From 24b82cda7aa6cab989bc38a85f163acbfad0140e Mon Sep 17 00:00:00 2001 From: Nicolas Date: Fri, 22 Aug 2025 12:04:36 +0800 Subject: [PATCH] magicleaps' authentication --- magicleaps/helm-pkg/authentication/Chart.yaml | 6 + .../authentication/authentication-config.yaml | 18 + .../templates/authentication/certificate.yaml | 27 + .../templates/authentication/dashboard.yaml | 865 ++++++++++++++++++ .../templates/authentication/deployment.yaml | 128 +++ .../authentication/freeleapssecret.yaml | 20 + .../templates/authentication/ingress.yaml | 36 + .../authentication/opentelemetry-rbac.yaml | 46 + .../authentication/opentelemetry.yaml | 115 +++ .../templates/authentication/service.yaml | 26 + .../authentication/servicemonitor.yaml | 40 + .../templates/authentication/vpa.yaml | 32 + .../helm-pkg/authentication/values.alpha.yaml | 121 +++ .../helm-pkg/authentication/values.prod.yaml | 121 +++ .../helm-pkg/authentication/values.yaml | 121 +++ 15 files changed, 1722 insertions(+) create mode 100644 magicleaps/helm-pkg/authentication/Chart.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/certificate.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/dashboard.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/deployment.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/freeleapssecret.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/ingress.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/service.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/servicemonitor.yaml create mode 100644 magicleaps/helm-pkg/authentication/templates/authentication/vpa.yaml create mode 100644 magicleaps/helm-pkg/authentication/values.alpha.yaml create mode 100644 magicleaps/helm-pkg/authentication/values.prod.yaml create mode 100644 magicleaps/helm-pkg/authentication/values.yaml diff --git a/magicleaps/helm-pkg/authentication/Chart.yaml b/magicleaps/helm-pkg/authentication/Chart.yaml new file mode 100644 index 00000000..e49196db --- /dev/null +++ b/magicleaps/helm-pkg/authentication/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: magicleaps-authentication +description: A Helm Chart of magicleaps authentication service, powered by Freeleaps. +type: application +version: 0.0.1 +appVersion: "0.0.1" diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml new file mode 100644 index 00000000..246cd018 --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: magicleaps-authentication-config + namespace: {{ .Release.Namespace }} +type: Opaque +data: + TZ: {{ .Values.authentication.configs.tz | b64enc | quote }} + APP_NAME: {{ .Values.authentication.configs.appName | b64enc | quote }} + DEVSVC_WEBAPI_URL_BASE: {{ .Values.authentication.configs.devsvcWebapiUrlBase | b64enc | quote }} + NOTIFICATION_WEBAPI_URL_BASE: {{ .Values.authentication.configs.notificationWebapiUrlBase | b64enc | quote }} + JWT_ALGORITHM: {{ .Values.authentication.configs.jwtAlgorithm | b64enc | quote }} + SERVICE_API_ACCESS_HOST: {{ .Values.authentication.configs.serviceApiAccessHost | b64enc | quote }} + SERVICE_API_ACCESS_PORT: {{ .Values.authentication.configs.serviceApiAccessPort | toString | b64enc }} + MONGODB_NAME: {{ .Values.authentication.configs.mongodbName | b64enc | quote }} + MONGODB_PORT: {{ .Values.authentication.configs.mongodbPort | toString | b64enc }} + METRICS_ENABLED: {{ .Values.authentication.configs.metricsEnabled | default false | toString | b64enc }} + PROBES_ENABLED: {{ .Values.authentication.configs.probesEnabled | default false | toString | b64enc }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/certificate.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/certificate.yaml new file mode 100644 index 00000000..3d4d0374 --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/certificate.yaml @@ -0,0 +1,27 @@ +{{ $namespace := .Release.Namespace }} +{{ $appVersion := .Chart.AppVersion | quote }} +{{ $releaseCertificate := .Release.Service }} +{{ $releaseName := .Release.Name }} +{{- range $ingress := .Values.authentication.ingresses }} +{{- if not $ingress.tls.exists }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $ingress.name }} + namespace: {{ $namespace }} + labels: + app.kubernetes.io/version: {{ $appVersion }} + app.kubernetes.io/name: {{ $ingress.name | quote }} + app.kubernetes.io/managed-by: {{ $releaseCertificate }} + app.kubernetes.io/instance: {{ $releaseName }} +spec: + commonName: {{ $ingress.host }} + dnsNames: + - {{ $ingress.host }} + issuerRef: + name: {{ $ingress.tls.issuerRef.name }} + kind: {{ $ingress.tls.issuerRef.kind }} + secretName: {{ $ingress.tls.name }} +{{- end }} +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/dashboard.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/dashboard.yaml new file mode 100644 index 00000000..159c084b --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/dashboard.yaml @@ -0,0 +1,865 @@ +{{- if .Values.dashboard.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.dashboard.name }} + namespace: {{ .Values.dashboard.namespace }} + labels: + grafana_dashboard: "1" +data: + {{ .Values.dashboard.name }}.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 36, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 9, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.5.2", + "targets": [ + { + "$$hashKey": "object:214", + "datasource": { + "type": "prometheus", + "uid": "e4584a9f-5364-4b3d-a851-7abbc5250820" + }, + "editorMode": "code", + "expr": "increase({{ .Values.dashboard.metricsPrefix }}_http_requests_total[1m])", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ `{{ method }} {{ handler }}` }}", + "range": true, + "refId": "A" + } + ], + "title": "Total requests per minute", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "4xx" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "HTTP 500" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 9, + "y": 0 + }, + "id": 13, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.5.2", + "targets": [ + { + "$$hashKey": "object:140", + "datasource": { + "type": "prometheus", + "uid": "e4584a9f-5364-4b3d-a851-7abbc5250820" + }, + "editorMode": "code", + "expr": "sum by (status) (rate({{ .Values.dashboard.metricsPrefix }}_http_requests_total[1m]))", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ `{{ status }}` }}", + "range": true, + "refId": "A" + } + ], + "title": "Request per minute", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#c15c17", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 19, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.5.2", + "targets": [ + { + "$$hashKey": "object:766", + "datasource": { + "type": "prometheus", + "uid": "e4584a9f-5364-4b3d-a851-7abbc5250820" + }, + "editorMode": "code", + "expr": "sum(rate({{ .Values.dashboard.metricsPrefix }}_http_requests_total{status=\"5xx\"}[1m]))", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "errors", + "range": true, + "refId": "A" + } + ], + "title": "Errors per second", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 0, + "y": 7 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.5.2", + "targets": [ + { + "$$hashKey": "object:146", + "datasource": { + "type": "prometheus", + "uid": "e4584a9f-5364-4b3d-a851-7abbc5250820" + }, + "editorMode": "code", + "expr": "{{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_sum{handler!=\"none\"} / {{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_count", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ `{{ handler }}` }}", + "range": true, + "refId": "A" + } + ], + "title": "Average response time", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "max": 1, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 9, + "y": 7 + }, + "id": 11, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.5.2", + "targets": [ + { + "$$hashKey": "object:1079", + "datasource": { + "type": "prometheus", + "uid": "e4584a9f-5364-4b3d-a851-7abbc5250820" + }, + "editorMode": "code", + "expr": "increase({{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_bucket{le=\"0.1\"}[1m]) \n/ ignoring (le) increase({{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_count[1m])", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ `{{ handler }}` }}", + "refId": "A" + } + ], + "title": "Requests under 100ms", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "line+area" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "transparent", + "value": null + }, + { + "color": "red", + "value": 0 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 9, + "x": 0, + "y": 15 + }, + "id": 16, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.5.2", + "targets": [ + { + "$$hashKey": "object:426", + "datasource": { + "type": "prometheus", + "uid": "e4584a9f-5364-4b3d-a851-7abbc5250820" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.9, rate({{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_bucket{handler!=\"none\"}[1m]))", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ `{{ handler }}` }}", + "range": true, + "refId": "A" + } + ], + "title": "Request duration [s] - p90", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 25, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 9, + "y": 15 + }, + "id": 15, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.5.2", + "targets": [ + { + "$$hashKey": "object:426", + "datasource": { + "type": "prometheus", + "uid": "e4584a9f-5364-4b3d-a851-7abbc5250820" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.5, rate({{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_bucket{handler!=\"none\"}[1m]))", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ `{{ handler }}` }}", + "range": true, + "refId": "A" + } + ], + "title": "Request duration [s] - p50", + "type": "timeseries" + } + ], + "preload": false, + "refresh": "5s", + "schemaVersion": 40, + "tags": ["magicleaps", "authentication"], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [] + }, + "timezone": "", + "title": "{{ .Values.dashboard.title }}", + "uid": "", + "version": 11, + "weekStart": "" + } +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/deployment.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/deployment.yaml new file mode 100644 index 00000000..3cd1f4ed --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/deployment.yaml @@ -0,0 +1,128 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/name: "magicleaps-authentication" + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.logIngest.enabled }} + annotations: + opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/opentelemetry.yaml") . | sha256sum }} +{{- end }} + name: "magicleaps-authentication" + namespace: {{ .Release.Namespace | quote }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: "magicleaps-authentication" + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + replicas: {{ .Values.authentication.replicas }} + template: + metadata: + labels: + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/name: "magicleaps-authentication" + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + annotations: + app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/authentication-config.yaml") . | sha256sum }} +{{- if .Values.logIngest.enabled }} + opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/opentelemetry.yaml") . | sha256sum }} + sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector" +{{- end }} + spec: +{{- if .Values.logIngest.enabled }} + serviceAccountName: "{{ .Release.Name }}-otel-collector" +{{- end }} + containers: + - name: "magicleaps-authentication" + image: "{{ coalesce .Values.authentication.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.authentication.image.repository .Values.global.repository }}/{{ .Values.authentication.image.name }}:{{ .Values.authentication.image.tag | default "latest" }}" + imagePullPolicy: {{ .Values.authentication.image.imagePullPolicy | default "IfNotPresent" }} + ports: + {{- range $port := .Values.authentication.ports }} + - containerPort: {{ $port.containerPort }} + name: {{ $port.name }} + protocol: {{ $port.protocol }} + {{- end }} + {{- if .Values.authentication.resources }} + resources: + {{- toYaml .Values.authentication.resources | nindent 12 }} + {{- end }} + {{- if .Values.authentication.probes }} + {{- if and (.Values.authentication.probes.liveness) (eq .Values.authentication.probes.liveness.type "httpGet") }} + livenessProbe: + httpGet: + path: {{ .Values.authentication.probes.liveness.config.path }} + port: {{ .Values.authentication.probes.liveness.config.port }} + {{- if .Values.authentication.probes.liveness.config.initialDelaySeconds }} + initialDelaySeconds: {{ .Values.authentication.probes.liveness.config.initialDelaySeconds }} + {{- end }} + {{- if .Values.authentication.probes.liveness.config.periodSeconds }} + periodSeconds: {{ .Values.authentication.probes.liveness.config.periodSeconds }} + {{- end }} + {{- if .Values.authentication.probes.liveness.config.timeoutSeconds }} + timeoutSeconds: {{ .Values.authentication.probes.liveness.config.timeoutSeconds }} + {{- end }} + {{- if .Values.authentication.probes.liveness.config.successThreshold }} + successThreshold: {{ .Values.authentication.probes.liveness.config.successThreshold }} + {{- end }} + {{- if .Values.authentication.probes.liveness.config.failureThreshold }} + failureThreshold: {{ .Values.authentication.probes.liveness.config.failureThreshold }} + {{- end }} + {{- if .Values.authentication.probes.liveness.config.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.authentication.probes.liveness.config.terminationGracePeriodSeconds }} + {{- end }} + {{- end }} + {{- if and (.Values.authentication.probes.readiness) (eq .Values.authentication.probes.readiness.type "httpGet") }} + readinessProbe: + httpGet: + path: {{ .Values.authentication.probes.readiness.config.path }} + port: {{ .Values.authentication.probes.readiness.config.port }} + {{- if .Values.authentication.probes.readiness.config.initialDelaySeconds }} + initialDelaySeconds: {{ .Values.authentication.probes.readiness.config.initialDelaySeconds }} + {{- end }} + {{- if .Values.authentication.probes.readiness.config.periodSeconds }} + periodSeconds: {{ .Values.authentication.probes.readiness.config.periodSeconds }} + {{- end }} + {{- if .Values.authentication.probes.readiness.config.timeoutSeconds }} + timeoutSeconds: {{ .Values.authentication.probes.readiness.config.timeoutSeconds }} + {{- end }} + {{- if .Values.authentication.probes.readiness.config.successThreshold }} + successThreshold: {{ .Values.authentication.probes.readiness.config.successThreshold }} + {{- end }} + {{- if .Values.authentication.probes.readiness.config.failureThreshold }} + failureThreshold: {{ .Values.authentication.probes.readiness.config.failureThreshold }} + {{- end }} + {{- end }} + {{- end}} + env: + {{- range $key, $value := .Values.authentication.configs }} + {{- if not (or (eq $key "jwtSecretKey") (eq $key "mongodbUri")) }} + - name: {{ $key | snakecase | upper }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + # inject from secret created by FreeleapsSecret object + {{- if .Values.authentication.secrets }} + {{ $targetSecretName := .Values.authentication.secrets.target.name }} + {{- range .Values.authentication.secrets.data }} + - name: {{ .key | snakecase | upper }} + valueFrom: + secretKeyRef: + name: {{ $targetSecretName }} + key: {{ .key }} + {{- end }} + {{- end }} +{{- if .Values.logIngest.enabled }} + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.logPath }} +{{- end }} +{{- if .Values.logIngest.enabled }} + volumes: + - name: app-logs + emptyDir: {} +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/freeleapssecret.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/freeleapssecret.yaml new file mode 100644 index 00000000..ec7729fa --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/freeleapssecret.yaml @@ -0,0 +1,20 @@ +apiVersion: freeleaps.com/v1alpha1 +kind: FreeleapsSecret +metadata: + name: magicleaps-authentication-alpha-secrets + namespace: {{ .Release.Namespace }} +spec: + secretStoreRef: + kind: {{ .Values.authentication.secrets.secretStoreRef.kind }} + name: {{ .Values.authentication.secrets.secretStoreRef.name }} + target: + name: {{ .Values.authentication.secrets.target.name }} + creationPolicy: {{ .Values.authentication.secrets.target.creationPolicy }} + refreshInterval: {{ .Values.authentication.secrets.refreshInterval }} + data: +{{- range .Values.authentication.secrets.data }} + - secretKey: {{ .key }} + remoteRef: + key: {{ .remoteRef.key }} + type: {{ .remoteRef.type }} +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/ingress.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/ingress.yaml new file mode 100644 index 00000000..9e9248fe --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/ingress.yaml @@ -0,0 +1,36 @@ +{{ $namespace := .Release.Namespace }} +{{ $appVersion := .Chart.AppVersion | quote }} +{{ $releaseIngress := .Release.Service }} +{{ $releaseName := .Release.Name }} +{{- range $ingress := .Values.authentication.ingresses }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $ingress.name }} + namespace: {{ $namespace }} + labels: + app.kubernetes.io/version: {{ $appVersion }} + app.kubernetes.io/name: {{ $ingress.name | quote }} + app.kubernetes.io/managed-by: {{ $releaseIngress }} + app.kubernetes.io/instance: {{ $releaseName }} +spec: +{{- if $ingress.class }} + ingressClassName: {{ $ingress.class }} +{{- end }} +{{- if $ingress.tls }} + tls: + - hosts: + - {{ $ingress.host }} +{{- if $ingress.tls.exists }} + secretName: {{ $ingress.tls.secretRef.name }} +{{- else }} + secretName: {{ $ingress.tls.name }} +{{- end }} +{{- end }} + rules: + - host: {{ $ingress.host }} + http: + paths: +{{- toYaml $ingress.rules | nindent 10 }} +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml new file mode 100644 index 00000000..dd9a5bf2 --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml @@ -0,0 +1,46 @@ +{{- if .Values.logIngest.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-otel-collector + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-otel-collector +rules: + - apiGroups: [""] + resources: + - pods + - namespaces + - nodes + verbs: + - get + - watch + - list + - apiGroups: ["apps"] + resources: + - replicasets + - deployments + - statefulsets + - daemonsets + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-otel-collector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Name }}-otel-collector +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-otel-collector + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml new file mode 100644 index 00000000..22cd25fe --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml @@ -0,0 +1,115 @@ +{{- if .Values.logIngest.enabled }} +apiVersion: opentelemetry.io/v1beta1 +kind: OpenTelemetryCollector +metadata: + name: {{ .Release.Name }}-opentelemetry-collector + namespace: {{ .Release.Namespace }} +spec: + mode: sidecar + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:latest + serviceAccount: "{{ .Release.Name }}-otel-collector" + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.logPath }} + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 + runAsGroup: 0 + env: + - name: KUBE_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBE_META_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBE_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: KUBE_META_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: KUBE_META_POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: KUBE_META_OBJECT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['app.kubernetes.io/instance'] + config: + receivers: + filelog: + include: + - {{ .Values.logIngest.logPathPattern }} + start_at: end + include_file_path: false + include_file_name: false + operators: + - type: json_parser + parse_from: body + parse_to: attributes + processors: + resource: + attributes: + - action: insert + key: k8s.node.name + value: ${KUBE_META_NODE_NAME} + - action: insert + key: k8s.pod.name + value: ${KUBE_META_POD_NAME} + - action: insert + key: k8s.pod.ip + value: ${KUBE_META_POD_IP} + - action: insert + key: k8s.pod.uid + value: ${KUBE_META_POD_UID} + - action: insert + key: k8s.namespace.name + value: ${KUBE_META_NAMESPACE} + - action: insert + key: k8s.deployment.name + value: ${KUBE_META_OBJECT_NAME} + transform: + log_statements: + - context: log + statements: + - set(resource.attributes["application"], log.attributes["context"]["app"]) + - set(resource.attributes["environment"], log.attributes["context"]["env"]) + - set(resource.attributes["kubernetes_node_name"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["kubernetes_pod_name"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["kubernetes_pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["kubernetes_deployment_name"], resource.attributes["k8s.deployment.name"]) + - set(resource.attributes["kubernetes_namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"], ParseJSON(log.body)) + - set(resource.attributes["body_json"]["kubernetes"]["pod"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_uid"], resource.attributes["k8s.pod.uid"]) + - set(resource.attributes["body_json"]["kubernetes"]["deployment"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["node"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(log.body, resource.attributes["body_json"]) + - delete_key(resource.attributes, "body_json") + batch: + send_batch_size: 5 + timeout: 10s + exporters: + otlphttp/logs: + endpoint: {{ .Values.logIngest.lokiEndpoint }}/otlp + tls: + insecure: true + service: + telemetry: + logs: + level: info + pipelines: + logs: + receivers: [filelog] + processors: [resource, transform, batch] + exporters: [otlphttp/logs] +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/service.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/service.yaml new file mode 100644 index 00000000..9a163c74 --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/service.yaml @@ -0,0 +1,26 @@ +{{ $namespace := .Release.Namespace }} +{{ $appVersion := .Chart.AppVersion | quote }} +{{ $releaseService := .Release.Service }} +{{ $releaseName := .Release.Name }} +{{- range $service := .Values.authentication.services }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $service.name }} + namespace: {{ $namespace }} + labels: + app.kubernetes.io/version: {{ $appVersion }} + app.kubernetes.io/name: {{ $service.name | quote }} + app.kubernetes.io/managed-by: {{ $releaseService }} + app.kubernetes.io/instance: {{ $releaseName }} +spec: + ports: + - port: {{ $service.port }} + targetPort: {{ $service.targetPort }} + selector: + app.kubernetes.io/version: {{ $appVersion }} + app.kubernetes.io/name: "magicleaps-authentication" + app.kubernetes.io/managed-by: {{ $releaseService }} + app.kubernetes.io/instance: {{ $releaseName }} +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/servicemonitor.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/servicemonitor.yaml new file mode 100644 index 00000000..6500a178 --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{ $namespace := .Release.Namespace }} +{{ $appVersion := .Chart.AppVersion | quote }} +{{ $releaseService := .Release.Service }} +{{ $releaseName := .Release.Name }} + +{{- range $service := .Values.authentication.services }} +{{- if $service.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ $service.name }}-monitor + namespace: {{ $service.serviceMonitor.namespace }} + labels: + app.kubernetes.io/version: {{ $appVersion }} + app.kubernetes.io/name: {{ $service.name }}-monitor + app.kubernetes.io/managed-by: {{ $releaseService }} + app.kubernetes.io/instance: {{ $releaseName }} + {{- if $service.serviceMonitor.labels }} + {{- toYaml $service.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - path: /api/_/metrics + targetPort: {{ $service.targetPort }} + {{- if $service.serviceMonitor.interval }} + interval: {{ $service.serviceMonitor.interval }} + {{- end }} + {{- if $service.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ $namespace | quote }} + selector: + matchLabels: + app.kubernetes.io/name: {{ $service.name }} + app.kubernetes.io/instance: {{ $releaseName }} +{{- end }} +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/templates/authentication/vpa.yaml b/magicleaps/helm-pkg/authentication/templates/authentication/vpa.yaml new file mode 100644 index 00000000..57e9baf7 --- /dev/null +++ b/magicleaps/helm-pkg/authentication/templates/authentication/vpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.authentication.vpa }} +--- +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ .Release.Name }}-vpa + namespace: {{ .Release.Namespace }} +spec: + targetRef: + apiVersion: apps/v1 + kind: Deployment + name: magicleaps-authentication + resourcePolicy: + containerPolicies: + - containerName: '*' + {{- if .Values.authentication.vpa.minAllowed.enabled }} + minAllowed: + cpu: {{ .Values.authentication.vpa.minAllowed.cpu }} + memory: {{ .Values.authentication.vpa.minAllowed.memory }} + {{- end }} + {{- if .Values.authentication.vpa.maxAllowed.enabled }} + maxAllowed: + cpu: {{ .Values.authentication.vpa.maxAllowed.cpu }} + memory: {{ .Values.authentication.vpa.maxAllowed.memory }} + {{- end }} + {{- if .Values.authentication.vpa.controlledResources }} + controlledResources: + {{- range .Values.authentication.vpa.controlledResources }} + - {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/magicleaps/helm-pkg/authentication/values.alpha.yaml b/magicleaps/helm-pkg/authentication/values.alpha.yaml new file mode 100644 index 00000000..c800811a --- /dev/null +++ b/magicleaps/helm-pkg/authentication/values.alpha.yaml @@ -0,0 +1,121 @@ +global: + registry: docker.io + repository: freeleaps + nodeSelector: {} +dashboard: + enabled: false + name: magicleaps-authentication-alpha-dashboard + title: MagicLeaps Authentication Service Dashboard (Alpha) + metricsPrefix: magicleaps_authentication +logIngest: + enabled: true + lokiEndpoint: http://loki-gateway.magicleaps-logging-system + logPathPattern: /app/log/authentication/*.log + logPath: /app/log/authentication +authentication: + replicas: 1 + image: + registry: docker.io + repository: null + name: magicleaps-authentication + tag: snapshot-0000000 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8004 + protocol: TCP + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + probes: + readiness: + type: httpGet + config: + path: /api/_/readyz + port: 8004 + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + liveness: + type: httpGet + config: + path: /api/_/livez + port: 8004 + initialDelaySeconds: 5 + periodSeconds: 15 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + services: + - name: magicleaps-authentication-service + type: ClusterIP + port: 8004 + targetPort: 8004 + serviceMonitor: + enabled: false + ingresses: + - name: magicleaps-authentication-ingress + host: authentication.alpha.magicleaps.mathmast.com + class: nginx + rules: + - path: / + pathType: Prefix + backend: + service: + name: magicleaps-authentication-service + port: + number: 8004 + tls: + exists: false + issuerRef: + name: mathmast-dot-com + kind: ClusterIssuer + name: magicleaps-authentication-alpha-ingress-tls + configs: + tz: America/Settle + appName: magicleaps-authentication + devsvcWebapiUrlBase: http://devsvc-service.magicleaps-alpha.svc.cluster:8007/api/devsvc/ + notificationWebapiUrlBase: http://notification-service.freeleaps-alpha.svc.freeleaps.cluster:8003/api/notification/ + jwtAlgorithm: HS256 + serviceApiAccessHost: 0.0.0.0 + serviceApiAccessPort: 8004 + mongodbName: interview + mongodbPort: 27017 + metricsEnabled: 'false' + probesEnabled: 'true' + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "magicleaps-authentication-alpha-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: jwtSecretKey + remoteRef: + key: "magicleaps-alpha-jwt-secret-key" + type: Secret + - key: mongodbUri + remoteRef: + key: "freeleaps-alpha-mongodb-uri" + type: Secret + vpa: + minAllowed: + enabled: false + cpu: 100m + memory: 64Mi + maxAllowed: + enabled: true + cpu: 100m + memory: 256Mi + controlledResources: + - cpu + - memory diff --git a/magicleaps/helm-pkg/authentication/values.prod.yaml b/magicleaps/helm-pkg/authentication/values.prod.yaml new file mode 100644 index 00000000..f831258d --- /dev/null +++ b/magicleaps/helm-pkg/authentication/values.prod.yaml @@ -0,0 +1,121 @@ +global: + registry: docker.io + repository: freeleaps + nodeSelector: {} +dashboard: + enabled: false + name: magicleaps-authentication-prod-dashboard + title: MagicLeaps Authentication Service Dashboard (Production) + metricsPrefix: magicleaps_authentication +logIngest: + enabled: true + lokiEndpoint: http://loki-gateway.magicleaps-logging-system + logPathPattern: /app/log/authentication/*.log + logPath: /app/log/authentication +authentication: + replicas: 2 + image: + registry: docker.io + repository: null + name: magicleaps-authentication + tag: snapshot-0000000 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8004 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + probes: + readiness: + type: httpGet + config: + path: /api/_/readyz + port: 8004 + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + liveness: + type: httpGet + config: + path: /api/_/livez + port: 8004 + initialDelaySeconds: 5 + periodSeconds: 15 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + services: + - name: magicleaps-authentication-service + type: ClusterIP + port: 8004 + targetPort: 8004 + serviceMonitor: + enabled: false + ingresses: + - name: magicleaps-authentication-ingress + host: authentication.magicleaps.mathmast.com + class: nginx + rules: + - path: / + pathType: Prefix + backend: + service: + name: magicleaps-authentication-service + port: + number: 8004 + tls: + exists: false + issuerRef: + name: mathmast-dot-com + kind: ClusterIssuer + name: magicleaps-authentication-ingress-tls + configs: + tz: America/Settle + appName: magicleaps-authentication + devsvcWebapiUrlBase: http://devsvc-service.magicleaps.svc.cluster:8007/api/devsvc/ + notificationWebapiUrlBase: http://notification-service.freeleaps.svc.freeleaps.cluster:8003/api/notification/ + jwtAlgorithm: HS256 + serviceApiAccessHost: 0.0.0.0 + serviceApiAccessPort: 8004 + mongodbName: interview + mongodbPort: 27017 + metricsEnabled: 'false' + probesEnabled: 'true' + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "magicleaps-authentication-prod-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: jwtSecretKey + remoteRef: + key: "magicleaps-prod-jwt-secret-key" + type: Secret + - key: mongodbUri + remoteRef: + key: "freeleaps-prod-mongodb-uri" + type: Secret + vpa: + minAllowed: + enabled: false + cpu: 200m + memory: 128Mi + maxAllowed: + enabled: true + cpu: 200m + memory: 512Mi + controlledResources: + - cpu + - memory diff --git a/magicleaps/helm-pkg/authentication/values.yaml b/magicleaps/helm-pkg/authentication/values.yaml new file mode 100644 index 00000000..a5ad10b7 --- /dev/null +++ b/magicleaps/helm-pkg/authentication/values.yaml @@ -0,0 +1,121 @@ +global: + registry: docker.io + repository: freeleaps + nodeSelector: {} +dashboard: + enabled: false + name: magicleaps-authentication-dashboard + title: MagicLeaps Authentication Service Dashboard + metricsPrefix: magicleaps_authentication +logIngest: + enabled: true + lokiEndpoint: http://loki-gateway.magicleaps-logging-system + logPathPattern: /app/log/authentication/*.log + logPath: /app/log/authentication +authentication: + replicas: 1 + image: + registry: docker.io + repository: null + name: magicleaps-authentication + tag: snapshot-0000000 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8004 + protocol: TCP + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + probes: + readiness: + type: httpGet + config: + path: /api/_/readyz + port: 8004 + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + liveness: + type: httpGet + config: + path: /api/_/livez + port: 8004 + initialDelaySeconds: 5 + periodSeconds: 15 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + services: + - name: magicleaps-authentication-service + type: ClusterIP + port: 8004 + targetPort: 8004 + serviceMonitor: + enabled: false + ingresses: + - name: magicleaps-authentication-ingress + host: authentication.magicleaps.mathmast.com + class: nginx + rules: + - path: / + pathType: Prefix + backend: + service: + name: magicleaps-authentication-service + port: + number: 8004 + tls: + exists: false + issuerRef: + name: mathmast-dot-com + kind: ClusterIssuer + name: magicleaps-authentication-ingress-tls + configs: + tz: America/Settle + appName: magicleaps-authentication + devsvcWebapiUrlBase: http://devsvc-service.magicleaps.svc.cluster:8007/api/devsvc/ + notificationWebapiUrlBase: http://notification-service.freeleaps.svc.freeleaps.cluster:8003/api/notification/ + jwtAlgorithm: HS256 + serviceApiAccessHost: 0.0.0.0 + serviceApiAccessPort: 8004 + mongodbName: interview + mongodbPort: 27017 + metricsEnabled: 'false' + probesEnabled: 'true' + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "magicleaps-authentication-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: jwtSecretKey + remoteRef: + key: "magicleaps-jwt-secret-key" + type: Secret + - key: mongodbUri + remoteRef: + key: "freeleaps-mongodb-uri" + type: Secret + vpa: + minAllowed: + enabled: false + cpu: 100m + memory: 64Mi + maxAllowed: + enabled: true + cpu: 100m + memory: 256Mi + controlledResources: + - cpu + - memory