Merge branch 'main' of https://github.com/hpi-schul-cloud/schulcloud-…

…server

ansible/roles/schulcloud-server-migration-system/defaults/main.yml

@@ -0,0 +1,6 @@
+WITH_MIGRATION_SYSTEMS: false
+API_MIGRATION_SYSTEMS_REPLICAS: 1
+API_MIGRATION_SYSTEMS_CPU_LIMITS: "2000m"
+API_MIGRATION_SYSTEMS_CPU_REQUESTS: "100m"
+API_MIGRATION_SYSTEMS_MEMORY_LIMITS: "2Gi"
+API_MIGRATION_SYSTEMS_MEMORY_REQUESTS: "150Mi"

ansible/roles/schulcloud-server-migration-system/meta/main.yml

@@ -0,0 +1,9 @@
+galaxy_info:
+  role_name: schulcloud-server-migration-system
+  author: Schul-Cloud Verbund
+  description: role for separation of user system migration at the schulcloud-server
+  company: Schul-Cloud Verbund
+  license: license (AGPLv3)
+  min_ansible_version: 2.8
+  galaxy_tags: []
+dependencies: []

ansible/roles/schulcloud-server-migration-system/tasks/main.yml

@@ -0,0 +1,22 @@
+  - name: Service
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: svc.yml.j2
+      state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}"
+
+  - name: Deployment
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: deployment.yml.j2
+      state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}"
+
+  - name: Ingress
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: ingress.yml.j2
+      apply: yes
+      state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}"
+

ansible/roles/schulcloud-server-migration-system/templates/deployment.yml.j2

@@ -0,0 +1,125 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-migration-systems-deployment
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: api-migration-systems
+    app.kubernetes.io/part-of: schulcloud-verbund
+    app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }}
+    app.kubernetes.io/name: api-migration-systems
+    app.kubernetes.io/component: server
+    app.kubernetes.io/managed-by: ansible
+    git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }}
+    git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }}
+spec:
+  replicas: {{ API_MIGRATION_SYSTEMS_REPLICAS }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      #maxUnavailable: 1
+  revisionHistoryLimit: 4
+  paused: false
+  selector:
+    matchLabels:
+      app: api-migration-systems
+  template:
+    metadata:
+      labels:
+        app: api-migration-systems
+        app.kubernetes.io/part-of: schulcloud-verbund
+        app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }}
+        app.kubernetes.io/name: api-migration-systems
+        app.kubernetes.io/component: server
+        app.kubernetes.io/managed-by: ansible
+        git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }}
+        git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }}
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        runAsNonRoot: true
+      containers:
+      - name: api-migration-systems
+        image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 3030
+          name: api
+          protocol: TCP
+        - containerPort: 9090
+          name: api-metrics
+          protocol: TCP
+        envFrom:
+        - configMapRef:
+            name: api-configmap
+        - secretRef:
+            name: api-secret
+        readinessProbe:
+          httpGet:
+            path: /internal/health
+            port: 3030
+          timeoutSeconds: 4
+          failureThreshold: 3
+          periodSeconds: 5
+        # liveless if unsatisfactory reply
+        livenessProbe:
+          httpGet:
+            path: /internal/health
+            port: 3030
+          timeoutSeconds: 4
+          failureThreshold: 3
+          periodSeconds: 15
+        startupProbe:
+          httpGet:
+            path: /internal/health
+            port: 3030
+          timeoutSeconds: 4
+          failureThreshold:  36
+          periodSeconds: 5
+        resources:
+          limits:
+            cpu: {{ API_MIGRATION_SYSTEMS_CPU_LIMITS }}
+            memory: {{ API_MIGRATION_SYSTEMS_MEMORY_LIMITS }}
+          requests:
+            cpu: {{ API_MIGRATION_SYSTEMS_CPU_REQUESTS }}
+            memory: {{ API_MIGRATION_SYSTEMS_MEMORY_REQUESTS }}
+{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %}
+      affinity:
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 9
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/part-of
+                  operator: In
+                  values:
+                  - schulcloud-verbund
+              topologyKey: "kubernetes.io/hostname"
+              namespaceSelector: {}
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %}
+          - weight: 10
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - api-migration-systems
+              topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }}
+{% endif %}
+          - weight: 20
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - api-migration-systems
+              topologyKey: "topology.kubernetes.io/zone"
+{% endif %}

ansible/roles/schulcloud-server-migration-system/templates/ingress.yml.j2

@@ -0,0 +1,41 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-migration-systems-ingress
+  namespace: {{ NAMESPACE }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
+    nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
+    nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
+    # The following properties added with BC-3606.
+    # The header size of the request is too big. For e.g. state and the permanent growing jwt.
+    # Nginx throws away the Location header, resulting in the 502 Bad Gateway.
+    nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
+    nginx.ingress.kubernetes.io/http2-max-header-size: 96k
+    nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
+{% if CLUSTER_ISSUER is defined %}
+    cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
+{% endif %}
+
+spec:
+  ingressClassName: {{ INGRESS_CLASS }}
+{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
+  tls:
+  - hosts:
+      - {{ DOMAIN }}
+{% if CLUSTER_ISSUER is defined %}
+    secretName: {{ DOMAIN }}-tls
+{% endif %}
+{% endif %}
+  rules:
+  - host: {{ DOMAIN }}
+    http:
+      paths:
+      - path: /api/v3/user/import/
+        backend:
+          service:
+            name: api-migration-systems-svc
+            port:
+              number: 3030
+        pathType: Prefix

ansible/roles/schulcloud-server-migration-system/templates/svc.yml.j2

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: api-migration-systems-svc
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: api-migration-systems
+spec:
+  type: ClusterIP
+  ports:
+    - port: 3030
+      targetPort: 3030
+      protocol: TCP
+      name: api
+    - port: 9090
+      targetPort: 9090
+      protocol: TCP
+      name: api-metrics
+  selector:
+    app: api-migration-systems

apps/server/src/modules/server/api/dto/config.response.ts

@@ -206,6 +206,9 @@ export class ConfigResponse {
 	@ApiProperty()
 	FEATURE_MEDIA_SHELF_ENABLED: boolean;
 
+	@ApiProperty()
+	FEATURE_NEW_LAYOUT_ENABLED: boolean;
+
 	constructor(config: ServerConfig) {
 		this.ACCESSIBILITY_REPORT_EMAIL = config.ACCESSIBILITY_REPORT_EMAIL;
 		this.ADMIN_TABLES_DISPLAY_CONSENT_COLUMN = config.ADMIN_TABLES_DISPLAY_CONSENT_COLUMN;
@@ -273,5 +276,6 @@ export class ConfigResponse {
 		this.FEATURE_VIDEOCONFERENCE_ENABLED = config.enabled;
 		this.FEATURE_SCHULCONNEX_COURSE_SYNC_ENABLED = config.FEATURE_SCHULCONNEX_COURSE_SYNC_ENABLED;
 		this.FEATURE_MEDIA_SHELF_ENABLED = config.FEATURE_MEDIA_SHELF_ENABLED;
+		this.FEATURE_NEW_LAYOUT_ENABLED = config.FEATURE_NEW_LAYOUT_ENABLED;
 	}
 }

apps/server/src/modules/server/api/test/server.api.spec.ts

@@ -96,6 +96,7 @@ describe('Server Controller (API)', () => {
 				'TLDRAW__ASSETS_MAX_SIZE',
 				'FEATURE_SCHULCONNEX_COURSE_SYNC_ENABLED',
 				'FEATURE_MEDIA_SHELF_ENABLED',
+				'FEATURE_NEW_LAYOUT_ENABLED',
 			];
 
 			expect(response.status).toEqual(HttpStatus.OK);

apps/server/src/modules/server/server.config.ts

@@ -110,6 +110,7 @@ export interface ServerConfig
 	I18N__DEFAULT_LANGUAGE: LanguageType;
 	I18N__FALLBACK_LANGUAGE: LanguageType;
 	I18N__DEFAULT_TIMEZONE: Timezone;
+	FEATURE_NEW_LAYOUT_ENABLED: boolean;
 }
 
 const config: ServerConfig = {
@@ -236,6 +237,7 @@ const config: ServerConfig = {
 	ALERT_CACHE_INTERVAL_MIN: Configuration.get('ALERT_CACHE_INTERVAL_MIN') as number,
 	FEATURE_SCHULCONNEX_MEDIA_LICENSE_ENABLED: Configuration.get('FEATURE_SCHULCONNEX_MEDIA_LICENSE_ENABLED') as boolean,
 	PROVISIONING_SCHULCONNEX_LIZENZ_INFO_URL: Configuration.get('PROVISIONING_SCHULCONNEX_LIZENZ_INFO_URL') as string,
+	FEATURE_NEW_LAYOUT_ENABLED: Configuration.get('FEATURE_NEW_LAYOUT_ENABLED') as boolean,
 };
 
 export const serverConfig = () => config;

config/default.schema.json

@@ -1687,6 +1687,11 @@
 			"default": "",
 			"description": "URL for fetching lizenz info from moin.schule schulconnex",
 			"examples": ["https://api-dienste.stage.niedersachsen-login.schule/v1/lizenz-info"]
+		},
+		"FEATURE_NEW_LAYOUT_ENABLED": {
+			"type": "boolean",
+			"default": false,
+			"description": "Enables the new layout feature"
 		}
 	},
 	"required": []