app-auth

Author: Your Name

charts/opencloud-full/templates/_common/_tplvalues.tpl

@@ -77,6 +77,7 @@ Adds the app names to the scope and set the name of the app based on the input p
   {{- $_ := set .scope "appNameAppRegistry" "appregistry" -}}
   {{- $_ := set .scope "appNameAudit" "audit" -}}
   {{- $_ := set .scope "appNameAuthMachine" "authmachine" -}}
+  {{- $_ := set .scope "appNameAuthApp" "authapp" -}}
   {{- $_ := set .scope "appNameAuthService" "authservice" -}}
   {{- $_ := set .scope "appNameAntivirus" "antivirus" -}}
   {{- $_ := set .scope "appNameClientlog" "clientlog" -}}

charts/opencloud-full/templates/auth-app-2/configmap.yaml

@@ -0,0 +1,5 @@
+{{- if not .Values.configRefs.authServiceConfigRef }}
+{{- $params := (dict)}}
+{{- $_ := set $params "service-account-id" (uuidv4) }}
+{{- include "oc.configMap" (dict "scope" . "name" "auth-service" "params" $params)}}
+{{- end }}

charts/opencloud-full/templates/auth-app-2/deployment.yaml

@@ -0,0 +1,90 @@
+{{- include "oc.basicServiceTemplates" (dict "scope" . "appName" "appNameAuthService" "appNameSuffix" "") -}}
+apiVersion: apps/v1
+kind: Deployment
+{{ include "oc.metadata" . }}
+spec:
+  {{- include "oc.selector" . | nindent 2 }}
+  {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }}
+  replicas: {{ .Values.replicas }}
+  {{- end }}
+  {{- include "oc.deploymentStrategy" . | nindent 2 }}
+  template:
+    {{- include "oc.templateMetadata" (dict "scope" $ "configCheck" false) | nindent 4 }}
+    spec:
+      {{- include "oc.affinity" $ | nindent 6 }}
+      {{- include "oc.securityContextAndtopologySpreadConstraints" . | nindent 6 }}
+      {{- include "oc.priorityClassName" $.priorityClassName | nindent 6 }}
+      {{- include "oc.hostAliases" $ | nindent 6 }}
+      nodeSelector: {{ toYaml $.nodeSelector | nindent 8 }}
+      containers:
+        - name: {{ .appName }}
+          {{- include "oc.image" $ | nindent 10 }}
+          command: ["opencloud"]
+          args: ["auth-service", "server"]
+          {{- include "oc.containerSecurityContext" . | nindent 10 }}
+          env:
+            {{- include "oc.serviceRegistry" . | nindent 12 }}
+
+            - name: AUTH_SERVICE_LOG_COLOR
+              value: {{ .Values.logging.color | quote }}
+            - name: AUTH_SERVICE_LOG_LEVEL
+              value: {{ .Values.logging.level | quote }}
+            - name: AUTH_SERVICE_LOG_PRETTY
+              value: {{ .Values.logging.pretty | quote }}
+
+            - name: AUTH_SERVICE_TRACING_ENABLED
+              value: "{{ .Values.tracing.enabled }}"
+            - name: AUTH_SERVICE_TRACING_TYPE
+              value: {{ .Values.tracing.type | quote }}
+            - name: AUTH_SERVICE_TRACING_ENDPOINT
+              value: {{ .Values.tracing.endpoint | quote }}
+            - name: AUTH_SERVICE_TRACING_COLLECTOR
+              value: {{ .Values.tracing.collector | quote }}
+
+            - name: AUTH_SERVICE_DEBUG_PPROF
+              value: {{ .Values.debug.profiling | quote }}
+
+            - name: AUTH_SERVICE_GRPC_ADDR
+              value: 0.0.0.0:9616
+            - name: AUTH_SERVICE_DEBUG_ADDR
+              value: 0.0.0.0:9617
+
+            - name: AUTH_SERVICE_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "secrets.jwtSecret" . }}
+                  key: jwt-secret
+
+            - name: AUTH_SERVICE_SERVICE_ACCOUNT_ID
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ include "config.authService" . }}
+                  key: service-account-id
+            - name: AUTH_SERVICE_SERVICE_ACCOUNT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "secrets.serviceAccountSecret" . }}
+                  key: service-account-secret
+
+            {{- include "oc.caEnv" $ | nindent 12}}
+
+          {{- include "oc.livenessProbe" . | nindent 10 }}
+
+          resources: {{ toYaml .resources | nindent 12 }}
+
+          ports:
+            - name: grpc
+              containerPort: 9616
+            - name: metrics-debug
+              containerPort: 9617
+
+          volumeMounts:
+            - name: tmp-volume
+              mountPath: /tmp
+            {{- include "oc.caPath" $ | nindent 12}}
+
+      {{- include "oc.imagePullSecrets" $ | nindent 6 }}
+      volumes:
+        - name: tmp-volume
+          emptyDir: {}
+        {{- include "oc.caVolume" $ | nindent 8}}

charts/opencloud-full/templates/auth-app-2/hpa.yaml

@@ -0,0 +1,3 @@
+{{- include "oc.basicServiceTemplates" (dict "scope" . "appName" "appNameAuthService" "appNameSuffix" "") -}}
+{{- $_ := set . "autoscaling" (default (default (dict) .Values.autoscaling) .Values.services.authservice.autoscaling) -}}
+{{ include "oc.hpa" . }}

charts/opencloud-full/templates/auth-app-2/pdb.yaml

@@ -0,0 +1,2 @@
+{{- include "oc.basicServiceTemplates" (dict "scope" . "appName" "appNameAuthService" "appNameSuffix" "") -}}
+{{ include "oc.pdb" . }}

charts/opencloud-full/templates/auth-app-2/secret.yaml

@@ -0,0 +1,5 @@
+{{- if not .Values.secretRefs.serviceAccountSecretRef }}
+{{- $params := (dict)}}
+{{- $_ := set $params "service-account-secret" (randAlphaNum 30) }}
+{{- include "oc.secret" (dict "scope" . "name" "service-account-secret" "params" $params)}}
+{{- end }}

charts/opencloud-full/templates/auth-app-2/service.yaml

@@ -0,0 +1,22 @@
+{{- include "oc.basicServiceTemplates" (dict "scope" . "appName" "appNameAuthService" "appNameSuffix" "") -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .appName }}
+  namespace: {{ template "oc.namespace" . }}
+  labels:
+    app: {{ .appName }}
+    oc-metrics: enabled
+    {{- include "oc.labels" . | nindent 4 }}
+spec:
+  selector:
+    app: {{ .appName }}
+  ports:
+    - name: grpc
+      port: 9616
+      protocol: TCP
+      appProtocol: {{ .Values.service.appProtocol.grpc | quote}}
+    - name: metrics-debug
+      port: 9617
+      protocol: TCP
+      appProtocol: {{ .Values.service.appProtocol.http | quote}}

charts/opencloud-full/templates/auth-app/deployment.yaml

@@ -0,0 +1,87 @@
+{{- include "oc.basicServiceTemplates" (dict "scope" . "appName" "appNameAuthApp" "appNameSuffix" "") -}}
+apiVersion: apps/v1
+kind: Deployment
+{{ include "oc.metadata" . }}
+spec:
+  {{- include "oc.selector" . | nindent 2 }}
+  {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }}
+  replicas: {{ .Values.replicas }}
+  {{- end }}
+  {{- include "oc.deploymentStrategy" . | nindent 2 }}
+  template:
+    {{- include "oc.templateMetadata" (dict "scope" $ "configCheck" false) | nindent 4 }}
+    spec:
+      {{- include "oc.affinity" $ | nindent 6 }}
+      {{- include "oc.securityContextAndtopologySpreadConstraints" . | nindent 6 }}
+      {{- include "oc.priorityClassName" $.priorityClassName | nindent 6 }}
+      {{- include "oc.hostAliases" $ | nindent 6 }}
+      nodeSelector: {{ toYaml $.nodeSelector | nindent 8 }}
+      containers:
+        - name: {{ .appName }}
+          {{- include "oc.image" $ | nindent 10 }}
+          command: ["opencloud"]
+          args: ["auth-app", "server"]
+          {{- include "oc.containerSecurityContext" . | nindent 10 }}
+          env:
+            {{- include "oc.serviceRegistry" . | nindent 12 }}
+
+            - name: AUTH_APP_LOG_COLOR
+              value: {{ .Values.logging.color | quote }}
+            - name: AUTH_APP_LOG_LEVEL
+              value: {{ .Values.logging.level | quote }}
+            - name: AUTH_APP_LOG_PRETTY
+              value: {{ .Values.logging.pretty | quote }}
+
+            - name: AUTH_APP_TRACING_ENABLED
+              value: "{{ .Values.tracing.enabled }}"
+            - name: AUTH_APP_TRACING_TYPE
+              value: {{ .Values.tracing.type | quote }}
+            - name: AUTH_APP_TRACING_ENDPOINT
+              value: {{ .Values.tracing.endpoint | quote }}
+            - name: AUTH_APP_TRACING_COLLECTOR
+              value: {{ .Values.tracing.collector | quote }}
+
+            - name: AUTH_APP_DEBUG_PPROF
+              value: {{ .Values.debug.profiling | quote }}
+
+            - name: AUTH_APP_GRPC_ADDR
+              value: 127.0.0.1:9246
+            - name: AUTH_APP_DEBUG_ADDR
+              value: 127.0.0.1:9245
+            - name: AUTH_APP_HTTP_ADDR
+              value: 127.0.0.1:9247
+            - name: AUTH_APP_HTTP_ROOT
+              value: /
+
+            - name: AUTH_APP_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "secrets.jwtSecret" . }}
+                  key: jwt-secret
+
+
+
+            {{- include "oc.caEnv" $ | nindent 12}}
+
+          {{- include "oc.livenessProbe" . | nindent 10 }}
+
+          resources: {{ toYaml .resources | nindent 12 }}
+
+          ports:
+            - name: grpc
+              containerPort: 9246
+            - name: http
+              containerPort: 9247
+            - name: metrics-debug
+              containerPort: 9245
+
+          volumeMounts:
+            - name: tmp-volume
+              mountPath: /tmp
+            {{- include "oc.caPath" $ | nindent 12}}
+
+      {{- include "oc.imagePullSecrets" $ | nindent 6 }}
+      volumes:
+        - name: tmp-volume
+          emptyDir: {}
+        {{- include "oc.caVolume" $ | nindent 8}}

charts/opencloud-full/templates/auth-app/hpa.yaml

@@ -0,0 +1,3 @@
+{{- include "oc.basicServiceTemplates" (dict "scope" . "appName" "appNameAuthApp" "appNameSuffix" "") -}}
+{{- $_ := set . "autoscaling" (default (default (dict) .Values.autoscaling) .Values.services.authmachine.autoscaling) -}}
+{{ include "oc.hpa" . }}

charts/opencloud-full/templates/auth-app/pdb.yaml

@@ -0,0 +1,2 @@
+{{- include "oc.basicServiceTemplates" (dict "scope" . "appName" "appNameAuthApp" "appNameSuffix" "") -}}
+{{ include "oc.pdb" . }}