icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

magicleaps' authentication

Browse Source
This commit is contained in:
Nicolas 2025-08-22 12:04:36 +08:00
parent 291388fa0e
commit 24b82cda7a
15 changed files with 1722 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
magicleaps/helm-pkg/authentication/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: magicleaps-authentication
description: A Helm Chart of magicleaps authentication service, powered by Freeleaps.
type: application
version: 0.0.1
appVersion: "0.0.1"

18
magicleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Secret
metadata:
name: magicleaps-authentication-config
namespace: {{ .Release.Namespace }}
type: Opaque
data:
TZ: {{ .Values.authentication.configs.tz | b64enc | quote }}
APP_NAME: {{ .Values.authentication.configs.appName | b64enc | quote }}
DEVSVC_WEBAPI_URL_BASE: {{ .Values.authentication.configs.devsvcWebapiUrlBase | b64enc | quote }}
NOTIFICATION_WEBAPI_URL_BASE: {{ .Values.authentication.configs.notificationWebapiUrlBase | b64enc | quote }}
JWT_ALGORITHM: {{ .Values.authentication.configs.jwtAlgorithm | b64enc | quote }}
SERVICE_API_ACCESS_HOST: {{ .Values.authentication.configs.serviceApiAccessHost | b64enc | quote }}
SERVICE_API_ACCESS_PORT: {{ .Values.authentication.configs.serviceApiAccessPort | toString | b64enc }}
MONGODB_NAME: {{ .Values.authentication.configs.mongodbName | b64enc | quote }}
MONGODB_PORT: {{ .Values.authentication.configs.mongodbPort | toString | b64enc }}
METRICS_ENABLED: {{ .Values.authentication.configs.metricsEnabled | default false | toString | b64enc }}
PROBES_ENABLED: {{ .Values.authentication.configs.probesEnabled | default false | toString | b64enc }}

27
magicleaps/helm-pkg/authentication/templates/authentication/certificate.yaml Normal file
View File

@ -0,0 +1,27 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseCertificate := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $ingress := .Values.authentication.ingresses }}
{{- if not $ingress.tls.exists }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ $ingress.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $ingress.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseCertificate }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
commonName: {{ $ingress.host }}
dnsNames:
- {{ $ingress.host }}
issuerRef:
name: {{ $ingress.tls.issuerRef.name }}
kind: {{ $ingress.tls.issuerRef.kind }}
secretName: {{ $ingress.tls.name }}
{{- end }}
{{- end }}

865
magicleaps/helm-pkg/authentication/templates/authentication/dashboard.yaml Normal file
View File

@ -0,0 +1,865 @@
{{- if .Values.dashboard.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.dashboard.name }}
namespace: {{ .Values.dashboard.namespace }}
labels:
grafana_dashboard: "1"
data:
{{ .Values.dashboard.name }}.json: |
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 36,
"links": [],
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 9,
"x": 0,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull",
"max",
"min"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "11.5.2",
"targets": [
{
"$$hashKey": "object:214",
"datasource": {
"type": "prometheus",
"uid": "e4584a9f-5364-4b3d-a851-7abbc5250820"
},
"editorMode": "code",
"expr": "increase({{ .Values.dashboard.metricsPrefix }}_http_requests_total[1m])",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{ `{{ method }} {{ handler }}` }}",
"range": true,
"refId": "A"
}
],
"title": "Total requests per minute",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "bars",
"fillOpacity": 100,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "4xx"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "HTTP 500"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#bf1b00",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 7,
"w": 10,
"x": 9,
"y": 0
},
"id": 13,
"options": {
"legend": {
"calcs": [
"mean",
"max"
],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "11.5.2",
"targets": [
{
"$$hashKey": "object:140",
"datasource": {
"type": "prometheus",
"uid": "e4584a9f-5364-4b3d-a851-7abbc5250820"
},
"editorMode": "code",
"expr": "sum by (status) (rate({{ .Values.dashboard.metricsPrefix }}_http_requests_total[1m]))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{ `{{ status }}` }}",
"range": true,
"refId": "A"
}
],
"title": "Request per minute",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "errors"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#c15c17",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 7,
"w": 5,
"x": 19,
"y": 0
},
"id": 4,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull",
"max"
],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "11.5.2",
"targets": [
{
"$$hashKey": "object:766",
"datasource": {
"type": "prometheus",
"uid": "e4584a9f-5364-4b3d-a851-7abbc5250820"
},
"editorMode": "code",
"expr": "sum(rate({{ .Values.dashboard.metricsPrefix }}_http_requests_total{status=\"5xx\"}[1m]))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "errors",
"range": true,
"refId": "A"
}
],
"title": "Errors per second",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "smooth",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 9,
"x": 0,
"y": 7
},
"id": 6,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull",
"max",
"min"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "11.5.2",
"targets": [
{
"$$hashKey": "object:146",
"datasource": {
"type": "prometheus",
"uid": "e4584a9f-5364-4b3d-a851-7abbc5250820"
},
"editorMode": "code",
"expr": "{{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_sum{handler!=\"none\"} / {{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_count",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{ `{{ handler }}` }}",
"range": true,
"refId": "A"
}
],
"title": "Average response time",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 1,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percentunit"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "none"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 10,
"x": 9,
"y": 7
},
"id": 11,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "11.5.2",
"targets": [
{
"$$hashKey": "object:1079",
"datasource": {
"type": "prometheus",
"uid": "e4584a9f-5364-4b3d-a851-7abbc5250820"
},
"editorMode": "code",
"expr": "increase({{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_bucket{le=\"0.1\"}[1m]) \n/ ignoring (le) increase({{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_count[1m])",
"format": "time_series",
"instant": false,
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{ `{{ handler }}` }}",
"refId": "A"
}
],
"title": "Requests under 100ms",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "line+area"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "transparent",
"value": null
},
{
"color": "red",
"value": 0
}
]
},
"unit": "s"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 9,
"x": 0,
"y": 15
},
"id": 16,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull",
"max",
"min"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "11.5.2",
"targets": [
{
"$$hashKey": "object:426",
"datasource": {
"type": "prometheus",
"uid": "e4584a9f-5364-4b3d-a851-7abbc5250820"
},
"editorMode": "code",
"expr": "histogram_quantile(0.9, rate({{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_bucket{handler!=\"none\"}[1m]))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{ `{{ handler }}` }}",
"range": true,
"refId": "A"
}
],
"title": "Request duration [s] - p90",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 25,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 10,
"x": 9,
"y": 15
},
"id": 15,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull",
"max",
"min"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "11.5.2",
"targets": [
{
"$$hashKey": "object:426",
"datasource": {
"type": "prometheus",
"uid": "e4584a9f-5364-4b3d-a851-7abbc5250820"
},
"editorMode": "code",
"expr": "histogram_quantile(0.5, rate({{ .Values.dashboard.metricsPrefix }}_http_request_duration_seconds_bucket{handler!=\"none\"}[1m]))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{ `{{ handler }}` }}",
"range": true,
"refId": "A"
}
],
"title": "Request duration [s] - p50",
"type": "timeseries"
}
],
"preload": false,
"refresh": "5s",
"schemaVersion": 40,
"tags": ["magicleaps", "authentication"],
"templating": {
"list": []
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {
"refresh_intervals": []
},
"timezone": "",
"title": "{{ .Values.dashboard.title }}",
"uid": "",
"version": 11,
"weekStart": ""
}
{{- end }}

128
magicleaps/helm-pkg/authentication/templates/authentication/deployment.yaml Normal file
View File

@ -0,0 +1,128 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/name: "magicleaps-authentication"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.logIngest.enabled }}
annotations:
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/opentelemetry.yaml") . | sha256sum }}
{{- end }}
name: "magicleaps-authentication"
namespace: {{ .Release.Namespace | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: "magicleaps-authentication"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
replicas: {{ .Values.authentication.replicas }}
template:
metadata:
labels:
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/name: "magicleaps-authentication"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/authentication-config.yaml") . | sha256sum }}
{{- if .Values.logIngest.enabled }}
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/opentelemetry.yaml") . | sha256sum }}
sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector"
{{- end }}
spec:
{{- if .Values.logIngest.enabled }}
serviceAccountName: "{{ .Release.Name }}-otel-collector"
{{- end }}
containers:
- name: "magicleaps-authentication"
image: "{{ coalesce .Values.authentication.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.authentication.image.repository .Values.global.repository }}/{{ .Values.authentication.image.name }}:{{ .Values.authentication.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.authentication.image.imagePullPolicy | default "IfNotPresent" }}
ports:
{{- range $port := .Values.authentication.ports }}
- containerPort: {{ $port.containerPort }}
name: {{ $port.name }}
protocol: {{ $port.protocol }}
{{- end }}
{{- if .Values.authentication.resources }}
resources:
{{- toYaml .Values.authentication.resources | nindent 12 }}
{{- end }}
{{- if .Values.authentication.probes }}
{{- if and (.Values.authentication.probes.liveness) (eq .Values.authentication.probes.liveness.type "httpGet") }}
livenessProbe:
httpGet:
path: {{ .Values.authentication.probes.liveness.config.path }}
port: {{ .Values.authentication.probes.liveness.config.port }}
{{- if .Values.authentication.probes.liveness.config.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.authentication.probes.liveness.config.initialDelaySeconds }}
{{- end }}
{{- if .Values.authentication.probes.liveness.config.periodSeconds }}
periodSeconds: {{ .Values.authentication.probes.liveness.config.periodSeconds }}
{{- end }}
{{- if .Values.authentication.probes.liveness.config.timeoutSeconds }}
timeoutSeconds: {{ .Values.authentication.probes.liveness.config.timeoutSeconds }}
{{- end }}
{{- if .Values.authentication.probes.liveness.config.successThreshold }}
successThreshold: {{ .Values.authentication.probes.liveness.config.successThreshold }}
{{- end }}
{{- if .Values.authentication.probes.liveness.config.failureThreshold }}
failureThreshold: {{ .Values.authentication.probes.liveness.config.failureThreshold }}
{{- end }}
{{- if .Values.authentication.probes.liveness.config.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.authentication.probes.liveness.config.terminationGracePeriodSeconds }}
{{- end }}
{{- end }}
{{- if and (.Values.authentication.probes.readiness) (eq .Values.authentication.probes.readiness.type "httpGet") }}
readinessProbe:
httpGet:
path: {{ .Values.authentication.probes.readiness.config.path }}
port: {{ .Values.authentication.probes.readiness.config.port }}
{{- if .Values.authentication.probes.readiness.config.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.authentication.probes.readiness.config.initialDelaySeconds }}
{{- end }}
{{- if .Values.authentication.probes.readiness.config.periodSeconds }}
periodSeconds: {{ .Values.authentication.probes.readiness.config.periodSeconds }}
{{- end }}
{{- if .Values.authentication.probes.readiness.config.timeoutSeconds }}
timeoutSeconds: {{ .Values.authentication.probes.readiness.config.timeoutSeconds }}
{{- end }}
{{- if .Values.authentication.probes.readiness.config.successThreshold }}
successThreshold: {{ .Values.authentication.probes.readiness.config.successThreshold }}
{{- end }}
{{- if .Values.authentication.probes.readiness.config.failureThreshold }}
failureThreshold: {{ .Values.authentication.probes.readiness.config.failureThreshold }}
{{- end }}
{{- end }}
{{- end}}
env:
{{- range $key, $value := .Values.authentication.configs }}
{{- if not (or (eq $key "jwtSecretKey") (eq $key "mongodbUri")) }}
- name: {{ $key | snakecase | upper }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
# inject from secret created by FreeleapsSecret object
{{- if .Values.authentication.secrets }}
{{ $targetSecretName := .Values.authentication.secrets.target.name }}
{{- range .Values.authentication.secrets.data }}
- name: {{ .key | snakecase | upper }}
valueFrom:
secretKeyRef:
name: {{ $targetSecretName }}
key: {{ .key }}
{{- end }}
{{- end }}
{{- if .Values.logIngest.enabled }}
volumeMounts:
- name: app-logs
mountPath: {{ .Values.logIngest.logPath }}
{{- end }}
{{- if .Values.logIngest.enabled }}
volumes:
- name: app-logs
emptyDir: {}
{{- end }}

20
magicleaps/helm-pkg/authentication/templates/authentication/freeleapssecret.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: freeleaps.com/v1alpha1
kind: FreeleapsSecret
metadata:
name: magicleaps-authentication-alpha-secrets
namespace: {{ .Release.Namespace }}
spec:
secretStoreRef:
kind: {{ .Values.authentication.secrets.secretStoreRef.kind }}
name: {{ .Values.authentication.secrets.secretStoreRef.name }}
target:
name: {{ .Values.authentication.secrets.target.name }}
creationPolicy: {{ .Values.authentication.secrets.target.creationPolicy }}
refreshInterval: {{ .Values.authentication.secrets.refreshInterval }}
data:
{{- range .Values.authentication.secrets.data }}
- secretKey: {{ .key }}
remoteRef:
key: {{ .remoteRef.key }}
type: {{ .remoteRef.type }}
{{- end }}

36
magicleaps/helm-pkg/authentication/templates/authentication/ingress.yaml Normal file
View File

@ -0,0 +1,36 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseIngress := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $ingress := .Values.authentication.ingresses }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $ingress.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $ingress.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseIngress }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
{{- if $ingress.class }}
ingressClassName: {{ $ingress.class }}
{{- end }}
{{- if $ingress.tls }}
tls:
- hosts:
- {{ $ingress.host }}
{{- if $ingress.tls.exists }}
secretName: {{ $ingress.tls.secretRef.name }}
{{- else }}
secretName: {{ $ingress.tls.name }}
{{- end }}
{{- end }}
rules:
- host: {{ $ingress.host }}
http:
paths:
{{- toYaml $ingress.rules | nindent 10 }}
{{- end }}

46
magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- if .Values.logIngest.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-otel-collector
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}-otel-collector
rules:
- apiGroups: [""]
resources:
- pods
- namespaces
- nodes
verbs:
- get
- watch
- list
- apiGroups: ["apps"]
resources:
- replicasets
- deployments
- statefulsets
- daemonsets
verbs:
- get
- watch
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-otel-collector
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-otel-collector
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-otel-collector
namespace: {{ .Release.Namespace }}
{{- end }}

115
magicleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml Normal file
View File

@ -0,0 +1,115 @@
{{- if .Values.logIngest.enabled }}
apiVersion: opentelemetry.io/v1beta1
kind: OpenTelemetryCollector
metadata:
name: {{ .Release.Name }}-opentelemetry-collector
namespace: {{ .Release.Namespace }}
spec:
mode: sidecar
image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:latest
serviceAccount: "{{ .Release.Name }}-otel-collector"
volumeMounts:
- name: app-logs
mountPath: {{ .Values.logIngest.logPath }}
securityContext:
allowPrivilegeEscalation: true
privileged: true
runAsUser: 0
runAsGroup: 0
env:
- name: KUBE_META_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: KUBE_META_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBE_META_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: KUBE_META_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: KUBE_META_POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: KUBE_META_OBJECT_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['app.kubernetes.io/instance']
config:
receivers:
filelog:
include:
- {{ .Values.logIngest.logPathPattern }}
start_at: end
include_file_path: false
include_file_name: false
operators:
- type: json_parser
parse_from: body
parse_to: attributes
processors:
resource:
attributes:
- action: insert
key: k8s.node.name
value: ${KUBE_META_NODE_NAME}
- action: insert
key: k8s.pod.name
value: ${KUBE_META_POD_NAME}
- action: insert
key: k8s.pod.ip
value: ${KUBE_META_POD_IP}
- action: insert
key: k8s.pod.uid
value: ${KUBE_META_POD_UID}
- action: insert
key: k8s.namespace.name
value: ${KUBE_META_NAMESPACE}
- action: insert
key: k8s.deployment.name
value: ${KUBE_META_OBJECT_NAME}
transform:
log_statements:
- context: log
statements:
- set(resource.attributes["application"], log.attributes["context"]["app"])
- set(resource.attributes["environment"], log.attributes["context"]["env"])
- set(resource.attributes["kubernetes_node_name"], resource.attributes["k8s.node.name"])
- set(resource.attributes["kubernetes_pod_name"], resource.attributes["k8s.pod.name"])
- set(resource.attributes["kubernetes_pod_ip"], resource.attributes["k8s.pod.ip"])
- set(resource.attributes["kubernetes_deployment_name"], resource.attributes["k8s.deployment.name"])
- set(resource.attributes["kubernetes_namespace"], resource.attributes["k8s.namespace.name"])
- set(resource.attributes["body_json"], ParseJSON(log.body))
- set(resource.attributes["body_json"]["kubernetes"]["pod"], resource.attributes["k8s.pod.name"])
- set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"])
- set(resource.attributes["body_json"]["kubernetes"]["pod_ip"], resource.attributes["k8s.pod.ip"])
- set(resource.attributes["body_json"]["kubernetes"]["pod_uid"], resource.attributes["k8s.pod.uid"])
- set(resource.attributes["body_json"]["kubernetes"]["deployment"], resource.attributes["k8s.pod.name"])
- set(resource.attributes["body_json"]["kubernetes"]["node"], resource.attributes["k8s.node.name"])
- set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"])
- set(log.body, resource.attributes["body_json"])
- delete_key(resource.attributes, "body_json")
batch:
send_batch_size: 5
timeout: 10s
exporters:
otlphttp/logs:
endpoint: {{ .Values.logIngest.lokiEndpoint }}/otlp
tls:
insecure: true
service:
telemetry:
logs:
level: info
pipelines:
logs:
receivers: [filelog]
processors: [resource, transform, batch]
exporters: [otlphttp/logs]
{{- end }}

26
magicleaps/helm-pkg/authentication/templates/authentication/service.yaml Normal file
View File

@ -0,0 +1,26 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseService := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $service := .Values.authentication.services }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $service.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $service.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
ports:
- port: {{ $service.port }}
targetPort: {{ $service.targetPort }}
selector:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: "magicleaps-authentication"
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- end }}

40
magicleaps/helm-pkg/authentication/templates/authentication/servicemonitor.yaml Normal file
View File

@ -0,0 +1,40 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseService := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $service := .Values.authentication.services }}
{{- if $service.serviceMonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ $service.name }}-monitor
namespace: {{ $service.serviceMonitor.namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $service.name }}-monitor
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- if $service.serviceMonitor.labels }}
{{- toYaml $service.serviceMonitor.labels | nindent 4 }}
{{- end }}
spec:
endpoints:
- path: /api/_/metrics
targetPort: {{ $service.targetPort }}
{{- if $service.serviceMonitor.interval }}
interval: {{ $service.serviceMonitor.interval }}
{{- end }}
{{- if $service.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }}
{{- end }}
namespaceSelector:
matchNames:
- {{ $namespace | quote }}
selector:
matchLabels:
app.kubernetes.io/name: {{ $service.name }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- end }}
{{- end }}

32
magicleaps/helm-pkg/authentication/templates/authentication/vpa.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- if .Values.authentication.vpa }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ .Release.Name }}-vpa
namespace: {{ .Release.Namespace }}
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: magicleaps-authentication
resourcePolicy:
containerPolicies:
- containerName: '*'
{{- if .Values.authentication.vpa.minAllowed.enabled }}
minAllowed:
cpu: {{ .Values.authentication.vpa.minAllowed.cpu }}
memory: {{ .Values.authentication.vpa.minAllowed.memory }}
{{- end }}
{{- if .Values.authentication.vpa.maxAllowed.enabled }}
maxAllowed:
cpu: {{ .Values.authentication.vpa.maxAllowed.cpu }}
memory: {{ .Values.authentication.vpa.maxAllowed.memory }}
{{- end }}
{{- if .Values.authentication.vpa.controlledResources }}
controlledResources:
{{- range .Values.authentication.vpa.controlledResources }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}

121
magicleaps/helm-pkg/authentication/values.alpha.yaml Normal file
View File

@ -0,0 +1,121 @@
global:
registry: docker.io
repository: freeleaps
nodeSelector: {}
dashboard:
enabled: false
name: magicleaps-authentication-alpha-dashboard
title: MagicLeaps Authentication Service Dashboard (Alpha)
metricsPrefix: magicleaps_authentication
logIngest:
enabled: true
lokiEndpoint: http://loki-gateway.magicleaps-logging-system
logPathPattern: /app/log/authentication/*.log
logPath: /app/log/authentication
authentication:
replicas: 1
image:
registry: docker.io
repository: null
name: magicleaps-authentication
tag: snapshot-0000000
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8004
protocol: TCP
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
probes:
readiness:
type: httpGet
config:
path: /api/_/readyz
port: 8004
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
liveness:
type: httpGet
config:
path: /api/_/livez
port: 8004
initialDelaySeconds: 5
periodSeconds: 15
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
terminationGracePeriodSeconds: 30
services:
- name: magicleaps-authentication-service
type: ClusterIP
port: 8004
targetPort: 8004
serviceMonitor:
enabled: false
ingresses:
- name: magicleaps-authentication-ingress
host: authentication.alpha.magicleaps.mathmast.com
class: nginx
rules:
- path: /
pathType: Prefix
backend:
service:
name: magicleaps-authentication-service
port:
number: 8004
tls:
exists: false
issuerRef:
name: mathmast-dot-com
kind: ClusterIssuer
name: magicleaps-authentication-alpha-ingress-tls
configs:
tz: America/Settle
appName: magicleaps-authentication
devsvcWebapiUrlBase: http://devsvc-service.magicleaps-alpha.svc.cluster:8007/api/devsvc/
notificationWebapiUrlBase: http://notification-service.freeleaps-alpha.svc.freeleaps.cluster:8003/api/notification/
jwtAlgorithm: HS256
serviceApiAccessHost: 0.0.0.0
serviceApiAccessPort: 8004
mongodbName: interview
mongodbPort: 27017
metricsEnabled: 'false'
probesEnabled: 'true'
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "magicleaps-authentication-alpha-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: jwtSecretKey
remoteRef:
key: "magicleaps-alpha-jwt-secret-key"
type: Secret
- key: mongodbUri
remoteRef:
key: "freeleaps-alpha-mongodb-uri"
type: Secret
vpa:
minAllowed:
enabled: false
cpu: 100m
memory: 64Mi
maxAllowed:
enabled: true
cpu: 100m
memory: 256Mi
controlledResources:
- cpu
- memory

121
magicleaps/helm-pkg/authentication/values.prod.yaml Normal file
View File

@ -0,0 +1,121 @@
global:
registry: docker.io
repository: freeleaps
nodeSelector: {}
dashboard:
enabled: false
name: magicleaps-authentication-prod-dashboard
title: MagicLeaps Authentication Service Dashboard (Production)
metricsPrefix: magicleaps_authentication
logIngest:
enabled: true
lokiEndpoint: http://loki-gateway.magicleaps-logging-system
logPathPattern: /app/log/authentication/*.log
logPath: /app/log/authentication
authentication:
replicas: 2
image:
registry: docker.io
repository: null
name: magicleaps-authentication
tag: snapshot-0000000
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8004
protocol: TCP
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
probes:
readiness:
type: httpGet
config:
path: /api/_/readyz
port: 8004
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
liveness:
type: httpGet
config:
path: /api/_/livez
port: 8004
initialDelaySeconds: 5
periodSeconds: 15
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
terminationGracePeriodSeconds: 30
services:
- name: magicleaps-authentication-service
type: ClusterIP
port: 8004
targetPort: 8004
serviceMonitor:
enabled: false
ingresses:
- name: magicleaps-authentication-ingress
host: authentication.magicleaps.mathmast.com
class: nginx
rules:
- path: /
pathType: Prefix
backend:
service:
name: magicleaps-authentication-service
port:
number: 8004
tls:
exists: false
issuerRef:
name: mathmast-dot-com
kind: ClusterIssuer
name: magicleaps-authentication-ingress-tls
configs:
tz: America/Settle
appName: magicleaps-authentication
devsvcWebapiUrlBase: http://devsvc-service.magicleaps.svc.cluster:8007/api/devsvc/
notificationWebapiUrlBase: http://notification-service.freeleaps.svc.freeleaps.cluster:8003/api/notification/
jwtAlgorithm: HS256
serviceApiAccessHost: 0.0.0.0
serviceApiAccessPort: 8004
mongodbName: interview
mongodbPort: 27017
metricsEnabled: 'false'
probesEnabled: 'true'
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "magicleaps-authentication-prod-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: jwtSecretKey
remoteRef:
key: "magicleaps-prod-jwt-secret-key"
type: Secret
- key: mongodbUri
remoteRef:
key: "freeleaps-prod-mongodb-uri"
type: Secret
vpa:
minAllowed:
enabled: false
cpu: 200m
memory: 128Mi
maxAllowed:
enabled: true
cpu: 200m
memory: 512Mi
controlledResources:
- cpu
- memory

121
magicleaps/helm-pkg/authentication/values.yaml Normal file
View File

@ -0,0 +1,121 @@
global:
registry: docker.io
repository: freeleaps
nodeSelector: {}
dashboard:
enabled: false
name: magicleaps-authentication-dashboard
title: MagicLeaps Authentication Service Dashboard
metricsPrefix: magicleaps_authentication
logIngest:
enabled: true
lokiEndpoint: http://loki-gateway.magicleaps-logging-system
logPathPattern: /app/log/authentication/*.log
logPath: /app/log/authentication
authentication:
replicas: 1
image:
registry: docker.io
repository: null
name: magicleaps-authentication
tag: snapshot-0000000
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8004
protocol: TCP
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
probes:
readiness:
type: httpGet
config:
path: /api/_/readyz
port: 8004
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
liveness:
type: httpGet
config:
path: /api/_/livez
port: 8004
initialDelaySeconds: 5
periodSeconds: 15
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
terminationGracePeriodSeconds: 30
services:
- name: magicleaps-authentication-service
type: ClusterIP
port: 8004
targetPort: 8004
serviceMonitor:
enabled: false
ingresses:
- name: magicleaps-authentication-ingress
host: authentication.magicleaps.mathmast.com
class: nginx
rules:
- path: /
pathType: Prefix
backend:
service:
name: magicleaps-authentication-service
port:
number: 8004
tls:
exists: false
issuerRef:
name: mathmast-dot-com
kind: ClusterIssuer
name: magicleaps-authentication-ingress-tls
configs:
tz: America/Settle
appName: magicleaps-authentication
devsvcWebapiUrlBase: http://devsvc-service.magicleaps.svc.cluster:8007/api/devsvc/
notificationWebapiUrlBase: http://notification-service.freeleaps.svc.freeleaps.cluster:8003/api/notification/
jwtAlgorithm: HS256
serviceApiAccessHost: 0.0.0.0
serviceApiAccessPort: 8004
mongodbName: interview
mongodbPort: 27017
metricsEnabled: 'false'
probesEnabled: 'true'
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "magicleaps-authentication-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: jwtSecretKey
remoteRef:
key: "magicleaps-jwt-secret-key"
type: Secret
- key: mongodbUri
remoteRef:
key: "freeleaps-mongodb-uri"
type: Secret
vpa:
minAllowed:
enabled: false
cpu: 100m
memory: 64Mi
maxAllowed:
enabled: true
cpu: 100m
memory: 256Mi
controlledResources:
- cpu
- memory