template | 10 +++++----- .../tenant-helm-chart/cognito/values.yaml.template | 10 +++++----- 8 files changed, 30 insertions(+), 31 deletions(-) diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index 4b79deb4..3d00e999 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -27,7 +27,7 @@ frontend: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-ui pullPolicy: Always - tag: "0.0.6" + tag: "0.0.9" log_level: "info" home_path: "/main/home" replicaCount: 1 @@ -62,7 +62,7 @@ tenantMgmtFacade: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-tenant-management-facade pullPolicy: Always - tag: "0.0.4" + tag: "0.0.5" replicaCount: 1 port: 3000 node_env: "production" @@ -138,7 +138,7 @@ authenticationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-authentication-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -211,7 +211,7 @@ subscriptionService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-subscription-service pullPolicy: Always - tag: "0.0.3" + tag: "0.0.4" replicaCount: 1 port: 3000 node_env: "production" @@ -283,7 +283,7 @@ tenantMgmtService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-tenant-management-service pullPolicy: Always - tag: "0.0.4" + tag: "0.0.5" replicaCount: 1 port: 3000 node_env: "production" diff --git a/files/tenant-samples/bridge/buildspec.yaml b/files/tenant-samples/bridge/buildspec.yaml index 43ba85ac..f9094103 100644 --- a/files/tenant-samples/bridge/buildspec.yaml +++ b/files/tenant-samples/bridge/buildspec.yaml @@ -45,8 +45,8 @@ phases: - export TENANT_ADMIN_EMAIL=$(echo $tenant | jq -r '.contacts[] | select(.isPrimary == true) | .email') - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') - #- export IdP=$(echo $tenant | jq -r '.IdPKey') - - export IdP="cognito" + - export IdP=$(echo $tenant | jq -r '.identityProvider') + #- export IdP="cognito" - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Webhook Envs diff --git a/files/tenant-samples/bridge/tenant-helm-chart/values.yaml.template b/files/tenant-samples/bridge/tenant-helm-chart/values.yaml.template index 25239673..f6993ab6 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/values.yaml.template +++ b/files/tenant-samples/bridge/tenant-helm-chart/values.yaml.template @@ -63,7 +63,7 @@ featureService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.2" replicaCount: 1 port: 3000 node_env: "production" @@ -100,7 +100,7 @@ authenticationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service pullPolicy: Always - tag: "0.0.2" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -136,7 +136,7 @@ notificationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service pullPolicy: Always - tag: "0.0.2" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -172,7 +172,7 @@ userTenantService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service pullPolicy: Always - tag: "0.0.3" + tag: "0.0.4" replicaCount: 1 port: 3000 node_env: "production" @@ -207,7 +207,7 @@ videoConfrencingService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.2" replicaCount: 1 port: 3000 node_env: "production" diff --git a/files/tenant-samples/pooled/buildspec.yaml b/files/tenant-samples/pooled/buildspec.yaml index 2bc7911a..69cff6a8 100644 --- a/files/tenant-samples/pooled/buildspec.yaml +++ b/files/tenant-samples/pooled/buildspec.yaml @@ -45,8 +45,8 @@ phases: - export TENANT_ADMIN_EMAIL=$(echo $tenant | jq -r '.contacts[] | select(.isPrimary == true) | .email') - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') - #- export IdP=$(echo $tenant | jq -r '.IdPKey') - - export IdP="cognito" + - export IdP=$(echo $tenant | jq -r '.identityProvider') + #- export IdP="cognito" - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Webhook Envs diff --git a/files/tenant-samples/pooled/tenant-helm-chart/values.yaml.template b/files/tenant-samples/pooled/tenant-helm-chart/values.yaml.template index 25239673..f6993ab6 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/values.yaml.template +++ b/files/tenant-samples/pooled/tenant-helm-chart/values.yaml.template @@ -63,7 +63,7 @@ featureService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.2" replicaCount: 1 port: 3000 node_env: "production" @@ -100,7 +100,7 @@ authenticationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service pullPolicy: Always - tag: "0.0.2" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -136,7 +136,7 @@ notificationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service pullPolicy: Always - tag: "0.0.2" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -172,7 +172,7 @@ userTenantService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service pullPolicy: Always - tag: "0.0.3" + tag: "0.0.4" replicaCount: 1 port: 3000 node_env: "production" @@ -207,7 +207,7 @@ videoConfrencingService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.2" replicaCount: 1 port: 3000 node_env: "production" diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 79789a24..7027d081 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -48,8 +48,7 @@ phases: - export TENANT_ADMIN_EMAIL=$(echo $tenant | jq -r '.contacts[] | select(.isPrimary == true) | .email') - export USERNAME=$(echo $tenant | jq -r '.key') - export KEY=$(echo $tenant | jq -r '.key') - #- export IdP=$(echo $tenant | jq -r '.IdPKey') - - export IdP="cognito" + - export IdP=$(echo $tenant | jq -r '.identityProvider') - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]') # Exporting Webhook Envs diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template index f924db1f..9d9c458e 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template @@ -63,7 +63,7 @@ featureService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.2" replicaCount: 1 port: 3000 node_env: "production" @@ -100,7 +100,7 @@ authenticationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service pullPolicy: Always - tag: "0.0.2" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -136,7 +136,7 @@ notificationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service pullPolicy: Always - tag: "0.0.2" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -172,7 +172,7 @@ userTenantService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service pullPolicy: Always - tag: "0.0.3" + tag: "0.0.4" replicaCount: 1 port: 3000 node_env: "production" @@ -207,7 +207,7 @@ videoConfrencingService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.2" replicaCount: 1 port: 3000 node_env: "production" diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template b/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template index e186aa95..6c7b6527 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template @@ -63,7 +63,7 @@ featureService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.2" replicaCount: 1 port: 3000 node_env: "production" @@ -100,7 +100,7 @@ authenticationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service pullPolicy: Always - tag: "0.0.2" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -136,7 +136,7 @@ notificationService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service pullPolicy: Always - tag: "0.0.2" + tag: "0.0.3" replicaCount: 1 port: 3000 node_env: "production" @@ -172,7 +172,7 @@ userTenantService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service pullPolicy: Always - tag: "0.0.3" + tag: "0.0.4" replicaCount: 1 port: 3000 node_env: "production" @@ -207,7 +207,7 @@ videoConfrencingService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service pullPolicy: Always - tag: "0.0.1" + tag: "0.0.2" replicaCount: 1 port: 3000 node_env: "production" From bb0f85824cb5a7da0636dd8bdd7ed9c640c1c469 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Tue, 1 Oct 2024 19:18:48 +0530 Subject: [PATCH 27/53] auth0 changes added --- .../tenant-helm-chart/{ => auth0}/.helmignore | 0 .../tenant-helm-chart/{ => auth0}/Chart.yaml | 0 .../tenant-helm-chart/{ => auth0}/README.md | 0 .../{ => auth0}/templates/_helpers.tpl | 0 .../authentication-service-deployment.yaml | 244 ++++++++++++ .../templates/authorization-policy.yaml | 0 .../templates/cm-authentication-service.yaml | 19 + .../templates/cm-feature-service.yaml | 0 .../templates/cm-frontend-service.yaml | 0 .../templates/cm-notification-service.yaml | 0 .../templates/cm-user-tenant-service.yaml | 0 .../cm-video-confrencing-service.yaml | 0 .../templates/feature-service-deployment.yaml | 0 .../frontend-service-deployment.yaml | 0 .../{ => auth0}/templates/gateway.yaml | 0 .../templates/hooks/migration-job.yaml | 0 .../templates/imagePullSecret.yaml | 0 .../templates/kuberhealthy-http-checker.yaml | 0 .../notification-service-deployment.yaml | 0 .../{ => auth0}/templates/provisioner.yaml | 0 .../secret-provider-class-and-sa.yaml | 117 ++++++ .../user-tenant-service-deployment.yaml | 214 ++++++++++ ...video-conferencing-service-deployment.yaml | 0 .../templates/virtual-service.yaml | 0 .../auth0/values.yaml.template | 371 ++++++++++++++++++ .../tenant-helm-chart/cognito}/.helmignore | 0 .../tenant-helm-chart/cognito}/Chart.yaml | 0 .../tenant-helm-chart/cognito}/README.md | 0 .../cognito}/templates/_helpers.tpl | 0 .../authentication-service-deployment.yaml | 0 .../templates/authorization-policy.yaml | 0 .../templates/cm-authentication-service.yaml | 0 .../templates/cm-feature-service.yaml | 0 .../templates/cm-frontend-service.yaml | 0 .../templates/cm-notification-service.yaml | 0 .../templates/cm-user-tenant-service.yaml | 0 .../cm-video-confrencing-service.yaml | 0 .../templates/feature-service-deployment.yaml | 0 .../frontend-service-deployment.yaml | 0 .../cognito}/templates/gateway.yaml | 0 .../templates/hooks/migration-job.yaml | 0 .../cognito}/templates/imagePullSecret.yaml | 0 .../templates/kuberhealthy-http-checker.yaml | 0 .../notification-service-deployment.yaml | 0 .../cognito/templates/provisioner.yaml | 61 +++ .../secret-provider-class-and-sa.yaml | 0 .../user-tenant-service-deployment.yaml | 0 ...video-conferencing-service-deployment.yaml | 0 .../cognito}/templates/virtual-service.yaml | 0 .../{ => cognito}/values.yaml.template | 0 .../tenant-helm-chart/auth0/.helmignore | 23 ++ .../pooled/tenant-helm-chart/auth0/Chart.yaml | 24 ++ .../pooled/tenant-helm-chart/auth0/README.md | 1 + .../auth0/templates/_helpers.tpl | 62 +++ .../authentication-service-deployment.yaml | 244 ++++++++++++ .../auth0/templates/authorization-policy.yaml | 14 + .../templates/cm-authentication-service.yaml | 19 + .../auth0/templates/cm-feature-service.yaml | 19 + .../auth0/templates/cm-frontend-service.yaml | 26 ++ .../templates/cm-notification-service.yaml | 16 + .../templates/cm-user-tenant-service.yaml | 19 + .../cm-video-confrencing-service.yaml | 17 + .../templates/feature-service-deployment.yaml | 244 ++++++++++++ .../frontend-service-deployment.yaml | 129 ++++++ .../auth0/templates/gateway.yaml | 18 + .../auth0/templates/hooks/migration-job.yaml | 164 ++++++++ .../auth0/templates/imagePullSecret.yaml | 12 + .../templates/kuberhealthy-http-checker.yaml | 27 ++ .../notification-service-deployment.yaml | 229 +++++++++++ .../{ => auth0}/templates/provisioner.yaml | 0 .../secret-provider-class-and-sa.yaml | 118 ++++++ .../user-tenant-service-deployment.yaml | 214 ++++++++++ ...video-conferencing-service-deployment.yaml | 219 +++++++++++ .../auth0/templates/virtual-service.yaml | 63 +++ .../auth0/values.yaml.template | 371 ++++++++++++++++++ .../tenant-helm-chart/cognito/.helmignore | 23 ++ .../tenant-helm-chart/cognito/Chart.yaml | 24 ++ .../tenant-helm-chart/cognito/README.md | 1 + .../cognito/templates/_helpers.tpl | 62 +++ .../authentication-service-deployment.yaml | 0 .../templates/authorization-policy.yaml | 14 + .../templates/cm-authentication-service.yaml | 0 .../cognito/templates/cm-feature-service.yaml | 19 + .../templates/cm-frontend-service.yaml | 26 ++ .../templates/cm-notification-service.yaml | 16 + .../templates/cm-user-tenant-service.yaml | 19 + .../cm-video-confrencing-service.yaml | 17 + .../templates/feature-service-deployment.yaml | 244 ++++++++++++ .../frontend-service-deployment.yaml | 129 ++++++ .../cognito/templates/gateway.yaml | 18 + .../templates/hooks/migration-job.yaml | 164 ++++++++ .../cognito/templates/imagePullSecret.yaml | 12 + .../templates/kuberhealthy-http-checker.yaml | 27 ++ .../notification-service-deployment.yaml | 229 +++++++++++ .../cognito/templates/provisioner.yaml | 60 +++ .../secret-provider-class-and-sa.yaml | 0 .../user-tenant-service-deployment.yaml | 0 ...video-conferencing-service-deployment.yaml | 219 +++++++++++ .../cognito/templates/virtual-service.yaml | 63 +++ .../{ => cognito}/values.yaml.template | 0 100 files changed, 4704 insertions(+) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/.helmignore (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/Chart.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/README.md (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/_helpers.tpl (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/authorization-policy.yaml (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-feature-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-frontend-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-notification-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-user-tenant-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-video-confrencing-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/feature-service-deployment.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/frontend-service-deployment.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/gateway.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/hooks/migration-job.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/imagePullSecret.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/kuberhealthy-http-checker.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/notification-service-deployment.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/provisioner.yaml (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/video-conferencing-service-deployment.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/virtual-service.yaml (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/.helmignore (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/Chart.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/README.md (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/_helpers.tpl (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/templates/authentication-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/authorization-policy.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/templates/cm-authentication-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-feature-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-frontend-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-notification-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-user-tenant-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-video-confrencing-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/feature-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/frontend-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/gateway.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/hooks/migration-job.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/imagePullSecret.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/kuberhealthy-http-checker.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/notification-service-deployment.yaml (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/templates/secret-provider-class-and-sa.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/templates/user-tenant-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/video-conferencing-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/virtual-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/values.yaml.template (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/.helmignore create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/Chart.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/README.md create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/_helpers.tpl create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authorization-policy.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-feature-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-notification-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/gateway.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/imagePullSecret.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml rename files/tenant-samples/pooled/tenant-helm-chart/{ => auth0}/templates/provisioner.yaml (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/virtual-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/.helmignore create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/Chart.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/README.md create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/_helpers.tpl rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/templates/authentication-service-deployment.yaml (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authorization-policy.yaml rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/templates/cm-authentication-service.yaml (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-feature-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-notification-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/gateway.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/imagePullSecret.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/templates/secret-provider-class-and-sa.yaml (100%) rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/templates/user-tenant-service-deployment.yaml (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/virtual-service.yaml rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/values.yaml.template (100%) diff --git a/files/tenant-samples/bridge/tenant-helm-chart/.helmignore b/files/tenant-samples/bridge/tenant-helm-chart/auth0/.helmignore similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/.helmignore rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/.helmignore diff --git a/files/tenant-samples/bridge/tenant-helm-chart/Chart.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/Chart.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/Chart.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/Chart.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/README.md b/files/tenant-samples/bridge/tenant-helm-chart/auth0/README.md similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/README.md rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/README.md diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/_helpers.tpl b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/_helpers.tpl similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/_helpers.tpl rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/_helpers.tpl diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml new file mode 100644 index 00000000..99442569 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml @@ -0,0 +1,244 @@ +{{- if .Values.authenticationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.authenticationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-authentication-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/authentication-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.authenticationService.pullPolicy }} + resources: + {{- toYaml .Values.authenticationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-authentication-service + image: {{ .Values.authenticationService.repository }}:{{ .Values.authenticationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-authentication-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.authenticationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.authenticationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-authentication-service + minReplicas: {{ .Values.authenticationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.authenticationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.authenticationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.authenticationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.authenticationService.service.type }} + ports: + - port: {{ .Values.authenticationService.service.port }} + targetPort: {{ .Values.authenticationService.service.targetPort }} + protocol: {{ .Values.authenticationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: authentication-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/authorization-policy.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authorization-policy.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/authorization-policy.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authorization-policy.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml new file mode 100644 index 00000000..9ddb8c11 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.authenticationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.authenticationService.port }}' + NODE_ENV: '{{ .Values.authenticationService.node_env }}' + LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' + BASE_PATH: '{{ .Values.authenticationService.base_path }}' + DB_SSL: '{{ .Values.authenticationService.db_ssl }}' + PRIVATE_DECRYPTION_KEY: '' + JWT_PRIVATE_KEY: '' + JWT_PUBLIC_KEY: '' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-feature-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-feature-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-feature-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-feature-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-frontend-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-frontend-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-notification-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-notification-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-notification-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-notification-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-user-tenant-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-user-tenant-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-video-confrencing-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/feature-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/feature-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/frontend-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/frontend-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/gateway.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/gateway.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/gateway.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/gateway.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/hooks/migration-job.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/hooks/migration-job.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/imagePullSecret.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/imagePullSecret.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/imagePullSecret.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/imagePullSecret.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/kuberhealthy-http-checker.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/kuberhealthy-http-checker.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/notification-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/notification-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/provisioner.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/provisioner.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/provisioner.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/provisioner.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml new file mode 100644 index 00000000..5e80fe71 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml @@ -0,0 +1,117 @@ +--- +#namespace specific service account for +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + {{- include "helm.labels" . | nindent 4 }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.arn }} + +--- +#custom resource to fetch the secrets from paramter store +apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +kind: SecretProviderClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + labels: + {{- include "helm.labels" . | nindent 4 }} +spec: + provider: aws + secretObjects: + - secretName: api-token + type: Opaque + data: + - objectName: db_host + key: DB_HOST + - objectName: db_port + key: DB_PORT + - objectName: db_user + key: DB_USER + - objectName: db_password + key: DB_PASSWORD + - objectName: db_schema + key: DB_SCHEMA + - objectName: redis_host + key: REDIS_HOST + - objectName: redis_port + key: REDIS_PORT + - objectName: redis_database + key: REDIS_DATABASE + - objectName: jwt_secret + key: JWT_SECRET + - objectName: jwt_issuer + key: JWT_ISSUER + - objectName: authentication_service_db_database + key: AUTHENTICATION_SERVICE_DB_DATABASE + - objectName: feature_db_database + key: FEATURE_DB_DATABASE + - objectName: video_confrencing_service_db_database + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - objectName: notification_service_db_database + - objectName: vonage-api-key-secret + key: VONAGE_API_KEY_SECRET + - objectName: pubnub-pub-key + key: PUBNUB_PUB_KEY + - objectName: pubnub-sub-key + key: PUBNUB_SUB_KEY + - objectName: pubnub-secret-key + key: PUBNUB_SECRET_KEY + parameters: +# region: us-west-2 + objects: | + - objectName: {{ .Values.dbhost }} + objectType: ssmparameter + objectAlias: db_host + - objectName: {{ .Values.dbport }} + objectType: ssmparameter + objectAlias: db_port + - objectName: {{ .Values.dbuser }} + objectType: ssmparameter + objectAlias: db_user + - objectName: {{ .Values.dbpassword }} + objectType: ssmparameter + objectAlias: db_password + - objectName: {{ .Values.dbschema }} + objectType: ssmparameter + objectAlias: db_schema + - objectName: {{ .Values.redishost }} + objectType: ssmparameter + objectAlias: redis_host + - objectName: {{ .Values.redisport }} + objectType: ssmparameter + objectAlias: redis_port + - objectName: {{ .Values.redisdatabase }} + objectType: ssmparameter + objectAlias: redis_database + - objectName: {{ .Values.jwtsecret }} + objectType: ssmparameter + objectAlias: jwt_secret + - objectName: {{ .Values.jwtissuer }} + objectType: ssmparameter + objectAlias: jwt_issuer + - objectName: {{ .Values.authenticationdbdatabase }} + objectType: ssmparameter + objectAlias: authentication_service_db_database + - objectName: {{ .Values.featuredbdatabase }} + objectType: ssmparameter + objectAlias: feature_db_database + - objectName: {{ .Values.notificationdbdatabase }} + objectType: ssmparameter + objectAlias: notification_service_db_database + - objectName: {{ .Values.videoconfrencingdbdatabase }} + objectType: ssmparameter + objectAlias: video_confrencing_service_db_database + - objectName: {{ .Values.vonageSecret }} + objectType: ssmparameter + objectAlias: vonage-api-key-secret + - objectName: {{ .Values.pubnubPubKey }} + objectType: ssmparameter + objectAlias: pubnub-pub-key + - objectName: {{ .Values.pubnubSubKey }} + objectType: ssmparameter + objectAlias: pubnub-sub-key + - objectName: {{ .Values.pubnubSecretKey }} + objectType: ssmparameter + objectAlias: pubnub-secret-key \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml new file mode 100644 index 00000000..aa8a3a07 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml @@ -0,0 +1,214 @@ +{{- if .Values.userTenantService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.userTenantService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-user-tenant-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/user-tenant-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.userTenantService.pullPolicy }} + resources: + {{- toYaml .Values.userTenantService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-user-tenant-service + image: {{ .Values.userTenantService.repository }}:{{ .Values.userTenantService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.userTenantService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.userTenantService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-user-tenant-service + minReplicas: {{ .Values.userTenantService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.userTenantService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.userTenantService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.userTenantService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.userTenantService.service.type }} + ports: + - port: {{ .Values.userTenantService.service.port }} + targetPort: {{ .Values.userTenantService.service.targetPort }} + protocol: {{ .Values.userTenantService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: user-tenant-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/video-conferencing-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/video-conferencing-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/virtual-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/virtual-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/virtual-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/virtual-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template new file mode 100644 index 00000000..d9fd64e9 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template @@ -0,0 +1,371 @@ +# Default values for helm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +strategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 +app: + url: "" + basePath: "" +livenessProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 7 +readinessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + +frontend: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-ui + pullPolicy: Always + tag: "0.0.5" + log_level: "info" + home_path: "/home" + replicaCount: 1 + affinity: {} + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "2" + Service: + type: NodePort + port: 80 + targetPort: 80 + protocol: TCP + extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "false" + enabled: "1" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 20 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + + +#Services +#featureService +featureService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + timestamp_tolerance: 300 + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /feature-service + +#authenticationService +authenticationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /authentication-service + +#notificationService +notificationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /notification-service + +#userTenantService +userTenantService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service + pullPolicy: Always + tag: "0.0.4" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /user-tenant-service + +videoConfrencingService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /video-confrencing-service + +#migrationJob +migrationJob: +#enable it when correct image has been provided + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-migration + pullPolicy: Always + tag: "0.0.1" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + +##Common env's + +#Common URL'S + +imagePullSecret: +#enable it and pass the correct parameters below + enabled: false + name: regcred + registry: https://index.docker.io/v1/ + username: '' + password: '' + email: sfdevops@sourcefuse.com + +nameOverride: "" + +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "true" + enabled: "1" + +nodeSelector: {} + +tolerations: + - effect: NoSchedule + key: pooled-node + operator: Equal + value: "pooled" + +affinity: {} + +#Migration Job Variable +tenantKey: ${TENANT_KEY} +tenantName: ${TENANT_NAME} +tenantSecret: ${TENANT_SECRET} +tenantID: ${TENANT_ID} +tenantEmail: ${TENANT_EMAIL} +adminUserTenantId: "b439829b-57e7-49d8-bb23-8ccb2ca56435" +#userCallbackSecret: "yugeyifgweyfgy" +userCallbackSecret: ${USER_CALLBACK_SECRET} + +# Frontend variable +clientId: ${TENANT_CLIENT_ID} +publicKey: ${TENANT_CLIENT_SECRET} + +tier: ${TIER} +namespace: ${NAMESPACE} +region: ${REGION} +karpenterRoleName: ${KARPENTER_ROLE} +eksClusterName: ${EKS_CLUSTER_NAME} +hostname: ${TENANT_HOST_NAME} +tenant: ${TENANT_KEY} +arn: ${WEB_IDENTITY_ROLE_ARN} +dbhost: ${DB_HOST} +dbport: ${DB_PORT} +dbuser: ${DB_USER} +dbpassword: ${DB_PASSWORD} +dbschema: ${DB_SCHEMA} +redishost: ${REDIS_HOST} +redisport: ${REDIS_PORT} +redisdatabase: ${REDIS_DATABASE} +jwtsecret: ${JWT_SECRET} +jwtissuer: ${JWT_ISSUER} +authenticationdbdatabase: ${AUTH_DATABASE} +featuredbdatabase: ${FEATURE_DATABASE} +notificationdbdatabase: ${NOTIFICATION_DATABASE} +videoconfrencingdbdatabase: ${VIDEO_CONFRENCING_DATABASE} + +# pubnub config +vonageSecret: /pubnub/vonage-api-key-secret +pubnubPubKey: /pubnub/public-key +pubnubSubKey: /pubnub/subscribe-key +pubnubSecretKey: /pubnub/secret-key \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/.helmignore b/files/tenant-samples/bridge/tenant-helm-chart/cognito/.helmignore similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/.helmignore rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/.helmignore diff --git a/files/tenant-samples/pooled/tenant-helm-chart/Chart.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/Chart.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/Chart.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/Chart.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/README.md b/files/tenant-samples/bridge/tenant-helm-chart/cognito/README.md similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/README.md rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/README.md diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/_helpers.tpl b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/_helpers.tpl similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/_helpers.tpl rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/_helpers.tpl diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/authentication-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/authentication-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/authorization-policy.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/authorization-policy.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/authorization-policy.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/authorization-policy.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-authentication-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-authentication-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-feature-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-feature-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-feature-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-feature-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-frontend-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-frontend-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-notification-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-notification-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-notification-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-notification-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-user-tenant-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-user-tenant-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-video-confrencing-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/feature-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/feature-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/frontend-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/frontend-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/gateway.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/gateway.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/gateway.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/gateway.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/hooks/migration-job.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/hooks/migration-job.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/imagePullSecret.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/imagePullSecret.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/imagePullSecret.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/imagePullSecret.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/kuberhealthy-http-checker.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/kuberhealthy-http-checker.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/notification-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/notification-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml new file mode 100644 index 00000000..5ed47914 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml @@ -0,0 +1,61 @@ +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "NodePool to restrict the number of cpus provisioned to 100" +spec: + template: + metadata: + labels: + pooled-node: {{ .Values.tier }} + spec: + requirements: + - key: kubernetes.io/arch + operator: In + values: ["amd64"] + - key: kubernetes.io/os + operator: In + values: ["linux"] + - key: karpenter.sh/capacity-type + operator: In + values: ["on-demand"] + - key: karpenter.k8s.aws/instance-category + operator: In + values: ["t"] + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: ["2"] + nodeClassRef: + name: {{ .Values.tier }}-{{ .Values.tenant }} + taints: + - key: pooled-node + value: "pooled" + effect: NoSchedule + + limits: + cpu: 100 + memory: 1000Gi +--- +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "General purpose EC2NodeClass for running Amazon Linux 2 nodes" +spec: + amiFamily: AL2 # Amazon Linux 2 + role: {{ .Values.karpenterRoleName }} + subnetSelectorTerms: + - tags: + Type: "private" + securityGroupSelectorTerms: + - tags: + "aws:eks:cluster-name": {{ .Values.eksClusterName }} + tags: + Tenant: "pooled" + + + + + diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/user-tenant-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/video-conferencing-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/video-conferencing-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/virtual-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/virtual-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/virtual-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/virtual-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/values.yaml.template b/files/tenant-samples/bridge/tenant-helm-chart/cognito/values.yaml.template similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/values.yaml.template rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/values.yaml.template diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/.helmignore b/files/tenant-samples/pooled/tenant-helm-chart/auth0/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/Chart.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/Chart.yaml new file mode 100644 index 00000000..fc389922 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: helm +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/README.md b/files/tenant-samples/pooled/tenant-helm-chart/auth0/README.md new file mode 100644 index 00000000..524ebf64 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/README.md @@ -0,0 +1 @@ +# ARC-SAAS Application Plane Helm \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/_helpers.tpl b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/_helpers.tpl new file mode 100644 index 00000000..69baf8f2 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm.labels" -}} +helm.sh/chart: {{ include "helm.chart" . }} +{{ include "helm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm.selectorLabels" -}} +app: {{ include "helm.name" . }} + +{{- end }} + + +{{/* +Configuring .dockerconfigjson +*/}} +{{- define "imagePullSecret" }} +{{- with .Values.imagePullSecret }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml new file mode 100644 index 00000000..99442569 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml @@ -0,0 +1,244 @@ +{{- if .Values.authenticationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.authenticationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-authentication-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/authentication-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.authenticationService.pullPolicy }} + resources: + {{- toYaml .Values.authenticationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-authentication-service + image: {{ .Values.authenticationService.repository }}:{{ .Values.authenticationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-authentication-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.authenticationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.authenticationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-authentication-service + minReplicas: {{ .Values.authenticationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.authenticationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.authenticationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.authenticationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.authenticationService.service.type }} + ports: + - port: {{ .Values.authenticationService.service.port }} + targetPort: {{ .Values.authenticationService.service.targetPort }} + protocol: {{ .Values.authenticationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: authentication-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authorization-policy.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authorization-policy.yaml new file mode 100644 index 00000000..ebb14452 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authorization-policy.yaml @@ -0,0 +1,14 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: deny-traffic-from-cross-namespace + namespace: {{ .Values.namespace }} + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + action: ALLOW + rules: + - from: + - source: + namespaces: ["{{ .Values.namespace }}","kube-system","prometheus-node-exporter", "adot-collector-kubeprometheus","istio-system","karpenter","kubecost", "kuberhealthy", "argocd", "argo-workflows"] \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml new file mode 100644 index 00000000..9ddb8c11 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.authenticationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.authenticationService.port }}' + NODE_ENV: '{{ .Values.authenticationService.node_env }}' + LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' + BASE_PATH: '{{ .Values.authenticationService.base_path }}' + DB_SSL: '{{ .Values.authenticationService.db_ssl }}' + PRIVATE_DECRYPTION_KEY: '' + JWT_PRIVATE_KEY: '' + JWT_PUBLIC_KEY: '' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-feature-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-feature-service.yaml new file mode 100644 index 00000000..f6f18490 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-feature-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.featureService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.featureService.port }}' + NODE_ENV: '{{ .Values.featureService.node_env }}' + LOG_LEVEL: '{{ .Values.featureService.log_level }}' + BASE_PATH: '{{ .Values.featureService.base_path }}' + DB_SSL: '{{ .Values.featureService.db_ssl }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + TIMESTAMP_TOLERANCE: '{{ .Values.featureService.timestamp_tolerance}}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml new file mode 100644 index 00000000..13352de3 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.frontend.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + env: |- + { + "baseApiUrl": "https://{{ .Values.hostname }}", + "authApiBaseUrl": "https://{{ .Values.hostname }}/authentication-service", + "notificationApiBaseUrl" :"https://{{ .Values.hostname }}/notification-service", + "homePath": "{{ .Values.frontend.home_path }}", + "videoApiBaseUrl": "https://{{ .Values.hostname }}/video-confrencing-service", + "notificationChannelUuid": "9f7360f6-5c1a-4354-ad68-0e62b2a1200b", + "chatChannelUuid": "ad0cac27-972e-4b69-9188-3685f7eeb8bb", + "vonageApiKey": "47793071", + "logLevel": "{{ .Values.frontend.log_level }}", + "clientId": "{{ .Values.clientId }}", + "clientSecret": "{{ .Values.publicKey }}", + "loginTitle": "Welcome to the Telemed App" + } +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-notification-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-notification-service.yaml new file mode 100644 index 00000000..87d683da --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-notification-service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.notificationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.notificationService.port }}' + NODE_ENV: '{{ .Values.notificationService.node_env }}' + LOG_LEVEL: '{{ .Values.notificationService.log_level }}' + BASE_PATH: '{{ .Values.notificationService.base_path }}' + DB_SSL: '{{ .Values.notificationService.db_ssl }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml new file mode 100644 index 00000000..e429bc25 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.userTenantService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.userTenantService.port }}' + NODE_ENV: '{{ .Values.userTenantService.node_env }}' + LOG_LEVEL: '{{ .Values.userTenantService.log_level }}' + BASE_PATH: '{{ .Values.userTenantService.base_path }}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + DB_SSL: '{{ .Values.userTenantService.db_ssl }}' + AWS_REGION: '{{ .Values.region }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml new file mode 100644 index 00000000..df67fa42 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.videoConfrencingService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.videoConfrencingService.port }}' + NODE_ENV: '{{ .Values.videoConfrencingService.node_env }}' + LOG_LEVEL: '{{ .Values.videoConfrencingService.log_level }}' + BASE_PATH: '{{ .Values.videoConfrencingService.base_path }}' + DB_SSL: '{{ .Values.videoConfrencingService.db_ssl }}' + VONAGE_API_KEY: '47793071' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml new file mode 100644 index 00000000..abaaa2d9 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml @@ -0,0 +1,244 @@ +{{- if .Values.featureService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.featureService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-feature-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/feature-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.featureService.pullPolicy }} + resources: + {{- toYaml .Values.featureService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-feature-service + image: {{ .Values.featureService.repository }}:{{ .Values.featureService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-feature-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.featureService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.featureService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-feature-service + minReplicas: {{ .Values.featureService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.featureService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.featureService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.featureService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.featureService.service.type }} + ports: + - port: {{ .Values.featureService.service.port }} + targetPort: {{ .Values.featureService.service.targetPort }} + protocol: {{ .Values.featureService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: feature-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml new file mode 100644 index 00000000..b4fd696f --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml @@ -0,0 +1,129 @@ +--- +#Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-frontend-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/frontend/obf/metrics +{{- if .Values.frontend.extraAnnotations }} +{{ toYaml .Values.frontend.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: frontend + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.frontend.pullPolicy }} + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-frontend + image: {{ .Values.frontend.repository }}:{{ .Values.frontend.tag }} + ports: + - containerPort: 80 + volumeMounts: + - name: env-var + mountPath: /usr/share/nginx/html/config.json + subPath: config.json + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: pubnubPublishKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: pubnubSubscribeKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: env-var + configMap: + name: {{ include "helm.fullname" . }}-cm-frontend + items: + - key: env + path: config.json + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.frontend.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.frontend.Service.type }} + ports: + - port: {{ .Values.frontend.Service.port }} + targetPort: {{ .Values.frontend.Service.targetPort }} + protocol: {{ .Values.frontend.Service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: frontend +--- \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/gateway.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/gateway.yaml new file mode 100644 index 00000000..b534262f --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - {{ .Values.hostname }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml new file mode 100644 index 00000000..81f2dbcc --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml @@ -0,0 +1,164 @@ +{{- if .Values.migrationJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ template "helm.fullname" . }}-migration-job" + annotations: + argocd.argoproj.io/hook: PostSync +spec: + backoffLimit: 20 + activeDeadlineSeconds: 600 + ttlSecondsAfterFinished: 3600 + parallelism: 1 + completions: 1 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + restartPolicy: 'OnFailure' + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} + containers: + - name: init + image: {{ .Values.migrationJob.repository }}:{{ .Values.migrationJob.tag }} + imagePullPolicy: {{ .Values.migrationJob.pullPolicy }} + resources: +{{ toYaml .Values.migrationJob.resources | indent 10 }} + command: ["/bin/sh", "-c"] + args: ["cd packages/migrations; npm run db:migrate"] + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: AUTH_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: AUTH_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: AUTH_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: AUTH_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: AUTH_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: NOTIF_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: NOTIF_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: NOTIF_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: NOTIF_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: NOTIF_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: VIDEO_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: VIDEO_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: VIDEO_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: VIDEO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: VIDEO_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + + - name: TENANT_NAME + value: {{ .Values.tenantName }} + - name: TENANT_KEY + value: {{ .Values.tenantKey }} + - name: SECRET + value: {{ .Values.tenantSecret }} + - name: TENANT_EMAIL + value: {{ .Values.tenantEmail }} + - name: CLIENT_ID + value: {{ .Values.clientId }} + - name: CLIENT_SECRET + value: {{ .Values.publicKey }} + - name: ADMIN_USER_TENANT_ID + value: {{ .Values.adminUserTenantId }} + - name: REDIRECT_URL + value: "https://{{ .Values.hostname }}{{ .Values.frontend.home_path }}" + # - name: USERNAME + # value: {{ .Values.cognitoUser }} + # - name: USER_SUB + # value: {{ .Values.cognitoSub }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/imagePullSecret.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/imagePullSecret.yaml new file mode 100644 index 00000000..d40fa6ab --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/imagePullSecret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.imagePullSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.imagePullSecret.name }} + labels: + {{- include "helm.labels" . | nindent 4 }} + component: {{ include "helm.name" . }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml new file mode 100644 index 00000000..b793f40d --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml @@ -0,0 +1,27 @@ +apiVersion: comcast.github.io/v1 +kind: KuberhealthyCheck +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-http-check + namespace: kuberhealthy + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + runInterval: 5m + timeout: 10m + podSpec: + containers: + - name: main + image: kuberhealthy/http-check:latest + imagePullPolicy: IfNotPresent + env: + - name: CHECK_URL + value: "https://{{ .Values.hostname }}/" + - name: COUNT + value: "5" + - name: SECONDS + value: "1" + - name: REQUEST_TYPE + value: "GET" + - name: PASSING + value: "80" \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml new file mode 100644 index 00000000..6de67db6 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml @@ -0,0 +1,229 @@ +{{- if .Values.notificationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.notificationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-notification-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/notification-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.notificationService.pullPolicy }} + resources: + {{- toYaml .Values.notificationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-notification-service + image: {{ .Values.notificationService.repository }}:{{ .Values.notificationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-notification-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: PUBNUB_PUBLISH_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: PUBNUB_SUBSCRIBE_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY + - name: PUBNUB_SECRET_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SECRET_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.notificationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.notificationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-notification-service + minReplicas: {{ .Values.notificationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.notificationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.notificationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.notificationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.notificationService.service.type }} + ports: + - port: {{ .Values.notificationService.service.port }} + targetPort: {{ .Values.notificationService.service.targetPort }} + protocol: {{ .Values.notificationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: notification-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/provisioner.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/provisioner.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/provisioner.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/provisioner.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml new file mode 100644 index 00000000..45c0d9e5 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml @@ -0,0 +1,118 @@ +--- +#namespace specific service account for +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + {{- include "helm.labels" . | nindent 4 }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.arn }} + +--- +#custom resource to fetch the secrets from paramter store +apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +kind: SecretProviderClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + labels: + {{- include "helm.labels" . | nindent 4 }} +spec: + provider: aws + secretObjects: + - secretName: api-token + type: Opaque + data: + - objectName: db_host + key: DB_HOST + - objectName: db_port + key: DB_PORT + - objectName: db_user + key: DB_USER + - objectName: db_password + key: DB_PASSWORD + - objectName: db_schema + key: DB_SCHEMA + - objectName: redis_host + key: REDIS_HOST + - objectName: redis_port + key: REDIS_PORT + - objectName: redis_database + key: REDIS_DATABASE + - objectName: jwt_secret + key: JWT_SECRET + - objectName: jwt_issuer + key: JWT_ISSUER + - objectName: authentication_service_db_database + key: AUTHENTICATION_SERVICE_DB_DATABASE + - objectName: feature_db_database + key: FEATURE_DB_DATABASE + - objectName: video_confrencing_service_db_database + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - objectName: notification_service_db_database + key: NOTIFICATION_SERVICE_DB_DATABASE + - objectName: vonage-api-key-secret + key: VONAGE_API_KEY_SECRET + - objectName: pubnub-pub-key + key: PUBNUB_PUB_KEY + - objectName: pubnub-sub-key + key: PUBNUB_SUB_KEY + - objectName: pubnub-secret-key + key: PUBNUB_SECRET_KEY + parameters: +# region: us-west-2 + objects: | + - objectName: {{ .Values.dbhost }} + objectType: ssmparameter + objectAlias: db_host + - objectName: {{ .Values.dbport }} + objectType: ssmparameter + objectAlias: db_port + - objectName: {{ .Values.dbuser }} + objectType: ssmparameter + objectAlias: db_user + - objectName: {{ .Values.dbpassword }} + objectType: ssmparameter + objectAlias: db_password + - objectName: {{ .Values.dbschema }} + objectType: ssmparameter + objectAlias: db_schema + - objectName: {{ .Values.redishost }} + objectType: ssmparameter + objectAlias: redis_host + - objectName: {{ .Values.redisport }} + objectType: ssmparameter + objectAlias: redis_port + - objectName: {{ .Values.redisdatabase }} + objectType: ssmparameter + objectAlias: redis_database + - objectName: {{ .Values.jwtsecret }} + objectType: ssmparameter + objectAlias: jwt_secret + - objectName: {{ .Values.jwtissuer }} + objectType: ssmparameter + objectAlias: jwt_issuer + - objectName: {{ .Values.authenticationdbdatabase }} + objectType: ssmparameter + objectAlias: authentication_service_db_database + - objectName: {{ .Values.featuredbdatabase }} + objectType: ssmparameter + objectAlias: feature_db_database + - objectName: {{ .Values.notificationdbdatabase }} + objectType: ssmparameter + objectAlias: notification_service_db_database + - objectName: {{ .Values.videoconfrencingdbdatabase }} + objectType: ssmparameter + objectAlias: video_confrencing_service_db_database + - objectName: {{ .Values.vonageSecret }} + objectType: ssmparameter + objectAlias: vonage-api-key-secret + - objectName: {{ .Values.pubnubPubKey }} + objectType: ssmparameter + objectAlias: pubnub-pub-key + - objectName: {{ .Values.pubnubSubKey }} + objectType: ssmparameter + objectAlias: pubnub-sub-key + - objectName: {{ .Values.pubnubSecretKey }} + objectType: ssmparameter + objectAlias: pubnub-secret-key \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml new file mode 100644 index 00000000..aa8a3a07 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml @@ -0,0 +1,214 @@ +{{- if .Values.userTenantService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.userTenantService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-user-tenant-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/user-tenant-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.userTenantService.pullPolicy }} + resources: + {{- toYaml .Values.userTenantService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-user-tenant-service + image: {{ .Values.userTenantService.repository }}:{{ .Values.userTenantService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.userTenantService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.userTenantService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-user-tenant-service + minReplicas: {{ .Values.userTenantService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.userTenantService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.userTenantService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.userTenantService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.userTenantService.service.type }} + ports: + - port: {{ .Values.userTenantService.service.port }} + targetPort: {{ .Values.userTenantService.service.targetPort }} + protocol: {{ .Values.userTenantService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: user-tenant-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml new file mode 100644 index 00000000..4707073a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml @@ -0,0 +1,219 @@ +{{- if .Values.videoConfrencingService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.videoConfrencingService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-video-confrencing-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/video-confrencing-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.videoConfrencingService.pullPolicy }} + resources: + {{- toYaml .Values.videoConfrencingService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-video-confrencing-service + image: {{ .Values.videoConfrencingService.repository }}:{{ .Values.videoConfrencingService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: VONAGE_API_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: VONAGE_API_KEY_SECRET +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.videoConfrencingService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.videoConfrencingService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-video-confrencing-service + minReplicas: {{ .Values.videoConfrencingService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.videoConfrencingService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.videoConfrencingService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.videoConfrencingService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.videoConfrencingService.service.type }} + ports: + - port: {{ .Values.videoConfrencingService.service.port }} + targetPort: {{ .Values.videoConfrencingService.service.targetPort }} + protocol: {{ .Values.videoConfrencingService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/virtual-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/virtual-service.yaml new file mode 100644 index 00000000..f46c6b4a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/virtual-service.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + hosts: + - {{ .Values.hostname }} + gateways: + - {{ .Values.tier }}-{{ .Values.tenant }} #create gateway with name as tenant name + http: + - match: + - uri: + prefix: {{ .Values.app.basePath }}/authentication-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-authentication-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/feature-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-feature-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/notification-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-notification-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/user-tenant-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-user-tenant-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/video-confrencing-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-video-confrencing-service" + port: + number: 3000 + - match: + - uri: + prefix: / + route: + - destination: + host: "{{ include "helm.fullname" . }}-frontend" + port: + number: 80 \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template new file mode 100644 index 00000000..d9fd64e9 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template @@ -0,0 +1,371 @@ +# Default values for helm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +strategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 +app: + url: "" + basePath: "" +livenessProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 7 +readinessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + +frontend: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-ui + pullPolicy: Always + tag: "0.0.5" + log_level: "info" + home_path: "/home" + replicaCount: 1 + affinity: {} + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "2" + Service: + type: NodePort + port: 80 + targetPort: 80 + protocol: TCP + extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "false" + enabled: "1" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 20 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + + +#Services +#featureService +featureService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + timestamp_tolerance: 300 + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /feature-service + +#authenticationService +authenticationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /authentication-service + +#notificationService +notificationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /notification-service + +#userTenantService +userTenantService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service + pullPolicy: Always + tag: "0.0.4" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /user-tenant-service + +videoConfrencingService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /video-confrencing-service + +#migrationJob +migrationJob: +#enable it when correct image has been provided + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-migration + pullPolicy: Always + tag: "0.0.1" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + +##Common env's + +#Common URL'S + +imagePullSecret: +#enable it and pass the correct parameters below + enabled: false + name: regcred + registry: https://index.docker.io/v1/ + username: '' + password: '' + email: sfdevops@sourcefuse.com + +nameOverride: "" + +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "true" + enabled: "1" + +nodeSelector: {} + +tolerations: + - effect: NoSchedule + key: pooled-node + operator: Equal + value: "pooled" + +affinity: {} + +#Migration Job Variable +tenantKey: ${TENANT_KEY} +tenantName: ${TENANT_NAME} +tenantSecret: ${TENANT_SECRET} +tenantID: ${TENANT_ID} +tenantEmail: ${TENANT_EMAIL} +adminUserTenantId: "b439829b-57e7-49d8-bb23-8ccb2ca56435" +#userCallbackSecret: "yugeyifgweyfgy" +userCallbackSecret: ${USER_CALLBACK_SECRET} + +# Frontend variable +clientId: ${TENANT_CLIENT_ID} +publicKey: ${TENANT_CLIENT_SECRET} + +tier: ${TIER} +namespace: ${NAMESPACE} +region: ${REGION} +karpenterRoleName: ${KARPENTER_ROLE} +eksClusterName: ${EKS_CLUSTER_NAME} +hostname: ${TENANT_HOST_NAME} +tenant: ${TENANT_KEY} +arn: ${WEB_IDENTITY_ROLE_ARN} +dbhost: ${DB_HOST} +dbport: ${DB_PORT} +dbuser: ${DB_USER} +dbpassword: ${DB_PASSWORD} +dbschema: ${DB_SCHEMA} +redishost: ${REDIS_HOST} +redisport: ${REDIS_PORT} +redisdatabase: ${REDIS_DATABASE} +jwtsecret: ${JWT_SECRET} +jwtissuer: ${JWT_ISSUER} +authenticationdbdatabase: ${AUTH_DATABASE} +featuredbdatabase: ${FEATURE_DATABASE} +notificationdbdatabase: ${NOTIFICATION_DATABASE} +videoconfrencingdbdatabase: ${VIDEO_CONFRENCING_DATABASE} + +# pubnub config +vonageSecret: /pubnub/vonage-api-key-secret +pubnubPubKey: /pubnub/public-key +pubnubSubKey: /pubnub/subscribe-key +pubnubSecretKey: /pubnub/secret-key \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/.helmignore b/files/tenant-samples/pooled/tenant-helm-chart/cognito/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/Chart.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/Chart.yaml new file mode 100644 index 00000000..fc389922 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: helm +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/README.md b/files/tenant-samples/pooled/tenant-helm-chart/cognito/README.md new file mode 100644 index 00000000..524ebf64 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/README.md @@ -0,0 +1 @@ +# ARC-SAAS Application Plane Helm \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/_helpers.tpl b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/_helpers.tpl new file mode 100644 index 00000000..69baf8f2 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm.labels" -}} +helm.sh/chart: {{ include "helm.chart" . }} +{{ include "helm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm.selectorLabels" -}} +app: {{ include "helm.name" . }} + +{{- end }} + + +{{/* +Configuring .dockerconfigjson +*/}} +{{- define "imagePullSecret" }} +{{- with .Values.imagePullSecret }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/authentication-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/authentication-service-deployment.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authorization-policy.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authorization-policy.yaml new file mode 100644 index 00000000..ebb14452 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authorization-policy.yaml @@ -0,0 +1,14 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: deny-traffic-from-cross-namespace + namespace: {{ .Values.namespace }} + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + action: ALLOW + rules: + - from: + - source: + namespaces: ["{{ .Values.namespace }}","kube-system","prometheus-node-exporter", "adot-collector-kubeprometheus","istio-system","karpenter","kubecost", "kuberhealthy", "argocd", "argo-workflows"] \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-authentication-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-authentication-service.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-feature-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-feature-service.yaml new file mode 100644 index 00000000..f6f18490 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-feature-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.featureService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.featureService.port }}' + NODE_ENV: '{{ .Values.featureService.node_env }}' + LOG_LEVEL: '{{ .Values.featureService.log_level }}' + BASE_PATH: '{{ .Values.featureService.base_path }}' + DB_SSL: '{{ .Values.featureService.db_ssl }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + TIMESTAMP_TOLERANCE: '{{ .Values.featureService.timestamp_tolerance}}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml new file mode 100644 index 00000000..13352de3 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.frontend.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + env: |- + { + "baseApiUrl": "https://{{ .Values.hostname }}", + "authApiBaseUrl": "https://{{ .Values.hostname }}/authentication-service", + "notificationApiBaseUrl" :"https://{{ .Values.hostname }}/notification-service", + "homePath": "{{ .Values.frontend.home_path }}", + "videoApiBaseUrl": "https://{{ .Values.hostname }}/video-confrencing-service", + "notificationChannelUuid": "9f7360f6-5c1a-4354-ad68-0e62b2a1200b", + "chatChannelUuid": "ad0cac27-972e-4b69-9188-3685f7eeb8bb", + "vonageApiKey": "47793071", + "logLevel": "{{ .Values.frontend.log_level }}", + "clientId": "{{ .Values.clientId }}", + "clientSecret": "{{ .Values.publicKey }}", + "loginTitle": "Welcome to the Telemed App" + } +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-notification-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-notification-service.yaml new file mode 100644 index 00000000..87d683da --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-notification-service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.notificationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.notificationService.port }}' + NODE_ENV: '{{ .Values.notificationService.node_env }}' + LOG_LEVEL: '{{ .Values.notificationService.log_level }}' + BASE_PATH: '{{ .Values.notificationService.base_path }}' + DB_SSL: '{{ .Values.notificationService.db_ssl }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml new file mode 100644 index 00000000..e429bc25 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.userTenantService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.userTenantService.port }}' + NODE_ENV: '{{ .Values.userTenantService.node_env }}' + LOG_LEVEL: '{{ .Values.userTenantService.log_level }}' + BASE_PATH: '{{ .Values.userTenantService.base_path }}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + DB_SSL: '{{ .Values.userTenantService.db_ssl }}' + AWS_REGION: '{{ .Values.region }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml new file mode 100644 index 00000000..df67fa42 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.videoConfrencingService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.videoConfrencingService.port }}' + NODE_ENV: '{{ .Values.videoConfrencingService.node_env }}' + LOG_LEVEL: '{{ .Values.videoConfrencingService.log_level }}' + BASE_PATH: '{{ .Values.videoConfrencingService.base_path }}' + DB_SSL: '{{ .Values.videoConfrencingService.db_ssl }}' + VONAGE_API_KEY: '47793071' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml new file mode 100644 index 00000000..abaaa2d9 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml @@ -0,0 +1,244 @@ +{{- if .Values.featureService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.featureService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-feature-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/feature-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.featureService.pullPolicy }} + resources: + {{- toYaml .Values.featureService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-feature-service + image: {{ .Values.featureService.repository }}:{{ .Values.featureService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-feature-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.featureService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.featureService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-feature-service + minReplicas: {{ .Values.featureService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.featureService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.featureService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.featureService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.featureService.service.type }} + ports: + - port: {{ .Values.featureService.service.port }} + targetPort: {{ .Values.featureService.service.targetPort }} + protocol: {{ .Values.featureService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: feature-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml new file mode 100644 index 00000000..b4fd696f --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml @@ -0,0 +1,129 @@ +--- +#Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-frontend-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/frontend/obf/metrics +{{- if .Values.frontend.extraAnnotations }} +{{ toYaml .Values.frontend.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: frontend + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.frontend.pullPolicy }} + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-frontend + image: {{ .Values.frontend.repository }}:{{ .Values.frontend.tag }} + ports: + - containerPort: 80 + volumeMounts: + - name: env-var + mountPath: /usr/share/nginx/html/config.json + subPath: config.json + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: pubnubPublishKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: pubnubSubscribeKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: env-var + configMap: + name: {{ include "helm.fullname" . }}-cm-frontend + items: + - key: env + path: config.json + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.frontend.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.frontend.Service.type }} + ports: + - port: {{ .Values.frontend.Service.port }} + targetPort: {{ .Values.frontend.Service.targetPort }} + protocol: {{ .Values.frontend.Service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: frontend +--- \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/gateway.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/gateway.yaml new file mode 100644 index 00000000..b534262f --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - {{ .Values.hostname }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml new file mode 100644 index 00000000..81f2dbcc --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml @@ -0,0 +1,164 @@ +{{- if .Values.migrationJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ template "helm.fullname" . }}-migration-job" + annotations: + argocd.argoproj.io/hook: PostSync +spec: + backoffLimit: 20 + activeDeadlineSeconds: 600 + ttlSecondsAfterFinished: 3600 + parallelism: 1 + completions: 1 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + restartPolicy: 'OnFailure' + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} + containers: + - name: init + image: {{ .Values.migrationJob.repository }}:{{ .Values.migrationJob.tag }} + imagePullPolicy: {{ .Values.migrationJob.pullPolicy }} + resources: +{{ toYaml .Values.migrationJob.resources | indent 10 }} + command: ["/bin/sh", "-c"] + args: ["cd packages/migrations; npm run db:migrate"] + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: AUTH_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: AUTH_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: AUTH_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: AUTH_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: AUTH_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: NOTIF_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: NOTIF_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: NOTIF_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: NOTIF_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: NOTIF_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: VIDEO_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: VIDEO_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: VIDEO_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: VIDEO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: VIDEO_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + + - name: TENANT_NAME + value: {{ .Values.tenantName }} + - name: TENANT_KEY + value: {{ .Values.tenantKey }} + - name: SECRET + value: {{ .Values.tenantSecret }} + - name: TENANT_EMAIL + value: {{ .Values.tenantEmail }} + - name: CLIENT_ID + value: {{ .Values.clientId }} + - name: CLIENT_SECRET + value: {{ .Values.publicKey }} + - name: ADMIN_USER_TENANT_ID + value: {{ .Values.adminUserTenantId }} + - name: REDIRECT_URL + value: "https://{{ .Values.hostname }}{{ .Values.frontend.home_path }}" + # - name: USERNAME + # value: {{ .Values.cognitoUser }} + # - name: USER_SUB + # value: {{ .Values.cognitoSub }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/imagePullSecret.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/imagePullSecret.yaml new file mode 100644 index 00000000..d40fa6ab --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/imagePullSecret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.imagePullSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.imagePullSecret.name }} + labels: + {{- include "helm.labels" . | nindent 4 }} + component: {{ include "helm.name" . }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml new file mode 100644 index 00000000..b793f40d --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml @@ -0,0 +1,27 @@ +apiVersion: comcast.github.io/v1 +kind: KuberhealthyCheck +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-http-check + namespace: kuberhealthy + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + runInterval: 5m + timeout: 10m + podSpec: + containers: + - name: main + image: kuberhealthy/http-check:latest + imagePullPolicy: IfNotPresent + env: + - name: CHECK_URL + value: "https://{{ .Values.hostname }}/" + - name: COUNT + value: "5" + - name: SECONDS + value: "1" + - name: REQUEST_TYPE + value: "GET" + - name: PASSING + value: "80" \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml new file mode 100644 index 00000000..6de67db6 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml @@ -0,0 +1,229 @@ +{{- if .Values.notificationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.notificationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-notification-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/notification-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.notificationService.pullPolicy }} + resources: + {{- toYaml .Values.notificationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-notification-service + image: {{ .Values.notificationService.repository }}:{{ .Values.notificationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-notification-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: PUBNUB_PUBLISH_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: PUBNUB_SUBSCRIBE_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY + - name: PUBNUB_SECRET_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SECRET_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.notificationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.notificationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-notification-service + minReplicas: {{ .Values.notificationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.notificationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.notificationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.notificationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.notificationService.service.type }} + ports: + - port: {{ .Values.notificationService.service.port }} + targetPort: {{ .Values.notificationService.service.targetPort }} + protocol: {{ .Values.notificationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: notification-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml new file mode 100644 index 00000000..49843c8a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml @@ -0,0 +1,60 @@ +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "NodePool to restrict the number of cpus provisioned to 100" +spec: + template: + metadata: + labels: + pooled-node: {{ .Values.tier }} + spec: + requirements: + - key: kubernetes.io/arch + operator: In + values: ["amd64"] + - key: kubernetes.io/os + operator: In + values: ["linux"] + - key: karpenter.sh/capacity-type + operator: In + values: ["on-demand"] + - key: karpenter.k8s.aws/instance-category + operator: In + values: ["t"] + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: ["2"] + nodeClassRef: + name: {{ .Values.tier }}-{{ .Values.tenant }} + taints: + - key: pooled-node + value: "pooled" + effect: NoSchedule + + limits: + cpu: 100 + memory: 1000Gi +--- +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "General purpose EC2NodeClass for running Amazon Linux 2 nodes" +spec: + amiFamily: AL2 # Amazon Linux 2 + role: {{ .Values.karpenterRoleName }} + subnetSelectorTerms: + - tags: + Type: "private" + securityGroupSelectorTerms: + - tags: + "aws:eks:cluster-name": {{ .Values.eksClusterName }} + tags: + Tenant: "pooled" + + + + diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/user-tenant-service-deployment.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml new file mode 100644 index 00000000..4707073a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml @@ -0,0 +1,219 @@ +{{- if .Values.videoConfrencingService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.videoConfrencingService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-video-confrencing-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/video-confrencing-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.videoConfrencingService.pullPolicy }} + resources: + {{- toYaml .Values.videoConfrencingService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-video-confrencing-service + image: {{ .Values.videoConfrencingService.repository }}:{{ .Values.videoConfrencingService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: VONAGE_API_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: VONAGE_API_KEY_SECRET +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.videoConfrencingService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.videoConfrencingService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-video-confrencing-service + minReplicas: {{ .Values.videoConfrencingService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.videoConfrencingService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.videoConfrencingService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.videoConfrencingService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.videoConfrencingService.service.type }} + ports: + - port: {{ .Values.videoConfrencingService.service.port }} + targetPort: {{ .Values.videoConfrencingService.service.targetPort }} + protocol: {{ .Values.videoConfrencingService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/virtual-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/virtual-service.yaml new file mode 100644 index 00000000..f46c6b4a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/virtual-service.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + hosts: + - {{ .Values.hostname }} + gateways: + - {{ .Values.tier }}-{{ .Values.tenant }} #create gateway with name as tenant name + http: + - match: + - uri: + prefix: {{ .Values.app.basePath }}/authentication-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-authentication-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/feature-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-feature-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/notification-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-notification-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/user-tenant-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-user-tenant-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/video-confrencing-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-video-confrencing-service" + port: + number: 3000 + - match: + - uri: + prefix: / + route: + - destination: + host: "{{ include "helm.fullname" . }}-frontend" + port: + number: 80 \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/values.yaml.template b/files/tenant-samples/pooled/tenant-helm-chart/cognito/values.yaml.template similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/values.yaml.template rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/values.yaml.template From b6e9e700f39d6e7e3d7bfd9deff8e83771406aad Mon Sep 17 00:00:00 2001 From: sfdevops Date: Fri, 4 Oct 2024 07:10:24 +0530 Subject: [PATCH 28/53] env updated --- .../templates/cm-subscription-service.yaml | 1 + .../control-plane-helm-chart/values.yaml.template | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/files/control-plane/control-plane-helm-chart/templates/cm-subscription-service.yaml b/files/control-plane/control-plane-helm-chart/templates/cm-subscription-service.yaml index 9cee699d..91b29ca8 100644 --- a/files/control-plane/control-plane-helm-chart/templates/cm-subscription-service.yaml +++ b/files/control-plane/control-plane-helm-chart/templates/cm-subscription-service.yaml @@ -12,6 +12,7 @@ data: BASE_PATH: '{{ .Values.subscriptionService.base_path }}' SITE: '{{ .Values.subscriptionService.site }}' API_KEY: '{{ .Values.subscriptionService.api_key }}' + PAYMENT_GATEWAY_ID: '{{ .Values.subscriptionService.payment_gateway_id }}' WEBHOOK_USERNAME: '{{ .Values.tenantMgmtFacade.webhook_user }}' WEBHOOK_PASSWORD: '{{ .Values.tenantMgmtFacade.webhook_password }}' {{- end}} \ No newline at end of file diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index 3d00e999..dab363a3 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -216,8 +216,9 @@ subscriptionService: port: 3000 node_env: "production" log_level: "info" - site: "sunnytyagiplus6-test" - api_key: "test_dw4pcuXuEqQ1cufcdg6GfeRUZpCSRHxOW37" + site: "sunnytyagius-test" + api_key: "test_iUcCGYbbDuzFjRCEp3pPBullSKtvs6ln" + payment_gateway_id="gw_AzZixqUPYLFzJTgu" affinity: {} allowed_origins: "*" imagePullPolicy: @@ -323,7 +324,7 @@ migrationJob: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-migration pullPolicy: Always - tag: "0.0.3" + tag: "0.0.4" replicaCount: 1 affinity: {} allowed_origins: "*" From 0070b90ba450c05165b0cb4a2f9a44d57456534a Mon Sep 17 00:00:00 2001 From: sfdevops Date: Fri, 4 Oct 2024 11:09:47 +0530 Subject: [PATCH 29/53] env added --- .../templates/cm-tenant-mgmt-service.yaml | 2 ++ .../templates/secret-provider-class-and-sa.yaml | 5 +++++ .../templates/tenant-mgmt-service-deployment.yaml | 5 +++++ .../control-plane-helm-chart/values.yaml.template | 5 ++++- terraform/control-plane-application/data.tf | 4 ++++ terraform/control-plane-application/main.tf | 1 + 6 files changed, 21 insertions(+), 1 deletion(-) diff --git a/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml b/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml index 145a488a..867d5fa1 100644 --- a/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml +++ b/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml @@ -20,4 +20,6 @@ data: SYSTEM_USER_ID: '{{ .Values.adminUserTenantId }}' EVENT_BUS_NAME: '{{ .Values.projectName }}-{{ .Values.environment }}-DecouplingEventBus' EVENT_BUS_REGION: '{{ .Values.region }}' + AUTH0_DOMAIN: '{{ .Values.tenantMgmtService.auth0_domain }}' + AUTH0_CLIENT_ID: '{{ .Values.tenantMgmtService.auth0_client_id }}' {{- end}} \ No newline at end of file diff --git a/files/control-plane/control-plane-helm-chart/templates/secret-provider-class-and-sa.yaml b/files/control-plane/control-plane-helm-chart/templates/secret-provider-class-and-sa.yaml index d7dd1676..041552a8 100644 --- a/files/control-plane/control-plane-helm-chart/templates/secret-provider-class-and-sa.yaml +++ b/files/control-plane/control-plane-helm-chart/templates/secret-provider-class-and-sa.yaml @@ -73,6 +73,8 @@ spec: key: PRIVATE_KEY - objectName: public_key key: PUBLIC_KEY + - objectName: auth0_client_secret + key: AUTH0_CLIENT_SECRET {{- if .Values.ses.enabled }} - objectName: ses_access_key key: SMTP_USER @@ -148,6 +150,9 @@ spec: - objectName: {{ .Values.publicKey }} objectType: ssmparameter objectAlias: public_key + - objectName: {{ .Values.auth0ClientSecret }} + objectType: ssmparameter + objectAlias: auth0_client_secret {{- if .Values.ses.enabled }} - objectName: "/{{ .Values.projectName }}/ses_access_key" objectType: ssmparameter diff --git a/files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-service-deployment.yaml b/files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-service-deployment.yaml index 512acf7f..6283c25a 100644 --- a/files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-service-deployment.yaml +++ b/files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-service-deployment.yaml @@ -128,6 +128,11 @@ spec: secretKeyRef: name: api-token key: JWT_ISSUER + - name: AUTH0_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: AUTH0_CLIENT_SECRET {{- if .Values.imagePullSecret.enabled }} imagePullSecrets: diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index dab363a3..dab8e60a 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -218,7 +218,7 @@ subscriptionService: log_level: "info" site: "sunnytyagius-test" api_key: "test_iUcCGYbbDuzFjRCEp3pPBullSKtvs6ln" - payment_gateway_id="gw_AzZixqUPYLFzJTgu" + payment_gateway_id: "gw_AzZixqUPYLFzJTgu" affinity: {} allowed_origins: "*" imagePullPolicy: @@ -292,6 +292,8 @@ tenantMgmtService: from_email: ${FROM_EMAIL} system_user_id: "" app_login_url: "" + auth0_domain: "dev-db7dz4wg6ccbguer.us.auth0.com" + auth0_client_id: "pluqd6RqaLilAn7p1kUFkNo20bxuwUK5" affinity: {} allowed_origins: "*" imagePullPolicy: @@ -461,3 +463,4 @@ cognitoid: ${COGNITO_ID} cognitosecret: ${COGNITO_SECRET} privateKey: ${PRIVATE_KEY} publicKey: ${PUBLIC_KEY} +auth0ClientSecret: ${AUTH0_CLIENT_SECRET} diff --git a/terraform/control-plane-application/data.tf b/terraform/control-plane-application/data.tf index 7cafd826..8113d7a4 100644 --- a/terraform/control-plane-application/data.tf +++ b/terraform/control-plane-application/data.tf @@ -25,6 +25,10 @@ data "aws_ssm_parameter" "private_key" { data "aws_ssm_parameter" "public_key" { name = "/sf-arc-saas/dev/public-key" } + +data "aws_ssm_parameter" "auth0_client_secret" { + name = "/sf-arc-saas/dev/auth0-client-secret" +} ############################################################################ ## EKS data ############################################################################ diff --git a/terraform/control-plane-application/main.tf b/terraform/control-plane-application/main.tf index 80674a33..f3f2ea71 100644 --- a/terraform/control-plane-application/main.tf +++ b/terraform/control-plane-application/main.tf @@ -205,6 +205,7 @@ data "template_file" "helm_values_template" { FROM_EMAIL = var.from_email PRIVATE_KEY = data.aws_ssm_parameter.private_key.name PUBLIC_KEY = data.aws_ssm_parameter.public_key.name + AUTH0_CLIENT_SECRET = data.aws_ssm_parameter.auth0_client_secret.name } } From 16c5e68b06b7c28a52fa4098f55897da192849ec Mon Sep 17 00:00:00 2001 From: sfdevops Date: Fri, 4 Oct 2024 11:24:31 +0530 Subject: [PATCH 30/53] env added --- .../auth0/templates/authentication-service-deployment.yaml | 5 +++++ .../auth0/templates/cm-authentication-service.yaml | 3 +++ .../auth0/templates/secret-provider-class-and-sa.yaml | 7 ++++++- .../silo/tenant-helm-chart/auth0/values.yaml.template | 3 ++- files/tenant-samples/silo/terraform/data.tf | 1 + 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml index e7fb1907..a450cce3 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml @@ -159,6 +159,11 @@ spec: secretKeyRef: name: api-token key: JWT_ISSUER + - name: AUTH0_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: AUTH0_CLIENT_SECRET {{- if .Values.imagePullSecret.enabled }} imagePullSecrets: - name: {{ .Values.imagePullSecret.name }} diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml index 09ea6215..a1cfd761 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml @@ -13,4 +13,7 @@ data: LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' BASE_PATH: '{{ .Values.authenticationService.base_path }}' DB_SSL: '{{ .Values.authenticationService.db_ssl }}' + AUTH0_DOMAIN: "dev-db7dz4wg6ccbguer.us.auth0.com" + AUTH0_CLIENT_ID: "pluqd6RqaLilAn7p1kUFkNo20bxuwUK5" + AUTH0_CALLBACK_URL: "https://{{ .Values.hostname }}/authentication-service/auth/auth0-auth-redirect" {{- end}} \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml index 47be4ea9..1838961c 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml @@ -59,6 +59,8 @@ spec: key: PUBNUB_SUB_KEY - objectName: pubnub-secret-key key: PUBNUB_SECRET_KEY + - objectName: auth0-client-secret + key: AUTH0_CLIENT_SECRET parameters: # region: us-west-2 objects: | @@ -115,4 +117,7 @@ spec: objectAlias: pubnub-sub-key - objectName: {{ .Values.pubnubSecretKey }} objectType: ssmparameter - objectAlias: pubnub-secret-key \ No newline at end of file + objectAlias: pubnub-secret-key + - objectName: {{ .Values.auth0ClientSecret }} + objectType: ssmparameter + objectAlias: auth0-client-secret \ No newline at end of file diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template index 9d9c458e..d5a9882e 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template @@ -368,4 +368,5 @@ instance_category: ${INSTANCE_CATEGORY} vonageSecret: /pubnub/vonage-api-key-secret pubnubPubKey: /pubnub/public-key pubnubSubKey: /pubnub/subscribe-key -pubnubSecretKey: /pubnub/secret-key \ No newline at end of file +pubnubSecretKey: /pubnub/secret-key +auth0ClientSecret: /sf-arc-saas/dev/auth0-client-secret \ No newline at end of file diff --git a/files/tenant-samples/silo/terraform/data.tf b/files/tenant-samples/silo/terraform/data.tf index 0e9c6cef..28698eec 100644 --- a/files/tenant-samples/silo/terraform/data.tf +++ b/files/tenant-samples/silo/terraform/data.tf @@ -94,6 +94,7 @@ data "aws_iam_policy_document" "ssm_policy" { ] resources = ["arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/*", "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/pubnub/*", + "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/auth0-client-secret" "arn:aws:cognito-idp:${var.region}:${local.sts_caller_arn}:*"] } } From d93cd3fc47081cee6ba2038fa3938d5f8c99d1ec Mon Sep 17 00:00:00 2001 From: sfdevops Date: Fri, 4 Oct 2024 18:19:21 +0530 Subject: [PATCH 31/53] env added --- files/tenant-samples/silo/terraform/data.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/tenant-samples/silo/terraform/data.tf b/files/tenant-samples/silo/terraform/data.tf index 28698eec..291029ce 100644 --- a/files/tenant-samples/silo/terraform/data.tf +++ b/files/tenant-samples/silo/terraform/data.tf @@ -94,7 +94,7 @@ data "aws_iam_policy_document" "ssm_policy" { ] resources = ["arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/*", "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/pubnub/*", - "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/auth0-client-secret" + "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/auth0-client-secret", "arn:aws:cognito-idp:${var.region}:${local.sts_caller_arn}:*"] } } From fd9f2a4773b35f06b177d22e169fc75f2e356b3c Mon Sep 17 00:00:00 2001 From: sfdevops Date: Fri, 4 Oct 2024 18:50:26 +0530 Subject: [PATCH 32/53] env added --- files/tenant-samples/silo/buildspec.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 7027d081..77922fd7 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -54,6 +54,7 @@ phases: # Exporting Webhook Envs - export API_ENDPOINT="${CONTROL_PLANE_HOST}/tenant-mgmt-facade/webhook" - export REDIRECT_URL="${CONTROL_PLANE_HOST}/main/home" + - export TENANT_MGMT_ENDPOINT="${CONTROL_PLANE_HOST}/tenant-mgmt-service" - export APP_PLANE_REDIRECT_URL="https://${KEY}.${DOMAIN_NAME}/home" - export USER_CALLBACK_ENDPOINT="https://${KEY}.${DOMAIN_NAME}/user-tenant-service/user-callback" - export APP_PLANE_ENDPOINT_FEATURE_SERVICE="https://${KEY}.${DOMAIN_NAME}/feature-service" From a3ddeb735243bdca47735bf095bee8c565c74313 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Mon, 7 Oct 2024 12:25:44 +0530 Subject: [PATCH 33/53] fixed auth0 env name --- .../templates/cm-tenant-mgmt-facade.yaml | 2 ++ .../templates/tenant-mgmt-facade-deployment.yaml | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-facade.yaml b/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-facade.yaml index 9efa02fe..5b37146b 100644 --- a/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-facade.yaml +++ b/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-facade.yaml @@ -20,4 +20,6 @@ data: GATEWAY_ACCOUNT_ID: '{{ .Values.tenantMgmtFacade.gateway_id }}' WEBHOOK_USERNAME: '{{ .Values.tenantMgmtFacade.webhook_user }}' WEBHOOK_PASSWORD: '{{ .Values.tenantMgmtFacade.webhook_password }}' + AUTH0_DOMAIN: '{{ .Values.tenantMgmtService.auth0_domain }}' + AUTH0_CLIENT_ID: '{{ .Values.tenantMgmtService.auth0_client_id }}' {{- end}} diff --git a/files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-facade-deployment.yaml b/files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-facade-deployment.yaml index d0ff94b4..04ea80de 100644 --- a/files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-facade-deployment.yaml +++ b/files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-facade-deployment.yaml @@ -168,6 +168,11 @@ spec: secretKeyRef: name: api-token key: PUBLIC_KEY + - name: AUTH0_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: AUTH0_CLIENT_SECRET {{- if .Values.imagePullSecret.enabled }} imagePullSecrets: - name: {{ .Values.imagePullSecret.name }} From 87de5e4ec2c7690ff0194d8c529bf8ebd2a674a4 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Tue, 8 Oct 2024 13:04:48 +0530 Subject: [PATCH 34/53] frontend image updated --- .../control-plane/control-plane-helm-chart/values.yaml.template | 2 +- terraform/keycloak/main.tf | 0 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 terraform/keycloak/main.tf diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index dab8e60a..f59d983a 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -27,7 +27,7 @@ frontend: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-ui pullPolicy: Always - tag: "0.0.9" + tag: "0.0.10" log_level: "info" home_path: "/main/home" replicaCount: 1 diff --git a/terraform/keycloak/main.tf b/terraform/keycloak/main.tf new file mode 100644 index 00000000..e69de29b From 42c3a669aa14aa50d3506a1c71e7a1a458a080af Mon Sep 17 00:00:00 2001 From: sfdevops Date: Tue, 8 Oct 2024 14:27:10 +0530 Subject: [PATCH 35/53] frontend image updated --- .../control-plane/control-plane-helm-chart/values.yaml.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index f59d983a..dab8e60a 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -27,7 +27,7 @@ frontend: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-ui pullPolicy: Always - tag: "0.0.10" + tag: "0.0.9" log_level: "info" home_path: "/main/home" replicaCount: 1 From 3a2ba9dbb5619b70160588650774b0d1d5cc4190 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Tue, 8 Oct 2024 19:03:42 +0530 Subject: [PATCH 36/53] env added --- .../templates/cm-tenant-mgmt-service.yaml | 1 + .../control-plane/control-plane-helm-chart/values.yaml.template | 1 + 2 files changed, 2 insertions(+) diff --git a/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml b/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml index 867d5fa1..68ea4ff3 100644 --- a/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml +++ b/files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml @@ -22,4 +22,5 @@ data: EVENT_BUS_REGION: '{{ .Values.region }}' AUTH0_DOMAIN: '{{ .Values.tenantMgmtService.auth0_domain }}' AUTH0_CLIENT_ID: '{{ .Values.tenantMgmtService.auth0_client_id }}' + WEBHOOK_SECRET_EXPIRY: '{{ .Values.tenantMgmtService.webhookSecretExpiry }}' {{- end}} \ No newline at end of file diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index dab8e60a..f8f9df34 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -294,6 +294,7 @@ tenantMgmtService: app_login_url: "" auth0_domain: "dev-db7dz4wg6ccbguer.us.auth0.com" auth0_client_id: "pluqd6RqaLilAn7p1kUFkNo20bxuwUK5" + webhookSecretExpiry: "86400" affinity: {} allowed_origins: "*" imagePullPolicy: From 9a672caaa643adb34cbb377ef7d482dd79fe6637 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Tue, 8 Oct 2024 19:30:09 +0530 Subject: [PATCH 37/53] env added --- .../control-plane/control-plane-helm-chart/values.yaml.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index f8f9df34..28e2095f 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -294,7 +294,7 @@ tenantMgmtService: app_login_url: "" auth0_domain: "dev-db7dz4wg6ccbguer.us.auth0.com" auth0_client_id: "pluqd6RqaLilAn7p1kUFkNo20bxuwUK5" - webhookSecretExpiry: "86400" + webhookSecretExpiry: "86400000" affinity: {} allowed_origins: "*" imagePullPolicy: From fed8a0d15a10edc703108dd37a1fc6320b71e3e5 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 10 Oct 2024 10:00:10 +0530 Subject: [PATCH 38/53] removed cpu & memory limit --- .../control-plane-helm-chart/values.yaml.template | 7 ------- 1 file changed, 7 deletions(-) diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index 28e2095f..cb2f7476 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -300,13 +300,6 @@ tenantMgmtService: imagePullPolicy: enabled: "yes" name: regcred - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "2048Mi" - cpu: "1" service: type: NodePort port: 3000 From 355911ea80ed86e34aa8f18b2880f191f97fb700 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 10 Oct 2024 10:19:08 +0530 Subject: [PATCH 39/53] tenant mgmt service tag updated --- .../control-plane/control-plane-helm-chart/values.yaml.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index cb2f7476..feb1c61d 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -284,7 +284,7 @@ tenantMgmtService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-tenant-management-service pullPolicy: Always - tag: "0.0.5" + tag: "0.0.4" replicaCount: 1 port: 3000 node_env: "production" From b2900e9c8bd755ae22d1ee22188a5224ae4404cd Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 10 Oct 2024 11:28:13 +0530 Subject: [PATCH 40/53] tenant mgmt service tag updated --- .../control-plane/control-plane-helm-chart/values.yaml.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index feb1c61d..c9054c8a 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -284,7 +284,7 @@ tenantMgmtService: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-tenant-management-service pullPolicy: Always - tag: "0.0.4" + tag: "0.0.6" replicaCount: 1 port: 3000 node_env: "production" From 2dfdb2e53ca9897d1cedfe9b237228b90f6e09cc Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 10 Oct 2024 11:58:58 +0530 Subject: [PATCH 41/53] payment gateway details updated --- .../control-plane-helm-chart/values.yaml.template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index c9054c8a..51dbc367 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -216,9 +216,9 @@ subscriptionService: port: 3000 node_env: "production" log_level: "info" - site: "sunnytyagius-test" - api_key: "test_iUcCGYbbDuzFjRCEp3pPBullSKtvs6ln" - payment_gateway_id: "gw_AzZixqUPYLFzJTgu" + site: "sourcefuse-arc-test" + api_key: "test_U3Ac7r41QHHc54O7SZucdndPmaJVBFcuNn" + payment_gateway_id: "gw_16CcLPUQmL1KGV41" affinity: {} allowed_origins: "*" imagePullPolicy: From c47abe5356cab9bc4e4cdde9a557fc49bfef9ad9 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 10 Oct 2024 17:52:00 +0530 Subject: [PATCH 42/53] payment gateway details updated --- .../control-plane/control-plane-helm-chart/values.yaml.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index 51dbc367..3a0b65c8 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -62,7 +62,7 @@ tenantMgmtFacade: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-tenant-management-facade pullPolicy: Always - tag: "0.0.5" + tag: "0.0.6" replicaCount: 1 port: 3000 node_env: "production" From fd705aa8f3a95163e6a1d008ef14057a3503874d Mon Sep 17 00:00:00 2001 From: sfdevops Date: Wed, 16 Oct 2024 19:14:48 +0530 Subject: [PATCH 43/53] tags added and keycloak related changes added --- .../values.yaml.template | 2 +- files/tenant-samples/bridge/buildspec.yaml | 2 +- .../auth0/templates/provisioner.yaml | 1 + .../auth0/values.yaml.template | 1 + .../cognito/templates/provisioner.yaml | 1 + .../cognito/values.yaml.template | 1 + .../tenant-samples/bridge/terraform/canary.tf | 1 + files/tenant-samples/bridge/terraform/eks.tf | 2 + files/tenant-samples/pooled/buildspec.yaml | 2 +- .../auth0/templates/provisioner.yaml | 1 + .../auth0/values.yaml.template | 1 + .../cognito/templates/provisioner.yaml | 1 + .../cognito/values.yaml.template | 1 + .../tenant-samples/pooled/terraform/canary.tf | 1 + files/tenant-samples/pooled/terraform/eks.tf | 2 + files/tenant-samples/silo/buildspec.yaml | 2 +- .../auth0/templates/provisioner.yaml | 1 + .../auth0/values.yaml.template | 1 + .../cognito/templates/provisioner.yaml | 1 + .../cognito/values.yaml.template | 1 + files/tenant-samples/silo/terraform/canary.tf | 2 +- files/tenant-samples/silo/terraform/eks.tf | 2 + .../control-plane-application/buildspec.yaml | 9 + terraform/db-ops/main.tf | 11 ++ terraform/db-ops/variables.tf | 5 + terraform/eks/main.tf | 1 + terraform/keycloak/.terraform-version | 1 + terraform/keycloak/.terraform.lock.hcl | 158 ++++++++++++++++++ terraform/keycloak/config.hcl | 5 + terraform/keycloak/config.txt | 5 + terraform/keycloak/data.tf | 28 ++++ .../keycloak-manifest-files/README.md | 1 + .../keycloak_gateway.yaml | 15 ++ .../keycloak_virtual_service.yaml | 19 +++ terraform/keycloak/keycloak-manifest.tf | 50 ++++++ terraform/keycloak/locals.tf | 3 + terraform/keycloak/main.tf | 156 +++++++++++++++++ terraform/keycloak/provider.tf | 17 ++ terraform/keycloak/terraform.tfvars | 4 + terraform/keycloak/variables.tf | 23 +++ terraform/keycloak/version.tf | 26 +++ .../observability/self-hosted-grafana/main.tf | 1 + 42 files changed, 563 insertions(+), 5 deletions(-) create mode 100644 terraform/keycloak/.terraform-version create mode 100644 terraform/keycloak/.terraform.lock.hcl create mode 100644 terraform/keycloak/config.hcl create mode 100644 terraform/keycloak/config.txt create mode 100644 terraform/keycloak/data.tf create mode 100644 terraform/keycloak/keycloak-manifest-files/README.md create mode 100755 terraform/keycloak/keycloak-manifest-files/keycloak_gateway.yaml create mode 100755 terraform/keycloak/keycloak-manifest-files/keycloak_virtual_service.yaml create mode 100644 terraform/keycloak/keycloak-manifest.tf create mode 100644 terraform/keycloak/locals.tf create mode 100644 terraform/keycloak/provider.tf create mode 100644 terraform/keycloak/terraform.tfvars create mode 100644 terraform/keycloak/variables.tf create mode 100644 terraform/keycloak/version.tf diff --git a/files/control-plane/control-plane-helm-chart/values.yaml.template b/files/control-plane/control-plane-helm-chart/values.yaml.template index 3a0b65c8..72fa0b95 100644 --- a/files/control-plane/control-plane-helm-chart/values.yaml.template +++ b/files/control-plane/control-plane-helm-chart/values.yaml.template @@ -27,7 +27,7 @@ frontend: enabled: true repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-ui pullPolicy: Always - tag: "0.0.9" + tag: "0.0.11" log_level: "info" home_path: "/main/home" replicaCount: 1 diff --git a/files/tenant-samples/bridge/buildspec.yaml b/files/tenant-samples/bridge/buildspec.yaml index f9094103..0b3e4a83 100644 --- a/files/tenant-samples/bridge/buildspec.yaml +++ b/files/tenant-samples/bridge/buildspec.yaml @@ -121,7 +121,7 @@ phases: - kubectl apply -f ${TIER}-argo-workflow.yaml --namespace argo-workflows || true - kubectl apply -f argocd-application.yaml --namespace argocd || true - sleep 240 # waiting time to spin up tenant pods - - terraform apply -auto-approve --refresh=false # refresh is false to avoid unnecessary API hitting + #- terraform apply -auto-approve --refresh=false # refresh is false to avoid unnecessary API hitting - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/provisioner.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/provisioner.yaml index 5ed47914..b7036946 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/provisioner.yaml +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/provisioner.yaml @@ -54,6 +54,7 @@ spec: "aws:eks:cluster-name": {{ .Values.eksClusterName }} tags: Tenant: "pooled" + Project: {{ .Values.project }} diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template index d9fd64e9..c1fb17c1 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template @@ -343,6 +343,7 @@ publicKey: ${TENANT_CLIENT_SECRET} tier: ${TIER} namespace: ${NAMESPACE} +project: ${PROJECT} region: ${REGION} karpenterRoleName: ${KARPENTER_ROLE} eksClusterName: ${EKS_CLUSTER_NAME} diff --git a/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml index 5ed47914..b7036946 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml +++ b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml @@ -54,6 +54,7 @@ spec: "aws:eks:cluster-name": {{ .Values.eksClusterName }} tags: Tenant: "pooled" + Project: {{ .Values.project }} diff --git a/files/tenant-samples/bridge/tenant-helm-chart/cognito/values.yaml.template b/files/tenant-samples/bridge/tenant-helm-chart/cognito/values.yaml.template index f6993ab6..a70c3076 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/cognito/values.yaml.template +++ b/files/tenant-samples/bridge/tenant-helm-chart/cognito/values.yaml.template @@ -343,6 +343,7 @@ publicKey: ${TENANT_CLIENT_SECRET} tier: ${TIER} namespace: ${NAMESPACE} +project: ${PROJECT} region: ${REGION} cognitodomain: ${COGNITO_DOMAIN} cognitoid: ${COGNITO_ID} diff --git a/files/tenant-samples/bridge/terraform/canary.tf b/files/tenant-samples/bridge/terraform/canary.tf index 58e5439f..2c0d5739 100644 --- a/files/tenant-samples/bridge/terraform/canary.tf +++ b/files/tenant-samples/bridge/terraform/canary.tf @@ -22,6 +22,7 @@ resource "aws_synthetics_canary" "main" { schedule { expression = "rate(6 minutes)" } + tags = module.tags.tags } diff --git a/files/tenant-samples/bridge/terraform/eks.tf b/files/tenant-samples/bridge/terraform/eks.tf index 31297caa..8c511e39 100644 --- a/files/tenant-samples/bridge/terraform/eks.tf +++ b/files/tenant-samples/bridge/terraform/eks.tf @@ -107,6 +107,7 @@ data "template_file" "cognito_helm_values_template" { template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns + PROJECT = var.namespace TENANT_NAME = var.tenant_name TENANT_KEY = var.tenant TENANT_EMAIL = var.tenant_email @@ -149,6 +150,7 @@ data "template_file" "auth0_helm_values_template" { template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns + PROJECT = var.namespace TENANT_NAME = var.tenant_name TENANT_KEY = var.tenant TENANT_EMAIL = var.tenant_email diff --git a/files/tenant-samples/pooled/buildspec.yaml b/files/tenant-samples/pooled/buildspec.yaml index 69cff6a8..93db3116 100644 --- a/files/tenant-samples/pooled/buildspec.yaml +++ b/files/tenant-samples/pooled/buildspec.yaml @@ -120,7 +120,7 @@ phases: - kubectl apply -f ${TIER}-argo-workflow.yaml --namespace argo-workflows || true - kubectl apply -f argocd-application.yaml --namespace argocd || true - sleep 240 # waiting time to spin up tenant pods - - terraform apply -auto-approve --refresh=false # refresh is false to avoid unnecessary API hitting + #- terraform apply -auto-approve --refresh=false # refresh is false to avoid unnecessary API hitting - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true finally: diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/provisioner.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/provisioner.yaml index 49843c8a..69004de9 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/provisioner.yaml +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/provisioner.yaml @@ -54,6 +54,7 @@ spec: "aws:eks:cluster-name": {{ .Values.eksClusterName }} tags: Tenant: "pooled" + Project: {{ .Values.project }} diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template index d9fd64e9..c1fb17c1 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template @@ -343,6 +343,7 @@ publicKey: ${TENANT_CLIENT_SECRET} tier: ${TIER} namespace: ${NAMESPACE} +project: ${PROJECT} region: ${REGION} karpenterRoleName: ${KARPENTER_ROLE} eksClusterName: ${EKS_CLUSTER_NAME} diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml index 49843c8a..69004de9 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml @@ -54,6 +54,7 @@ spec: "aws:eks:cluster-name": {{ .Values.eksClusterName }} tags: Tenant: "pooled" + Project: {{ .Values.project }} diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/values.yaml.template b/files/tenant-samples/pooled/tenant-helm-chart/cognito/values.yaml.template index f6993ab6..a70c3076 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/cognito/values.yaml.template +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/values.yaml.template @@ -343,6 +343,7 @@ publicKey: ${TENANT_CLIENT_SECRET} tier: ${TIER} namespace: ${NAMESPACE} +project: ${PROJECT} region: ${REGION} cognitodomain: ${COGNITO_DOMAIN} cognitoid: ${COGNITO_ID} diff --git a/files/tenant-samples/pooled/terraform/canary.tf b/files/tenant-samples/pooled/terraform/canary.tf index 58e5439f..2c0d5739 100644 --- a/files/tenant-samples/pooled/terraform/canary.tf +++ b/files/tenant-samples/pooled/terraform/canary.tf @@ -22,6 +22,7 @@ resource "aws_synthetics_canary" "main" { schedule { expression = "rate(6 minutes)" } + tags = module.tags.tags } diff --git a/files/tenant-samples/pooled/terraform/eks.tf b/files/tenant-samples/pooled/terraform/eks.tf index 79a14f43..2288bacb 100644 --- a/files/tenant-samples/pooled/terraform/eks.tf +++ b/files/tenant-samples/pooled/terraform/eks.tf @@ -107,6 +107,7 @@ data "template_file" "cognito_helm_values_template" { template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns + PROJECT = var.namespace TENANT_NAME = var.tenant_name TENANT_KEY = var.tenant TENANT_EMAIL = var.tenant_email @@ -148,6 +149,7 @@ data "template_file" "auth0_helm_values_template" { template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns + PROJECT = var.namespace TENANT_NAME = var.tenant_name TENANT_KEY = var.tenant TENANT_EMAIL = var.tenant_email diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 77922fd7..1704db88 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -115,7 +115,7 @@ phases: - ./push-values.sh # push values to tenant management gitops repository - kubectl apply -f argocd-application.yaml --namespace argocd || true - sleep 240 # waiting time to spin up tenant pods - - terraform apply -auto-approve --refresh=false # refresh is false to avoid API hitting + #- terraform apply -auto-approve --refresh=false # refresh is false to avoid API hitting - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true finally: - node $WEBHOOK_PATH diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/provisioner.yaml b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/provisioner.yaml index 365db940..9c93e3ef 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/provisioner.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/templates/provisioner.yaml @@ -59,6 +59,7 @@ spec: tags: Tenant: {{ .Values.tenant }} Tenant_ID: {{ .Values.tenantID }} + Project: {{ .Values.project }} diff --git a/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template index d5a9882e..8eb5a59a 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template +++ b/files/tenant-samples/silo/tenant-helm-chart/auth0/values.yaml.template @@ -342,6 +342,7 @@ publicKey: ${TENANT_CLIENT_SECRET} tier: ${TIER} namespace: ${NAMESPACE} +project: ${PROJECT} region: ${REGION} karpenterRoleName: ${KARPENTER_ROLE} eksClusterName: ${EKS_CLUSTER_NAME} diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/provisioner.yaml b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/provisioner.yaml index 365db940..9c93e3ef 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/provisioner.yaml +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/templates/provisioner.yaml @@ -59,6 +59,7 @@ spec: tags: Tenant: {{ .Values.tenant }} Tenant_ID: {{ .Values.tenantID }} + Project: {{ .Values.project }} diff --git a/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template b/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template index 6c7b6527..f94b3e05 100644 --- a/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template +++ b/files/tenant-samples/silo/tenant-helm-chart/cognito/values.yaml.template @@ -342,6 +342,7 @@ publicKey: ${TENANT_CLIENT_SECRET} tier: ${TIER} namespace: ${NAMESPACE} +project: ${PROJECT} region: ${REGION} cognitodomain: ${COGNITO_DOMAIN} cognitoid: ${COGNITO_ID} diff --git a/files/tenant-samples/silo/terraform/canary.tf b/files/tenant-samples/silo/terraform/canary.tf index 58e5439f..aa064d3b 100644 --- a/files/tenant-samples/silo/terraform/canary.tf +++ b/files/tenant-samples/silo/terraform/canary.tf @@ -22,7 +22,7 @@ resource "aws_synthetics_canary" "main" { schedule { expression = "rate(6 minutes)" } - + tags = module.tags.tags } data "archive_file" "canary_zip_inline" { diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf index 88e35276..4e36909c 100644 --- a/files/tenant-samples/silo/terraform/eks.tf +++ b/files/tenant-samples/silo/terraform/eks.tf @@ -110,6 +110,7 @@ data "template_file" "cognito_helm_values_template" { template = file("${path.module}/../tenant-helm-chart/cognito/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns + PROJECT = var.namespace TENANT_NAME = var.tenant_name TENANT_KEY = var.tenant TENANT_EMAIL = var.tenant_email @@ -151,6 +152,7 @@ data "template_file" "auth0_helm_values_template" { template = file("${path.module}/../tenant-helm-chart/auth0/values.yaml.template") vars = { NAMESPACE = local.kubernetes_ns + PROJECT = var.namespace TENANT_NAME = var.tenant_name TENANT_KEY = var.tenant TENANT_EMAIL = var.tenant_email diff --git a/terraform/control-plane-application/buildspec.yaml b/terraform/control-plane-application/buildspec.yaml index 28da9398..9b55882f 100644 --- a/terraform/control-plane-application/buildspec.yaml +++ b/terraform/control-plane-application/buildspec.yaml @@ -45,6 +45,15 @@ phases: - chmod +x push-helm-values.sh - ./push-helm-values.sh # push control-plane values yaml to tenant management gitops repository - kubectl apply -f control-plane-argocd-application.yaml --namespace argocd || true + - cd .. + # To run keycloak + - cd keycloak + - rm config.hcl + - sed -i 's/aws_region/${var.region}/g' config.txt + - envsubst < config.txt > config.${var.environment}.hcl + - terraform init --backend-config=config.${var.environment}.hcl + - terraform plan + - terraform apply --auto-approve post_build: commands: diff --git a/terraform/db-ops/main.tf b/terraform/db-ops/main.tf index 45ec87c8..249b9e7e 100644 --- a/terraform/db-ops/main.tf +++ b/terraform/db-ops/main.tf @@ -77,6 +77,10 @@ module "postgresql_provider" { "feature_db" = { db_name = var.featuretoggledbdatabase allow_connections = true + }, + "keycloak_db" = { + db_name = var.keycloakdbdatabase + allow_connections = true } } @@ -147,6 +151,13 @@ module "db_ops_ssm_parameters" { type = "SecureString" overwrite = "true" description = "Feature Toggle Database Name" + }, + { + name = "/${var.namespace}/${var.environment}/keycloakdbdatabase" + value = var.keycloakdbdatabase + type = "SecureString" + overwrite = "true" + description = "Keycloak Database Name" } ] tags = module.tags.tags diff --git a/terraform/db-ops/variables.tf b/terraform/db-ops/variables.tf index 193139b7..ecfb0107 100644 --- a/terraform/db-ops/variables.tf +++ b/terraform/db-ops/variables.tf @@ -69,4 +69,9 @@ variable "tenantmgmtdbdatabase" { variable "featuretoggledbdatabase" { type = string default = "feature" +} + +variable "keycloakdbdatabase" { + type = string + default = "keycloak" } \ No newline at end of file diff --git a/terraform/eks/main.tf b/terraform/eks/main.tf index 20ba92fd..b54bab55 100644 --- a/terraform/eks/main.tf +++ b/terraform/eks/main.tf @@ -107,6 +107,7 @@ module "eks_cluster" { ] map_additional_iam_users = var.map_additional_iam_users allowed_cidr_blocks = [data.aws_vpc.vpc.cidr_block] + tags = module.tags.tags } ################################################################################# diff --git a/terraform/keycloak/.terraform-version b/terraform/keycloak/.terraform-version new file mode 100644 index 00000000..c180eb67 --- /dev/null +++ b/terraform/keycloak/.terraform-version @@ -0,0 +1 @@ +latest:^1.4 \ No newline at end of file diff --git a/terraform/keycloak/.terraform.lock.hcl b/terraform/keycloak/.terraform.lock.hcl new file mode 100644 index 00000000..623d298a --- /dev/null +++ b/terraform/keycloak/.terraform.lock.hcl @@ -0,0 +1,158 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/gavinbunney/kubectl" { + version = "1.14.0" + constraints = "~> 1.14" + hashes = [ + "h1:gLFn+RvP37sVzp9qnFCwngRjjFV649r6apjxvJ1E/SE=", + "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858", + "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030", + "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5", + "zh:39f1a0aa1d589a7e815b62b5aa11041040903b061672c4cfc7de38622866cbc4", + "zh:428d3a321043b78e23c91a8d641f2d08d6b97f74c195c654f04d2c455e017de5", + "zh:4baf5b1de2dfe9968cc0f57fd4be5a741deb5b34ee0989519267697af5f3eee5", + "zh:6131a927f9dffa014ab5ca5364ac965fe9b19830d2bbf916a5b2865b956fdfcf", + "zh:c62e0c9fd052cbf68c5c2612af4f6408c61c7e37b615dc347918d2442dd05e93", + "zh:f0beffd7ce78f49ead612e4b1aefb7cb6a461d040428f514f4f9cc4e5698ac65", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.4.0" + constraints = "5.4.0" + hashes = [ + "h1:Jol4lNIzMrREQzUBSveCLX0iQLy7dm0OF+IYY2GKrhY=", + "zh:1db5f81089216831bb0fdff9ddc3772efa133397c66ec276bc75b96eec06e23f", + "zh:26fe5fdf399192b5724d21854fbec650c158f8ee9eb1dc52a50f7da0f2bc07ac", + "zh:2946d9e333b1efe01588ee9f9771169fd3c3a4a7cb78ed8f91e8b3efd1a73850", + "zh:36ed69e8d3029332c8a52a70940f714fd579b9fd95f5569cc010ef11162f5bf7", + "zh:46ba5ad1c3a3ef98c346356cfa4bdd9c2501c661c2513bb92f4413f2482fb24b", + "zh:46c10aaa9672b54a14b0e0effdd6ecd9b8a539b3bfe273ac54111e7352a7bb4b", + "zh:47d7f57bcbe4fba2f960ab6c4228c5e9e586be2f233a8baa8962b51a63337179", + "zh:47e41c198439ba1c4d933f808b6f47e518f8f0aae25ca42abcac97f149121e90", + "zh:526c5834de71654ee14039cb973322bf5032cb684a2a113b48fb48a0584f46f3", + "zh:6169316517b95677819ba2904dcea204fb9b55e868348e906af9164104fe7198", + "zh:7c063ef2b8d69a8db7e8bf0dcd45793ede22b259b30464ed114d330df304cdbb", + "zh:87c4f2faca636715a08be3121d26b3354415401eab89349077ca9436a0822c23", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b184b8a268f45258edd27d389ca793708f1bc3ee4d6706d154a45e93deaddde1", + "zh:ba1a998cbf4b639fa3e04b9069f0f5a289662457940726a8a51c81df400aa852", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.16.1" + constraints = "~> 2.0" + hashes = [ + "h1:TerRBdq69SxIWg3ET2VE0bcP0BYRIWZOp1QxXj/14Fk=", + "zh:0003f6719a32aee9afaeeb001687fc0cfc8c2d5f54861298cf1dc5711f3b4e65", + "zh:16cd5bfee09e7bb081b8b4470f31a9af508e52220fd97fd81c6dda725d9422fe", + "zh:51817de8fdc2c2e36785f23fbf4ec022111bd1cf7679498c16ad0ad7471c16db", + "zh:51b95829b2873be40a65809294bffe349e40cfccc3ff6fee0f471d01770e0ebd", + "zh:56b158dde897c47e1460181fc472c3e920aa23db40579fdc2aad333c1456d2dd", + "zh:916641d26c386959eb982e680028aa677b787687ef7c1283241e45620bc8df50", + "zh:aec15ca8605babba77b283f2ca35daca53e006d567e1c3a3daf50497035b820b", + "zh:c2cecf710b87c8f3a4d186da2ea12cf08041f97ae0c6db82649720d6ed929d65", + "zh:dbdd96f17aea25c7db2d516ab8172a5e683c6686c72a1a44173d2fe96319be39", + "zh:de11e180368434a796b1ab6f20fde7554dc74f7800e063b8e4c8ec3a86d0be63", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f827a9c1540d210c56053a2d5d5a6abda924896ffa8eeedc94054cf6d44c5f60", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.33.0" + constraints = "~> 2.0" + hashes = [ + "h1:Z2R1cnALV1BgzldRWir/TUvg10gkWSdEGsYJHFqD3bc=", + "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329", + "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d", + "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c", + "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf", + "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275", + "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a", + "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979", + "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201", + "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc", + "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d", + "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/local" { + version = "2.5.2" + hashes = [ + "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", + "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", + "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", + "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", + "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", + "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", + "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", + "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", + "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", + "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", + "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.3" + hashes = [ + "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.3" + hashes = [ + "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", + ] +} + +provider "registry.terraform.io/hashicorp/tls" { + version = "3.1.0" + constraints = "~> 3.1.0" + hashes = [ + "h1:fUJX8Zxx38e2kBln+zWr1Tl41X+OuiE++REjrEyiOM4=", + "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6", + "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2", + "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e", + "zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca", + "zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698", + "zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d", + "zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841", + "zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989", + "zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5", + "zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d", + "zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0", + ] +} diff --git a/terraform/keycloak/config.hcl b/terraform/keycloak/config.hcl new file mode 100644 index 00000000..da79a041 --- /dev/null +++ b/terraform/keycloak/config.hcl @@ -0,0 +1,5 @@ +region = "us-west-2" +key = "keycloak/terraform.tfstate" +bucket = "sf-arc-saas-dev-terraform-state-ot6cv1" +dynamodb_table = "sf-arc-saas-dev-terraform-state-lock" +encrypt = true \ No newline at end of file diff --git a/terraform/keycloak/config.txt b/terraform/keycloak/config.txt new file mode 100644 index 00000000..2a07788d --- /dev/null +++ b/terraform/keycloak/config.txt @@ -0,0 +1,5 @@ +region = "aws_region" +key = "keycloak/terraform.tfstate" +bucket = "${tf_state_bucket}" +dynamodb_table = "${tf_state_table}" +encrypt = true \ No newline at end of file diff --git a/terraform/keycloak/data.tf b/terraform/keycloak/data.tf new file mode 100644 index 00000000..904ff535 --- /dev/null +++ b/terraform/keycloak/data.tf @@ -0,0 +1,28 @@ +data "aws_ssm_parameter" "db_host" { + name = "/${var.namespace}/${var.environment}/db_host" +} + +data "aws_ssm_parameter" "db_user" { + name = "/${var.namespace}/${var.environment}/db_user" +} + +data "aws_ssm_parameter" "db_password" { + name = "/${var.namespace}/${var.environment}/db_password" +} + +data "aws_ssm_parameter" "db_port" { + name = "/${var.namespace}/${var.environment}/db_port" +} + +data "aws_ssm_parameter" "keycloak_db_name" { + name = "/${var.namespace}/${var.environment}/keycloakdbdatabase" +} + + +data "aws_eks_cluster" "cluster" { + name = "${var.namespace}-${var.environment}-eks-cluster" +} + +data "aws_eks_cluster_auth" "cluster" { + name = "${var.namespace}-${var.environment}-eks-cluster" +} diff --git a/terraform/keycloak/keycloak-manifest-files/README.md b/terraform/keycloak/keycloak-manifest-files/README.md new file mode 100644 index 00000000..8bd0f0b3 --- /dev/null +++ b/terraform/keycloak/keycloak-manifest-files/README.md @@ -0,0 +1 @@ +## Keycloak Manifest files are placed here diff --git a/terraform/keycloak/keycloak-manifest-files/keycloak_gateway.yaml b/terraform/keycloak/keycloak-manifest-files/keycloak_gateway.yaml new file mode 100755 index 00000000..7f1914bc --- /dev/null +++ b/terraform/keycloak/keycloak-manifest-files/keycloak_gateway.yaml @@ -0,0 +1,15 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: keycloak + namespace: keycloak +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "keycloak.arc-saas.net" diff --git a/terraform/keycloak/keycloak-manifest-files/keycloak_virtual_service.yaml b/terraform/keycloak/keycloak-manifest-files/keycloak_virtual_service.yaml new file mode 100755 index 00000000..cd9654a9 --- /dev/null +++ b/terraform/keycloak/keycloak-manifest-files/keycloak_virtual_service.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: keycloak + namespace: keycloak +spec: + hosts: + - "keycloak.arc-saas.net" + gateways: + - keycloak + http: + - match: + - uri: + prefix: / + route: + - destination: + host: keycloak + port: + number: 80 diff --git a/terraform/keycloak/keycloak-manifest.tf b/terraform/keycloak/keycloak-manifest.tf new file mode 100644 index 00000000..3acc8d14 --- /dev/null +++ b/terraform/keycloak/keycloak-manifest.tf @@ -0,0 +1,50 @@ + +resource "local_file" "keycloak_gateway" { + content = <<-EOT +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: keycloak + namespace: ${local.kubernetes_ns} +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "keycloak.${var.domain_name}" + EOT + filename = "${path.module}/keycloak-manifest-files/keycloak_gateway.yaml" +} + + + + + +resource "local_file" "keycloak_virtual_service" { + content = <<-EOT +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: keycloak + namespace: ${local.kubernetes_ns} +spec: + hosts: + - "keycloak.${var.domain_name}" + gateways: + - keycloak + http: + - match: + - uri: + prefix: / + route: + - destination: + host: keycloak + port: + number: 80 + EOT + filename = "${path.module}/keycloak-manifest-files/keycloak_virtual_service.yaml" +} diff --git a/terraform/keycloak/locals.tf b/terraform/keycloak/locals.tf new file mode 100644 index 00000000..a8fd4639 --- /dev/null +++ b/terraform/keycloak/locals.tf @@ -0,0 +1,3 @@ +locals { + kubernetes_ns = "keycloak" +} \ No newline at end of file diff --git a/terraform/keycloak/main.tf b/terraform/keycloak/main.tf index e69de29b..9d2448bb 100644 --- a/terraform/keycloak/main.tf +++ b/terraform/keycloak/main.tf @@ -0,0 +1,156 @@ +############################################################################### +## tags +############################################################################### +module "tags" { + source = "sourcefuse/arc-tags/aws" + version = "1.2.5" + + environment = var.environment + project = var.namespace + +} + +############################################################################### +## keycloak password +############################################################################### +module "keycloak_password" { + source = "../../modules/random-password" + length = 10 + is_special = true + override_special = "!#$%&*=+" +} + +############################################################################### +## keycloak helm +############################################################################### +resource "kubernetes_namespace" "keycloak_namespace" { + metadata { + name = local.kubernetes_ns + + labels = { + istio-injection = "enabled" + } + } + + lifecycle { + prevent_destroy = false # Allows Terraform to delete the namespace + } +} + +resource "helm_release" "keycloak" { + name = "keycloak" + namespace = "${local.kubernetes_ns}" + chart = "keycloak" + version = "21.7.4" + repository = "https://charts.bitnami.com/bitnami" + + set { + name = "auth.adminUser" + value = "admin" + } + + set { + name = "auth.adminPassword" + value = "${module.keycloak_password.result}" + } + + set { + name = "postgresql.enabled" + value = false + } + + set { + name = "externalDatabase.host" + value = "${data.aws_ssm_parameter.db_host.value}" + } + + set { + name = "externalDatabase.user" + value = "${data.aws_ssm_parameter.db_user.value}" + } + + set { + name = "externalDatabase.password" + value = "${data.aws_ssm_parameter.db_password.value}" + } + + set { + name = "externalDatabase.database" + value = "${data.aws_ssm_parameter.keycloak_db_name.value}" + } + + + set { + name = "proxy" + value = "edge" + } + + set { + name = "proxyHeaders" + value = "forwarded" + } + + set { + name = "httpRelativePath" + value = "/" + } + +values = [ + < Date: Thu, 17 Oct 2024 06:31:22 +0530 Subject: [PATCH 44/53] cognito related changes updated --- .../bridge/terraform/cognito-client.tf | 35 ++----------------- .../pooled/terraform/cognito-client.tf | 2 +- 2 files changed, 3 insertions(+), 34 deletions(-) diff --git a/files/tenant-samples/bridge/terraform/cognito-client.tf b/files/tenant-samples/bridge/terraform/cognito-client.tf index c19555fd..78487868 100644 --- a/files/tenant-samples/bridge/terraform/cognito-client.tf +++ b/files/tenant-samples/bridge/terraform/cognito-client.tf @@ -1,23 +1,10 @@ -###################################################################### -## Create Cognito User -###################################################################### -# module "cognito_password" { -# source = "../modules/random-password" -# length = 12 -# is_special = true -# min_upper = 1 -# min_numeric = 1 -# min_special = 1 -# min_lower = 1 -# } - ##################################################################################### ## Cognito App Client ##################################################################################### resource "aws_cognito_user_pool_client" "app_client" { count = var.IdP == "cognito" ? 1 : 0 name = var.tenant - user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id.value + user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id[0].value allowed_oauth_flows = ["code"] allowed_oauth_flows_user_pool_client = true allowed_oauth_scopes = ["phone", "email", "openid", "aws.cognito.signin.user.admin"] @@ -39,18 +26,6 @@ resource "aws_cognito_user_pool_client" "app_client" { } } -# resource "aws_cognito_user" "cognito_user" { -# user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id.value -# username = var.user_name - -# attributes = { -# email = var.tenant_email -# email_verified = true -# } -# temporary_password = module.cognito_password.result - -# } - ###################################################################### ## Store Congito output to SSM parameneter store ###################################################################### @@ -72,13 +47,7 @@ module "cognito_ssm_parameters" { overwrite = "true" description = "Tenant Cognito Domain Secret" } - # { - # name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/${var.user_name}/user_sub" - # value = aws_cognito_user.cognito_user.sub - # type = "SecureString" - # overwrite = "true" - # description = "${var.tenant} User Cognito Sub" - # } + ] tags = module.tags.tags } \ No newline at end of file diff --git a/files/tenant-samples/pooled/terraform/cognito-client.tf b/files/tenant-samples/pooled/terraform/cognito-client.tf index c19555fd..a1fc8cb6 100644 --- a/files/tenant-samples/pooled/terraform/cognito-client.tf +++ b/files/tenant-samples/pooled/terraform/cognito-client.tf @@ -17,7 +17,7 @@ resource "aws_cognito_user_pool_client" "app_client" { count = var.IdP == "cognito" ? 1 : 0 name = var.tenant - user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id.value + user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id[0].value allowed_oauth_flows = ["code"] allowed_oauth_flows_user_pool_client = true allowed_oauth_scopes = ["phone", "email", "openid", "aws.cognito.signin.user.admin"] From 21046336e58989f95a593bbb9c3663e8774b9ce7 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 06:43:11 +0530 Subject: [PATCH 45/53] cognito related changes updated --- files/tenant-samples/bridge/terraform/cognito-client.tf | 4 ++-- files/tenant-samples/pooled/terraform/cognito-client.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/files/tenant-samples/bridge/terraform/cognito-client.tf b/files/tenant-samples/bridge/terraform/cognito-client.tf index 78487868..9e7ba612 100644 --- a/files/tenant-samples/bridge/terraform/cognito-client.tf +++ b/files/tenant-samples/bridge/terraform/cognito-client.tf @@ -35,14 +35,14 @@ module "cognito_ssm_parameters" { ssm_parameters = [ { name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_id" - value = resource.aws_cognito_user_pool_client.app_client.id + value = resource.aws_cognito_user_pool_client.app_client.id[0] type = "SecureString" overwrite = "true" description = "Tenant Cognito Domain ID" }, { name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_secret" - value = resource.aws_cognito_user_pool_client.app_client.client_secret + value = resource.aws_cognito_user_pool_client.app_client.client_secret[0] type = "SecureString" overwrite = "true" description = "Tenant Cognito Domain Secret" diff --git a/files/tenant-samples/pooled/terraform/cognito-client.tf b/files/tenant-samples/pooled/terraform/cognito-client.tf index a1fc8cb6..5aaf939d 100644 --- a/files/tenant-samples/pooled/terraform/cognito-client.tf +++ b/files/tenant-samples/pooled/terraform/cognito-client.tf @@ -60,14 +60,14 @@ module "cognito_ssm_parameters" { ssm_parameters = [ { name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_id" - value = resource.aws_cognito_user_pool_client.app_client.id + value = resource.aws_cognito_user_pool_client.app_client.id[0] type = "SecureString" overwrite = "true" description = "Tenant Cognito Domain ID" }, { name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_secret" - value = resource.aws_cognito_user_pool_client.app_client.client_secret + value = resource.aws_cognito_user_pool_client.app_client.client_secret[0] type = "SecureString" overwrite = "true" description = "Tenant Cognito Domain Secret" From fa98ff92fcb29129e23f43412e8a287ab762ca7b Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 06:53:18 +0530 Subject: [PATCH 46/53] cognito related changes updated --- .../bridge/terraform/cognito-client.tf | 4 +- .../pooled/terraform/cognito-client.tf | 37 ++----------------- .../tenant-samples/silo/terraform/cognito.tf | 2 + 3 files changed, 7 insertions(+), 36 deletions(-) diff --git a/files/tenant-samples/bridge/terraform/cognito-client.tf b/files/tenant-samples/bridge/terraform/cognito-client.tf index 9e7ba612..e66d3417 100644 --- a/files/tenant-samples/bridge/terraform/cognito-client.tf +++ b/files/tenant-samples/bridge/terraform/cognito-client.tf @@ -35,14 +35,14 @@ module "cognito_ssm_parameters" { ssm_parameters = [ { name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_id" - value = resource.aws_cognito_user_pool_client.app_client.id[0] + value = resource.aws_cognito_user_pool_client.app_client[count.index].id type = "SecureString" overwrite = "true" description = "Tenant Cognito Domain ID" }, { name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_secret" - value = resource.aws_cognito_user_pool_client.app_client.client_secret[0] + value = resource.aws_cognito_user_pool_client.app_client[count.index].client_secret type = "SecureString" overwrite = "true" description = "Tenant Cognito Domain Secret" diff --git a/files/tenant-samples/pooled/terraform/cognito-client.tf b/files/tenant-samples/pooled/terraform/cognito-client.tf index 5aaf939d..e66d3417 100644 --- a/files/tenant-samples/pooled/terraform/cognito-client.tf +++ b/files/tenant-samples/pooled/terraform/cognito-client.tf @@ -1,16 +1,3 @@ -###################################################################### -## Create Cognito User -###################################################################### -# module "cognito_password" { -# source = "../modules/random-password" -# length = 12 -# is_special = true -# min_upper = 1 -# min_numeric = 1 -# min_special = 1 -# min_lower = 1 -# } - ##################################################################################### ## Cognito App Client ##################################################################################### @@ -39,18 +26,6 @@ resource "aws_cognito_user_pool_client" "app_client" { } } -# resource "aws_cognito_user" "cognito_user" { -# user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id.value -# username = var.user_name - -# attributes = { -# email = var.tenant_email -# email_verified = true -# } -# temporary_password = module.cognito_password.result - -# } - ###################################################################### ## Store Congito output to SSM parameneter store ###################################################################### @@ -60,25 +35,19 @@ module "cognito_ssm_parameters" { ssm_parameters = [ { name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_id" - value = resource.aws_cognito_user_pool_client.app_client.id[0] + value = resource.aws_cognito_user_pool_client.app_client[count.index].id type = "SecureString" overwrite = "true" description = "Tenant Cognito Domain ID" }, { name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_secret" - value = resource.aws_cognito_user_pool_client.app_client.client_secret[0] + value = resource.aws_cognito_user_pool_client.app_client[count.index].client_secret type = "SecureString" overwrite = "true" description = "Tenant Cognito Domain Secret" } - # { - # name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/${var.user_name}/user_sub" - # value = aws_cognito_user.cognito_user.sub - # type = "SecureString" - # overwrite = "true" - # description = "${var.tenant} User Cognito Sub" - # } + ] tags = module.tags.tags } \ No newline at end of file diff --git a/files/tenant-samples/silo/terraform/cognito.tf b/files/tenant-samples/silo/terraform/cognito.tf index 16383051..cafabef3 100644 --- a/files/tenant-samples/silo/terraform/cognito.tf +++ b/files/tenant-samples/silo/terraform/cognito.tf @@ -145,6 +145,8 @@ module "cognito_ssm_parameters" { overwrite = "true" description = "Cognito User Pool ID" } + + # { # name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/${var.tenant}/${var.user_name}/user_sub" # value = aws_cognito_user.cognito_user.sub From aa155cb7b71d659fac5160a6462e909d35c94d1e Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 07:11:57 +0530 Subject: [PATCH 47/53] cognito related changes updated --- files/tenant-samples/pooled/terraform/data.tf | 2 +- files/tenant-samples/pooled/terraform/eks.tf | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/files/tenant-samples/pooled/terraform/data.tf b/files/tenant-samples/pooled/terraform/data.tf index b4a14ea0..08cc139b 100644 --- a/files/tenant-samples/pooled/terraform/data.tf +++ b/files/tenant-samples/pooled/terraform/data.tf @@ -94,7 +94,7 @@ data "aws_route53_zone" "selected" { } data "aws_ssm_parameter" "cognito_user_pool_id" { - count = var.IdP == "cognito" ? 1 : 0 + //count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_user_pool_id" } diff --git a/files/tenant-samples/pooled/terraform/eks.tf b/files/tenant-samples/pooled/terraform/eks.tf index 2288bacb..cca3a492 100644 --- a/files/tenant-samples/pooled/terraform/eks.tf +++ b/files/tenant-samples/pooled/terraform/eks.tf @@ -140,7 +140,6 @@ data "template_file" "cognito_helm_values_template" { NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[count.index].name : null - } } From 3b6e5cb363add93bd561f6a154079f0ab8665af0 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 07:19:29 +0530 Subject: [PATCH 48/53] cognito related changes updated --- files/tenant-samples/bridge/terraform/eks.tf | 1 - files/tenant-samples/pooled/terraform/data.tf | 2 +- files/tenant-samples/pooled/terraform/eks.tf | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/files/tenant-samples/bridge/terraform/eks.tf b/files/tenant-samples/bridge/terraform/eks.tf index 8c511e39..8c111a03 100644 --- a/files/tenant-samples/bridge/terraform/eks.tf +++ b/files/tenant-samples/bridge/terraform/eks.tf @@ -139,7 +139,6 @@ data "template_file" "cognito_helm_values_template" { FEATURE_DATABASE = data.aws_ssm_parameter.featuredbdatabase.name NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name - COGNITO_USER_POOL_ID = data.aws_ssm_parameter.cognito_user_pool_id.name COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[count.index].name : null } diff --git a/files/tenant-samples/pooled/terraform/data.tf b/files/tenant-samples/pooled/terraform/data.tf index 08cc139b..b4a14ea0 100644 --- a/files/tenant-samples/pooled/terraform/data.tf +++ b/files/tenant-samples/pooled/terraform/data.tf @@ -94,7 +94,7 @@ data "aws_route53_zone" "selected" { } data "aws_ssm_parameter" "cognito_user_pool_id" { - //count = var.IdP == "cognito" ? 1 : 0 + count = var.IdP == "cognito" ? 1 : 0 name = "/${var.namespace}/${var.environment}/${var.tenant_tier}/cognito_user_pool_id" } diff --git a/files/tenant-samples/pooled/terraform/eks.tf b/files/tenant-samples/pooled/terraform/eks.tf index cca3a492..ef4b34ed 100644 --- a/files/tenant-samples/pooled/terraform/eks.tf +++ b/files/tenant-samples/pooled/terraform/eks.tf @@ -120,6 +120,7 @@ data "template_file" "cognito_helm_values_template" { COGNITO_DOMAIN = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_domain) > 0 ? data.aws_ssm_parameter.cognito_domain[count.index].name : null COGNITO_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_id) > 0 ? data.aws_ssm_parameter.cognito_id[count.index].name : null COGNITO_SECRET = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_secret) > 0 ? data.aws_ssm_parameter.cognito_secret[count.index].name : null + COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[count.index].name : null KARPENTER_ROLE = var.karpenter_role EKS_CLUSTER_NAME = var.cluster_name TENANT_HOST_NAME = var.tenant_host_domain @@ -139,7 +140,6 @@ data "template_file" "cognito_helm_values_template" { FEATURE_DATABASE = data.aws_ssm_parameter.featuredbdatabase.name NOTIFICATION_DATABASE = data.aws_ssm_parameter.notificationdbdatabase.name VIDEO_CONFRENCING_DATABASE = data.aws_ssm_parameter.videoconfrencingdbdatabase.name - COGNITO_USER_POOL_ID = var.IdP == "cognito" && length(data.aws_ssm_parameter.cognito_user_pool_id) > 0 ? data.aws_ssm_parameter.cognito_user_pool_id[count.index].name : null } } From 8861aa327efb2af4e7295c3c83587d3106e2bfb4 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 07:39:28 +0530 Subject: [PATCH 49/53] cognito related changes updated --- files/tenant-samples/bridge/buildspec.yaml | 20 +++++++++---------- .../secret-provider-class-and-sa.yaml | 2 -- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/files/tenant-samples/bridge/buildspec.yaml b/files/tenant-samples/bridge/buildspec.yaml index 0b3e4a83..baa53a05 100644 --- a/files/tenant-samples/bridge/buildspec.yaml +++ b/files/tenant-samples/bridge/buildspec.yaml @@ -105,8 +105,8 @@ phases: - envsubst < config.txt > config.${TIER}.hcl - envsubst ${TIER}.tfvars # Run Terraform to create pooled infra - - terraform init --backend-config=config.${TIER}.hcl - - terraform apply -auto-approve + #- terraform init --backend-config=config.${TIER}.hcl + #- terraform apply -auto-approve - cd .. # Creating terraform backend config and tfvars at run time and Run terraform to create resources for tenant @@ -114,15 +114,15 @@ phases: - envsubst < config.txt > config.${KEY}.hcl - envsubst ${KEY}.tfvars - terraform init --backend-config=config.${KEY}.hcl - - terraform apply --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards + - terraform destroy --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards # Push value to tenant management gitops repository - - chmod +x push-values.sh - - ./push-values.sh - - kubectl apply -f ${TIER}-argo-workflow.yaml --namespace argo-workflows || true - - kubectl apply -f argocd-application.yaml --namespace argocd || true - - sleep 240 # waiting time to spin up tenant pods + #- chmod +x push-values.sh + #- ./push-values.sh + #- kubectl apply -f ${TIER}-argo-workflow.yaml --namespace argo-workflows || true + #- kubectl apply -f argocd-application.yaml --namespace argocd || true + #- sleep 240 # waiting time to spin up tenant pods #- terraform apply -auto-approve --refresh=false # refresh is false to avoid unnecessary API hitting - - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true + #- kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true finally: @@ -134,7 +134,7 @@ phases: - export CREATE_USER=1 # To run the webhook which will send notification and create tenant first admin user in pooled database - node $WEBHOOK_PATH - - python push_to_dynamodb.py # pushing tenant config to dynamodb based on tenant_id mapping + #- python push_to_dynamodb.py # pushing tenant config to dynamodb based on tenant_id mapping diff --git a/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml index 2c12fced..9e578df4 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml +++ b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml @@ -57,7 +57,6 @@ spec: key: COGNITO_AUTH_CLIENT_ID - objectName: cognito_client_secret key: COGNITO_AUTH_CLIENT_SECRET - - objectName: cognito_user_pool_id key: COGNITO_USER_POOL_ID - objectName: vonage-api-key-secret @@ -122,7 +121,6 @@ spec: - objectName: {{ .Values.cognitosecret }} objectType: ssmparameter objectAlias: cognito_client_secret - - objectName: {{ .Values.cognitoUserPoolID }} objectType: ssmparameter objectAlias: cognito_user_pool_id From ee26aa1cf23bc9f25be8398f88f5f8cab74386b5 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 07:43:41 +0530 Subject: [PATCH 50/53] cognito related changes updated --- files/tenant-samples/bridge/buildspec.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/files/tenant-samples/bridge/buildspec.yaml b/files/tenant-samples/bridge/buildspec.yaml index baa53a05..0b3e4a83 100644 --- a/files/tenant-samples/bridge/buildspec.yaml +++ b/files/tenant-samples/bridge/buildspec.yaml @@ -105,8 +105,8 @@ phases: - envsubst < config.txt > config.${TIER}.hcl - envsubst ${TIER}.tfvars # Run Terraform to create pooled infra - #- terraform init --backend-config=config.${TIER}.hcl - #- terraform apply -auto-approve + - terraform init --backend-config=config.${TIER}.hcl + - terraform apply -auto-approve - cd .. # Creating terraform backend config and tfvars at run time and Run terraform to create resources for tenant @@ -114,15 +114,15 @@ phases: - envsubst < config.txt > config.${KEY}.hcl - envsubst ${KEY}.tfvars - terraform init --backend-config=config.${KEY}.hcl - - terraform destroy --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards + - terraform apply --var=canary_enabled=false -auto-approve # as tenant application is not up so canary will be run afterwards # Push value to tenant management gitops repository - #- chmod +x push-values.sh - #- ./push-values.sh - #- kubectl apply -f ${TIER}-argo-workflow.yaml --namespace argo-workflows || true - #- kubectl apply -f argocd-application.yaml --namespace argocd || true - #- sleep 240 # waiting time to spin up tenant pods + - chmod +x push-values.sh + - ./push-values.sh + - kubectl apply -f ${TIER}-argo-workflow.yaml --namespace argo-workflows || true + - kubectl apply -f argocd-application.yaml --namespace argocd || true + - sleep 240 # waiting time to spin up tenant pods #- terraform apply -auto-approve --refresh=false # refresh is false to avoid unnecessary API hitting - #- kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true + - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true finally: @@ -134,7 +134,7 @@ phases: - export CREATE_USER=1 # To run the webhook which will send notification and create tenant first admin user in pooled database - node $WEBHOOK_PATH - #- python push_to_dynamodb.py # pushing tenant config to dynamodb based on tenant_id mapping + - python push_to_dynamodb.py # pushing tenant config to dynamodb based on tenant_id mapping From 14b53204b62ec4c8d1c864b4c8564d1060106980 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 08:02:43 +0530 Subject: [PATCH 51/53] cognito related changes updated --- .../templates/authentication-service-deployment.yaml | 5 +++++ .../auth0/templates/secret-provider-class-and-sa.yaml | 8 +++++++- .../bridge/tenant-helm-chart/auth0/values.yaml.template | 3 ++- files/tenant-samples/bridge/terraform/data.tf | 1 + 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml index 99442569..a04c99e0 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml @@ -159,6 +159,11 @@ spec: secretKeyRef: name: api-token key: JWT_ISSUER + - name: AUTH0_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: AUTH0_CLIENT_SECRET {{- if .Values.imagePullSecret.enabled }} imagePullSecrets: - name: {{ .Values.imagePullSecret.name }} diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml index 5e80fe71..2cdefeff 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml @@ -50,6 +50,7 @@ spec: - objectName: video_confrencing_service_db_database key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE - objectName: notification_service_db_database + key: NOTIFICATION_SERVICE_DB_DATABASE - objectName: vonage-api-key-secret key: VONAGE_API_KEY_SECRET - objectName: pubnub-pub-key @@ -58,6 +59,8 @@ spec: key: PUBNUB_SUB_KEY - objectName: pubnub-secret-key key: PUBNUB_SECRET_KEY + - objectName: auth0-client-secret + key: AUTH0_CLIENT_SECRET parameters: # region: us-west-2 objects: | @@ -114,4 +117,7 @@ spec: objectAlias: pubnub-sub-key - objectName: {{ .Values.pubnubSecretKey }} objectType: ssmparameter - objectAlias: pubnub-secret-key \ No newline at end of file + objectAlias: pubnub-secret-key + - objectName: {{ .Values.auth0ClientSecret }} + objectType: ssmparameter + objectAlias: auth0-client-secret \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template index c1fb17c1..29a3532d 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template @@ -369,4 +369,5 @@ videoconfrencingdbdatabase: ${VIDEO_CONFRENCING_DATABASE} vonageSecret: /pubnub/vonage-api-key-secret pubnubPubKey: /pubnub/public-key pubnubSubKey: /pubnub/subscribe-key -pubnubSecretKey: /pubnub/secret-key \ No newline at end of file +pubnubSecretKey: /pubnub/secret-key +auth0ClientSecret: /sf-arc-saas/dev/auth0-client-secret \ No newline at end of file diff --git a/files/tenant-samples/bridge/terraform/data.tf b/files/tenant-samples/bridge/terraform/data.tf index 0e0f78e7..73db10ca 100644 --- a/files/tenant-samples/bridge/terraform/data.tf +++ b/files/tenant-samples/bridge/terraform/data.tf @@ -94,6 +94,7 @@ data "aws_iam_policy_document" "ssm_policy" { ] resources = ["arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/${var.tenant_tier}/*", "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/pubnub/*", + "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/auth0-client-secret", "arn:aws:cognito-idp:${var.region}:${local.sts_caller_arn}:*"] } } From eb6651759d0972874716aef347269dbf5afb94cc Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 09:31:39 +0530 Subject: [PATCH 52/53] auth0 related changes updated --- .../auth0/templates/cm-authentication-service.yaml | 6 +++--- .../auth0/templates/authentication-service-deployment.yaml | 5 +++++ .../auth0/templates/cm-authentication-service.yaml | 6 +++--- .../auth0/templates/secret-provider-class-and-sa.yaml | 7 ++++++- .../pooled/tenant-helm-chart/auth0/values.yaml.template | 3 ++- files/tenant-samples/pooled/terraform/data.tf | 1 + 6 files changed, 20 insertions(+), 8 deletions(-) diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml index 9ddb8c11..a1cfd761 100644 --- a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml @@ -13,7 +13,7 @@ data: LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' BASE_PATH: '{{ .Values.authenticationService.base_path }}' DB_SSL: '{{ .Values.authenticationService.db_ssl }}' - PRIVATE_DECRYPTION_KEY: '' - JWT_PRIVATE_KEY: '' - JWT_PUBLIC_KEY: '' + AUTH0_DOMAIN: "dev-db7dz4wg6ccbguer.us.auth0.com" + AUTH0_CLIENT_ID: "pluqd6RqaLilAn7p1kUFkNo20bxuwUK5" + AUTH0_CALLBACK_URL: "https://{{ .Values.hostname }}/authentication-service/auth/auth0-auth-redirect" {{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml index 99442569..a04c99e0 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml @@ -159,6 +159,11 @@ spec: secretKeyRef: name: api-token key: JWT_ISSUER + - name: AUTH0_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: AUTH0_CLIENT_SECRET {{- if .Values.imagePullSecret.enabled }} imagePullSecrets: - name: {{ .Values.imagePullSecret.name }} diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml index 9ddb8c11..a1cfd761 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml @@ -13,7 +13,7 @@ data: LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' BASE_PATH: '{{ .Values.authenticationService.base_path }}' DB_SSL: '{{ .Values.authenticationService.db_ssl }}' - PRIVATE_DECRYPTION_KEY: '' - JWT_PRIVATE_KEY: '' - JWT_PUBLIC_KEY: '' + AUTH0_DOMAIN: "dev-db7dz4wg6ccbguer.us.auth0.com" + AUTH0_CLIENT_ID: "pluqd6RqaLilAn7p1kUFkNo20bxuwUK5" + AUTH0_CALLBACK_URL: "https://{{ .Values.hostname }}/authentication-service/auth/auth0-auth-redirect" {{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml index 45c0d9e5..2cdefeff 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml @@ -59,6 +59,8 @@ spec: key: PUBNUB_SUB_KEY - objectName: pubnub-secret-key key: PUBNUB_SECRET_KEY + - objectName: auth0-client-secret + key: AUTH0_CLIENT_SECRET parameters: # region: us-west-2 objects: | @@ -115,4 +117,7 @@ spec: objectAlias: pubnub-sub-key - objectName: {{ .Values.pubnubSecretKey }} objectType: ssmparameter - objectAlias: pubnub-secret-key \ No newline at end of file + objectAlias: pubnub-secret-key + - objectName: {{ .Values.auth0ClientSecret }} + objectType: ssmparameter + objectAlias: auth0-client-secret \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template index c1fb17c1..29a3532d 100644 --- a/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template @@ -369,4 +369,5 @@ videoconfrencingdbdatabase: ${VIDEO_CONFRENCING_DATABASE} vonageSecret: /pubnub/vonage-api-key-secret pubnubPubKey: /pubnub/public-key pubnubSubKey: /pubnub/subscribe-key -pubnubSecretKey: /pubnub/secret-key \ No newline at end of file +pubnubSecretKey: /pubnub/secret-key +auth0ClientSecret: /sf-arc-saas/dev/auth0-client-secret \ No newline at end of file diff --git a/files/tenant-samples/pooled/terraform/data.tf b/files/tenant-samples/pooled/terraform/data.tf index b4a14ea0..1c33564e 100644 --- a/files/tenant-samples/pooled/terraform/data.tf +++ b/files/tenant-samples/pooled/terraform/data.tf @@ -81,6 +81,7 @@ data "aws_iam_policy_document" "ssm_policy" { ] resources = ["arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/${var.tenant_tier}/*", "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/pubnub/*", + "arn:aws:ssm:${var.region}:${local.sts_caller_arn}:parameter/${var.namespace}/${var.environment}/auth0-client-secret", "arn:aws:cognito-idp:${var.region}:${local.sts_caller_arn}:*"] } } From 1543e6f032146735c23ccc54981c4a2e56465141 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Thu, 17 Oct 2024 09:53:59 +0530 Subject: [PATCH 53/53] auth0 related changes updated --- files/tenant-samples/bridge/buildspec.yaml | 2 +- files/tenant-samples/silo/buildspec.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files/tenant-samples/bridge/buildspec.yaml b/files/tenant-samples/bridge/buildspec.yaml index 0b3e4a83..d55aae66 100644 --- a/files/tenant-samples/bridge/buildspec.yaml +++ b/files/tenant-samples/bridge/buildspec.yaml @@ -120,7 +120,7 @@ phases: - ./push-values.sh - kubectl apply -f ${TIER}-argo-workflow.yaml --namespace argo-workflows || true - kubectl apply -f argocd-application.yaml --namespace argocd || true - - sleep 240 # waiting time to spin up tenant pods + - sleep 300 # waiting time to spin up tenant pods #- terraform apply -auto-approve --refresh=false # refresh is false to avoid unnecessary API hitting - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true diff --git a/files/tenant-samples/silo/buildspec.yaml b/files/tenant-samples/silo/buildspec.yaml index 1704db88..7d2d3ecd 100644 --- a/files/tenant-samples/silo/buildspec.yaml +++ b/files/tenant-samples/silo/buildspec.yaml @@ -114,7 +114,7 @@ phases: - chmod +x push-values.sh - ./push-values.sh # push values to tenant management gitops repository - kubectl apply -f argocd-application.yaml --namespace argocd || true - - sleep 240 # waiting time to spin up tenant pods + - sleep 300 # waiting time to spin up tenant pods #- terraform apply -auto-approve --refresh=false # refresh is false to avoid API hitting - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true finally: