commit

Author: phrocker

.local.env

@@ -6,4 +6,4 @@ SENTRIUS_AI_AGENT_VERSION=1.1.263
 LLMPROXY_VERSION=1.0.78
 LAUNCHER_VERSION=1.0.82
 AGENTPROXY_VERSION=1.0.85
-SSHPROXY_VERSION=1.0.3
+SSHPROXY_VERSION=1.0.6

.local.env.bak

@@ -6,4 +6,4 @@ SENTRIUS_AI_AGENT_VERSION=1.1.263
 LLMPROXY_VERSION=1.0.78
 LAUNCHER_VERSION=1.0.82
 AGENTPROXY_VERSION=1.0.85
-SSHPROXY_VERSION=1.0.3
+SSHPROXY_VERSION=1.0.6

pom.xml

@@ -484,11 +484,12 @@
           <dependenciesToScan>
             <dependency>org.junit.jupiter</dependency>
           </dependenciesToScan>
+            <!--
           <providers>
             <provider>
               <name>junit-platform</name>
             </provider>
-          </providers>
+          </providers> -->
         </configuration>
       </plugin>
       <plugin>

sentrius-chart/templates/configmap.yaml

@@ -478,59 +478,70 @@ data:
     twopartyapproval.require.explanation.LOCKING_SYSTEMS=false
     canApproveOwnJITs=false
     yamlConfiguration=/app/demoInstaller.yml
-sshproxy-application.properties: |
-  keystore.file=sso.jceks
-  keystore.password=${KEYSTORE_PASSWORD}
-  keystore.alias=KEYBOX-ENCRYPTION_KEY
-  spring.thymeleaf.enabled=true
-  spring.freemarker.enabled=false
-  management.metrics.enable.system.processor={{ .Values.metrics.enabled }}
-  spring.autoconfigure.exclude={{ .Values.metrics.class.exclusion }}
-  #flyway configuration
-  spring.main.web-application-type=reactive
-  spring.flyway.enabled=false
-  logging.level.org.springframework.web=INFO
-  logging.level.org.springframework.security=INFO
-  logging.level.io.sentrius=DEBUG
-  logging.level.org.thymeleaf=INFO
-  spring.thymeleaf.servlet.produce-partial-output-while-processing=false
-  spring.servlet.multipart.enabled=true
-  spring.servlet.multipart.max-file-size=10MB
-  spring.servlet.multipart.max-request-size=10MB
-  server.error.whitelabel.enabled=false
-  dynamic.properties.path=/config/dynamic.properties
-  keycloak.realm=sentrius
-  keycloak.base-url={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}
-  agent.api.url={{ .Values.sentriusDomain }}
-  # Keycloak configuration
-  spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.agentproxy.oauth2.client_id }}
-  spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET}
-  spring.security.oauth2.client.registration.keycloak.authorization-grant-type={{ .Values.sentriusagent.oauth2.authorization_grant_type }}
-  #spring.security.oauth2.client.registration.keycloak.redirect-uri={{ .Values.sentriusDomain }}/login/oauth2/code/keycloak
-  #spring.security.oauth2.client.registration.keycloak.scope={{ .Values.sentriusagent.oauth2.scope }}
-  spring.security.oauth2.resourceserver.jwt.issuer-uri={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}/realms/sentrius
-  spring.security.oauth2.client.provider.keycloak.issuer-uri={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}/realms/sentrius
-  # OTEL settings
-  otel.traces.exporter=otlp
-  otel.metrics.exporter=none
-  otel.logs.exporter=none
-  otel.exporter.otlp.endpoint=http://sentrius-jaeger:4317
-  otel.resource.attributes.service.name=integration-proxy
-  otel.traces.sampler=always_on
-  otel.exporter.otlp.timeout=10s
-  otel.exporter.otlp.protocol=grpc
-  provenance.kafka.topic=sentrius-provenance
-  # Serialization
-  spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
-  spring.kafka.producer.value-serializer=org.springframework.kafka.support.serializer.JsonSerializer
-  spring.kafka.producer.properties.spring.json.trusted.packages=io.sentrius.*
-  # Reliability
-  spring.kafka.producer.retries=5
-  spring.kafka.producer.acks=all
-  # Timeout tuning
-  spring.kafka.producer.request-timeout-ms=10000
-  spring.kafka.producer.delivery-timeout-ms=30000
-  spring.kafka.properties.max.block.ms=500
-  spring.kafka.properties.metadata.max.age.ms=10000
-  spring.kafka.properties.retry.backoff.ms=1000
-  spring.kafka.bootstrap-servers=sentrius-kafka:9092
+  sshproxy-application.properties: |
+    keystore.file=sso.jceks
+    keystore.password=${KEYSTORE_PASSWORD}
+    keystore.alias=KEYBOX-ENCRYPTION_KEY
+    spring.thymeleaf.enabled=true
+    spring.freemarker.enabled=false
+    management.metrics.enable.system.processor={{ .Values.metrics.enabled }}
+    spring.autoconfigure.exclude={{ .Values.metrics.class.exclusion }}
+    #flyway configuration
+    spring.main.web-application-type=reactive
+    spring.flyway.enabled=false
+    logging.level.org.springframework.web=INFO
+    logging.level.org.springframework.security=INFO
+    logging.level.io.sentrius=DEBUG
+    logging.level.org.thymeleaf=INFO
+    spring.main.web-application-type=servlet
+    spring.thymeleaf.servlet.produce-partial-output-while-processing=false
+    spring.servlet.multipart.enabled=true
+    spring.servlet.multipart.max-file-size=10MB
+    spring.servlet.multipart.max-request-size=10MB
+    server.error.whitelabel.enabled=false
+    dynamic.properties.path=/config/dynamic.properties
+    keycloak.realm=sentrius
+    keycloak.base-url={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}
+    agent.api.url={{ .Values.sentriusDomain }}
+    # Keycloak configuration
+    spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.agentproxy.oauth2.client_id }}
+    spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET}
+    spring.security.oauth2.client.registration.keycloak.authorization-grant-type={{ .Values.sentriusagent.oauth2.authorization_grant_type }}
+    #spring.security.oauth2.client.registration.keycloak.redirect-uri={{ .Values.sentriusDomain }}/login/oauth2/code/keycloak
+    #spring.security.oauth2.client.registration.keycloak.scope={{ .Values.sentriusagent.oauth2.scope }}
+    spring.security.oauth2.resourceserver.jwt.issuer-uri={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}/realms/sentrius
+    spring.security.oauth2.client.provider.keycloak.issuer-uri={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}/realms/sentrius
+    # OTEL settings
+    otel.traces.exporter=otlp
+    otel.metrics.exporter=none
+    otel.logs.exporter=none
+    otel.exporter.otlp.endpoint=http://sentrius-jaeger:4317
+    otel.resource.attributes.service.name=integration-proxy
+    otel.traces.sampler=always_on
+    otel.exporter.otlp.timeout=10s
+    otel.exporter.otlp.protocol=grpc
+    provenance.kafka.topic=sentrius-provenance
+    # Serialization
+    spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
+    spring.kafka.producer.value-serializer=org.springframework.kafka.support.serializer.JsonSerializer
+    spring.kafka.producer.properties.spring.json.trusted.packages=io.sentrius.*
+    # Reliability
+    spring.kafka.producer.retries=5
+    spring.kafka.producer.acks=all
+    # Timeout tuning
+    spring.kafka.producer.request-timeout-ms=10000
+    spring.kafka.producer.delivery-timeout-ms=30000
+    spring.kafka.properties.max.block.ms=500
+    spring.kafka.properties.metadata.max.age.ms=10000
+    spring.kafka.properties.retry.backoff.ms=1000
+    spring.kafka.bootstrap-servers=sentrius-kafka:9092
+    # SSH Proxy settings
+    sentrius.ssh-proxy.enabled=true
+    sentrius.ssh-proxy.port=2222
+    sentrius.ssh-proxy.host-key-path=/tmp/ssh-proxy-hostkey.ser
+    sentrius.ssh-proxy.max-concurrent-sessions=100
+    management.endpoints.web.exposure.include=health
+    management.endpoint.health.show-details=always
+    spring.datasource.url=jdbc:postgresql://sentrius-postgres:5432/sentrius
+    spring.datasource.username=${SPRING_DATASOURCE_USERNAME}
+    spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}

sentrius-chart/templates/ssh-proxy-deployment.yaml

@@ -22,7 +22,7 @@ spec:
           ports:
             - containerPort: {{ .Values.sshproxy.port }}
               name: ssh
-            - containerPort: 8090
+            - containerPort: 8080
               name: http
           env:
             - name: SENTRIUS_SSH_PROXY_ENABLED
@@ -35,8 +35,26 @@ spec:
               value: "{{ .Values.sshproxy.connection.keepAliveInterval }}"
             - name: SENTRIUS_SSH_PROXY_CONNECTION_MAX_RETRIES
               value: "{{ .Values.sshproxy.connection.maxRetries }}"
+            - name: SPRING_DATASOURCE_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-db-secret
+                  key: db-username
+            - name: SPRING_DATASOURCE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-db-secret
+                  key: db-password
+            - name: KEYSTORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-db-secret
+                  key: keystore-password
           resources:
             {{- toYaml .Values.sshproxy.resources | nindent 12 }}
+          volumeMounts:
+            - name: config-volume
+              mountPath: /config
           livenessProbe:
             httpGet:
               path: /actuator/health
@@ -48,4 +66,8 @@ spec:
               path: /actuator/health
               port: http
             initialDelaySeconds: 5
-            periodSeconds: 5
+            periodSeconds: 5
+      volumes:
+        - name: config-volume
+          configMap:
+            name: {{ .Release.Name }}-config

sentrius-chart/templates/ssh-proxy-service.yaml

@@ -15,9 +15,5 @@ spec:
       {{- if and (eq .Values.sshproxy.serviceType "NodePort") .Values.sshproxy.nodePort }}
       nodePort: {{ .Values.sshproxy.nodePort }}
       {{- end }}
-    - port: 8090
-      targetPort: 8090
-      protocol: TCP
-      name: http
   selector:
     app: sentrius-ssh-proxy

sentrius-chart/values.yaml

@@ -375,7 +375,7 @@ sshproxy:
     tag: tag
     pullPolicy: IfNotPresent
   port: 2222
-  serviceType: ClusterIP
+  serviceType: NodePort
   nodePort: 30022  # Only used if serviceType is NodePort
   resources: {}
   connection: