From 586c7d7d4c6c962a14cf8100373547279b28d7dd Mon Sep 17 00:00:00 2001 From: Antonio Cascais Date: Tue, 14 Apr 2026 15:08:38 +0200 Subject: [PATCH] feat: add prod apps for waves 10-11 (bff, bff-cli, portal) secret/bff-cli provisioned too --- clusters/prod/apps/bff-cli/Chart.yaml | 7 ++ clusters/prod/apps/bff-cli/application.yaml | 28 ++++++ .../bff-cli/templates/external-secret.yaml | 43 ++++++++ clusters/prod/apps/bff-cli/values.yaml | 86 ++++++++++++++++ clusters/prod/apps/bff/Chart.yaml | 7 ++ clusters/prod/apps/bff/application.yaml | 28 ++++++ .../apps/bff/templates/external-secret.yaml | 25 +++++ clusters/prod/apps/bff/values.yaml | 99 +++++++++++++++++++ clusters/prod/apps/portal/Chart.yaml | 7 ++ clusters/prod/apps/portal/application.yaml | 28 ++++++ clusters/prod/apps/portal/values.yaml | 45 +++++++++ 11 files changed, 403 insertions(+) create mode 100644 clusters/prod/apps/bff-cli/Chart.yaml create mode 100644 clusters/prod/apps/bff-cli/application.yaml create mode 100644 clusters/prod/apps/bff-cli/templates/external-secret.yaml create mode 100644 clusters/prod/apps/bff-cli/values.yaml create mode 100644 clusters/prod/apps/bff/Chart.yaml create mode 100644 clusters/prod/apps/bff/application.yaml create mode 100644 clusters/prod/apps/bff/templates/external-secret.yaml create mode 100644 clusters/prod/apps/bff/values.yaml create mode 100644 clusters/prod/apps/portal/Chart.yaml create mode 100644 clusters/prod/apps/portal/application.yaml create mode 100644 clusters/prod/apps/portal/values.yaml diff --git a/clusters/prod/apps/bff-cli/Chart.yaml b/clusters/prod/apps/bff-cli/Chart.yaml new file mode 100644 index 0000000..264cadc --- /dev/null +++ b/clusters/prod/apps/bff-cli/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: bff-cli +version: 0.1.0 +dependencies: + - name: bff-cli-service + version: "0.1.0" + repository: https://pilotdataplatform.github.io/helm-charts/ diff --git a/clusters/prod/apps/bff-cli/application.yaml b/clusters/prod/apps/bff-cli/application.yaml new file mode 100644 index 0000000..70a4f02 --- /dev/null +++ b/clusters/prod/apps/bff-cli/application.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: bff-cli + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "10" +spec: + project: default + source: + repoURL: https://github.com/PilotDataPlatform/pilot-hdc-platform-gitops.git + targetRevision: main + path: clusters/prod/apps/bff-cli + helm: + valueFiles: + - ../../registry.yaml + - ../../versions.yaml + - values.yaml + destination: + server: https://kubernetes.default.svc + namespace: utility + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/clusters/prod/apps/bff-cli/templates/external-secret.yaml b/clusters/prod/apps/bff-cli/templates/external-secret.yaml new file mode 100644 index 0000000..2660ee9 --- /dev/null +++ b/clusters/prod/apps/bff-cli/templates/external-secret.yaml @@ -0,0 +1,43 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: bff-cli-credentials + namespace: utility +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + name: bff-cli-credentials + data: + - secretKey: redis-password + remoteRef: + key: secret/data/redis + property: password + - secretKey: cli-secret + remoteRef: + key: secret/data/bff-cli + property: cli-secret + - secretKey: atlas-password + remoteRef: + key: secret/data/bff-cli + property: atlas-password +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: guacamole-vm-key-pair + namespace: utility +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + name: guacamole-vm-key-pair + data: + - secretKey: jwt-key.pub + remoteRef: + key: secret/data/bff-cli + property: guacamole-jwt-public-key diff --git a/clusters/prod/apps/bff-cli/values.yaml b/clusters/prod/apps/bff-cli/values.yaml new file mode 100644 index 0000000..c766b8d --- /dev/null +++ b/clusters/prod/apps/bff-cli/values.yaml @@ -0,0 +1,86 @@ +bff-cli-service: + image: + repository: n47w5524.c1.de1.container-registry.ovh.net/hdc-services-image/bff-cli + pullPolicy: IfNotPresent + # tag comes from versions.yaml: bff-cli-service.image.tag = "bff-cli-2.2.15" + + fullnameOverride: bff-cli + replicaCount: 1 + imagePullSecrets: + - name: docker-registry-secret + container: + port: 5080 + service: + type: ClusterIP + port: 5080 + targetPort: 5080 + appConfig: + port: 5080 + env: prod + config_center_enabled: "false" + config_center_base_url: "http://common.utility:5062/" + srv_namespace: service_bff-cli + extraEnv: + log_level: info + namespace: utility + OPEN_TELEMETRY_ENABLED: "false" + UPLOAD_SERVICE_CORE: "http://upload.core:5079" + UPLOAD_SERVICE_GREENROOM: "http://upload.greenroom:5079" + DOWNLOAD_SERVICE_CORE: "http://download.core:5077" + DOWNLOAD_SERVICE_GREENROOM: "http://download.greenroom:5077" + DATASET_SERVICE: "http://dataset.utility:5081" + AUTH_SERVICE: "http://auth.utility:5061" + METADATA_SERVICE: "http://metadata.utility:5066" + PROJECT_SERVICE: "http://project.utility:5064" + REDIS_HOST: "redis-master.redis" + REDIS_PORT: "6379" + REDIS_DB: "0" + CORE_ZONE_LABEL: "Core" + GREEN_ZONE_LABEL: "Greenroom" + AUDIT_TRAIL_SERVICE: "" + HPC_SERVICE: "" + KG_SERVICE: "" + ATLAS_API: "" + ATLAS_ADMIN: "admin" + ATLAS_ENTITY_TYPE: "" + CLI_PUBLIC_KEY_PATH: "/var/run/secrets/guacamole/jwt-key.pub" + JUPYTER_IP_LOWER: "10.0.0.0" + JUPYTER_IP_UPPER: "10.255.255.255" + extraEnvYaml: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: bff-cli-credentials + key: redis-password + - name: CLI_SECRET + valueFrom: + secretKeyRef: + name: bff-cli-credentials + key: cli-secret + - name: ATLAS_PASSWD + valueFrom: + secretKeyRef: + name: bff-cli-credentials + key: atlas-password + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 500m + memory: 500Mi + readinessProbe: + tcpSocket: + port: 5080 + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + extraVolumeMounts: + - name: guacamole-vm-key-pair + mountPath: /var/run/secrets/guacamole/ + readOnly: true + extraVolumes: + - name: guacamole-vm-key-pair + secret: + secretName: guacamole-vm-key-pair diff --git a/clusters/prod/apps/bff/Chart.yaml b/clusters/prod/apps/bff/Chart.yaml new file mode 100644 index 0000000..1d4dcce --- /dev/null +++ b/clusters/prod/apps/bff/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: bff +version: 0.1.0 +dependencies: + - name: base-chart-hdc + version: "1.0.1" + repository: https://pilotdataplatform.github.io/helm-charts/ diff --git a/clusters/prod/apps/bff/application.yaml b/clusters/prod/apps/bff/application.yaml new file mode 100644 index 0000000..9257271 --- /dev/null +++ b/clusters/prod/apps/bff/application.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: bff + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "10" +spec: + project: default + source: + repoURL: https://github.com/PilotDataPlatform/pilot-hdc-platform-gitops.git + targetRevision: main + path: clusters/prod/apps/bff + helm: + valueFiles: + - ../../registry.yaml + - ../../versions.yaml + - values.yaml + destination: + server: https://kubernetes.default.svc + namespace: utility + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/clusters/prod/apps/bff/templates/external-secret.yaml b/clusters/prod/apps/bff/templates/external-secret.yaml new file mode 100644 index 0000000..f076419 --- /dev/null +++ b/clusters/prod/apps/bff/templates/external-secret.yaml @@ -0,0 +1,25 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: bff-credentials + namespace: utility +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + name: bff-credentials + data: + - secretKey: redis-password + remoteRef: + key: secret/data/redis + property: password + - secretKey: minio-access-key + remoteRef: + key: secret/data/minio + property: access_key + - secretKey: minio-secret-key + remoteRef: + key: secret/data/minio + property: secret_key diff --git a/clusters/prod/apps/bff/values.yaml b/clusters/prod/apps/bff/values.yaml new file mode 100644 index 0000000..b86d30b --- /dev/null +++ b/clusters/prod/apps/bff/values.yaml @@ -0,0 +1,99 @@ +base-chart-hdc: + image: + repository: n47w5524.c1.de1.container-registry.ovh.net/hdc-services-image/bff-web + tag: "2.2.87" + tagPrefix: "bff" + pullPolicy: IfNotPresent + fullnameOverride: bff + labels: + app: bff + instance: bff-service + replicaCount: 1 + container: + name: bff + ports: + - name: http + containerPort: 5060 + protocol: TCP + - name: portal-bff + containerPort: 3000 + protocol: TCP + service: + type: ClusterIP + ports: + - port: 5060 + targetPort: 5060 + protocol: TCP + name: http + - port: 3000 + targetPort: 3000 + protocol: TCP + name: portal-bff + imagePullSecrets: + - name: docker-registry-secret + appConfig: + env: prod + config_center_enabled: false + extraEnv: + SITE_DOMAIN: "https://portal.hdc.ebrains.eu" + CORE_ZONE_LABEL: "Core" + GREENROOM_ZONE_LABEL: "Greenroom" + PROJECT_NAME: "HDC" + KEYCLOAK_REALM: "hdc" + KONG_PATH: "/pilot/" + RESOURCE_REQUEST_ADMIN: "testadmin" + EMAIL_SUPPORT: "support@hdc.ebrains.eu" + EMAIL_ADMIN: "admin@hdc.ebrains.eu" + EMAIL_HELPDESK: "helpdesk@hdc.ebrains.eu" + INVITATION_URL_LOGIN: "https://portal.hdc.ebrains.eu/login/" + EMAIL_SUPPORT_REPLY_TO: "no-reply@ebrains.eu" + REDIS_HOST: "redis-master.redis" + REDIS_PORT: "6379" + AUTH_SERVICE: "http://auth.utility:5061" + METADATA_SERVICE: "http://metadata.utility:5066" + PROJECT_SERVICE: "http://project.utility:5064" + DATAOPS_SERVICE: "http://dataops.utility:5063" + UPLOAD_SERVICE: "http://upload.greenroom:5079" + DOWNLOAD_SERVICE_CORE: "http://download.core:5077" + DOWNLOAD_SERVICE_GR: "http://download.greenroom:5077" + NOTIFY_SERVICE: "http://notification.utility:5065" + DATASET_SERVICE: "http://dataset.utility:5081" + KG_SERVICE: "http://kg-integration.utility:8000" + APPROVAL_SERVICE: "http://approval.utility:8000" + SEARCH_SERVICE: "http://search.utility:5064" + WORKSPACE_SERVICE: "http://workspace.utility:5068" + PROVENANCE_SERVICE: "http://localhost:5077" + MINIO_HOST: "minio.minio:9000" + MINIO_BUCKET_ENCRYPTION: "true" + S3_GATEWAY: "false" + OPEN_TELEMETRY_ENABLED: "false" + ENABLE_PROMETHEUS_METRICS: "false" + extraEnvYaml: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: bff-credentials + key: redis-password + - name: MINIO_USERNAME + valueFrom: + secretKeyRef: + name: bff-credentials + key: minio-access-key + - name: MINIO_PASSWORD + valueFrom: + secretKeyRef: + name: bff-credentials + key: minio-secret-key + resources: + requests: + cpu: 10m + memory: 200Mi + limits: + cpu: 500m + memory: 500Mi + readinessProbe: + tcpSocket: + port: 5060 + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 3 diff --git a/clusters/prod/apps/portal/Chart.yaml b/clusters/prod/apps/portal/Chart.yaml new file mode 100644 index 0000000..992abf3 --- /dev/null +++ b/clusters/prod/apps/portal/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: portal +version: 0.1.0 +dependencies: + - name: portal + version: "2.1.2" + repository: https://pilotdataplatform.github.io/helm-charts/ diff --git a/clusters/prod/apps/portal/application.yaml b/clusters/prod/apps/portal/application.yaml new file mode 100644 index 0000000..6208973 --- /dev/null +++ b/clusters/prod/apps/portal/application.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: portal + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "11" +spec: + project: default + source: + repoURL: https://github.com/PilotDataPlatform/pilot-hdc-platform-gitops.git + targetRevision: main + path: clusters/prod/apps/portal + helm: + valueFiles: + - ../../registry.yaml + - ../../versions.yaml + - values.yaml + destination: + server: https://kubernetes.default.svc + namespace: utility + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/clusters/prod/apps/portal/values.yaml b/clusters/prod/apps/portal/values.yaml new file mode 100644 index 0000000..44facaa --- /dev/null +++ b/clusters/prod/apps/portal/values.yaml @@ -0,0 +1,45 @@ +portal: + image: + repository: n47w5524.c1.de1.container-registry.ovh.net/hdc-services-image/portal + pullPolicy: IfNotPresent + # tag from versions.yaml: portal.image.tag = "1.7.5-hdc-ovh-prod" + + fullnameOverride: portal + replicaCount: 1 + container: + port: 80 + service: + type: ClusterIP + port: 3000 + targetPort: 80 + imagePullSecrets: + - name: docker-registry-secret + appConfig: + env: prod + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + cpu: 500m + memory: 500Mi + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 5 + periodSeconds: 10 + ingress: + enabled: true + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/proxy-body-size: 20m + tls: true + hostname: hdc.ebrains.eu + path: / + pathType: Prefix + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0