feat: add prod apps for waves 10-11 (bff, bff-cli, portal)

clusters/prod/apps/bff-cli/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: bff-cli
+version: 0.1.0
+dependencies:
+  - name: bff-cli-service
+    version: "0.1.0"
+    repository: https://pilotdataplatform.github.io/helm-charts/

clusters/prod/apps/bff-cli/application.yaml

@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: bff-cli
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/PilotDataPlatform/pilot-hdc-platform-gitops.git
+    targetRevision: main
+    path: clusters/prod/apps/bff-cli
+    helm:
+      valueFiles:
+        - ../../registry.yaml
+        - ../../versions.yaml
+        - values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: utility
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true

clusters/prod/apps/bff-cli/templates/external-secret.yaml

@@ -0,0 +1,43 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: bff-cli-credentials
+  namespace: utility
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    name: bff-cli-credentials
+  data:
+    - secretKey: redis-password
+      remoteRef:
+        key: secret/data/redis
+        property: password
+    - secretKey: cli-secret
+      remoteRef:
+        key: secret/data/bff-cli
+        property: cli-secret
+    - secretKey: atlas-password
+      remoteRef:
+        key: secret/data/bff-cli
+        property: atlas-password
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: guacamole-vm-key-pair
+  namespace: utility
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    name: guacamole-vm-key-pair
+  data:
+    - secretKey: jwt-key.pub
+      remoteRef:
+        key: secret/data/bff-cli
+        property: guacamole-jwt-public-key

clusters/prod/apps/bff-cli/values.yaml

@@ -0,0 +1,86 @@
+bff-cli-service:
+  image:
+    repository: n47w5524.c1.de1.container-registry.ovh.net/hdc-services-image/bff-cli
+    pullPolicy: IfNotPresent
+    # tag comes from versions.yaml: bff-cli-service.image.tag = "bff-cli-2.2.15"
+
+  fullnameOverride: bff-cli
+  replicaCount: 1
+  imagePullSecrets:
+    - name: docker-registry-secret
+  container:
+    port: 5080
+  service:
+    type: ClusterIP
+    port: 5080
+    targetPort: 5080
+  appConfig:
+    port: 5080
+    env: prod
+    config_center_enabled: "false"
+    config_center_base_url: "http://common.utility:5062/"
+    srv_namespace: service_bff-cli
+  extraEnv:
+    log_level: info
+    namespace: utility
+    OPEN_TELEMETRY_ENABLED: "false"
+    UPLOAD_SERVICE_CORE: "http://upload.core:5079"
+    UPLOAD_SERVICE_GREENROOM: "http://upload.greenroom:5079"
+    DOWNLOAD_SERVICE_CORE: "http://download.core:5077"
+    DOWNLOAD_SERVICE_GREENROOM: "http://download.greenroom:5077"
+    DATASET_SERVICE: "http://dataset.utility:5081"
+    AUTH_SERVICE: "http://auth.utility:5061"
+    METADATA_SERVICE: "http://metadata.utility:5066"
+    PROJECT_SERVICE: "http://project.utility:5064"
+    REDIS_HOST: "redis-master.redis"
+    REDIS_PORT: "6379"
+    REDIS_DB: "0"
+    CORE_ZONE_LABEL: "Core"
+    GREEN_ZONE_LABEL: "Greenroom"
+    AUDIT_TRAIL_SERVICE: ""
+    HPC_SERVICE: ""
+    KG_SERVICE: ""
+    ATLAS_API: ""
+    ATLAS_ADMIN: "admin"
+    ATLAS_ENTITY_TYPE: ""
+    CLI_PUBLIC_KEY_PATH: "/var/run/secrets/guacamole/jwt-key.pub"
+    JUPYTER_IP_LOWER: "10.0.0.0"
+    JUPYTER_IP_UPPER: "10.255.255.255"
+  extraEnvYaml:
+    - name: REDIS_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: bff-cli-credentials
+          key: redis-password
+    - name: CLI_SECRET
+      valueFrom:
+        secretKeyRef:
+          name: bff-cli-credentials
+          key: cli-secret
+    - name: ATLAS_PASSWD
+      valueFrom:
+        secretKeyRef:
+          name: bff-cli-credentials
+          key: atlas-password
+  resources:
+    requests:
+      cpu: 10m
+      memory: 50Mi
+    limits:
+      cpu: 500m
+      memory: 500Mi
+  readinessProbe:
+    tcpSocket:
+      port: 5080
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    failureThreshold: 3
+    successThreshold: 1
+  extraVolumeMounts:
+    - name: guacamole-vm-key-pair
+      mountPath: /var/run/secrets/guacamole/
+      readOnly: true
+  extraVolumes:
+    - name: guacamole-vm-key-pair
+      secret:
+        secretName: guacamole-vm-key-pair

clusters/prod/apps/bff/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: bff
+version: 0.1.0
+dependencies:
+  - name: base-chart-hdc
+    version: "1.0.1"
+    repository: https://pilotdataplatform.github.io/helm-charts/

clusters/prod/apps/bff/application.yaml

@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: bff
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/PilotDataPlatform/pilot-hdc-platform-gitops.git
+    targetRevision: main
+    path: clusters/prod/apps/bff
+    helm:
+      valueFiles:
+        - ../../registry.yaml
+        - ../../versions.yaml
+        - values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: utility
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true

clusters/prod/apps/bff/templates/external-secret.yaml

@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: bff-credentials
+  namespace: utility
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    name: bff-credentials
+  data:
+    - secretKey: redis-password
+      remoteRef:
+        key: secret/data/redis
+        property: password
+    - secretKey: minio-access-key
+      remoteRef:
+        key: secret/data/minio
+        property: access_key
+    - secretKey: minio-secret-key
+      remoteRef:
+        key: secret/data/minio
+        property: secret_key

clusters/prod/apps/bff/values.yaml

@@ -0,0 +1,99 @@
+base-chart-hdc:
+  image:
+    repository: n47w5524.c1.de1.container-registry.ovh.net/hdc-services-image/bff-web
+    tag: "2.2.87"
+    tagPrefix: "bff"
+    pullPolicy: IfNotPresent
+  fullnameOverride: bff
+  labels:
+    app: bff
+    instance: bff-service
+  replicaCount: 1
+  container:
+    name: bff
+    ports:
+      - name: http
+        containerPort: 5060
+        protocol: TCP
+      - name: portal-bff
+        containerPort: 3000
+        protocol: TCP
+  service:
+    type: ClusterIP
+    ports:
+      - port: 5060
+        targetPort: 5060
+        protocol: TCP
+        name: http
+      - port: 3000
+        targetPort: 3000
+        protocol: TCP
+        name: portal-bff
+  imagePullSecrets:
+    - name: docker-registry-secret
+  appConfig:
+    env: prod
+    config_center_enabled: false
+  extraEnv:
+    SITE_DOMAIN: "https://portal.hdc.ebrains.eu"
+    CORE_ZONE_LABEL: "Core"
+    GREENROOM_ZONE_LABEL: "Greenroom"
+    PROJECT_NAME: "HDC"
+    KEYCLOAK_REALM: "hdc"
+    KONG_PATH: "/pilot/"
+    RESOURCE_REQUEST_ADMIN: "testadmin"
+    EMAIL_SUPPORT: "support@hdc.ebrains.eu"
+    EMAIL_ADMIN: "admin@hdc.ebrains.eu"
+    EMAIL_HELPDESK: "helpdesk@hdc.ebrains.eu"
+    INVITATION_URL_LOGIN: "https://portal.hdc.ebrains.eu/login/"
+    EMAIL_SUPPORT_REPLY_TO: "no-reply@ebrains.eu"
+    REDIS_HOST: "redis-master.redis"
+    REDIS_PORT: "6379"
+    AUTH_SERVICE: "http://auth.utility:5061"
+    METADATA_SERVICE: "http://metadata.utility:5066"
+    PROJECT_SERVICE: "http://project.utility:5064"
+    DATAOPS_SERVICE: "http://dataops.utility:5063"
+    UPLOAD_SERVICE: "http://upload.greenroom:5079"
+    DOWNLOAD_SERVICE_CORE: "http://download.core:5077"
+    DOWNLOAD_SERVICE_GR: "http://download.greenroom:5077"
+    NOTIFY_SERVICE: "http://notification.utility:5065"
+    DATASET_SERVICE: "http://dataset.utility:5081"
+    KG_SERVICE: "http://kg-integration.utility:8000"
+    APPROVAL_SERVICE: "http://approval.utility:8000"
+    SEARCH_SERVICE: "http://search.utility:5064"
+    WORKSPACE_SERVICE: "http://workspace.utility:5068"
+    PROVENANCE_SERVICE: "http://localhost:5077"
+    MINIO_HOST: "minio.minio:9000"
+    MINIO_BUCKET_ENCRYPTION: "true"
+    S3_GATEWAY: "false"
+    OPEN_TELEMETRY_ENABLED: "false"
+    ENABLE_PROMETHEUS_METRICS: "false"
+  extraEnvYaml:
+    - name: REDIS_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: bff-credentials
+          key: redis-password
+    - name: MINIO_USERNAME
+      valueFrom:
+        secretKeyRef:
+          name: bff-credentials
+          key: minio-access-key
+    - name: MINIO_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: bff-credentials
+          key: minio-secret-key
+  resources:
+    requests:
+      cpu: 10m
+      memory: 200Mi
+    limits:
+      cpu: 500m
+      memory: 500Mi
+  readinessProbe:
+    tcpSocket:
+      port: 5060
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    failureThreshold: 3

clusters/prod/apps/portal/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: portal
+version: 0.1.0
+dependencies:
+  - name: portal
+    version: "2.1.2"
+    repository: https://pilotdataplatform.github.io/helm-charts/

clusters/prod/apps/portal/application.yaml

@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: portal
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "11"
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/PilotDataPlatform/pilot-hdc-platform-gitops.git
+    targetRevision: main
+    path: clusters/prod/apps/portal
+    helm:
+      valueFiles:
+        - ../../registry.yaml
+        - ../../versions.yaml
+        - values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: utility
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true