From c1010689e30ff3e87342e29df894d7923efd2a36 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Mon, 4 Sep 2023 10:51:45 +0200 Subject: [PATCH 01/76] Introduced base version of helm chart --- charts/dbildungs-iam/Chart.yaml | 6 +++++ .../templates/dbildungs-iam-deployment.yaml | 27 +++++++++++++++++++ .../templates/dbildungs-iam-service.yaml | 13 +++++++++ charts/dbildungs-iam/values.yaml | 6 +++++ 4 files changed, 52 insertions(+) create mode 100644 charts/dbildungs-iam/Chart.yaml create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-service.yaml create mode 100644 charts/dbildungs-iam/values.yaml diff --git a/charts/dbildungs-iam/Chart.yaml b/charts/dbildungs-iam/Chart.yaml new file mode 100644 index 000000000..770fcc42f --- /dev/null +++ b/charts/dbildungs-iam/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: dbildungs-iam +version: 0.1.0 + +description: dBildungs-IAM +type: application diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml new file mode 100644 index 000000000..84e7f94af --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-deployment + labels: + app: dbildungs-iam +spec: + replicas: {{.Values.dbildungsIamReplications}} + selector: + matchLabels: + app: dbildungs-iam + template: + metadata: + name: dbildungs-iam + labels: + app: dbildungs-iam + spec: + containers: + - name: dbildungs-iam + image: {{.Values.dbildungsIamContainer}} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: {{.Values.dbildungsIamCpuMax}} + memory: {{.Values.dbildungsIamMemMax}} + restartPolicy: Always + \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml new file mode 100644 index 000000000..8981d6625 --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{.Release.Name }}-services +spec: + selector: + app: dbildungs-iam + ports: + - protocol: TCP + port: {{.Values.dbildungsIamExternalPort}} + targetPort: 8080 + type: ClusterIP + \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml new file mode 100644 index 000000000..8fa56b0d9 --- /dev/null +++ b/charts/dbildungs-iam/values.yaml @@ -0,0 +1,6 @@ +dbildungsIamContainer: "dbildungs-iam:0.1.0" + +dbildungsIamExternalPort: 80 +dbildungsIamCpuMax: 2 +dbildungsIamMemMax: 4G +dbildungsIamReplications: 1 \ No newline at end of file From 9bf421130e225898675583a50695327adc390193 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 5 Sep 2023 13:18:39 +0200 Subject: [PATCH 02/76] Dockerfile for dIAM backend --- Dockerfile | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..c247ad07f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,25 @@ +ARG BASE_IMAGE=node:20.5.1-alpine3.17 +FROM $BASE_IMAGE as deployment + +WORKDIR /app + +COPY tsconfig*.json ./ +COPY package*.json ./ + +RUN npm ci + +COPY src/ src/ + +RUN npm run build + +FROM $BASE_IMAGE +ENV NODE_ENV=prod + +WORKDIR /app +COPY package*.json ./ + +RUN npm ci --omit-dev + +COPY --from=deployment /app/dist/ ./dist/ + +CMD [ "node", "dist/src/server/main.js" ] \ No newline at end of file From 812332bbeccbc77cf9d539c30d0210774b76384d Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 5 Sep 2023 17:52:45 +0200 Subject: [PATCH 03/76] Added configmap for db config Added environment config --- charts/dbildungs-iam/config/config.dev.json | 9 +++++++++ charts/dbildungs-iam/config/config.prod.json | 9 +++++++++ charts/dbildungs-iam/config/config.test.json | 9 +++++++++ .../templates/dbildungs-iam-configmap.yaml | 11 +++++++++++ .../templates/dbildungs-iam-deployment.yaml | 10 ++++++++++ charts/dbildungs-iam/values.yaml | 3 ++- 6 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 charts/dbildungs-iam/config/config.dev.json create mode 100644 charts/dbildungs-iam/config/config.prod.json create mode 100644 charts/dbildungs-iam/config/config.test.json create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml diff --git a/charts/dbildungs-iam/config/config.dev.json b/charts/dbildungs-iam/config/config.dev.json new file mode 100644 index 000000000..53c6a3b7b --- /dev/null +++ b/charts/dbildungs-iam/config/config.dev.json @@ -0,0 +1,9 @@ +{ + "HOST": { + "PORT": 9090 + }, + "DB": { + "CLIENT_URL": "postgres://admin:password@127.0.0.1:5432", + "DB_NAME": "dbildungs-iam" + } +} diff --git a/charts/dbildungs-iam/config/config.prod.json b/charts/dbildungs-iam/config/config.prod.json new file mode 100644 index 000000000..5fb4b2b81 --- /dev/null +++ b/charts/dbildungs-iam/config/config.prod.json @@ -0,0 +1,9 @@ +{ + "HOST": { + "PORT": 8080 + }, + "DB": { + "CLIENT_URL": "", + "DB_NAME": "" + } +} diff --git a/charts/dbildungs-iam/config/config.test.json b/charts/dbildungs-iam/config/config.test.json new file mode 100644 index 000000000..d24d69b22 --- /dev/null +++ b/charts/dbildungs-iam/config/config.test.json @@ -0,0 +1,9 @@ +{ + "HOST": { + "PORT": 8080 + }, + "DB": { + "CLIENT_URL": "postgres://127.0.0.1:5432", + "DB_NAME": "dbildungs-iam" + } +} diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml new file mode 100644 index 000000000..66677e816 --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{.Release.Name}}-configmap +data: + config.dev.json: |- +{{.Files.Get "config/config.dev.json" | indent 4}} + config.test.json: |- +{{.Files.Get "config/config.test.json" | indent 4}} + config.prod.json: |- +{{.Files.Get "config/config.prod.json" | indent 4}} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index 84e7f94af..5ce2a8374 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -19,9 +19,19 @@ spec: - name: dbildungs-iam image: {{.Values.dbildungsIamContainer}} imagePullPolicy: IfNotPresent + env: + - name: NODE_ENV + value: {{.Values.environment}} + volumeMounts: + - mountPath: /app/config/ + name: config resources: limits: cpu: {{.Values.dbildungsIamCpuMax}} memory: {{.Values.dbildungsIamMemMax}} restartPolicy: Always + volumes: + - name: config + configMap: + name: {{.Release.Name}}-configmap \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 8fa56b0d9..445c2f952 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -3,4 +3,5 @@ dbildungsIamContainer: "dbildungs-iam:0.1.0" dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 dbildungsIamMemMax: 4G -dbildungsIamReplications: 1 \ No newline at end of file +dbildungsIamReplications: 1 +environment: prod \ No newline at end of file From 076ddbb4b27e809afc7604b806c9661a61397501 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 5 Sep 2023 17:52:56 +0200 Subject: [PATCH 04/76] Added config dir --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index c247ad07f..ea7719aac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ ENV NODE_ENV=prod WORKDIR /app COPY package*.json ./ +COPY config/ ./config/ RUN npm ci --omit-dev From 80aae14ba2dfd22348dbe715828bede24f971fe3 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Mon, 11 Sep 2023 18:29:59 +0200 Subject: [PATCH 05/76] Added ServiceMonitor for Prometheus --- .../templates/dbildungs-iam-configmap.yaml | 2 ++ .../templates/dbildungs-iam-deployment.yaml | 10 +++++++--- .../templates/dbildungs-iam-service.yaml | 8 ++++++-- .../templates/dbildungs-iam-servicemonitor.yaml | 14 ++++++++++++++ charts/dbildungs-iam/values.yaml | 4 +++- 5 files changed, 32 insertions(+), 6 deletions(-) create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-servicemonitor.yaml diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml index 66677e816..3b6a3debb 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{.Release.Name}}-configmap + labels: + app.kubernetes.io/name: dbildungs-iam data: config.dev.json: |- {{.Files.Get "config/config.dev.json" | indent 4}} diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index 5ce2a8374..c07e0b3db 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -1,24 +1,28 @@ apiVersion: apps/v1 kind: Deployment metadata: + namespace: {{.Values.namespace}} name: {{ .Release.Name }}-deployment labels: - app: dbildungs-iam + app.kubernetes.io/name: dbildungs-iam spec: replicas: {{.Values.dbildungsIamReplications}} selector: matchLabels: - app: dbildungs-iam + app.kubernetes.io/name: dbildungs-iam template: metadata: name: dbildungs-iam labels: - app: dbildungs-iam + app.kubernetes.io/name: dbildungs-iam spec: containers: - name: dbildungs-iam image: {{.Values.dbildungsIamContainer}} imagePullPolicy: IfNotPresent + ports: + - name: web + containerPort: 8080 env: - name: NODE_ENV value: {{.Values.environment}} diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml index 8981d6625..2ba565236 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml @@ -1,13 +1,17 @@ apiVersion: v1 kind: Service metadata: + namespace: {{.Values.namespace}} name: {{.Release.Name }}-services + labels: + app.kubernetes.io/name: dbildungs-iam spec: selector: - app: dbildungs-iam + app.kubernetes.io/name: dbildungs-iam ports: - protocol: TCP + name: web port: {{.Values.dbildungsIamExternalPort}} - targetPort: 8080 + targetPort: web type: ClusterIP \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-servicemonitor.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-servicemonitor.yaml new file mode 100644 index 000000000..a07140efa --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-servicemonitor.yaml @@ -0,0 +1,14 @@ +{{if .Values.enableServiceMonitor}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{.Release.Name}}-servicemonitor +spec: + namespaceSelector: + any: true + selector: + matchLabels: + app.kubernetes.io/name: dbildungs-iam + endpoints: + - port: web + {{end}} \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 445c2f952..2b09f9c5b 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -4,4 +4,6 @@ dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 dbildungsIamMemMax: 4G dbildungsIamReplications: 1 -environment: prod \ No newline at end of file +environment: prod + +enableServiceMonitor: true \ No newline at end of file From 39bbf150257cc55714a7edab91282b79efa39d11 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 19 Sep 2023 12:23:39 +0200 Subject: [PATCH 06/76] Added basic infrastructure for probes --- package-lock.json | 88 +++++++++++++++++++++++++------------ package.json | 1 + src/axios/axios.module.ts | 4 ++ src/health/health.module.ts | 5 +++ 4 files changed, 70 insertions(+), 28 deletions(-) create mode 100644 src/axios/axios.module.ts create mode 100644 src/health/health.module.ts diff --git a/package-lock.json b/package-lock.json index 829d2933d..8f8cf27d7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,6 +22,7 @@ "@nestjs/platform-express": "^9.0.0", "@nestjs/swagger": "^7.0.4", "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", + "@nestjs/terminus": "^9.0.0", "class-transformer": "^0.5.1", "class-validator": "^0.14.0", "lodash": "^4.17.21", @@ -943,6 +944,14 @@ "npm": ">=6.14.13" } }, + "node_modules/@golevelup/nestjs-discovery": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@golevelup/nestjs-discovery/-/nestjs-discovery-3.0.0.tgz", + "integrity": "sha512-ZvkXtobTKxXB1LJanP/l6Z/Fing88IMBr3uabQpU2IWjfsstjh02qYDSU2cfD6CSmNldX5ewW5Pd+SdK2lU8Sw==", + "dependencies": { + "lodash": "^4.17.15" + } + }, "node_modules/@golevelup/ts-jest": { "version": "0.3.8", "resolved": "https://registry.npmjs.org/@golevelup/ts-jest/-/ts-jest-0.3.8.tgz", @@ -2108,6 +2117,20 @@ } } }, + "node_modules/@nestjs/terminus": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/@nestjs/terminus/-/terminus-9.0.0.tgz", + "integrity": "sha512-Yqx310ld2JwWgFFQyw0Cri+Y4yfG9gq66BLZ37vdOgZeKFS4wHdJZG6PlYeO3ztvE+vVZCKxvORLtaNa4u2bSQ==", + "dependencies": { + "check-disk-space": "3.3.0" + }, + "peerDependencies": { + "@nestjs/common": "9.x", + "@nestjs/core": "9.x", + "reflect-metadata": "0.1.x", + "rxjs": "7.x" + } + }, "node_modules/@nestjs/testing": { "version": "9.4.3", "resolved": "https://registry.npmjs.org/@nestjs/testing/-/testing-9.4.3.tgz", @@ -3798,6 +3821,14 @@ "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==" }, + "node_modules/check-disk-space": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/check-disk-space/-/check-disk-space-3.3.0.tgz", + "integrity": "sha512-Hvr+Nr01xSSvuCpXvJ8oZ2iXjIu4XT3uHbw3g7F/Uiw6O5xk8c/Ot7ZGFDaTRDf2Bz8AdWA4DvpAgCJVKt8arw==", + "engines": { + "node": ">=12" + } + }, "node_modules/chokidar": { "version": "3.5.3", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", @@ -7696,11 +7727,11 @@ "dev": true }, "node_modules/nest-commander": { - "version": "3.11.1", - "resolved": "https://registry.npmjs.org/nest-commander/-/nest-commander-3.11.1.tgz", - "integrity": "sha512-BuuuYx7EyGsfiGRiRNPVFE8ScrspDO1zfnf+nqaYv2M2VnjApXIItxesyLEyeqMO3vLECO2bbZLY9uXDoS+3Zg==", + "version": "3.9.0", + "resolved": "https://registry.npmjs.org/nest-commander/-/nest-commander-3.9.0.tgz", + "integrity": "sha512-gtunG9QnorVUScmrum0OlI/p4woxWtre1SDFJo9TRS9ehjEfmdXvbS60NS/yw0lU6fD773f+IMUPX/BX/Eg11g==", "dependencies": { - "@golevelup/nestjs-discovery": "4.0.0", + "@golevelup/nestjs-discovery": "3.0.0", "commander": "11.0.0", "cosmiconfig": "8.2.0", "inquirer": "8.2.5" @@ -7711,18 +7742,6 @@ "@types/inquirer": "^8.1.3" } }, - "node_modules/nest-commander/node_modules/@golevelup/nestjs-discovery": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@golevelup/nestjs-discovery/-/nestjs-discovery-4.0.0.tgz", - "integrity": "sha512-iyZLYip9rhVMR0C93vo860xmboRrD5g5F5iEOfpeblGvYSz8ymQrL9RAST7x/Fp3n+TAXSeOLzDIASt+rak68g==", - "dependencies": { - "lodash": "^4.17.21" - }, - "peerDependencies": { - "@nestjs/common": "^10.x", - "@nestjs/core": "^10.x" - } - }, "node_modules/nest-commander/node_modules/commander": { "version": "11.0.0", "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz", @@ -11337,6 +11356,14 @@ "resolved": "https://registry.npmjs.org/@faker-js/faker/-/faker-8.0.2.tgz", "integrity": "sha512-Uo3pGspElQW91PCvKSIAXoEgAUlRnH29sX2/p89kg7sP1m2PzCufHINd0FhTXQf6DYGiUlVncdSPa2F9wxed2A==" }, + "@golevelup/nestjs-discovery": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@golevelup/nestjs-discovery/-/nestjs-discovery-3.0.0.tgz", + "integrity": "sha512-ZvkXtobTKxXB1LJanP/l6Z/Fing88IMBr3uabQpU2IWjfsstjh02qYDSU2cfD6CSmNldX5ewW5Pd+SdK2lU8Sw==", + "requires": { + "lodash": "^4.17.15" + } + }, "@golevelup/ts-jest": { "version": "0.3.8", "resolved": "https://registry.npmjs.org/@golevelup/ts-jest/-/ts-jest-0.3.8.tgz", @@ -12073,6 +12100,14 @@ "swagger-ui-dist": "5.3.1" } }, + "@nestjs/terminus": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/@nestjs/terminus/-/terminus-9.0.0.tgz", + "integrity": "sha512-Yqx310ld2JwWgFFQyw0Cri+Y4yfG9gq66BLZ37vdOgZeKFS4wHdJZG6PlYeO3ztvE+vVZCKxvORLtaNa4u2bSQ==", + "requires": { + "check-disk-space": "3.3.0" + } + }, "@nestjs/testing": { "version": "9.4.3", "resolved": "https://registry.npmjs.org/@nestjs/testing/-/testing-9.4.3.tgz", @@ -13409,6 +13444,11 @@ "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==" }, + "check-disk-space": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/check-disk-space/-/check-disk-space-3.3.0.tgz", + "integrity": "sha512-Hvr+Nr01xSSvuCpXvJ8oZ2iXjIu4XT3uHbw3g7F/Uiw6O5xk8c/Ot7ZGFDaTRDf2Bz8AdWA4DvpAgCJVKt8arw==" + }, "chokidar": { "version": "3.5.3", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", @@ -16326,24 +16366,16 @@ "dev": true }, "nest-commander": { - "version": "3.11.1", - "resolved": "https://registry.npmjs.org/nest-commander/-/nest-commander-3.11.1.tgz", - "integrity": "sha512-BuuuYx7EyGsfiGRiRNPVFE8ScrspDO1zfnf+nqaYv2M2VnjApXIItxesyLEyeqMO3vLECO2bbZLY9uXDoS+3Zg==", + "version": "3.9.0", + "resolved": "https://registry.npmjs.org/nest-commander/-/nest-commander-3.9.0.tgz", + "integrity": "sha512-gtunG9QnorVUScmrum0OlI/p4woxWtre1SDFJo9TRS9ehjEfmdXvbS60NS/yw0lU6fD773f+IMUPX/BX/Eg11g==", "requires": { - "@golevelup/nestjs-discovery": "4.0.0", + "@golevelup/nestjs-discovery": "3.0.0", "commander": "11.0.0", "cosmiconfig": "8.2.0", "inquirer": "8.2.5" }, "dependencies": { - "@golevelup/nestjs-discovery": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@golevelup/nestjs-discovery/-/nestjs-discovery-4.0.0.tgz", - "integrity": "sha512-iyZLYip9rhVMR0C93vo860xmboRrD5g5F5iEOfpeblGvYSz8ymQrL9RAST7x/Fp3n+TAXSeOLzDIASt+rak68g==", - "requires": { - "lodash": "^4.17.21" - } - }, "commander": { "version": "11.0.0", "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz", diff --git a/package.json b/package.json index e400d7179..c5cad3d61 100644 --- a/package.json +++ b/package.json @@ -44,6 +44,7 @@ "@nestjs/platform-express": "^9.0.0", "@nestjs/swagger": "^7.0.4", "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", + "@nestjs/terminus": "^9.0.0", "class-transformer": "^0.5.1", "class-validator": "^0.14.0", "lodash": "^4.17.21", diff --git a/src/axios/axios.module.ts b/src/axios/axios.module.ts new file mode 100644 index 000000000..2b095bade --- /dev/null +++ b/src/axios/axios.module.ts @@ -0,0 +1,4 @@ +import { Module } from '@nestjs/common'; + +@Module({}) +export class AxiosModule {} diff --git a/src/health/health.module.ts b/src/health/health.module.ts new file mode 100644 index 000000000..0216819af --- /dev/null +++ b/src/health/health.module.ts @@ -0,0 +1,5 @@ +import { Module } from '@nestjs/common'; +import { TerminusModule } from '@nestjs/terminus'; + +@Module({ imports: [TerminusModule] }) +export class HealthModule {} From 664c10e4760ff9a3dc0c7fd6f872b3118c439e43 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 09:17:32 +0200 Subject: [PATCH 07/76] Health module added --- src/health/health.controller.spec.ts | 18 ++++++++++++++++++ src/health/health.controller.ts | 27 +++++++++++++++++++++++++++ src/health/health.module.ts | 3 ++- src/server/server.module.ts | 6 ++++++ 4 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 src/health/health.controller.spec.ts create mode 100644 src/health/health.controller.ts diff --git a/src/health/health.controller.spec.ts b/src/health/health.controller.spec.ts new file mode 100644 index 000000000..080736e88 --- /dev/null +++ b/src/health/health.controller.spec.ts @@ -0,0 +1,18 @@ +import { Test, TestingModule } from '@nestjs/testing'; +import { HealthController } from './health.controller.js'; + +describe('HealthController', () => { + let controller: HealthController; + + beforeEach(async () => { + const module: TestingModule = await Test.createTestingModule({ + controllers: [HealthController], + }).compile(); + + controller = module.get(HealthController); + }); + + it('should be defined', () => { + expect(controller).toBeDefined(); + }); +}); diff --git a/src/health/health.controller.ts b/src/health/health.controller.ts new file mode 100644 index 000000000..d1a5a9311 --- /dev/null +++ b/src/health/health.controller.ts @@ -0,0 +1,27 @@ +import { Controller, Get } from '@nestjs/common'; +import { + HealthCheck, + HealthCheckResult, + HealthCheckService, + HealthIndicatorResult, + MikroOrmHealthIndicator, +} from '@nestjs/terminus'; +import { EntityManager } from '@mikro-orm/postgresql'; + +@Controller('health') +export class HealthController { + public constructor( + private health: HealthCheckService, + private mikroOrm: MikroOrmHealthIndicator, + private em: EntityManager, + ) {} + + @Get() + @HealthCheck() + public check(): Promise { + return this.health.check([ + (): Promise => + this.mikroOrm.pingCheck('database', { connection: this.em.getConnection() }), + ]); + } +} diff --git a/src/health/health.module.ts b/src/health/health.module.ts index 0216819af..1815d4c83 100644 --- a/src/health/health.module.ts +++ b/src/health/health.module.ts @@ -1,5 +1,6 @@ import { Module } from '@nestjs/common'; import { TerminusModule } from '@nestjs/terminus'; +import { HealthController } from './health.controller.js'; -@Module({ imports: [TerminusModule] }) +@Module({ imports: [TerminusModule], controllers: [HealthController] }) export class HealthModule {} diff --git a/src/server/server.module.ts b/src/server/server.module.ts index 338256c44..158617031 100644 --- a/src/server/server.module.ts +++ b/src/server/server.module.ts @@ -8,6 +8,8 @@ import { ConfigModule, ConfigService } from '@nestjs/config'; import { DbConfig, loadConfigFiles, loadEnvConfig, ServerConfig } from '../shared/config/index.js'; import { mappingErrorHandler } from '../shared/error/index.js'; import { PersonApiModule } from '../modules/person/person-api.module.js'; +import { HealthModule } from '../health/health.module.js'; +import { KeycloakAdministrationModule } from '../modules/keycloak-administration/keycloak-administration.module.js'; import { OrganisationApiModule } from '../modules/organisation/organisation-api.module.js'; @Module({ @@ -30,12 +32,16 @@ import { OrganisationApiModule } from '../modules/organisation/organisation-api. dbName: dbConfig.DB_NAME, entities: ['./dist/**/*.entity.js'], entitiesTs: ['./src/**/*.entity.ts'], + // Needed for HealthCheck + type: 'postgresql', }); }, inject: [ConfigService], }), PersonApiModule, OrganisationApiModule, + KeycloakAdministrationModule, + HealthModule, ], }) export class ServerModule {} From 538be155f0b6743c13bdde35de80ee27b12d2af8 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 13:26:45 +0200 Subject: [PATCH 08/76] Added secrets-file --- charts/dbildungs-iam/config/secrets.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 charts/dbildungs-iam/config/secrets.json diff --git a/charts/dbildungs-iam/config/secrets.json b/charts/dbildungs-iam/config/secrets.json new file mode 100644 index 000000000..b1d876c79 --- /dev/null +++ b/charts/dbildungs-iam/config/secrets.json @@ -0,0 +1,5 @@ +{ + "DB": { + "SECRET": "Very hidden secret" + } +} \ No newline at end of file From d8510d5caf82a6da45770e44c8e1221f2ebf1061 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 13:27:14 +0200 Subject: [PATCH 09/76] Switched to secrets from config map --- .../templates/dbildungs-iam-configmap.yaml | 13 ------------- .../templates/dbildungs-iam-secret.yaml | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 13 deletions(-) delete mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml deleted file mode 100644 index 3b6a3debb..000000000 --- a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{.Release.Name}}-configmap - labels: - app.kubernetes.io/name: dbildungs-iam -data: - config.dev.json: |- -{{.Files.Get "config/config.dev.json" | indent 4}} - config.test.json: |- -{{.Files.Get "config/config.test.json" | indent 4}} - config.prod.json: |- -{{.Files.Get "config/config.prod.json" | indent 4}} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml new file mode 100644 index 000000000..40cd1aadd --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{.Release.Name}}-secret + labels: + app.kubernetes.io/name: dbildungs-iam +data: + config.dev.json: |- +{{.Files.Get .Values.configfile.dev | b64enc | indent 4}} + config.test.json: |- +{{.Files.Get .Values.configfile.test | b64enc | indent 4}} + config.prod.json: |- +{{.Files.Get .Values.configfile.prod | b64enc | indent 4}} + secrets.json: |- +{{.Files.Get .Values.configfile.secrets | b64enc | indent 4}} \ No newline at end of file From 7eb047026a9953e1c722acd3aa8e87e8b8cf9a60 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 13:27:44 +0200 Subject: [PATCH 10/76] Added deploy stage --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index ea7719aac..14fac0a19 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,7 @@ RUN npm run build FROM $BASE_IMAGE ENV NODE_ENV=prod +ENV DEPLOY_STAGE=prod WORKDIR /app COPY package*.json ./ From ae9286563912ed8c855f1d614cbf007bbd81347a Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 13:28:05 +0200 Subject: [PATCH 11/76] Dev setup now runs with local k3s --- charts/dbildungs-iam/config/config.dev.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/dbildungs-iam/config/config.dev.json b/charts/dbildungs-iam/config/config.dev.json index 53c6a3b7b..44a9e6528 100644 --- a/charts/dbildungs-iam/config/config.dev.json +++ b/charts/dbildungs-iam/config/config.dev.json @@ -1,9 +1,9 @@ { "HOST": { - "PORT": 9090 + "PORT": 8080 }, "DB": { - "CLIENT_URL": "postgres://admin:password@127.0.0.1:5432", + "CLIENT_URL": "postgres://admin:password@host.docker.internal:5432", "DB_NAME": "dbildungs-iam" } } From 10de5cbdd9189b8ce5be1ca522077fa615a820c7 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 13:28:49 +0200 Subject: [PATCH 12/76] Added Probes, Secret and new ENV --- .../templates/dbildungs-iam-deployment.yaml | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index c07e0b3db..52289e4bd 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -1,7 +1,6 @@ apiVersion: apps/v1 kind: Deployment metadata: - namespace: {{.Values.namespace}} name: {{ .Release.Name }}-deployment labels: app.kubernetes.io/name: dbildungs-iam @@ -26,16 +25,31 @@ spec: env: - name: NODE_ENV value: {{.Values.environment}} + - name: DEPLOY_STAGE + value: {{.Values.environment}} volumeMounts: - mountPath: /app/config/ name: config + readOnly: true resources: limits: cpu: {{.Values.dbildungsIamCpuMax}} memory: {{.Values.dbildungsIamMemMax}} + livenessProbe: + initialDelaySeconds: 10 + httpGet: + port: 8080 + scheme: 'HTTP' + path: '/health' + readinessProbe: + initialDelaySeconds: 10 + httpGet: + port: 8080 + scheme: 'HTTP' + path: '/health' restartPolicy: Always volumes: - name: config - configMap: - name: {{.Release.Name}}-configmap + secret: + secretName: {{.Release.Name}}-secret \ No newline at end of file From 05e49c83a27977e3c8483b5e143286c29e19d65c Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 13:29:03 +0200 Subject: [PATCH 13/76] Added config file indirection --- charts/dbildungs-iam/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 2b09f9c5b..7cc618701 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -6,4 +6,10 @@ dbildungsIamMemMax: 4G dbildungsIamReplications: 1 environment: prod -enableServiceMonitor: true \ No newline at end of file +configfile: + secrets: 'config/secrets.json' + dev: 'config/config.dev.json' + test: 'config/config.test.json' + prod: 'config/config.prod.json' + +enableServiceMonitor: false \ No newline at end of file From e273f689048e0bf2e69c0a265f7a3e1e85fb0685 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 13:36:49 +0200 Subject: [PATCH 14/76] Integrated with main --- package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index 8f8cf27d7..101cd430b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,8 +21,8 @@ "@nestjs/core": "^9.0.0", "@nestjs/platform-express": "^9.0.0", "@nestjs/swagger": "^7.0.4", - "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", "@nestjs/terminus": "^9.0.0", + "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", "class-transformer": "^0.5.1", "class-validator": "^0.14.0", "lodash": "^4.17.21", From 8465f8aa62f0da26e97ea6e2f5c68a6c7bf59804 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Mon, 4 Sep 2023 10:51:45 +0200 Subject: [PATCH 15/76] Introduced base version of helm chart --- .../templates/dbildungs-iam-deployment.yaml | 34 ++----------------- .../templates/dbildungs-iam-service.yaml | 8 ++--- charts/dbildungs-iam/values.yaml | 11 +----- 3 files changed, 6 insertions(+), 47 deletions(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index 52289e4bd..84e7f94af 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -3,53 +3,25 @@ kind: Deployment metadata: name: {{ .Release.Name }}-deployment labels: - app.kubernetes.io/name: dbildungs-iam + app: dbildungs-iam spec: replicas: {{.Values.dbildungsIamReplications}} selector: matchLabels: - app.kubernetes.io/name: dbildungs-iam + app: dbildungs-iam template: metadata: name: dbildungs-iam labels: - app.kubernetes.io/name: dbildungs-iam + app: dbildungs-iam spec: containers: - name: dbildungs-iam image: {{.Values.dbildungsIamContainer}} imagePullPolicy: IfNotPresent - ports: - - name: web - containerPort: 8080 - env: - - name: NODE_ENV - value: {{.Values.environment}} - - name: DEPLOY_STAGE - value: {{.Values.environment}} - volumeMounts: - - mountPath: /app/config/ - name: config - readOnly: true resources: limits: cpu: {{.Values.dbildungsIamCpuMax}} memory: {{.Values.dbildungsIamMemMax}} - livenessProbe: - initialDelaySeconds: 10 - httpGet: - port: 8080 - scheme: 'HTTP' - path: '/health' - readinessProbe: - initialDelaySeconds: 10 - httpGet: - port: 8080 - scheme: 'HTTP' - path: '/health' restartPolicy: Always - volumes: - - name: config - secret: - secretName: {{.Release.Name}}-secret \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml index 2ba565236..8981d6625 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml @@ -1,17 +1,13 @@ apiVersion: v1 kind: Service metadata: - namespace: {{.Values.namespace}} name: {{.Release.Name }}-services - labels: - app.kubernetes.io/name: dbildungs-iam spec: selector: - app.kubernetes.io/name: dbildungs-iam + app: dbildungs-iam ports: - protocol: TCP - name: web port: {{.Values.dbildungsIamExternalPort}} - targetPort: web + targetPort: 8080 type: ClusterIP \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 7cc618701..8fa56b0d9 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -3,13 +3,4 @@ dbildungsIamContainer: "dbildungs-iam:0.1.0" dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 dbildungsIamMemMax: 4G -dbildungsIamReplications: 1 -environment: prod - -configfile: - secrets: 'config/secrets.json' - dev: 'config/config.dev.json' - test: 'config/config.test.json' - prod: 'config/config.prod.json' - -enableServiceMonitor: false \ No newline at end of file +dbildungsIamReplications: 1 \ No newline at end of file From 51f23a106688d3022d32a0bde7d5e1eae15deef0 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 5 Sep 2023 13:18:39 +0200 Subject: [PATCH 16/76] Dockerfile for dIAM backend --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 14fac0a19..c247ad07f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,11 +14,9 @@ RUN npm run build FROM $BASE_IMAGE ENV NODE_ENV=prod -ENV DEPLOY_STAGE=prod WORKDIR /app COPY package*.json ./ -COPY config/ ./config/ RUN npm ci --omit-dev From 7a3cba0c9f172e3e9bb37021bfdc87438ece4016 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 5 Sep 2023 17:52:45 +0200 Subject: [PATCH 17/76] Added configmap for db config Added environment config --- charts/dbildungs-iam/config/config.dev.json | 4 ++-- .../templates/dbildungs-iam-configmap.yaml | 11 +++++++++++ .../templates/dbildungs-iam-deployment.yaml | 10 ++++++++++ charts/dbildungs-iam/values.yaml | 3 ++- 4 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml diff --git a/charts/dbildungs-iam/config/config.dev.json b/charts/dbildungs-iam/config/config.dev.json index 44a9e6528..53c6a3b7b 100644 --- a/charts/dbildungs-iam/config/config.dev.json +++ b/charts/dbildungs-iam/config/config.dev.json @@ -1,9 +1,9 @@ { "HOST": { - "PORT": 8080 + "PORT": 9090 }, "DB": { - "CLIENT_URL": "postgres://admin:password@host.docker.internal:5432", + "CLIENT_URL": "postgres://admin:password@127.0.0.1:5432", "DB_NAME": "dbildungs-iam" } } diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml new file mode 100644 index 000000000..66677e816 --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{.Release.Name}}-configmap +data: + config.dev.json: |- +{{.Files.Get "config/config.dev.json" | indent 4}} + config.test.json: |- +{{.Files.Get "config/config.test.json" | indent 4}} + config.prod.json: |- +{{.Files.Get "config/config.prod.json" | indent 4}} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index 84e7f94af..5ce2a8374 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -19,9 +19,19 @@ spec: - name: dbildungs-iam image: {{.Values.dbildungsIamContainer}} imagePullPolicy: IfNotPresent + env: + - name: NODE_ENV + value: {{.Values.environment}} + volumeMounts: + - mountPath: /app/config/ + name: config resources: limits: cpu: {{.Values.dbildungsIamCpuMax}} memory: {{.Values.dbildungsIamMemMax}} restartPolicy: Always + volumes: + - name: config + configMap: + name: {{.Release.Name}}-configmap \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 8fa56b0d9..445c2f952 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -3,4 +3,5 @@ dbildungsIamContainer: "dbildungs-iam:0.1.0" dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 dbildungsIamMemMax: 4G -dbildungsIamReplications: 1 \ No newline at end of file +dbildungsIamReplications: 1 +environment: prod \ No newline at end of file From 5668c7739777230c19bc2355d4453513e0d6610d Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 5 Sep 2023 17:52:56 +0200 Subject: [PATCH 18/76] Added config dir --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index c247ad07f..ea7719aac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ ENV NODE_ENV=prod WORKDIR /app COPY package*.json ./ +COPY config/ ./config/ RUN npm ci --omit-dev From 4b1841adc7f575efb40a284a88085d1c1d438ca4 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Mon, 11 Sep 2023 18:29:59 +0200 Subject: [PATCH 19/76] Added ServiceMonitor for Prometheus --- .../templates/dbildungs-iam-configmap.yaml | 2 ++ .../templates/dbildungs-iam-deployment.yaml | 10 +++++++--- .../dbildungs-iam/templates/dbildungs-iam-service.yaml | 8 ++++++-- charts/dbildungs-iam/values.yaml | 4 +++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml index 66677e816..3b6a3debb 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{.Release.Name}}-configmap + labels: + app.kubernetes.io/name: dbildungs-iam data: config.dev.json: |- {{.Files.Get "config/config.dev.json" | indent 4}} diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index 5ce2a8374..c07e0b3db 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -1,24 +1,28 @@ apiVersion: apps/v1 kind: Deployment metadata: + namespace: {{.Values.namespace}} name: {{ .Release.Name }}-deployment labels: - app: dbildungs-iam + app.kubernetes.io/name: dbildungs-iam spec: replicas: {{.Values.dbildungsIamReplications}} selector: matchLabels: - app: dbildungs-iam + app.kubernetes.io/name: dbildungs-iam template: metadata: name: dbildungs-iam labels: - app: dbildungs-iam + app.kubernetes.io/name: dbildungs-iam spec: containers: - name: dbildungs-iam image: {{.Values.dbildungsIamContainer}} imagePullPolicy: IfNotPresent + ports: + - name: web + containerPort: 8080 env: - name: NODE_ENV value: {{.Values.environment}} diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml index 8981d6625..2ba565236 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml @@ -1,13 +1,17 @@ apiVersion: v1 kind: Service metadata: + namespace: {{.Values.namespace}} name: {{.Release.Name }}-services + labels: + app.kubernetes.io/name: dbildungs-iam spec: selector: - app: dbildungs-iam + app.kubernetes.io/name: dbildungs-iam ports: - protocol: TCP + name: web port: {{.Values.dbildungsIamExternalPort}} - targetPort: 8080 + targetPort: web type: ClusterIP \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 445c2f952..2b09f9c5b 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -4,4 +4,6 @@ dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 dbildungsIamMemMax: 4G dbildungsIamReplications: 1 -environment: prod \ No newline at end of file +environment: prod + +enableServiceMonitor: true \ No newline at end of file From aae48de53d6b7d3d99d8ef1af82818600fbdc2ee Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 19 Sep 2023 12:23:39 +0200 Subject: [PATCH 20/76] Added basic infrastructure for probes --- package-lock.json | 1 + package.json | 1 + src/health/health.module.ts | 3 +-- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 101cd430b..c9282ddaa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,6 +22,7 @@ "@nestjs/platform-express": "^9.0.0", "@nestjs/swagger": "^7.0.4", "@nestjs/terminus": "^9.0.0", + "@nestjs/terminus": "^9.0.0", "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", "class-transformer": "^0.5.1", "class-validator": "^0.14.0", diff --git a/package.json b/package.json index c5cad3d61..463be95c8 100644 --- a/package.json +++ b/package.json @@ -45,6 +45,7 @@ "@nestjs/swagger": "^7.0.4", "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", "@nestjs/terminus": "^9.0.0", + "@nestjs/terminus": "^9.0.0", "class-transformer": "^0.5.1", "class-validator": "^0.14.0", "lodash": "^4.17.21", diff --git a/src/health/health.module.ts b/src/health/health.module.ts index 1815d4c83..0216819af 100644 --- a/src/health/health.module.ts +++ b/src/health/health.module.ts @@ -1,6 +1,5 @@ import { Module } from '@nestjs/common'; import { TerminusModule } from '@nestjs/terminus'; -import { HealthController } from './health.controller.js'; -@Module({ imports: [TerminusModule], controllers: [HealthController] }) +@Module({ imports: [TerminusModule] }) export class HealthModule {} From 0a2ec6266735e9aa59b6be53c57538076f51fefa Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 15:34:47 +0200 Subject: [PATCH 21/76] Improved Coverage --- src/health/health.controller.spec.ts | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/health/health.controller.spec.ts b/src/health/health.controller.spec.ts index 080736e88..16c817254 100644 --- a/src/health/health.controller.spec.ts +++ b/src/health/health.controller.spec.ts @@ -1,12 +1,26 @@ import { Test, TestingModule } from '@nestjs/testing'; import { HealthController } from './health.controller.js'; +import { HealthCheckService, HealthIndicatorFunction, MikroOrmHealthIndicator } from '@nestjs/terminus'; +import { createMock, DeepMocked } from '@golevelup/ts-jest'; +import { SqlEntityManager } from '@mikro-orm/postgresql'; describe('HealthController', () => { let controller: HealthController; + let healthCheckService: DeepMocked; + let mikroOrmHealthIndicator: MikroOrmHealthIndicator; + let entityManager: SqlEntityManager; beforeEach(async () => { + healthCheckService = createMock(); + mikroOrmHealthIndicator = createMock(); + entityManager = createMock(); const module: TestingModule = await Test.createTestingModule({ controllers: [HealthController], + providers: [ + { provide: HealthCheckService, useValue: healthCheckService }, + { provide: MikroOrmHealthIndicator, useValue: mikroOrmHealthIndicator }, + { provide: SqlEntityManager, useValue: entityManager }, + ], }).compile(); controller = module.get(HealthController); @@ -15,4 +29,18 @@ describe('HealthController', () => { it('should be defined', () => { expect(controller).toBeDefined(); }); + + it('should Perform all health checks', async () => { + await controller.check(); + + expect(healthCheckService.check).toHaveBeenCalled(); + const lastCallArgs = healthCheckService.check.mock.lastCall; + expect(lastCallArgs).toHaveLength(1); + const indicators = lastCallArgs![0]; + expect(indicators).toHaveLength(1); + const firstIndicator: HealthIndicatorFunction = indicators[0]!; + await firstIndicator.call(indicators[0]); + + expect(mikroOrmHealthIndicator.pingCheck).toHaveBeenCalled(); + }); }); From 62da951a5408efd2ae26697960a739d5cf2117bf Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 15:37:58 +0200 Subject: [PATCH 22/76] Removed Axios again until needed --- src/axios/axios.module.ts | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 src/axios/axios.module.ts diff --git a/src/axios/axios.module.ts b/src/axios/axios.module.ts deleted file mode 100644 index 2b095bade..000000000 --- a/src/axios/axios.module.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Module } from '@nestjs/common'; - -@Module({}) -export class AxiosModule {} From 53a27c6c822d049a6db594965476401ee10530e5 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 15:43:38 +0200 Subject: [PATCH 23/76] Removed Axios again until needed --- src/health/health.controller.spec.ts | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/health/health.controller.spec.ts b/src/health/health.controller.spec.ts index 16c817254..5a4f3976f 100644 --- a/src/health/health.controller.spec.ts +++ b/src/health/health.controller.spec.ts @@ -1,6 +1,11 @@ import { Test, TestingModule } from '@nestjs/testing'; import { HealthController } from './health.controller.js'; -import { HealthCheckService, HealthIndicatorFunction, MikroOrmHealthIndicator } from '@nestjs/terminus'; +import { + HealthCheckService, + HealthIndicatorFunction, + HealthIndicatorResult, + MikroOrmHealthIndicator, +} from '@nestjs/terminus'; import { createMock, DeepMocked } from '@golevelup/ts-jest'; import { SqlEntityManager } from '@mikro-orm/postgresql'; @@ -34,12 +39,15 @@ describe('HealthController', () => { await controller.check(); expect(healthCheckService.check).toHaveBeenCalled(); - const lastCallArgs = healthCheckService.check.mock.lastCall; + const lastCallArgs: jest.ArgsType | undefined = + healthCheckService.check.mock.lastCall; expect(lastCallArgs).toHaveLength(1); - const indicators = lastCallArgs![0]; + const indicators: HealthIndicatorFunction[] | undefined = lastCallArgs?.[0]; expect(indicators).toHaveLength(1); - const firstIndicator: HealthIndicatorFunction = indicators[0]!; - await firstIndicator.call(indicators[0]); + const firstIndicator: (() => PromiseLike | HealthIndicatorResult) | undefined = + indicators?.[0]; + expect(firstIndicator).not.toBeNull(); + await firstIndicator?.call(indicators?.[0]); expect(mikroOrmHealthIndicator.pingCheck).toHaveBeenCalled(); }); From 1f61bfdeef8ab44de908a5418a0e079643bc1ffc Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 17:02:49 +0200 Subject: [PATCH 24/76] Checking for KeyCloak availability --- src/health/health.controller.spec.ts | 34 +++++++++++++++++++++------- src/health/health.controller.ts | 6 +++++ 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/src/health/health.controller.spec.ts b/src/health/health.controller.spec.ts index 5a4f3976f..8ee486ea3 100644 --- a/src/health/health.controller.spec.ts +++ b/src/health/health.controller.spec.ts @@ -4,10 +4,12 @@ import { HealthCheckService, HealthIndicatorFunction, HealthIndicatorResult, + HttpHealthIndicator, MikroOrmHealthIndicator, } from '@nestjs/terminus'; import { createMock, DeepMocked } from '@golevelup/ts-jest'; import { SqlEntityManager } from '@mikro-orm/postgresql'; +import { KeycloakConfig } from '../shared/config/index.js'; describe('HealthController', () => { let controller: HealthController; @@ -15,16 +17,27 @@ describe('HealthController', () => { let healthCheckService: DeepMocked; let mikroOrmHealthIndicator: MikroOrmHealthIndicator; let entityManager: SqlEntityManager; + let httpHealthIndicator: DeepMocked; + const keycloakConfig: KeycloakConfig = { + CLIENT_ID: '', + PASSWORD: '', + REALM_NAME: '', + USERNAME: '', + BASE_URL: 'http://keycloak.test', + }; beforeEach(async () => { healthCheckService = createMock(); mikroOrmHealthIndicator = createMock(); entityManager = createMock(); + httpHealthIndicator = createMock(); const module: TestingModule = await Test.createTestingModule({ controllers: [HealthController], providers: [ { provide: HealthCheckService, useValue: healthCheckService }, { provide: MikroOrmHealthIndicator, useValue: mikroOrmHealthIndicator }, { provide: SqlEntityManager, useValue: entityManager }, + { provide: HttpHealthIndicator, useValue: httpHealthIndicator }, + { provide: KeycloakConfig, useValue: keycloakConfig }, ], }).compile(); @@ -39,16 +52,21 @@ describe('HealthController', () => { await controller.check(); expect(healthCheckService.check).toHaveBeenCalled(); - const lastCallArgs: jest.ArgsType | undefined = - healthCheckService.check.mock.lastCall; - expect(lastCallArgs).toHaveLength(1); - const indicators: HealthIndicatorFunction[] | undefined = lastCallArgs?.[0]; - expect(indicators).toHaveLength(1); + const indicators: HealthIndicatorFunction[] | undefined = healthCheckService.check.mock.lastCall?.[0]; const firstIndicator: (() => PromiseLike | HealthIndicatorResult) | undefined = indicators?.[0]; - expect(firstIndicator).not.toBeNull(); - await firstIndicator?.call(indicators?.[0]); - + expect(firstIndicator).toBeDefined(); + // Explanation: We get back the lambdas that the HealthCheck would call and call them + // ourselves to make sure they do the right things + await firstIndicator?.call(firstIndicator); expect(mikroOrmHealthIndicator.pingCheck).toHaveBeenCalled(); + + const secondIndicator: (() => PromiseLike | HealthIndicatorResult) | undefined = + indicators?.[1]; + expect(secondIndicator).toBeDefined(); + await secondIndicator?.call(secondIndicator); + + expect(httpHealthIndicator.pingCheck).toHaveBeenCalled(); + expect(httpHealthIndicator.pingCheck).toBeCalledWith('keycloak', 'http://keycloak.test'); }); }); diff --git a/src/health/health.controller.ts b/src/health/health.controller.ts index d1a5a9311..6e1de020a 100644 --- a/src/health/health.controller.ts +++ b/src/health/health.controller.ts @@ -4,24 +4,30 @@ import { HealthCheckResult, HealthCheckService, HealthIndicatorResult, + HttpHealthIndicator, MikroOrmHealthIndicator, } from '@nestjs/terminus'; import { EntityManager } from '@mikro-orm/postgresql'; +import { KeycloakConfig } from '../shared/config/index.js'; @Controller('health') export class HealthController { public constructor( private health: HealthCheckService, private mikroOrm: MikroOrmHealthIndicator, + private http: HttpHealthIndicator, private em: EntityManager, + private keycloakConfig: KeycloakConfig, ) {} @Get() @HealthCheck() public check(): Promise { + const baseUrl: string = this.keycloakConfig.BASE_URL; return this.health.check([ (): Promise => this.mikroOrm.pingCheck('database', { connection: this.em.getConnection() }), + (): Promise => this.http.pingCheck('keycloak', baseUrl), ]); } } From 43eac1964a54fbf5002d86add11c49357657b8ad Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 20 Sep 2023 17:45:49 +0200 Subject: [PATCH 25/76] Including Keycloak --- charts/dbildungs-iam/config/secrets.json | 7 ++ charts/dbildungs-iam/values.yaml | 2 +- package-lock.json | 92 +++++++++++++++++++++--- package.json | 4 +- src/health/health.controller.spec.ts | 8 +++ src/health/health.controller.ts | 6 +- 6 files changed, 103 insertions(+), 16 deletions(-) diff --git a/charts/dbildungs-iam/config/secrets.json b/charts/dbildungs-iam/config/secrets.json index b1d876c79..0c44f889d 100644 --- a/charts/dbildungs-iam/config/secrets.json +++ b/charts/dbildungs-iam/config/secrets.json @@ -1,5 +1,12 @@ { "DB": { "SECRET": "Very hidden secret" + }, + "KEYCLOAK": { + "BASE_URL": "docker.host.internal", + "REALM_NAME": "spsh", + "CLIENT_ID": "clientId", + "USERNAME": "admin", + "PASSWORD": "admin" } } \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 2b09f9c5b..a64185447 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -1,4 +1,4 @@ -dbildungsIamContainer: "dbildungs-iam:0.1.0" +dbildungsIamContainer: "dbildungs-iam/dev:latest" dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 diff --git a/package-lock.json b/package-lock.json index c9282ddaa..d10543fa1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,6 +16,7 @@ "@mikro-orm/core": "^5.7.11", "@mikro-orm/nestjs": "^5.1.8", "@mikro-orm/postgresql": "^5.7.11", + "@nestjs/axios": "^3.0.0", "@nestjs/common": "^9.0.0", "@nestjs/config": "^2.3.2", "@nestjs/core": "^9.0.0", @@ -1756,6 +1757,17 @@ } } }, + "node_modules/@nestjs/axios": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@nestjs/axios/-/axios-3.0.0.tgz", + "integrity": "sha512-ULdH03jDWkS5dy9X69XbUVbhC+0pVnrRcj7bIK/ytTZ76w7CgvTZDJqsIyisg3kNOiljRW/4NIjSf3j6YGvl+g==", + "peerDependencies": { + "@nestjs/common": "^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0", + "axios": "^1.3.1", + "reflect-metadata": "^0.1.12", + "rxjs": "^6.0.0 || ^7.0.0" + } + }, "node_modules/@nestjs/cli": { "version": "9.4.2", "resolved": "https://registry.npmjs.org/@nestjs/cli/-/cli-9.4.2.tgz", @@ -3375,8 +3387,7 @@ "node_modules/asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", - "dev": true + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/available-typed-arrays": { "version": "1.0.5", @@ -3390,6 +3401,17 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/axios": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.5.0.tgz", + "integrity": "sha512-D4DdjDo5CY50Qms0qGQTTw6Q44jl7zRwY7bthds06pUGfChBCTcQs+N743eFWGEd6pRTMd6A+I87aWyFV5wiZQ==", + "peer": true, + "dependencies": { + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, "node_modules/babel-jest": { "version": "29.5.0", "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.5.0.tgz", @@ -4016,7 +4038,6 @@ "version": "1.0.8", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dev": true, "dependencies": { "delayed-stream": "~1.0.0" }, @@ -4318,7 +4339,6 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "dev": true, "engines": { "node": ">=0.4.0" } @@ -5550,6 +5570,26 @@ "integrity": "sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ==", "dev": true }, + "node_modules/follow-redirects": { + "version": "1.15.3", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", + "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "peer": true, + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, "node_modules/for-each": { "version": "0.3.3", "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz", @@ -5591,7 +5631,6 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "dev": true, "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", @@ -8550,6 +8589,12 @@ "node": ">= 0.10" } }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", + "peer": true + }, "node_modules/pump": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", @@ -11888,6 +11933,12 @@ "pg": "8.11.1" } }, + "@nestjs/axios": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@nestjs/axios/-/axios-3.0.0.tgz", + "integrity": "sha512-ULdH03jDWkS5dy9X69XbUVbhC+0pVnrRcj7bIK/ytTZ76w7CgvTZDJqsIyisg3kNOiljRW/4NIjSf3j6YGvl+g==", + "requires": {} + }, "@nestjs/cli": { "version": "9.4.2", "resolved": "https://registry.npmjs.org/@nestjs/cli/-/cli-9.4.2.tgz", @@ -13134,8 +13185,7 @@ "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", - "dev": true + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "available-typed-arrays": { "version": "1.0.5", @@ -13143,6 +13193,17 @@ "integrity": "sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==", "dev": true }, + "axios": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.5.0.tgz", + "integrity": "sha512-D4DdjDo5CY50Qms0qGQTTw6Q44jl7zRwY7bthds06pUGfChBCTcQs+N743eFWGEd6pRTMd6A+I87aWyFV5wiZQ==", + "peer": true, + "requires": { + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, "babel-jest": { "version": "29.5.0", "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.5.0.tgz", @@ -13583,7 +13644,6 @@ "version": "1.0.8", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dev": true, "requires": { "delayed-stream": "~1.0.0" } @@ -13819,8 +13879,7 @@ "delayed-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "dev": true + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==" }, "depd": { "version": "2.0.0", @@ -14779,6 +14838,12 @@ "integrity": "sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ==", "dev": true }, + "follow-redirects": { + "version": "1.15.3", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", + "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==", + "peer": true + }, "for-each": { "version": "0.3.3", "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz", @@ -14812,7 +14877,6 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "dev": true, "requires": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", @@ -16955,6 +17019,12 @@ "ipaddr.js": "1.9.1" } }, + "proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", + "peer": true + }, "pump": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", diff --git a/package.json b/package.json index 463be95c8..2e55d80ba 100644 --- a/package.json +++ b/package.json @@ -38,14 +38,14 @@ "@mikro-orm/core": "^5.7.11", "@mikro-orm/nestjs": "^5.1.8", "@mikro-orm/postgresql": "^5.7.11", + "@nestjs/axios": "^3.0.0", "@nestjs/common": "^9.0.0", "@nestjs/config": "^2.3.2", "@nestjs/core": "^9.0.0", "@nestjs/platform-express": "^9.0.0", "@nestjs/swagger": "^7.0.4", - "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", - "@nestjs/terminus": "^9.0.0", "@nestjs/terminus": "^9.0.0", + "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", "class-transformer": "^0.5.1", "class-validator": "^0.14.0", "lodash": "^4.17.21", diff --git a/src/health/health.controller.spec.ts b/src/health/health.controller.spec.ts index 8ee486ea3..06c38a43b 100644 --- a/src/health/health.controller.spec.ts +++ b/src/health/health.controller.spec.ts @@ -10,6 +10,7 @@ import { import { createMock, DeepMocked } from '@golevelup/ts-jest'; import { SqlEntityManager } from '@mikro-orm/postgresql'; import { KeycloakConfig } from '../shared/config/index.js'; +import { ConfigService } from '@nestjs/config'; describe('HealthController', () => { let controller: HealthController; @@ -25,11 +26,17 @@ describe('HealthController', () => { USERNAME: '', BASE_URL: 'http://keycloak.test', }; + let configService: DeepMocked; + beforeEach(async () => { healthCheckService = createMock(); mikroOrmHealthIndicator = createMock(); entityManager = createMock(); httpHealthIndicator = createMock(); + configService = createMock(); + + configService.getOrThrow.mockReturnValue(keycloakConfig); + const module: TestingModule = await Test.createTestingModule({ controllers: [HealthController], providers: [ @@ -38,6 +45,7 @@ describe('HealthController', () => { { provide: SqlEntityManager, useValue: entityManager }, { provide: HttpHealthIndicator, useValue: httpHealthIndicator }, { provide: KeycloakConfig, useValue: keycloakConfig }, + { provide: ConfigService, useValue: configService }, ], }).compile(); diff --git a/src/health/health.controller.ts b/src/health/health.controller.ts index 6e1de020a..4bc15ee75 100644 --- a/src/health/health.controller.ts +++ b/src/health/health.controller.ts @@ -8,6 +8,7 @@ import { MikroOrmHealthIndicator, } from '@nestjs/terminus'; import { EntityManager } from '@mikro-orm/postgresql'; +import { ConfigService } from '@nestjs/config'; import { KeycloakConfig } from '../shared/config/index.js'; @Controller('health') @@ -17,13 +18,14 @@ export class HealthController { private mikroOrm: MikroOrmHealthIndicator, private http: HttpHealthIndicator, private em: EntityManager, - private keycloakConfig: KeycloakConfig, + private configService: ConfigService, ) {} @Get() @HealthCheck() public check(): Promise { - const baseUrl: string = this.keycloakConfig.BASE_URL; + const keycloakConfig: KeycloakConfig = this.configService.getOrThrow('KEYCLOAK'); + const baseUrl: string = keycloakConfig.BASE_URL; return this.health.check([ (): Promise => this.mikroOrm.pingCheck('database', { connection: this.em.getConnection() }), From cbc861c6563286ecc36c824e60dc8ea5effab041 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 21 Sep 2023 11:04:36 +0200 Subject: [PATCH 26/76] Allow for secrets to be provided via parameter externally --- .../templates/dbildungs-iam-deployment.yaml | 20 ++++++++++++++++--- .../templates/dbildungs-iam-secret.yaml | 4 +++- charts/dbildungs-iam/values.yaml | 13 +++++++++++- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index c07e0b3db..b79419f8d 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -1,7 +1,6 @@ apiVersion: apps/v1 kind: Deployment metadata: - namespace: {{.Values.namespace}} name: {{ .Release.Name }}-deployment labels: app.kubernetes.io/name: dbildungs-iam @@ -26,16 +25,31 @@ spec: env: - name: NODE_ENV value: {{.Values.environment}} + - name: DEPLOY_STAGE + value: {{.Values.environment}} volumeMounts: - mountPath: /app/config/ name: config + readOnly: true resources: limits: cpu: {{.Values.dbildungsIamCpuMax}} memory: {{.Values.dbildungsIamMemMax}} + livenessProbe: + initialDelaySeconds: 10 + httpGet: + port: 8080 + scheme: 'HTTP' + path: '/health' + readinessProbe: + initialDelaySeconds: 10 + httpGet: + port: 8080 + scheme: 'HTTP' + path: '/health' restartPolicy: Always volumes: - name: config - configMap: - name: {{.Release.Name}}-configmap + secret: + secretName: {{.Values.secrets.name | default (print .Release.Name "-secret")}} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml index 40cd1aadd..cb434cef3 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.secrets.name}} apiVersion: v1 kind: Secret metadata: @@ -12,4 +13,5 @@ data: config.prod.json: |- {{.Files.Get .Values.configfile.prod | b64enc | indent 4}} secrets.json: |- -{{.Files.Get .Values.configfile.secrets | b64enc | indent 4}} \ No newline at end of file +{{.Files.Get .Values.configfile.secrets | b64enc | indent 4}} +{{- end}} \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index a64185447..45fcf7733 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -6,4 +6,15 @@ dbildungsIamMemMax: 4G dbildungsIamReplications: 1 environment: prod -enableServiceMonitor: true \ No newline at end of file +configfile: + secrets: 'config/secrets.json' + dev: 'config/config.dev.json' + test: 'config/config.test.json' + prod: 'config/config.prod.json' + +# Configuration of necessary secrets +secrets: + # Name of the secrets to inject + name: null +# If we're running inside an environment with a Prometheus-Operator installed we configure a service monitor +enableServiceMonitor: false \ No newline at end of file From 98906264b324e5c1b43c0a28c92bf66cd891ceab Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:32:05 +0000 Subject: [PATCH 27/76] test gha --- .github/workflows/image-to-ghcr.yml | 98 +++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 .github/workflows/image-to-ghcr.yml diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml new file mode 100644 index 000000000..049491711 --- /dev/null +++ b/.github/workflows/image-to-ghcr.yml @@ -0,0 +1,98 @@ +name: Image to GHCR + +on: + push: + branches-ignore: + - dependabot/** + +permissions: + contents: read + +jobs: + branch_meta: + runs-on: ubuntu-latest + outputs: + branch: ${{ steps.extract_branch_meta.outputs.branch }} + sha: ${{ steps.extract_branch_meta.outputs.sha }} + steps: + - name: Extract branch meta + shell: bash + id: extract_branch_meta + run: | + if [ "${{ github.event_name }}" == 'pull_request' ]; then + echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT + echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT + else + echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT + echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT + fi + + build_and_push: + runs-on: ubuntu-latest + needs: + - branch_meta + permissions: + packages: write + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Login to registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker meta Service Name + id: docker_meta_img + uses: docker/metadata-action@v4 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=ref,event=branch,enable=false,priority=600 + type=sha,enable=true,priority=600,prefix= + + - name: Test existence of Image + run: | + echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV + + - name: Set up Docker Buildx + if: ${{ env.IMAGE_EXISTS == 0 }} + uses: docker/setup-buildx-action@v2 + + - name: Build and push ${{ github.repository }} + if: ${{ env.IMAGE_EXISTS == 0 }} + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64 + push: true + tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} + labels: ${{ steps.docker_meta_img.outputs.labels }} + + trivy-vulnerability-scanning: + needs: + - build_and_push + - branch_meta + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Run trivy vulnerability scanner + uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 + with: + image-ref: 'ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}' + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + ignore-unfixed: true + - name: Upload trivy results + if: ${{ always() }} + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' \ No newline at end of file From eec750725a7215f0ff0ea80cae69241ea5dbde35 Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:37:59 +0000 Subject: [PATCH 28/76] use lowercase repo name --- .github/workflows/image-to-ghcr.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 049491711..b5889d856 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -62,6 +62,10 @@ jobs: if: ${{ env.IMAGE_EXISTS == 0 }} uses: docker/setup-buildx-action@v2 + - name: Lowercase REPO name + run: | + echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} uses: docker/build-push-action@v4 @@ -70,7 +74,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${ LOWERCASE_REPO }:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From 4800848dddf278e3e303b7c67b9e5643101f2759 Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:40:27 +0000 Subject: [PATCH 29/76] use lowercase repo name2 --- .github/workflows/image-to-ghcr.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index b5889d856..41d914dcd 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -63,8 +63,9 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Lowercase REPO name + id: lowercase_repo run: | - echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + echo "lowercase_repo=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} @@ -74,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${ LOWERCASE_REPO }:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${{ needs.lowercase_repo.outputs.lowercase_repo }}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From 228636f194962770fb6fa03f4815226b1860f12b Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:44:47 +0000 Subject: [PATCH 30/76] use lowercase repo name3 --- .github/workflows/image-to-ghcr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 41d914dcd..0d7b4bff3 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -65,7 +65,7 @@ jobs: - name: Lowercase REPO name id: lowercase_repo run: | - echo "lowercase_repo=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} @@ -75,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${{ needs.lowercase_repo.outputs.lowercase_repo }}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${LOWERCASE}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From 6675d57d3007c8d25877fa48db5fb45c22fc025c Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:46:13 +0000 Subject: [PATCH 31/76] use lowercase repo name4 --- .github/workflows/image-to-ghcr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 0d7b4bff3..cc2d71a23 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -75,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${LOWERCASE}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${LOWERCASE_REPO}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From 4afb1e2450484a824f23ae00bc1f66fba21c0d2e Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:46:31 +0000 Subject: [PATCH 32/76] use lowercase repo name5 --- .github/workflows/image-to-ghcr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index cc2d71a23..e3111599c 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -75,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${LOWERCASE_REPO}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${GITHUB_REPOSITORY,,}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From ee12eec64b58a4d71fb922df9e53e23d4917b1b7 Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:47:27 +0000 Subject: [PATCH 33/76] use lowercase repo name6 --- .github/workflows/image-to-ghcr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index e3111599c..3e7ba172a 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -75,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${GITHUB_REPOSITORY,,}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${{GITHUB_REPOSITORY,,}}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From 282058b72d43454f5eff2a5b65fefa539ad92d9a Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:47:52 +0000 Subject: [PATCH 34/76] use lowercase repo name7 --- .github/workflows/image-to-ghcr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 3e7ba172a..944168231 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -75,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${{GITHUB_REPOSITORY,,}}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${{LOWERCASE_REPO}}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From a3f44bec7034f418921468594af996145aa52c4b Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:51:16 +0000 Subject: [PATCH 35/76] use lowercase repo name8 --- .github/workflows/image-to-ghcr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 944168231..61636d2cd 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -75,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${{LOWERCASE_REPO}}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From aa8028e32035045144b39ed9cd221ef08e22a36a Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:56:03 +0000 Subject: [PATCH 36/76] use lowercase repo name --- .github/workflows/image-to-ghcr.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 61636d2cd..6daebc4c0 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -19,6 +19,7 @@ jobs: shell: bash id: extract_branch_meta run: | + lowercase_repo=${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT if [ "${{ github.event_name }}" == 'pull_request' ]; then echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT @@ -75,7 +76,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${{ needs.branch_meta.outputs.lowercase_repo }}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: @@ -91,7 +92,7 @@ jobs: - name: Run trivy vulnerability scanner uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 with: - image-ref: 'ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}' + image-ref: 'ghcr.io/${{ needs.branch_meta.outputs.lowercase_repo }}:${{ needs.branch_meta.outputs.sha }}' format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' From 0ac981e5e750257d8d88e064cda85ed769fe8279 Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:57:30 +0000 Subject: [PATCH 37/76] use lowercase repo name2 --- .github/workflows/image-to-ghcr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 6daebc4c0..11c92a914 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -19,7 +19,7 @@ jobs: shell: bash id: extract_branch_meta run: | - lowercase_repo=${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT + echo "lowercase_repo=${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT if [ "${{ github.event_name }}" == 'pull_request' ]; then echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT From 6ad35f2775b8af7ade240a42e887ad1b86573d1d Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 12:59:54 +0000 Subject: [PATCH 38/76] use lowercase repo name3 --- .github/workflows/image-to-ghcr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 11c92a914..f5f0048ff 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -19,7 +19,7 @@ jobs: shell: bash id: extract_branch_meta run: | - echo "lowercase_repo=${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT + echo "lowercase_repo=${{ GITHUB_REPOSITORY,,}}" >> $GITHUB_OUTPUT if [ "${{ github.event_name }}" == 'pull_request' ]; then echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT From 9059d2304f3f2ed884c343f1844d276de6517bec Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 13:33:27 +0000 Subject: [PATCH 39/76] upload iage --- .github/workflows/image-to-ghcr.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index f5f0048ff..42c8fd0df 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -19,7 +19,7 @@ jobs: shell: bash id: extract_branch_meta run: | - echo "lowercase_repo=${{ GITHUB_REPOSITORY,,}}" >> $GITHUB_OUTPUT + echo "lowercase_repo=${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT if [ "${{ github.event_name }}" == 'pull_request' ]; then echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT @@ -64,7 +64,6 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Lowercase REPO name - id: lowercase_repo run: | echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} @@ -76,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${{ needs.branch_meta.outputs.lowercase_repo }}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${ env.LOWERCASE_REPO }:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: @@ -89,14 +88,19 @@ jobs: contents: read security-events: write steps: + - name: Lowercase REPO name + run: | + echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + - name: Run trivy vulnerability scanner uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 with: - image-ref: 'ghcr.io/${{ needs.branch_meta.outputs.lowercase_repo }}:${{ needs.branch_meta.outputs.sha }}' + image-ref: 'ghcr.io/${ env.LOWERCASE_REPO }:${{ needs.branch_meta.outputs.sha }}' format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' ignore-unfixed: true + - name: Upload trivy results if: ${{ always() }} uses: github/codeql-action/upload-sarif@v2 From 3c5d53d5d4f7a05ca01c45987b5028ae2d3742b2 Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 13:34:43 +0000 Subject: [PATCH 40/76] add env --- .github/workflows/image-to-ghcr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 42c8fd0df..6761e0e8a 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -95,12 +95,12 @@ jobs: - name: Run trivy vulnerability scanner uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 with: - image-ref: 'ghcr.io/${ env.LOWERCASE_REPO }:${{ needs.branch_meta.outputs.sha }}' + image-ref: 'ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }}' format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' ignore-unfixed: true - + - name: Upload trivy results if: ${{ always() }} uses: github/codeql-action/upload-sarif@v2 From a0bbd855d01f08d8f8c9ff5c36112414df192afb Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 13:36:13 +0000 Subject: [PATCH 41/76] add env2 --- .github/workflows/image-to-ghcr.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 6761e0e8a..61e55e811 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -65,7 +65,7 @@ jobs: - name: Lowercase REPO name run: | - echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} @@ -75,7 +75,7 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${ env.LOWERCASE_REPO }:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: @@ -95,7 +95,7 @@ jobs: - name: Run trivy vulnerability scanner uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 with: - image-ref: 'ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }}' + image-ref: 'ghcr.io/${ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }}' format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' From 70a5c2b95bcaf580a41f4a8815a748f5babee4d3 Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Mon, 25 Sep 2023 13:41:50 +0000 Subject: [PATCH 42/76] add env3 --- .github/workflows/image-to-ghcr.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 61e55e811..4fec91e4a 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -46,27 +46,27 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Lowercase REPO name + run: | + echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV + - name: Docker meta Service Name id: docker_meta_img uses: docker/metadata-action@v4 with: - images: ghcr.io/${{ github.repository }} + images: ghcr.io/${{ env.LOWERCASE_REPO }} tags: | type=ref,event=branch,enable=false,priority=600 type=sha,enable=true,priority=600,prefix= - name: Test existence of Image run: | - echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV + echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV - name: Set up Docker Buildx if: ${{ env.IMAGE_EXISTS == 0 }} uses: docker/setup-buildx-action@v2 - - name: Lowercase REPO name - run: | - echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} uses: docker/build-push-action@v4 @@ -90,12 +90,12 @@ jobs: steps: - name: Lowercase REPO name run: | - echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - name: Run trivy vulnerability scanner uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 with: - image-ref: 'ghcr.io/${ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }}' + image-ref: 'ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }}' format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' From a6e1b3677cd4d49b75ae9a7a6558b5d7558ef0af Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Mon, 25 Sep 2023 18:53:42 +0200 Subject: [PATCH 43/76] Added Axios --- package-lock.json | 13 ++++--------- package.json | 1 + src/health/health.module.ts | 4 +++- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index d10543fa1..1e5effa24 100644 --- a/package-lock.json +++ b/package-lock.json @@ -25,6 +25,7 @@ "@nestjs/terminus": "^9.0.0", "@nestjs/terminus": "^9.0.0", "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", + "axios": "^1.5.0", "class-transformer": "^0.5.1", "class-validator": "^0.14.0", "lodash": "^4.17.21", @@ -3405,7 +3406,6 @@ "version": "1.5.0", "resolved": "https://registry.npmjs.org/axios/-/axios-1.5.0.tgz", "integrity": "sha512-D4DdjDo5CY50Qms0qGQTTw6Q44jl7zRwY7bthds06pUGfChBCTcQs+N743eFWGEd6pRTMd6A+I87aWyFV5wiZQ==", - "peer": true, "dependencies": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", @@ -5580,7 +5580,6 @@ "url": "https://github.com/sponsors/RubenVerborgh" } ], - "peer": true, "engines": { "node": ">=4.0" }, @@ -8592,8 +8591,7 @@ "node_modules/proxy-from-env": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", - "peer": true + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" }, "node_modules/pump": { "version": "3.0.0", @@ -13197,7 +13195,6 @@ "version": "1.5.0", "resolved": "https://registry.npmjs.org/axios/-/axios-1.5.0.tgz", "integrity": "sha512-D4DdjDo5CY50Qms0qGQTTw6Q44jl7zRwY7bthds06pUGfChBCTcQs+N743eFWGEd6pRTMd6A+I87aWyFV5wiZQ==", - "peer": true, "requires": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", @@ -14841,8 +14838,7 @@ "follow-redirects": { "version": "1.15.3", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", - "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==", - "peer": true + "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==" }, "for-each": { "version": "0.3.3", @@ -17022,8 +17018,7 @@ "proxy-from-env": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", - "peer": true + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" }, "pump": { "version": "3.0.0", diff --git a/package.json b/package.json index 2e55d80ba..650a4149d 100644 --- a/package.json +++ b/package.json @@ -46,6 +46,7 @@ "@nestjs/swagger": "^7.0.4", "@nestjs/terminus": "^9.0.0", "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", + "axios": "^1.5.0", "class-transformer": "^0.5.1", "class-validator": "^0.14.0", "lodash": "^4.17.21", diff --git a/src/health/health.module.ts b/src/health/health.module.ts index 0216819af..5bbe24f08 100644 --- a/src/health/health.module.ts +++ b/src/health/health.module.ts @@ -1,5 +1,7 @@ import { Module } from '@nestjs/common'; import { TerminusModule } from '@nestjs/terminus'; +import { HealthController } from './health.controller.js'; +import { HttpModule } from '@nestjs/axios'; -@Module({ imports: [TerminusModule] }) +@Module({ imports: [TerminusModule, HttpModule], controllers: [HealthController] }) export class HealthModule {} From 74fa75c0bf293235e50d3b6ad9993b896b178abc Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Mon, 25 Sep 2023 19:16:10 +0200 Subject: [PATCH 44/76] Added provisions for self hosted db --- .../templates/dbildungs-iam-deployment.yaml | 6 +++--- .../templates/dbildungs-iam-secret.yaml | 4 ++++ .../templates/dbildungs-iam-service.yaml | 3 +-- charts/dbildungs-iam/values.yaml | 12 ++++++++++-- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index b79419f8d..4804f2410 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -5,15 +5,15 @@ metadata: labels: app.kubernetes.io/name: dbildungs-iam spec: - replicas: {{.Values.dbildungsIamReplications}} selector: matchLabels: - app.kubernetes.io/name: dbildungs-iam + layer: dbildungs-iam-backend + replicas: {{.Values.dbildungsIamReplications}} template: metadata: name: dbildungs-iam labels: - app.kubernetes.io/name: dbildungs-iam + layer: dbildungs-iam-backend spec: containers: - name: dbildungs-iam diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml index cb434cef3..4816e914e 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml @@ -11,7 +11,11 @@ data: config.test.json: |- {{.Files.Get .Values.configfile.test | b64enc | indent 4}} config.prod.json: |- +{{- if .Values.deployDedicatedDB}} +{{.Files.Get .Values.configfile.local | b64enc | indent 4}} +{{- else}} {{.Files.Get .Values.configfile.prod | b64enc | indent 4}} +{{- end}} secrets.json: |- {{.Files.Get .Values.configfile.secrets | b64enc | indent 4}} {{- end}} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml index 2ba565236..b242faae5 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml @@ -1,13 +1,12 @@ apiVersion: v1 kind: Service metadata: - namespace: {{.Values.namespace}} name: {{.Release.Name }}-services labels: app.kubernetes.io/name: dbildungs-iam spec: selector: - app.kubernetes.io/name: dbildungs-iam + name: dbildungs-iam ports: - protocol: TCP name: web diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 45fcf7733..08484654a 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -1,4 +1,4 @@ -dbildungsIamContainer: "dbildungs-iam/dev:latest" +dbildungsIamContainer: "ghcr.io/dbildungsplattform/dbildungs-iam-server:fbef02f93f9aca1ffb6e04cf3f8eeda4c356031f" dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 @@ -6,15 +6,23 @@ dbildungsIamMemMax: 4G dbildungsIamReplications: 1 environment: prod +backendHostname: main.dev.spsh.dbildungsplattform.de + configfile: secrets: 'config/secrets.json' dev: 'config/config.dev.json' test: 'config/config.test.json' prod: 'config/config.prod.json' + local: 'config/config.local.json' # Configuration of necessary secrets secrets: # Name of the secrets to inject name: null # If we're running inside an environment with a Prometheus-Operator installed we configure a service monitor -enableServiceMonitor: false \ No newline at end of file +enableServiceMonitor: false +deployDedicatedDB: false +dedicatedDB: + user: admin + password: admin + dbname: dbiam \ No newline at end of file From b15e001c73e43d108c0cfd142bf676355912aeb4 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Mon, 25 Sep 2023 19:16:30 +0200 Subject: [PATCH 45/76] Added db service --- .../dbildungs-iam-deployment-db.yaml | 38 +++++++++++++++++++ .../templates/dbildungs-iam-service-db.yaml | 17 +++++++++ 2 files changed, 55 insertions(+) create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-deployment-db.yaml create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-service-db.yaml diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment-db.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment-db.yaml new file mode 100644 index 000000000..d7dc8db4d --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment-db.yaml @@ -0,0 +1,38 @@ +{{- if .Values.deployDedicatedDB}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-deployment-db + labels: + app.kubernetes.io/name: dbildungs-iam +spec: + selector: + matchLabels: + layer: dbildungs-iam-db + replicas: {{.Values.dbildungsIamReplications}} + template: + metadata: + name: dbildungs-iam-db + labels: + layer: dbildungs-iam-db + spec: + containers: + - name: dbildungs-iam-db + image: postgres:15.3-alpine + imagePullPolicy: IfNotPresent + ports: + - name: db + containerPort: 5432 + env: + - name: POSTGRES_USER + value: {{.Values.dedicatedDB.user}} + - name: POSTGRES_PASSWORD + value: {{.Values.dedicatedDB.password}} + - name: POSTGRES_DB + value: {{.Values.dedicatedDB.dbname}} + resources: + limits: + cpu: {{.Values.dbildungsIamCpuMax}} + memory: {{.Values.dbildungsIamMemMax}} + restartPolicy: Always + {{- end}} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service-db.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service-db.yaml new file mode 100644 index 000000000..f4fb5c3c0 --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-service-db.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployDedicatedDB}} +apiVersion: v1 +kind: Service +metadata: + name: {{.Release.Name }}-services-db + labels: + app.kubernetes.io/name: dbildungs-iam +spec: + selector: + name: dbildungs-iam-db + ports: + - protocol: TCP + name: db + port: 5432 + targetPort: db + type: ClusterIP +{{- end}} \ No newline at end of file From 8f450bcd1ff98db5748caf071619a09db463c3b4 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Mon, 25 Sep 2023 19:16:43 +0200 Subject: [PATCH 46/76] Added ingress --- .../templates/dbildungs-iam-ingress.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml new file mode 100644 index 000000000..d19669dfe --- /dev/null +++ b/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{.Release.Name}}-backend + labels: + app.kubernetes.io/name: dbildungs-iam + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: nginx + rules: + - host: {{.Values.backendHostname}} + - http: + paths: + - path: /api + pathType: Prefix + backend: + service: + name: {{.Release.Name}}-backend-api + port: + number: 80 + \ No newline at end of file From 706924c24974119afd2003a7874980ea88c3a5e8 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 26 Sep 2023 16:01:29 +0200 Subject: [PATCH 47/76] Secret removed, it is assumed to be created beforehand --- charts/dbildungs-iam/config/config.dev.json | 9 -------- charts/dbildungs-iam/config/config.prod.json | 9 -------- charts/dbildungs-iam/config/config.test.json | 9 -------- charts/dbildungs-iam/config/secrets.json | 12 ----------- .../templates/dbildungs-iam-secret.yaml | 21 ------------------- config/config.prod.json | 6 +++--- 6 files changed, 3 insertions(+), 63 deletions(-) delete mode 100644 charts/dbildungs-iam/config/config.dev.json delete mode 100644 charts/dbildungs-iam/config/config.prod.json delete mode 100644 charts/dbildungs-iam/config/config.test.json delete mode 100644 charts/dbildungs-iam/config/secrets.json delete mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml diff --git a/charts/dbildungs-iam/config/config.dev.json b/charts/dbildungs-iam/config/config.dev.json deleted file mode 100644 index 53c6a3b7b..000000000 --- a/charts/dbildungs-iam/config/config.dev.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "HOST": { - "PORT": 9090 - }, - "DB": { - "CLIENT_URL": "postgres://admin:password@127.0.0.1:5432", - "DB_NAME": "dbildungs-iam" - } -} diff --git a/charts/dbildungs-iam/config/config.prod.json b/charts/dbildungs-iam/config/config.prod.json deleted file mode 100644 index 5fb4b2b81..000000000 --- a/charts/dbildungs-iam/config/config.prod.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "HOST": { - "PORT": 8080 - }, - "DB": { - "CLIENT_URL": "", - "DB_NAME": "" - } -} diff --git a/charts/dbildungs-iam/config/config.test.json b/charts/dbildungs-iam/config/config.test.json deleted file mode 100644 index d24d69b22..000000000 --- a/charts/dbildungs-iam/config/config.test.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "HOST": { - "PORT": 8080 - }, - "DB": { - "CLIENT_URL": "postgres://127.0.0.1:5432", - "DB_NAME": "dbildungs-iam" - } -} diff --git a/charts/dbildungs-iam/config/secrets.json b/charts/dbildungs-iam/config/secrets.json deleted file mode 100644 index 0c44f889d..000000000 --- a/charts/dbildungs-iam/config/secrets.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "DB": { - "SECRET": "Very hidden secret" - }, - "KEYCLOAK": { - "BASE_URL": "docker.host.internal", - "REALM_NAME": "spsh", - "CLIENT_ID": "clientId", - "USERNAME": "admin", - "PASSWORD": "admin" - } -} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml deleted file mode 100644 index 4816e914e..000000000 --- a/charts/dbildungs-iam/templates/dbildungs-iam-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if not .Values.secrets.name}} -apiVersion: v1 -kind: Secret -metadata: - name: {{.Release.Name}}-secret - labels: - app.kubernetes.io/name: dbildungs-iam -data: - config.dev.json: |- -{{.Files.Get .Values.configfile.dev | b64enc | indent 4}} - config.test.json: |- -{{.Files.Get .Values.configfile.test | b64enc | indent 4}} - config.prod.json: |- -{{- if .Values.deployDedicatedDB}} -{{.Files.Get .Values.configfile.local | b64enc | indent 4}} -{{- else}} -{{.Files.Get .Values.configfile.prod | b64enc | indent 4}} -{{- end}} - secrets.json: |- -{{.Files.Get .Values.configfile.secrets | b64enc | indent 4}} -{{- end}} \ No newline at end of file diff --git a/config/config.prod.json b/config/config.prod.json index 5fb4b2b81..c7a5e6eb6 100644 --- a/config/config.prod.json +++ b/config/config.prod.json @@ -1,9 +1,9 @@ { "HOST": { - "PORT": 8080 + "PORT": 9090 }, "DB": { - "CLIENT_URL": "", - "DB_NAME": "" + "CLIENT_URL": "postgres://admin:password@host.docker.internal:5432", + "DB_NAME": "dbildungs-iam" } } From cabd8c121fd3a984ede03884abac28ba17cfb494 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 26 Sep 2023 16:01:53 +0200 Subject: [PATCH 48/76] manual DB deployment removed --- .../dbildungs-iam-deployment-db.yaml | 38 ------------------- .../templates/dbildungs-iam-service-db.yaml | 17 --------- .../templates/dbildungs-iam-service.yaml | 2 +- charts/dbildungs-iam/values.yaml | 11 ++---- 4 files changed, 4 insertions(+), 64 deletions(-) delete mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-deployment-db.yaml delete mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-service-db.yaml diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment-db.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment-db.yaml deleted file mode 100644 index d7dc8db4d..000000000 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment-db.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.deployDedicatedDB}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-deployment-db - labels: - app.kubernetes.io/name: dbildungs-iam -spec: - selector: - matchLabels: - layer: dbildungs-iam-db - replicas: {{.Values.dbildungsIamReplications}} - template: - metadata: - name: dbildungs-iam-db - labels: - layer: dbildungs-iam-db - spec: - containers: - - name: dbildungs-iam-db - image: postgres:15.3-alpine - imagePullPolicy: IfNotPresent - ports: - - name: db - containerPort: 5432 - env: - - name: POSTGRES_USER - value: {{.Values.dedicatedDB.user}} - - name: POSTGRES_PASSWORD - value: {{.Values.dedicatedDB.password}} - - name: POSTGRES_DB - value: {{.Values.dedicatedDB.dbname}} - resources: - limits: - cpu: {{.Values.dbildungsIamCpuMax}} - memory: {{.Values.dbildungsIamMemMax}} - restartPolicy: Always - {{- end}} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service-db.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service-db.yaml deleted file mode 100644 index f4fb5c3c0..000000000 --- a/charts/dbildungs-iam/templates/dbildungs-iam-service-db.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.deployDedicatedDB}} -apiVersion: v1 -kind: Service -metadata: - name: {{.Release.Name }}-services-db - labels: - app.kubernetes.io/name: dbildungs-iam -spec: - selector: - name: dbildungs-iam-db - ports: - - protocol: TCP - name: db - port: 5432 - targetPort: db - type: ClusterIP -{{- end}} \ No newline at end of file diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml index b242faae5..1df5c42e8 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: {{.Release.Name }}-services + name: dbiam-service labels: app.kubernetes.io/name: dbildungs-iam spec: diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 08484654a..e0882104a 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -16,13 +16,8 @@ configfile: local: 'config/config.local.json' # Configuration of necessary secrets +# Name of the secrets to inject secrets: - # Name of the secrets to inject - name: null + name: spsh-config # If we're running inside an environment with a Prometheus-Operator installed we configure a service monitor -enableServiceMonitor: false -deployDedicatedDB: false -dedicatedDB: - user: admin - password: admin - dbname: dbiam \ No newline at end of file +enableServiceMonitor: false \ No newline at end of file From 15e675905c4010c81e983781a618ac550014d114 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 26 Sep 2023 16:47:18 +0200 Subject: [PATCH 49/76] Enable DB-Encryption --- src/server/server.module.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/server/server.module.ts b/src/server/server.module.ts index 158617031..4d6d86ed6 100644 --- a/src/server/server.module.ts +++ b/src/server/server.module.ts @@ -34,6 +34,7 @@ import { OrganisationApiModule } from '../modules/organisation/organisation-api. entitiesTs: ['./src/**/*.entity.ts'], // Needed for HealthCheck type: 'postgresql', + driverOptions: { ssl: true }, }); }, inject: [ConfigService], From a9e3bc22bea633efc506e11d5030049b07fe01fa Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 26 Sep 2023 17:05:15 +0200 Subject: [PATCH 50/76] Enable DB-Encryption --- src/server/server.module.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/server/server.module.ts b/src/server/server.module.ts index 4d6d86ed6..cfd2deacb 100644 --- a/src/server/server.module.ts +++ b/src/server/server.module.ts @@ -34,7 +34,11 @@ import { OrganisationApiModule } from '../modules/organisation/organisation-api. entitiesTs: ['./src/**/*.entity.ts'], // Needed for HealthCheck type: 'postgresql', - driverOptions: { ssl: true }, + driverOptions: { + connection: { + ssl: true, + }, + }, }); }, inject: [ConfigService], From aef87e1ca4fa1a13ce10618a0380cd913373aca9 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 26 Sep 2023 17:31:32 +0200 Subject: [PATCH 51/76] Removed Keycloak Health check since pings don't seem to go through --- src/health/health.controller.spec.ts | 8 -------- src/health/health.controller.ts | 8 -------- 2 files changed, 16 deletions(-) diff --git a/src/health/health.controller.spec.ts b/src/health/health.controller.spec.ts index 06c38a43b..f7c1927e5 100644 --- a/src/health/health.controller.spec.ts +++ b/src/health/health.controller.spec.ts @@ -68,13 +68,5 @@ describe('HealthController', () => { // ourselves to make sure they do the right things await firstIndicator?.call(firstIndicator); expect(mikroOrmHealthIndicator.pingCheck).toHaveBeenCalled(); - - const secondIndicator: (() => PromiseLike | HealthIndicatorResult) | undefined = - indicators?.[1]; - expect(secondIndicator).toBeDefined(); - await secondIndicator?.call(secondIndicator); - - expect(httpHealthIndicator.pingCheck).toHaveBeenCalled(); - expect(httpHealthIndicator.pingCheck).toBeCalledWith('keycloak', 'http://keycloak.test'); }); }); diff --git a/src/health/health.controller.ts b/src/health/health.controller.ts index 4bc15ee75..d1a5a9311 100644 --- a/src/health/health.controller.ts +++ b/src/health/health.controller.ts @@ -4,32 +4,24 @@ import { HealthCheckResult, HealthCheckService, HealthIndicatorResult, - HttpHealthIndicator, MikroOrmHealthIndicator, } from '@nestjs/terminus'; import { EntityManager } from '@mikro-orm/postgresql'; -import { ConfigService } from '@nestjs/config'; -import { KeycloakConfig } from '../shared/config/index.js'; @Controller('health') export class HealthController { public constructor( private health: HealthCheckService, private mikroOrm: MikroOrmHealthIndicator, - private http: HttpHealthIndicator, private em: EntityManager, - private configService: ConfigService, ) {} @Get() @HealthCheck() public check(): Promise { - const keycloakConfig: KeycloakConfig = this.configService.getOrThrow('KEYCLOAK'); - const baseUrl: string = keycloakConfig.BASE_URL; return this.health.check([ (): Promise => this.mikroOrm.pingCheck('database', { connection: this.em.getConnection() }), - (): Promise => this.http.pingCheck('keycloak', baseUrl), ]); } } From 591780e98648891b0cc1940ddd62efe252700af1 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Tue, 26 Sep 2023 18:10:29 +0200 Subject: [PATCH 52/76] Fixed service to actually find its pods --- charts/dbildungs-iam/templates/dbildungs-iam-service.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml index 1df5c42e8..8ff5467fb 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-service.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: dbiam-service + name: dbiam labels: app.kubernetes.io/name: dbildungs-iam spec: selector: - name: dbildungs-iam + layer: dbildungs-iam-backend ports: - protocol: TCP name: web From e13f33a384f2aaa80b807205275c29e77938f6d0 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 27 Sep 2023 09:22:28 +0200 Subject: [PATCH 53/76] Configure ingress --- charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml | 6 +++--- charts/dbildungs-iam/values.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml index d19669dfe..66a8eea5d 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml @@ -9,14 +9,14 @@ metadata: spec: ingressClassName: nginx rules: - - host: {{.Values.backendHostname}} - - http: + - host: {{.Values.dbildungsIamBackendHost}} + http: paths: - path: /api pathType: Prefix backend: service: - name: {{.Release.Name}}-backend-api + name: dbiam port: number: 80 \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index e0882104a..3db886931 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -1,4 +1,5 @@ -dbildungsIamContainer: "ghcr.io/dbildungsplattform/dbildungs-iam-server:fbef02f93f9aca1ffb6e04cf3f8eeda4c356031f" +dbildungsIamContainer: "ghcr.io/dbildungsplattform/dbildungs-iam-server:a59604be74b4eacfddc4325c861a4ddb88db50d3" +dbildungsIamBackendHost: "helm.dev.spsh.dbildungsplattform.de" dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 From 78063c3030c456f0e4de1175b79d60b6f6d48795 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 27 Sep 2023 09:28:20 +0200 Subject: [PATCH 54/76] Add chart for dev-keycloak deployment --- charts/keycloak-dev/Chart.yaml | 6 ++++ .../dbildungs-iam-deployment-keycloak.yaml | 33 +++++++++++++++++++ .../dbildungs-iam-service-keycloak.yaml | 16 +++++++++ 3 files changed, 55 insertions(+) create mode 100644 charts/keycloak-dev/Chart.yaml create mode 100644 charts/keycloak-dev/templates/dbildungs-iam-deployment-keycloak.yaml create mode 100644 charts/keycloak-dev/templates/dbildungs-iam-service-keycloak.yaml diff --git a/charts/keycloak-dev/Chart.yaml b/charts/keycloak-dev/Chart.yaml new file mode 100644 index 000000000..7fa09db3e --- /dev/null +++ b/charts/keycloak-dev/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: dbildungs-iam-keycloak-dev +version: 0.1.0 + +description: dBildungs-IAM Keycloak for local deployment +type: application diff --git a/charts/keycloak-dev/templates/dbildungs-iam-deployment-keycloak.yaml b/charts/keycloak-dev/templates/dbildungs-iam-deployment-keycloak.yaml new file mode 100644 index 000000000..73ff15f6c --- /dev/null +++ b/charts/keycloak-dev/templates/dbildungs-iam-deployment-keycloak.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-keycloak-deployment + labels: + app.kubernetes.io/name: dbildungs-iam +spec: + selector: + matchLabels: + layer: dbildungs-iam-keycloak + replicas: 1 + template: + metadata: + name: dbildungs-iam-keycloak + labels: + layer: dbildungs-iam-keycloak + spec: + containers: + - name: dbildungs-iam-keycloak + image: quay.io/keycloak/keycloak:22.0.3 + args: + - start-dev + imagePullPolicy: IfNotPresent + ports: + - name: web + containerPort: 8080 + env: + - name: KEYCLOAK_ADMIN + value: admin + - name: KEYCLOAK_ADMIN_PASSWORD + value: admin + restartPolicy: Always + \ No newline at end of file diff --git a/charts/keycloak-dev/templates/dbildungs-iam-service-keycloak.yaml b/charts/keycloak-dev/templates/dbildungs-iam-service-keycloak.yaml new file mode 100644 index 000000000..a11d59c93 --- /dev/null +++ b/charts/keycloak-dev/templates/dbildungs-iam-service-keycloak.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: keycloak + labels: + app.kubernetes.io/name: dbildungs-iam +spec: + selector: + layer: dbildungs-iam-keycloak + ports: + - protocol: TCP + name: web + port: {{.Values.dbildungsIamExternalPort}}80 + targetPort: web + type: ClusterIP + \ No newline at end of file From 5331a70e305211ce9725684ac79a64da7d322ad2 Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Wed, 27 Sep 2023 10:48:57 +0000 Subject: [PATCH 55/76] change docker image tag --- .github/workflows/image-to-ghcr.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 4fec91e4a..484e04820 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -75,7 +75,9 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} + # temporarily change this to latest to make deployment easier + # tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} + tags: ghcr.io/${{ env.LOWERCASE_REPO }}:latest labels: ${{ steps.docker_meta_img.outputs.labels }} trivy-vulnerability-scanning: From 8c2e09920631f28fbde49dab5e1ff49e653a150c Mon Sep 17 00:00:00 2001 From: aimee-889 Date: Wed, 27 Sep 2023 10:54:58 +0000 Subject: [PATCH 56/76] disable trivy scan --- .github/workflows/image-to-ghcr.yml | 55 +++++++++++++++-------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 484e04820..f0e2887c5 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -75,36 +75,37 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - # temporarily change this to latest to make deployment easier + # temporarily change this to latest to make deployment # tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} tags: ghcr.io/${{ env.LOWERCASE_REPO }}:latest labels: ${{ steps.docker_meta_img.outputs.labels }} - trivy-vulnerability-scanning: - needs: - - build_and_push - - branch_meta - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - steps: - - name: Lowercase REPO name - run: | - echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV + # trivy-vulnerability-scanning: + # needs: + # - build_and_push + # - branch_meta + # runs-on: ubuntu-latest + # permissions: + # actions: read + # contents: read + # security-events: write + # steps: + # - name: Lowercase REPO name + # run: | + # echo "LOWERCASE_REPO=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - - name: Run trivy vulnerability scanner - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 - with: - image-ref: 'ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }}' - format: 'sarif' - output: 'trivy-results.sarif' - severity: 'CRITICAL,HIGH' - ignore-unfixed: true + # - name: Run trivy vulnerability scanner + # uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 + # with: + # # image-ref: 'ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }}' + # image-ref: 'ghcr.io/${{ env.LOWERCASE_REPO }}:latest' + # format: 'sarif' + # output: 'trivy-results.sarif' + # severity: 'CRITICAL,HIGH' + # ignore-unfixed: true - - name: Upload trivy results - if: ${{ always() }} - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + # - name: Upload trivy results + # if: ${{ always() }} + # uses: github/codeql-action/upload-sarif@v2 + # with: + # sarif_file: 'trivy-results.sarif' \ No newline at end of file From da698fcc104d26b215e7e49f957a5d41358f27b7 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 27 Sep 2023 13:43:44 +0200 Subject: [PATCH 57/76] Change image name, add branch --- .github/workflows/image-to-ghcr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index f0e2887c5..432f83904 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -61,7 +61,7 @@ jobs: - name: Test existence of Image run: | - echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV + echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ env.LOWERCASE_REPO }}-${{needs.branch_meta.outputs.branch}}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV - name: Set up Docker Buildx if: ${{ env.IMAGE_EXISTS == 0 }} @@ -77,7 +77,7 @@ jobs: push: true # temporarily change this to latest to make deployment # tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} - tags: ghcr.io/${{ env.LOWERCASE_REPO }}:latest + tags: ghcr.io/${{ env.LOWERCASE_REPO }}-${{needs.branch_meta.outputs.branch}}:latest labels: ${{ steps.docker_meta_img.outputs.labels }} # trivy-vulnerability-scanning: From 1a414b86709e32e07853a3a641d65e0d5a830ec3 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 27 Sep 2023 14:02:45 +0200 Subject: [PATCH 58/76] Change image name, add branch --- .github/workflows/image-to-ghcr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index 432f83904..c97a091b8 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -61,7 +61,7 @@ jobs: - name: Test existence of Image run: | - echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ env.LOWERCASE_REPO }}-${{needs.branch_meta.outputs.branch}}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV + echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{needs.branch_meta.outputs.branch}}/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV - name: Set up Docker Buildx if: ${{ env.IMAGE_EXISTS == 0 }} @@ -77,7 +77,7 @@ jobs: push: true # temporarily change this to latest to make deployment # tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} - tags: ghcr.io/${{ env.LOWERCASE_REPO }}-${{needs.branch_meta.outputs.branch}}:latest + tags: ghcr.io/${{needs.branch_meta.outputs.branch}}/${{ env.LOWERCASE_REPO }}:latest labels: ${{ steps.docker_meta_img.outputs.labels }} # trivy-vulnerability-scanning: From 73460948f068543bb3679b6b479a946e2f334d78 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 27 Sep 2023 14:10:20 +0200 Subject: [PATCH 59/76] Change image name, changed separator to / and postfixed it --- .github/workflows/image-to-ghcr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index c97a091b8..d997985ae 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -61,7 +61,7 @@ jobs: - name: Test existence of Image run: | - echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{needs.branch_meta.outputs.branch}}/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV + echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ env.LOWERCASE_REPO }}/${{needs.branch_meta.outputs.branch}}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV - name: Set up Docker Buildx if: ${{ env.IMAGE_EXISTS == 0 }} @@ -77,7 +77,7 @@ jobs: push: true # temporarily change this to latest to make deployment # tags: ghcr.io/${{ env.LOWERCASE_REPO }}:${{ needs.branch_meta.outputs.sha }} - tags: ghcr.io/${{needs.branch_meta.outputs.branch}}/${{ env.LOWERCASE_REPO }}:latest + tags: ghcr.io/${{ env.LOWERCASE_REPO }}/${{needs.branch_meta.outputs.branch}}:latest labels: ${{ steps.docker_meta_img.outputs.labels }} # trivy-vulnerability-scanning: From 082574a49e1e17e46648f148bc5a74b5c5607cf6 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 4 Oct 2023 13:44:01 +0200 Subject: [PATCH 60/76] Added API-Path-Prefix --- src/server/main.ts | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/server/main.ts b/src/server/main.ts index d6f3d7536..852ba91d4 100644 --- a/src/server/main.ts +++ b/src/server/main.ts @@ -1,11 +1,11 @@ /* eslint-disable no-console */ -import { NestFactory } from '@nestjs/core'; -import { INestApplication } from '@nestjs/common'; -import { ConfigService } from '@nestjs/config'; -import { DocumentBuilder, OpenAPIObject, SwaggerModule } from '@nestjs/swagger'; -import { HostConfig, ServerConfig } from '../shared/config/index.js'; -import { GlobalValidationPipe } from '../shared/validation/index.js'; -import { ServerModule } from './server.module.js'; +import {NestFactory} from '@nestjs/core'; +import {INestApplication} from '@nestjs/common'; +import {ConfigService} from '@nestjs/config'; +import {DocumentBuilder, OpenAPIObject, SwaggerModule} from '@nestjs/swagger'; +import {HostConfig, ServerConfig} from '../shared/config/index.js'; +import {GlobalValidationPipe} from '../shared/validation/index.js'; +import {ServerModule} from './server.module.js'; async function bootstrap(): Promise { const app: INestApplication = await NestFactory.create(ServerModule); @@ -17,6 +17,9 @@ async function bootstrap(): Promise { .build(); const configService: ConfigService = app.get(ConfigService); const port: number = configService.getOrThrow('HOST').PORT; + app.setGlobalPrefix('api', { + exclude: ['health'], + }); SwaggerModule.setup('docs', app, SwaggerModule.createDocument(app, swagger)); await app.listen(port); console.info(`\nListening on: http://127.0.0.1:${port}`); From 51ff6ed9c0792461aca34ca4173676647db16cfe Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 4 Oct 2023 13:44:26 +0200 Subject: [PATCH 61/76] Made the ingress serve the API under the correct path (/api) --- .../templates/dbildungs-iam-ingress.yaml | 12 ++++++++---- charts/dbildungs-iam/values.yaml | 3 +-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml index 66a8eea5d..10516c393 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-ingress.yaml @@ -4,12 +4,10 @@ metadata: name: {{.Release.Name}}-backend labels: app.kubernetes.io/name: dbildungs-iam - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx rules: - - host: {{.Values.dbildungsIamBackendHost}} + - host: {{.Values.backendHostname}} http: paths: - path: /api @@ -19,4 +17,10 @@ spec: name: dbiam port: number: 80 - \ No newline at end of file + - path: /docs + pathType: Prefix + backend: + service: + name: dbiam + port: + number: 80 \ No newline at end of file diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 3db886931..82bba0c6a 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -1,5 +1,4 @@ dbildungsIamContainer: "ghcr.io/dbildungsplattform/dbildungs-iam-server:a59604be74b4eacfddc4325c861a4ddb88db50d3" -dbildungsIamBackendHost: "helm.dev.spsh.dbildungsplattform.de" dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 @@ -7,7 +6,7 @@ dbildungsIamMemMax: 4G dbildungsIamReplications: 1 environment: prod -backendHostname: main.dev.spsh.dbildungsplattform.de +backendHostname: helm.dev.spsh.dbildungsplattform.de configfile: secrets: 'config/secrets.json' From e4eba16c3689066d20dfa3ae9462ba77d75e4ba8 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 4 Oct 2023 14:02:21 +0200 Subject: [PATCH 62/76] Hide the Health Endpoint --- src/health/health.controller.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/health/health.controller.ts b/src/health/health.controller.ts index d1a5a9311..c34c56b35 100644 --- a/src/health/health.controller.ts +++ b/src/health/health.controller.ts @@ -7,8 +7,10 @@ import { MikroOrmHealthIndicator, } from '@nestjs/terminus'; import { EntityManager } from '@mikro-orm/postgresql'; +import { ApiExcludeController } from '@nestjs/swagger'; @Controller('health') +@ApiExcludeController() export class HealthController { public constructor( private health: HealthCheckService, From e9599a0707d7c516c4232f218952bee04fd2c976 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 4 Oct 2023 14:12:15 +0200 Subject: [PATCH 63/76] Reformat --- src/server/main.ts | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/server/main.ts b/src/server/main.ts index 852ba91d4..561db1e91 100644 --- a/src/server/main.ts +++ b/src/server/main.ts @@ -1,11 +1,11 @@ /* eslint-disable no-console */ -import {NestFactory} from '@nestjs/core'; -import {INestApplication} from '@nestjs/common'; -import {ConfigService} from '@nestjs/config'; -import {DocumentBuilder, OpenAPIObject, SwaggerModule} from '@nestjs/swagger'; -import {HostConfig, ServerConfig} from '../shared/config/index.js'; -import {GlobalValidationPipe} from '../shared/validation/index.js'; -import {ServerModule} from './server.module.js'; +import { NestFactory } from '@nestjs/core'; +import { INestApplication } from '@nestjs/common'; +import { ConfigService } from '@nestjs/config'; +import { DocumentBuilder, OpenAPIObject, SwaggerModule } from '@nestjs/swagger'; +import { HostConfig, ServerConfig } from '../shared/config/index.js'; +import { GlobalValidationPipe } from '../shared/validation/index.js'; +import { ServerModule } from './server.module.js'; async function bootstrap(): Promise { const app: INestApplication = await NestFactory.create(ServerModule); @@ -21,6 +21,7 @@ async function bootstrap(): Promise { exclude: ['health'], }); SwaggerModule.setup('docs', app, SwaggerModule.createDocument(app, swagger)); + await app.listen(port); console.info(`\nListening on: http://127.0.0.1:${port}`); console.info(`API documentation can be found on: http://127.0.0.1:${port}/docs`); From 7bfd73ce275470a12d4f800bd719a376341e14d5 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 4 Oct 2023 14:49:11 +0200 Subject: [PATCH 64/76] Set Pull Policy to "Always" --- charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml index 4804f2410..dd813e94b 100644 --- a/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml +++ b/charts/dbildungs-iam/templates/dbildungs-iam-deployment.yaml @@ -18,7 +18,7 @@ spec: containers: - name: dbildungs-iam image: {{.Values.dbildungsIamContainer}} - imagePullPolicy: IfNotPresent + imagePullPolicy: Always ports: - name: web containerPort: 8080 From e127bb6436ec48448aae0905ee3fbbb2bc66c1f7 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Wed, 4 Oct 2023 15:20:23 +0200 Subject: [PATCH 65/76] DB-Setup now uses SSL --- src/console/console.module.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/console/console.module.ts b/src/console/console.module.ts index 188c060b4..443503b5f 100644 --- a/src/console/console.module.ts +++ b/src/console/console.module.ts @@ -5,7 +5,7 @@ import { MikroOrmModule } from '@mikro-orm/nestjs'; import { defineConfig } from '@mikro-orm/postgresql'; import { Module } from '@nestjs/common'; import { ConfigModule, ConfigService } from '@nestjs/config'; -import { DbConfig, ServerConfig, loadConfigFiles, loadEnvConfig } from '../shared/config/index.js'; +import { DbConfig, loadConfigFiles, loadEnvConfig, ServerConfig } from '../shared/config/index.js'; import { mappingErrorHandler } from '../shared/error/index.js'; import { LoggingModule } from '../shared/logging/index.js'; import { DbConsole } from './db.console.js'; @@ -31,6 +31,11 @@ import { DbInitConsole } from './db-init.console.js'; dbName: config.getOrThrow('DB').DB_NAME, entities: ['./dist/**/*.entity.js'], entitiesTs: ['./src/**/*.entity.ts'], + driverOptions: { + connection: { + ssl: true, + }, + }, }); }, inject: [ConfigService], From d53ce9d063c5217437e70774a475f9b866b58f5f Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 11:54:06 +0200 Subject: [PATCH 66/76] Pulling apart schema creation and deletion --- src/console/db-init.console.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/console/db-init.console.ts b/src/console/db-init.console.ts index b2f433c52..6284ef01c 100644 --- a/src/console/db-init.console.ts +++ b/src/console/db-init.console.ts @@ -19,6 +19,9 @@ export class DbInitConsole extends CommandRunner { if (!(await this.orm.getSchemaGenerator().ensureDatabase())) { await this.orm.getSchemaGenerator().createDatabase(this.configService.getOrThrow('DB').DB_NAME); } + this.logger.info('Dropping Schema'); + await this.orm.getSchemaGenerator().dropSchema(); + this.logger.info('Creating Schema'); await this.orm.getSchemaGenerator().createSchema(); this.logger.info('Initialized database'); } From 093f142dc37dd2f166e3b203b6e82ca5520a37dc Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 12:17:31 +0200 Subject: [PATCH 67/76] Disabled wrap --- src/console/db-init.console.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/console/db-init.console.ts b/src/console/db-init.console.ts index 6284ef01c..583f0ef97 100644 --- a/src/console/db-init.console.ts +++ b/src/console/db-init.console.ts @@ -20,9 +20,9 @@ export class DbInitConsole extends CommandRunner { await this.orm.getSchemaGenerator().createDatabase(this.configService.getOrThrow('DB').DB_NAME); } this.logger.info('Dropping Schema'); - await this.orm.getSchemaGenerator().dropSchema(); + await this.orm.getSchemaGenerator().dropSchema({ wrap: false }); this.logger.info('Creating Schema'); - await this.orm.getSchemaGenerator().createSchema(); + await this.orm.getSchemaGenerator().createSchema({ wrap: false }); this.logger.info('Initialized database'); } } From 337956023bd04527c983318d60bb53ee2df05c30 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 14:50:27 +0200 Subject: [PATCH 68/76] Removed Config-Map --- .../templates/dbildungs-iam-configmap.yaml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml diff --git a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml b/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml deleted file mode 100644 index 3b6a3debb..000000000 --- a/charts/dbildungs-iam/templates/dbildungs-iam-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{.Release.Name}}-configmap - labels: - app.kubernetes.io/name: dbildungs-iam -data: - config.dev.json: |- -{{.Files.Get "config/config.dev.json" | indent 4}} - config.test.json: |- -{{.Files.Get "config/config.test.json" | indent 4}} - config.prod.json: |- -{{.Files.Get "config/config.prod.json" | indent 4}} \ No newline at end of file From a513c9346bfb84ba150e749bdb6acdece0b0d164 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 15:24:31 +0200 Subject: [PATCH 69/76] Merge package.json --- package-lock.json | 33 ++++++--------------------------- 1 file changed, 6 insertions(+), 27 deletions(-) diff --git a/package-lock.json b/package-lock.json index 536d8ae2e..192e5f4b3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,6 @@ "@nestjs/platform-express": "^9.0.0", "@nestjs/swagger": "^7.0.4", "@nestjs/terminus": "^9.0.0", - "@nestjs/terminus": "^9.0.0", "@s3pweb/keycloak-admin-client-cjs": "^22.0.1", "axios": "^1.5.0", "class-transformer": "^0.5.1", @@ -3431,8 +3430,7 @@ "node_modules/asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", - "devOptional": true + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/available-typed-arrays": { "version": "1.0.5", @@ -3450,8 +3448,6 @@ "version": "1.5.1", "resolved": "https://registry.npmjs.org/axios/-/axios-1.5.1.tgz", "integrity": "sha512-Q28iYCWzNHjAm+yEAot5QaAMxhMghWLFVf7rRdwhUI+c2jix2DUXjAHXVi+s1ibs3mjPO/cCgbA++3BjD0vP/A==", - "optional": true, - "peer": true, "dependencies": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", @@ -4119,7 +4115,6 @@ "version": "1.0.8", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "devOptional": true, "dependencies": { "delayed-stream": "~1.0.0" }, @@ -4428,7 +4423,6 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "devOptional": true, "engines": { "node": ">=0.4.0" } @@ -5732,8 +5726,6 @@ "url": "https://github.com/sponsors/RubenVerborgh" } ], - "optional": true, - "peer": true, "engines": { "node": ">=4.0" }, @@ -5784,7 +5776,6 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "devOptional": true, "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", @@ -8875,9 +8866,7 @@ "node_modules/proxy-from-env": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", - "optional": true, - "peer": true + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" }, "node_modules/pump": { "version": "3.0.0", @@ -13548,8 +13537,7 @@ "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", - "devOptional": true + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "available-typed-arrays": { "version": "1.0.5", @@ -13561,8 +13549,6 @@ "version": "1.5.1", "resolved": "https://registry.npmjs.org/axios/-/axios-1.5.1.tgz", "integrity": "sha512-Q28iYCWzNHjAm+yEAot5QaAMxhMghWLFVf7rRdwhUI+c2jix2DUXjAHXVi+s1ibs3mjPO/cCgbA++3BjD0vP/A==", - "optional": true, - "peer": true, "requires": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", @@ -14037,7 +14023,6 @@ "version": "1.0.8", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "devOptional": true, "requires": { "delayed-stream": "~1.0.0" } @@ -14280,8 +14265,7 @@ "delayed-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "devOptional": true + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==" }, "depd": { "version": "2.0.0", @@ -15293,9 +15277,7 @@ "follow-redirects": { "version": "1.15.3", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", - "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==", - "optional": true, - "peer": true + "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==" }, "for-each": { "version": "0.3.3", @@ -15330,7 +15312,6 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "devOptional": true, "requires": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", @@ -17580,9 +17561,7 @@ "proxy-from-env": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", - "optional": true, - "peer": true + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" }, "pump": { "version": "3.0.0", From fcbfcfb6bba7fe0f1f540dd5e117d0a0a6c75560 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 15:25:29 +0200 Subject: [PATCH 70/76] Cleaned up values --- charts/dbildungs-iam/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dbildungs-iam/values.yaml b/charts/dbildungs-iam/values.yaml index 82bba0c6a..13007af66 100644 --- a/charts/dbildungs-iam/values.yaml +++ b/charts/dbildungs-iam/values.yaml @@ -1,4 +1,4 @@ -dbildungsIamContainer: "ghcr.io/dbildungsplattform/dbildungs-iam-server:a59604be74b4eacfddc4325c861a4ddb88db50d3" +dbildungsIamContainer: "ghcr.io/dbildungsplattform/dbildungs-iam-server/feature/helm-integration:latest" dbildungsIamExternalPort: 80 dbildungsIamCpuMax: 2 From dff3307cc3e4bfbd21553449116fb209eda39dd2 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 15:52:02 +0200 Subject: [PATCH 71/76] Job Chaining --- .github/workflows/image-to-ghcr.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index d997985ae..a520bfa26 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -11,6 +11,10 @@ permissions: jobs: branch_meta: runs-on: ubuntu-latest + needs: + - codeql_analyze + - nest_lint + - nest_test_and_sonarcloud outputs: branch: ${{ steps.extract_branch_meta.outputs.branch }} sha: ${{ steps.extract_branch_meta.outputs.sha }} From 7e1e30269024023a254c10cc94e57c0c658a8096 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 15:57:59 +0200 Subject: [PATCH 72/76] Job Chaining --- .github/workflows/on_push_or_pr.yml | 4 +++- .../{image-to-ghcr.yml => reusable_job_image_to_ghcr.yml} | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) rename .github/workflows/{image-to-ghcr.yml => reusable_job_image_to_ghcr.yml} (99%) diff --git a/.github/workflows/on_push_or_pr.yml b/.github/workflows/on_push_or_pr.yml index 552fd33af..503601a27 100644 --- a/.github/workflows/on_push_or_pr.yml +++ b/.github/workflows/on_push_or_pr.yml @@ -12,4 +12,6 @@ jobs: uses: ./.github/workflows/reusable_job_nest_lint.yml nest_test_and_sonarcloud: uses: ./.github/workflows/reusable_job_nest_test_sonarcloud.yml - secrets: inherit \ No newline at end of file + secrets: inherit + image_to_ghcr: + uses: ./.github/workflows/reusable_job_image_to_ghcr.yml \ No newline at end of file diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/reusable_job_image_to_ghcr.yml similarity index 99% rename from .github/workflows/image-to-ghcr.yml rename to .github/workflows/reusable_job_image_to_ghcr.yml index a520bfa26..6efd3d356 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/reusable_job_image_to_ghcr.yml @@ -1,7 +1,7 @@ name: Image to GHCR on: - push: + workflow_call: branches-ignore: - dependabot/** From 80e0166ada343a2474917a78edbdf7afccde1605 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 16:03:26 +0200 Subject: [PATCH 73/76] Revert "Job Chaining" This reverts commit 7e1e30269024023a254c10cc94e57c0c658a8096. --- .../{reusable_job_image_to_ghcr.yml => image-to-ghcr.yml} | 2 +- .github/workflows/on_push_or_pr.yml | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) rename .github/workflows/{reusable_job_image_to_ghcr.yml => image-to-ghcr.yml} (99%) diff --git a/.github/workflows/reusable_job_image_to_ghcr.yml b/.github/workflows/image-to-ghcr.yml similarity index 99% rename from .github/workflows/reusable_job_image_to_ghcr.yml rename to .github/workflows/image-to-ghcr.yml index 6efd3d356..a520bfa26 100644 --- a/.github/workflows/reusable_job_image_to_ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -1,7 +1,7 @@ name: Image to GHCR on: - workflow_call: + push: branches-ignore: - dependabot/** diff --git a/.github/workflows/on_push_or_pr.yml b/.github/workflows/on_push_or_pr.yml index 503601a27..552fd33af 100644 --- a/.github/workflows/on_push_or_pr.yml +++ b/.github/workflows/on_push_or_pr.yml @@ -12,6 +12,4 @@ jobs: uses: ./.github/workflows/reusable_job_nest_lint.yml nest_test_and_sonarcloud: uses: ./.github/workflows/reusable_job_nest_test_sonarcloud.yml - secrets: inherit - image_to_ghcr: - uses: ./.github/workflows/reusable_job_image_to_ghcr.yml \ No newline at end of file + secrets: inherit \ No newline at end of file From eea1d6ff0fcea90f34f9b52dbd7def4e1b0efc53 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 16:06:01 +0200 Subject: [PATCH 74/76] Fix pattern to match / --- .github/workflows/on_push_or_pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/on_push_or_pr.yml b/.github/workflows/on_push_or_pr.yml index 552fd33af..cd9b16a6c 100644 --- a/.github/workflows/on_push_or_pr.yml +++ b/.github/workflows/on_push_or_pr.yml @@ -3,7 +3,7 @@ name: 'All static tests on every push' on: push: branches: - - '*' + - '**' jobs: codeql_analyze: From 47604fac9fc5b202fd5b7aba57b5a4f0b698c7b2 Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 16:15:31 +0200 Subject: [PATCH 75/76] Fixed tests because of changed properties --- src/health/health.controller.spec.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/health/health.controller.spec.ts b/src/health/health.controller.spec.ts index f7c1927e5..318cc2ada 100644 --- a/src/health/health.controller.spec.ts +++ b/src/health/health.controller.spec.ts @@ -21,9 +21,8 @@ describe('HealthController', () => { let httpHealthIndicator: DeepMocked; const keycloakConfig: KeycloakConfig = { CLIENT_ID: '', - PASSWORD: '', + SECRET: '', REALM_NAME: '', - USERNAME: '', BASE_URL: 'http://keycloak.test', }; let configService: DeepMocked; From 3c7abaaf151fed76e3d7a5f03a7618fc56f8645b Mon Sep 17 00:00:00 2001 From: Kristoff Kiefer Date: Thu, 5 Oct 2023 16:17:31 +0200 Subject: [PATCH 76/76] Removed job dependencies --- .github/workflows/image-to-ghcr.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/image-to-ghcr.yml b/.github/workflows/image-to-ghcr.yml index a520bfa26..d997985ae 100644 --- a/.github/workflows/image-to-ghcr.yml +++ b/.github/workflows/image-to-ghcr.yml @@ -11,10 +11,6 @@ permissions: jobs: branch_meta: runs-on: ubuntu-latest - needs: - - codeql_analyze - - nest_lint - - nest_test_and_sonarcloud outputs: branch: ${{ steps.extract_branch_meta.outputs.branch }} sha: ${{ steps.extract_branch_meta.outputs.sha }}